diff --git a/server/AyaNova/Controllers/UserController.cs b/server/AyaNova/Controllers/UserController.cs
index f24f552b..6f3efa39 100644
--- a/server/AyaNova/Controllers/UserController.cs
+++ b/server/AyaNova/Controllers/UserController.cs
@@ -15,7 +15,7 @@ using AyaNova.Biz;
namespace AyaNova.Api.Controllers
{
-
+
///
/// Sample controller class used during development for testing purposes
///
@@ -50,7 +50,7 @@ namespace AyaNova.Api.Controllers
/// Get User
///
/// Required roles:
- /// BizAdminFull, InventoryFull, BizAdminLimited, InventoryLimited, TechFull, TechLimited, Accounting
+ /// BizAdminFull, BizAdminLimited
///
///
/// A single User
@@ -93,8 +93,8 @@ namespace AyaNova.Api.Controllers
///
/// Get paged list of Users
///
- /// Required roles:
- /// BizAdminFull, InventoryFull, BizAdminLimited, InventoryLimited, TechFull, TechLimited, Accounting
+ /// Required roles:
+ /// BizAdminFull, BizAdminLimited
///
///
/// Paged collection of Users with paging data
@@ -129,14 +129,13 @@ namespace AyaNova.Api.Controllers
///
/// Get User pick list
///
- /// Required roles:
- /// BizAdminFull, InventoryFull, BizAdminLimited, InventoryLimited, TechFull, TechLimited, Accounting
+ /// Required roles: Any
///
/// This list supports querying the Name property
/// include a "q" parameter for string to search for
/// use % for wildcards.
///
- /// e.g. q=%Jones%
+ /// e.g. q=%ohn%
///
/// Query is case insensitive
///
@@ -149,11 +148,6 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
- if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User))
- {
- return StatusCode(401, new ApiNotAuthorizedResponse());
- }
-
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
@@ -171,8 +165,7 @@ namespace AyaNova.Api.Controllers
/// Put (update) User
///
/// Required roles:
- /// BizAdminFull, InventoryFull
- /// TechFull (owned only)
+ /// BizAdminFull
///
///
///
@@ -243,8 +236,8 @@ namespace AyaNova.Api.Controllers
/// Patch (update) User
///
/// Required roles:
- /// BizAdminFull, InventoryFull
- /// TechFull (owned only)
+ /// BizAdminFull
+ ///
///
///
///
@@ -253,8 +246,6 @@ namespace AyaNova.Api.Controllers
[HttpPatch("{id}/{concurrencyToken}")]
public async Task PatchUser([FromRoute] long id, [FromRoute] uint concurrencyToken, [FromBody]JsonPatchDocument objectPatch)
{
- //https://dotnetcoretutorials.com/2017/11/29/json-patch-asp-net-core/
-
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
@@ -316,7 +307,8 @@ namespace AyaNova.Api.Controllers
/// Post User
///
/// Required roles:
- /// BizAdminFull, InventoryFull, TechFull
+ /// BizAdminFull
+ ///
///
///
///
@@ -371,8 +363,7 @@ namespace AyaNova.Api.Controllers
/// Delete User
///
/// Required roles:
- /// BizAdminFull, InventoryFull
- /// TechFull (owned only)
+ /// BizAdminFull
///
///
///
@@ -380,7 +371,6 @@ namespace AyaNova.Api.Controllers
[HttpDelete("{id}")]
public async Task DeleteUser([FromRoute] long id)
{
-
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
@@ -422,82 +412,13 @@ namespace AyaNova.Api.Controllers
}
-
-
private bool UserExists(long id)
{
return ct.User.Any(e => e.Id == id);
