admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2018-10-04 15:59:07 +00:00
parent 0f9ac2600c
commit 03501f1ba1
6 changed files with 51 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
server/AyaNova/Controllers/TagController.cs
View File

@@ -145,7 +145,7 @@ namespace AyaNova.Api.Controllers
TagBiz biz = new TagBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items)); TagBiz biz = new TagBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner //If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, TagBiz.BizType)) if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
{ {
return StatusCode(401, new ApiNotAuthorizedResponse()); return StatusCode(401, new ApiNotAuthorizedResponse());
} }

30
server/AyaNova/Controllers/UserController.cs
View File

@@ -62,7 +62,10 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
} }
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, UserBiz.BizType)) //Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
{ {
return StatusCode(401, new ApiNotAuthorizedResponse()); return StatusCode(401, new ApiNotAuthorizedResponse());
} }
@@ -72,8 +75,7 @@ namespace AyaNova.Api.Controllers
return BadRequest(new ApiErrorResponse(ModelState)); return BadRequest(new ApiErrorResponse(ModelState));
} }
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
var o = await biz.GetAsync(id); var o = await biz.GetAsync(id);
if (o == null) if (o == null)
@@ -103,7 +105,10 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
} }
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, UserBiz.BizType)) //Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
{ {
return StatusCode(401, new ApiNotAuthorizedResponse()); return StatusCode(401, new ApiNotAuthorizedResponse());
} }
@@ -113,8 +118,7 @@ namespace AyaNova.Api.Controllers
return BadRequest(new ApiErrorResponse(ModelState)); return BadRequest(new ApiErrorResponse(ModelState));
} }
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
ApiPagedResponse<System.Object> pr = await biz.GetManyAsync(Url, nameof(ListUsers), pagingOptions); ApiPagedResponse<System.Object> pr = await biz.GetManyAsync(Url, nameof(ListUsers), pagingOptions);
return Ok(new ApiOkWithPagingResponse<System.Object>(pr)); return Ok(new ApiOkWithPagingResponse<System.Object>(pr));
@@ -186,13 +190,15 @@ namespace AyaNova.Api.Controllers
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
} }
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, UserBiz.BizType, o.OwnerId)) //Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
{ {
return StatusCode(401, new ApiNotAuthorizedResponse()); return StatusCode(401, new ApiNotAuthorizedResponse());
} }
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
try try
{ {
@@ -251,7 +257,7 @@ namespace AyaNova.Api.Controllers
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
} }
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, UserBiz.BizType, o.OwnerId)) if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
{ {
return StatusCode(401, new ApiNotAuthorizedResponse()); return StatusCode(401, new ApiNotAuthorizedResponse());
} }
@@ -301,7 +307,7 @@ namespace AyaNova.Api.Controllers
UserBiz biz = UserBiz.GetBiz(ct, HttpContext); UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner //If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, UserBiz.BizType)) if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
{ {
return StatusCode(401, new ApiNotAuthorizedResponse()); return StatusCode(401, new ApiNotAuthorizedResponse());
} }
@@ -365,7 +371,7 @@ namespace AyaNova.Api.Controllers
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
} }
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, UserBiz.BizType, dbObj.OwnerId)) if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, biz.BizType, dbObj.OwnerId))
{ {
return StatusCode(401, new ApiNotAuthorizedResponse()); return StatusCode(401, new ApiNotAuthorizedResponse());
} }

38
server/AyaNova/Controllers/WidgetController.cs
View File

@@ -65,7 +65,10 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
} }
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, WidgetBiz.BizType)) //Instantiate the business object handler
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
{ {
return StatusCode(401, new ApiNotAuthorizedResponse()); return StatusCode(401, new ApiNotAuthorizedResponse());
} }
@@ -75,8 +78,7 @@ namespace AyaNova.Api.Controllers
return BadRequest(new ApiErrorResponse(ModelState)); return BadRequest(new ApiErrorResponse(ModelState));
} }
//Instantiate the business object handler
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
var o = await biz.GetAsync(id); var o = await biz.GetAsync(id);
if (o == null) if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
@@ -100,7 +102,10 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
} }
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, WidgetBiz.BizType)) //Instantiate the business object handler
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
{ {
return StatusCode(401, new ApiNotAuthorizedResponse()); return StatusCode(401, new ApiNotAuthorizedResponse());
} }
@@ -110,8 +115,7 @@ namespace AyaNova.Api.Controllers
return BadRequest(new ApiErrorResponse(ModelState)); return BadRequest(new ApiErrorResponse(ModelState));
} }
//Instantiate the business object handler
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
ApiPagedResponse<Widget> pr = await biz.GetManyAsync(Url, nameof(ListWidgets), pagingOptions); ApiPagedResponse<Widget> pr = await biz.GetManyAsync(Url, nameof(ListWidgets), pagingOptions);
return Ok(new ApiOkWithPagingResponse<Widget>(pr)); return Ok(new ApiOkWithPagingResponse<Widget>(pr));
@@ -185,13 +189,14 @@ namespace AyaNova.Api.Controllers
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
} }
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, WidgetBiz.BizType, o.OwnerId)) //Instantiate the business object handler
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
{ {
return StatusCode(401, new ApiNotAuthorizedResponse()); return StatusCode(401, new ApiNotAuthorizedResponse());
} }
//Instantiate the business object handler
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
try try
{ {
@@ -252,7 +257,7 @@ namespace AyaNova.Api.Controllers
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
} }
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, WidgetBiz.BizType, o.OwnerId)) if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
{ {
return StatusCode(401, new ApiNotAuthorizedResponse()); return StatusCode(401, new ApiNotAuthorizedResponse());
} }
@@ -301,7 +306,7 @@ namespace AyaNova.Api.Controllers
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext); WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner //If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, WidgetBiz.BizType)) if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
{ {
return StatusCode(401, new ApiNotAuthorizedResponse()); return StatusCode(401, new ApiNotAuthorizedResponse());
} }
@@ -361,7 +366,7 @@ namespace AyaNova.Api.Controllers
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
} }
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, WidgetBiz.BizType, dbObj.OwnerId)) if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, biz.BizType, dbObj.OwnerId))
{ {
return StatusCode(401, new ApiNotAuthorizedResponse()); return StatusCode(401, new ApiNotAuthorizedResponse());
} }
@@ -396,10 +401,6 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
} }
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, WidgetBiz.BizType))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
throw new System.NotSupportedException("Test exception from widget controller"); throw new System.NotSupportedException("Test exception from widget controller");
} }
@@ -416,10 +417,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
} }
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, WidgetBiz.BizType))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
throw new System.ArgumentException("Test exception (ALT) from widget controller"); throw new System.ArgumentException("Test exception (ALT) from widget controller");
} }

