Chris Chen
@@ -4,6 +4,8 @@ using ROLAC.API.Data;
|
||||
using ROLAC.API.DTOs.Expense;
|
||||
using ROLAC.API.DTOs.Shared;
|
||||
using ROLAC.API.Entities;
|
||||
using ROLAC.API.Entities.Logging;
|
||||
using ROLAC.API.Services.Logging;
|
||||
using ROLAC.API.Services.Storage;
|
||||
|
||||
namespace ROLAC.API.Services;
|
||||
@@ -13,9 +15,10 @@ public class ExpenseService : IExpenseService
|
||||
private readonly AppDbContext _db;
|
||||
private readonly IHttpContextAccessor _http;
|
||||
private readonly IFileStorage _storage;
|
||||
private readonly IAuditLogger _audit;
|
||||
|
||||
public ExpenseService(AppDbContext db, IHttpContextAccessor http, IFileStorage storage)
|
||||
{ _db = db; _http = http; _storage = storage; }
|
||||
public ExpenseService(AppDbContext db, IHttpContextAccessor http, IFileStorage storage, IAuditLogger audit)
|
||||
{ _db = db; _http = http; _storage = storage; _audit = audit; }
|
||||
|
||||
// The JWT carries the user id in the "sub" claim (NameClaimType="sub", MapInboundClaims=false),
|
||||
// so ClaimTypes.NameIdentifier is absent at runtime. Check NameIdentifier first (unit tests set it),
|
||||
@@ -211,6 +214,11 @@ public class ExpenseService : IExpenseService
|
||||
if (e.Status != "PendingApproval") throw new InvalidOperationException($"Cannot approve from status '{e.Status}'.");
|
||||
e.Status = "Approved"; e.ReviewedBy = CurrentUserId; e.ReviewedAt = DateTimeOffset.UtcNow;
|
||||
await _db.SaveChangesAsync();
|
||||
|
||||
_audit.Write(
|
||||
AuditActions.ExpenseApproved, AuditCategories.Business, LogLevelEnum.Information,
|
||||
entityName: nameof(Expense), entityId: e.Id.ToString(),
|
||||
summary: $"Expense #{e.Id} approved: {e.Description} — {e.Amount:C}");
|
||||
}
|
||||
|
||||
public async Task RejectAsync(int id, string? reviewNotes)
|
||||
|
||||
Reference in New Issue
Block a user