}
-
-
- ///
- /// Get route that triggers exception for testing
- ///
- /// Nothing, triggers exception
- [HttpGet("exception")]
- public ActionResult GetException()
- {
- if (!serverState.IsOpen)
- {
- return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
- }
-
- if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User))
- {
- return StatusCode(401, new ApiNotAuthorizedResponse());
- }
-
- throw new System.NotSupportedException("Test exception from User controller");
- }
-
- ///
- /// Get route that triggers an alternate type of exception for testing
- ///
- /// Nothing, triggers exception
- [HttpGet("altexception")]
- public ActionResult GetAltException()
- {
- if (!serverState.IsOpen)
- {
- return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
- }
-
- if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User))
- {
- return StatusCode(401, new ApiNotAuthorizedResponse());
- }
-
- throw new System.ArgumentException("Test exception (ALT) from User controller");
- }
-
-
- ///
- /// Get route that submits a long running operation job for testing
- ///
- /// Nothing
- [HttpGet("TestUserJob")]
- public ActionResult TestUserJob()
- {
- if (!serverState.IsOpen)
- {
- return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
- }
-
- if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.JobOperations))
- {
- return StatusCode(401, new ApiNotAuthorizedResponse());
- }
-
- //Create the job here
- OpsJob j = new OpsJob();
- j.Name = "TestUserJob";
- j.JobType = JobType.TestUserJob;
- JobsBiz.AddJob(j, ct);
- return Accepted(new { JobId = j.GId });//202 accepted
- }
+
//------------
-
- }
-}
\ No newline at end of file
+ }//eoc
+}//eons
\ No newline at end of file
diff --git a/server/AyaNova/Controllers/WidgetController.cs b/server/AyaNova/Controllers/WidgetController.cs
index 3ad893f8..b92a5bee 100644
--- a/server/AyaNova/Controllers/WidgetController.cs
+++ b/server/AyaNova/Controllers/WidgetController.cs
@@ -96,14 +96,13 @@ namespace AyaNova.Api.Controllers
///
/// Get paged list of widgets
///
- /// Required roles: Any role
- ///
+ /// Required roles: Any
+ ///
///
/// Paged collection of widgets with paging data
[HttpGet("List", Name = nameof(List))]//We MUST have a "Name" defined or we can't get the link for the pagination, non paged urls don't need a name
public async Task List([FromQuery] PagingOptions pagingOptions)
{
-
if (serverState.IsClosed)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
@@ -150,11 +149,6 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
- if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Widget))
- {
- return StatusCode(401, new ApiNotAuthorizedResponse());
- }
-
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
@@ -500,5 +494,5 @@ namespace AyaNova.Api.Controllers
//------------
- }
-}
\ No newline at end of file
+ }//eoc
+}//eons
\ No newline at end of file
diff --git a/server/AyaNova/biz/UserBiz.cs b/server/AyaNova/biz/UserBiz.cs
index 2542db5e..1f93c48b 100644
--- a/server/AyaNova/biz/UserBiz.cs
+++ b/server/AyaNova/biz/UserBiz.cs
@@ -330,8 +330,98 @@ namespace AyaNova.Biz
//Can delete?
