admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2018-09-04 18:54:27 +00:00
parent a0296e918d
commit 077b9c7617
3 changed files with 109 additions and 104 deletions
Download Patch File Download Diff File Expand all files Collapse all files

109
server/AyaNova/Controllers/UserController.cs
View File

@@ -15,7 +15,7 @@ using AyaNova.Biz;
namespace AyaNova.Api.Controllers
{
/// <summary>
/// Sample controller class used during development for testing purposes
/// </summary>
@@ -50,7 +50,7 @@ namespace AyaNova.Api.Controllers
/// Get User
///
/// Required roles:
/// BizAdminFull, InventoryFull, BizAdminLimited, InventoryLimited, TechFull, TechLimited, Accounting
/// BizAdminFull, BizAdminLimited
/// </summary>
/// <param name="id"></param>
/// <returns>A single User</returns>
@@ -93,8 +93,8 @@ namespace AyaNova.Api.Controllers
/// <summary>
/// Get paged list of Users
///
/// Required roles:
/// BizAdminFull, InventoryFull, BizAdminLimited, InventoryLimited, TechFull, TechLimited, Accounting
/// Required roles:
/// BizAdminFull, BizAdminLimited
///
/// </summary>
/// <returns>Paged collection of Users with paging data</returns>
@@ -129,14 +129,13 @@ namespace AyaNova.Api.Controllers
/// <summary>
/// Get User pick list
///
/// Required roles:
/// BizAdminFull, InventoryFull, BizAdminLimited, InventoryLimited, TechFull, TechLimited, Accounting
/// Required roles: Any
///
/// This list supports querying the Name property
/// include a "q" parameter for string to search for
/// use % for wildcards.
///
/// e.g. q=%Jones%
/// e.g. q=%ohn%
///
/// Query is case insensitive
/// </summary>
@@ -149,11 +148,6 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
@@ -171,8 +165,7 @@ namespace AyaNova.Api.Controllers
/// Put (update) User
///
/// Required roles:
/// BizAdminFull, InventoryFull
/// TechFull (owned only)
/// BizAdminFull
///
/// </summary>
/// <param name="id"></param>
@@ -243,8 +236,8 @@ namespace AyaNova.Api.Controllers
/// Patch (update) User
///
/// Required roles:
/// BizAdminFull, InventoryFull
/// TechFull (owned only)
/// BizAdminFull
///
/// </summary>
/// <param name="id"></param>
/// <param name="concurrencyToken"></param>
@@ -253,8 +246,6 @@ namespace AyaNova.Api.Controllers
[HttpPatch("{id}/{concurrencyToken}")]
public async Task<IActionResult> PatchUser([FromRoute] long id, [FromRoute] uint concurrencyToken, [FromBody]JsonPatchDocument<User> objectPatch)
{
//https://dotnetcoretutorials.com/2017/11/29/json-patch-asp-net-core/
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
@@ -316,7 +307,8 @@ namespace AyaNova.Api.Controllers
/// Post User
///
/// Required roles:
/// BizAdminFull, InventoryFull, TechFull
/// BizAdminFull
///
/// </summary>
/// <param name="inObj"></param>
/// <returns></returns>
@@ -371,8 +363,7 @@ namespace AyaNova.Api.Controllers
/// Delete User
///
/// Required roles:
/// BizAdminFull, InventoryFull
/// TechFull (owned only)
/// BizAdminFull
///
/// </summary>
/// <param name="id"></param>
@@ -380,7 +371,6 @@ namespace AyaNova.Api.Controllers
[HttpDelete("{id}")]
public async Task<IActionResult> DeleteUser([FromRoute] long id)
{
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
@@ -422,82 +412,13 @@ namespace AyaNova.Api.Controllers
}
private bool UserExists(long id)
{
return ct.User.Any(e => e.Id == id);
}
/// <summary>
/// Get route that triggers exception for testing
/// </summary>
/// <returns>Nothing, triggers exception</returns>
[HttpGet("exception")]
public ActionResult GetException()
{
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
throw new System.NotSupportedException("Test exception from User controller");
}
/// <summary>
/// Get route that triggers an alternate type of exception for testing
/// </summary>
/// <returns>Nothing, triggers exception</returns>
[HttpGet("altexception")]
public ActionResult GetAltException()
{
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
throw new System.ArgumentException("Test exception (ALT) from User controller");
}
/// <summary>
/// Get route that submits a long running operation job for testing
/// </summary>
/// <returns>Nothing</returns>
[HttpGet("TestUserJob")]
public ActionResult TestUserJob()
{
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.JobOperations))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
//Create the job here
OpsJob j = new OpsJob();
j.Name = "TestUserJob";
j.JobType = JobType.TestUserJob;
JobsBiz.AddJob(j, ct);
return Accepted(new { JobId = j.GId });//202 accepted
}
//------------
}
}
}//eoc
}//eons