2
server/AyaNova/biz/BizObject.cs
View File

@@ -25,7 +25,7 @@ namespace AyaNova.Biz
#region common props #region common props
internal static AyaType BizType { get; set; } internal AyaType BizType { get; set; }
internal AyaNova.Models.AyContext ct { get; set; } internal AyaNova.Models.AyContext ct { get; set; }
internal long UserId { get; set; } internal long UserId { get; set; }
internal long UserLocaleId { get; set; } internal long UserLocaleId { get; set; }

15
server/AyaNova/biz/Search.cs
View File

@@ -106,8 +106,9 @@ namespace AyaNova.Biz
{ {
public long TotalResultsFound { get; set; } public long TotalResultsFound { get; set; }
public List<SearchResult> SearchResults { get; set; } public List<SearchResult> SearchResults { get; set; }
public SearchReturnObject(){ public SearchReturnObject()
TotalResultsFound=0; {
TotalResultsFound = 0;
SearchResults = new List<SearchResult>(); SearchResults = new List<SearchResult>();
} }
} }
@@ -327,7 +328,7 @@ namespace AyaNova.Biz
//TOTAL RESULTS //TOTAL RESULTS
//we have the total results here so set accordingly //we have the total results here so set accordingly
ReturnObject.TotalResultsFound=MatchingObjects.Count; ReturnObject.TotalResultsFound = MatchingObjects.Count;
//MAXIMUM RESULTS FILTER //MAXIMUM RESULTS FILTER
//The theory is that it should be filtered BEFORE sorting so that you get the most random collection of results //The theory is that it should be filtered BEFORE sorting so that you get the most random collection of results
@@ -398,6 +399,14 @@ namespace AyaNova.Biz
private static void ProcessKeywords(AyContext ct, long localeId, long objectID, AyaType objectType, bool newRecord, string name, params string[] text) private static void ProcessKeywords(AyContext ct, long localeId, long objectID, AyaType objectType, bool newRecord, string name, params string[] text)
{ {
#if (DEBUG)
if (objectType == AyaType.TagMap || objectType == AyaType.JobOperations || objectType == AyaType.Locale)
{
throw new System.NotSupportedException($"Search::ProcessKeywords - Invalid type presented {objectType}");
}
#endif
//IF NOT NEW, DELETE ALL EXISTING ENTRIES FOR OBJECT TYPE AND ID //IF NOT NEW, DELETE ALL EXISTING ENTRIES FOR OBJECT TYPE AND ID
if (!newRecord) if (!newRecord)
{ {

8
server/AyaNova/biz/UserBiz.cs
View File

@@ -23,7 +23,7 @@ namespace AyaNova.Biz
internal UserBiz(AyContext dbcontext, long currentUserId, long userLocaleId, AuthorizationRoles userRoles) internal UserBiz(AyContext dbcontext, long currentUserId, long userLocaleId, AuthorizationRoles userRoles)
{ {
ct = dbcontext; ct = dbcontext;
UserId = currentUserId; UserId = currentUserId;
CurrentUserRoles = userRoles; CurrentUserRoles = userRoles;
BizType = AyaType.User; BizType = AyaType.User;
@@ -71,12 +71,6 @@ namespace AyaNova.Biz
//Handle child and associated items //Handle child and associated items
// //Associated user options object
// UserOptions options = new UserOptions(UserId);
// options.User = outObj;
// ct.UserOptions.Add(options);
// await ct.SaveChangesAsync();
//Log event //Log event
EventLogProcessor.AddEntryToContextNoSave(new Event(UserId, outObj.Id, BizType, AyaEvent.Created), ct); EventLogProcessor.AddEntryToContextNoSave(new Event(UserId, outObj.Id, BizType, AyaEvent.Created), ct);
await ct.SaveChangesAsync(); await ct.SaveChangesAsync();