private void ValidateCanDelete(User inObj)
{
+ //TODO: Validate can delete a user
+ //TODO: handle all the related tables that require deletion
//whatever needs to be check to delete this object
+ /* V7 code related to this for reference
+
+ #region Direct delete
+ Criteria crit = (Criteria)Criteria;
+ if(crit.ID==User.AdministratorID || crit.ID==User.CurrentThreadUserID)
+ {
+ throw new System.Security.SecurityException(
+ string.Format(
+ LocalizedTextTable.GetLocalizedTextDirect("Error.Security.NotAuthorizedToDelete"),
+ LocalizedTextTable.GetLocalizedTextDirect("O.User")));
+ }
+
+ //CHANGE: 14-March-2006 reorganized this and added more items to delete so that a user can
+ //actually be deleted
+
+ //Delete user and child objects
+ DBCommandWrapper cmDeleteUser = DBUtil.GetCommandFromSQL("DELETE FROM aUser WHERE aID = @ID;");
+ cmDeleteUser.AddInParameter("@ID",DbType.Guid,crit.ID);
+
+ DBCommandWrapper cmDeleteUserCertificationAssigned = DBUtil.GetCommandFromSQL("DELETE FROM aUserCertificationAssigned WHERE aUserID = @ID;");
+ cmDeleteUserCertificationAssigned.AddInParameter("@ID",DbType.Guid,crit.ID);
+
+ DBCommandWrapper cmDeleteUserSkillAssigned = DBUtil.GetCommandFromSQL("DELETE FROM aUserSkillAssigned WHERE aUserID = @ID;");
+ cmDeleteUserSkillAssigned.AddInParameter("@ID",DbType.Guid,crit.ID);
+
+ DBCommandWrapper cmDeleteUserExplorerBarLayout = DBUtil.GetCommandFromSQL("DELETE FROM aUIExplorerBarLayout WHERE aUserID = @ID;");
+ cmDeleteUserExplorerBarLayout.AddInParameter("@ID",DbType.Guid,crit.ID);
+
+ DBCommandWrapper cmDeleteUserGridLayout = DBUtil.GetCommandFromSQL("DELETE FROM aUIGridLayout WHERE aUserID = @ID;");
+ cmDeleteUserGridLayout.AddInParameter("@ID",DbType.Guid,crit.ID);
+
+ DBCommandWrapper cmDeleteUserFormSetting = DBUtil.GetCommandFromSQL("DELETE FROM aUIUserFormSetting WHERE aUserID = @ID;");
+ cmDeleteUserFormSetting.AddInParameter("@ID",DbType.Guid,crit.ID);
+
+ DBCommandWrapper cmDeleteUserGridLastView = DBUtil.GetCommandFromSQL("DELETE FROM aUIUserGridLastView WHERE aUserID = @ID;");
+ cmDeleteUserGridLastView.AddInParameter("@ID", DbType.Guid, crit.ID);
+
+ DBCommandWrapper cmDeleteDeliveries = DBUtil.GetCommandFromSQL("DELETE FROM aNotifyDeliverySetting WHERE aUserID = @ID;");
+ cmDeleteDeliveries.AddInParameter("@ID", DbType.Guid, crit.ID);
+
+
+ using (IDbConnection connection = DBUtil.DB.GetConnection())
+ {
+ connection.Open();
+ IDbTransaction transaction = connection.BeginTransaction();
+
+ try
+ {
+ //Added: 16-Nov-2006 to clear out notification subscriptions when user
+ //is deleted
+ NotifySubscriptions.DeleteItems(crit.ID, transaction);
+
+ DBUtil.DB.ExecuteNonQuery(cmDeleteUserGridLastView, transaction);
+ DBUtil.DB.ExecuteNonQuery(cmDeleteUserGridLayout, transaction);
+ DBUtil.DB.ExecuteNonQuery(cmDeleteUserFormSetting, transaction);
+ DBUtil.DB.ExecuteNonQuery(cmDeleteUserExplorerBarLayout, transaction);
+ DBUtil.DB.ExecuteNonQuery(cmDeleteUserCertificationAssigned, transaction);
+ DBUtil.DB.ExecuteNonQuery(cmDeleteUserSkillAssigned, transaction);
+
+ //Added:16-Nov-2006
+ DBUtil.DB.ExecuteNonQuery(cmDeleteDeliveries, transaction);
+
+
+ DBUtil.DB.ExecuteNonQuery(cmDeleteUser, transaction);
+ DBUtil.RemoveKeywords(transaction,RootObjectTypes.User,crit.ID);
+ DBUtil.RemoveDocs(transaction,RootObjectTypes.User,crit.ID);
+
+ // Commit the transaction
+ transaction.Commit();
+
+ }
+ catch
+ {
+ // Rollback transaction
+ transaction.Rollback();
+ throw;
+ }
+ finally
+ {
+ connection.Close();
+ }
+ }
+
+
+ #endregion
+
+ */
+
}