14
server/AyaNova/Controllers/WidgetController.cs
View File

@@ -96,14 +96,13 @@ namespace AyaNova.Api.Controllers
/// <summary>
/// Get paged list of widgets
///
/// Required roles: Any role
///
/// Required roles: Any
///
/// </summary>
/// <returns>Paged collection of widgets with paging data</returns>
[HttpGet("List", Name = nameof(List))]//We MUST have a "Name" defined or we can't get the link for the pagination, non paged urls don't need a name
public async Task<IActionResult> List([FromQuery] PagingOptions pagingOptions)
{
if (serverState.IsClosed)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
@@ -150,11 +149,6 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Widget))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
@@ -500,5 +494,5 @@ namespace AyaNova.Api.Controllers
//------------
}
}
}//eoc
}//eons

90
server/AyaNova/biz/UserBiz.cs
View File

@@ -330,8 +330,98 @@ namespace AyaNova.Biz
//Can delete?
private void ValidateCanDelete(User inObj)
{
//TODO: Validate can delete a user
//TODO: handle all the related tables that require deletion
//whatever needs to be check to delete this object
/* V7 code related to this for reference
#region Direct delete
Criteria crit = (Criteria)Criteria;
if(crit.ID==User.AdministratorID || crit.ID==User.CurrentThreadUserID)
{
throw new System.Security.SecurityException(
string.Format(
LocalizedTextTable.GetLocalizedTextDirect("Error.Security.NotAuthorizedToDelete"),
LocalizedTextTable.GetLocalizedTextDirect("O.User")));
}
//CHANGE: 14-March-2006 reorganized this and added more items to delete so that a user can
//actually be deleted
//Delete user and child objects
DBCommandWrapper cmDeleteUser = DBUtil.GetCommandFromSQL("DELETE FROM aUser WHERE aID = @ID;");
cmDeleteUser.AddInParameter("@ID",DbType.Guid,crit.ID);
DBCommandWrapper cmDeleteUserCertificationAssigned = DBUtil.GetCommandFromSQL("DELETE FROM aUserCertificationAssigned WHERE aUserID = @ID;");
cmDeleteUserCertificationAssigned.AddInParameter("@ID",DbType.Guid,crit.ID);
DBCommandWrapper cmDeleteUserSkillAssigned = DBUtil.GetCommandFromSQL("DELETE FROM aUserSkillAssigned WHERE aUserID = @ID;");
cmDeleteUserSkillAssigned.AddInParameter("@ID",DbType.Guid,crit.ID);
DBCommandWrapper cmDeleteUserExplorerBarLayout = DBUtil.GetCommandFromSQL("DELETE FROM aUIExplorerBarLayout WHERE aUserID = @ID;");
cmDeleteUserExplorerBarLayout.AddInParameter("@ID",DbType.Guid,crit.ID);
DBCommandWrapper cmDeleteUserGridLayout = DBUtil.GetCommandFromSQL("DELETE FROM aUIGridLayout WHERE aUserID = @ID;");
cmDeleteUserGridLayout.AddInParameter("@ID",DbType.Guid,crit.ID);
DBCommandWrapper cmDeleteUserFormSetting = DBUtil.GetCommandFromSQL("DELETE FROM aUIUserFormSetting WHERE aUserID = @ID;");
cmDeleteUserFormSetting.AddInParameter("@ID",DbType.Guid,crit.ID);
DBCommandWrapper cmDeleteUserGridLastView = DBUtil.GetCommandFromSQL("DELETE FROM aUIUserGridLastView WHERE aUserID = @ID;");
cmDeleteUserGridLastView.AddInParameter("@ID", DbType.Guid, crit.ID);
DBCommandWrapper cmDeleteDeliveries = DBUtil.GetCommandFromSQL("DELETE FROM aNotifyDeliverySetting WHERE aUserID = @ID;");
cmDeleteDeliveries.AddInParameter("@ID", DbType.Guid, crit.ID);
using (IDbConnection connection = DBUtil.DB.GetConnection())
{
connection.Open();
IDbTransaction transaction = connection.BeginTransaction();
try
{
//Added: 16-Nov-2006 to clear out notification subscriptions when user
//is deleted
NotifySubscriptions.DeleteItems(crit.ID, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUserGridLastView, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUserGridLayout, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUserFormSetting, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUserExplorerBarLayout, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUserCertificationAssigned, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUserSkillAssigned, transaction);
//Added:16-Nov-2006
DBUtil.DB.ExecuteNonQuery(cmDeleteDeliveries, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUser, transaction);
DBUtil.RemoveKeywords(transaction,RootObjectTypes.User,crit.ID);
DBUtil.RemoveDocs(transaction,RootObjectTypes.User,crit.ID);
// Commit the transaction
transaction.Commit();
}
catch
{
// Rollback transaction
transaction.Rollback();
throw;
}
finally
{
connection.Close();
}
}
#endregion
*/
}