From 077b9c76175a50504f05f4a7b67d6ef70ec5697b Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Tue, 4 Sep 2018 18:54:27 +0000 Subject: [PATCH] --- server/AyaNova/Controllers/UserController.cs | 109 +++--------------- .../AyaNova/Controllers/WidgetController.cs | 14 +-- server/AyaNova/biz/UserBiz.cs | 90 +++++++++++++++ 3 files changed, 109 insertions(+), 104 deletions(-) diff --git a/server/AyaNova/Controllers/UserController.cs b/server/AyaNova/Controllers/UserController.cs index f24f552b..6f3efa39 100644 --- a/server/AyaNova/Controllers/UserController.cs +++ b/server/AyaNova/Controllers/UserController.cs @@ -15,7 +15,7 @@ using AyaNova.Biz; namespace AyaNova.Api.Controllers { - + /// /// Sample controller class used during development for testing purposes /// @@ -50,7 +50,7 @@ namespace AyaNova.Api.Controllers /// Get User /// /// Required roles: - /// BizAdminFull, InventoryFull, BizAdminLimited, InventoryLimited, TechFull, TechLimited, Accounting + /// BizAdminFull, BizAdminLimited /// /// /// A single User @@ -93,8 +93,8 @@ namespace AyaNova.Api.Controllers /// /// Get paged list of Users /// - /// Required roles: - /// BizAdminFull, InventoryFull, BizAdminLimited, InventoryLimited, TechFull, TechLimited, Accounting + /// Required roles: + /// BizAdminFull, BizAdminLimited /// /// /// Paged collection of Users with paging data @@ -129,14 +129,13 @@ namespace AyaNova.Api.Controllers /// /// Get User pick list /// - /// Required roles: - /// BizAdminFull, InventoryFull, BizAdminLimited, InventoryLimited, TechFull, TechLimited, Accounting + /// Required roles: Any /// /// This list supports querying the Name property /// include a "q" parameter for string to search for /// use % for wildcards. /// - /// e.g. q=%Jones% + /// e.g. q=%ohn% /// /// Query is case insensitive /// @@ -149,11 +148,6 @@ namespace AyaNova.Api.Controllers return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); } - if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User)) - { - return StatusCode(401, new ApiNotAuthorizedResponse()); - } - if (!ModelState.IsValid) { return BadRequest(new ApiErrorResponse(ModelState)); @@ -171,8 +165,7 @@ namespace AyaNova.Api.Controllers /// Put (update) User /// /// Required roles: - /// BizAdminFull, InventoryFull - /// TechFull (owned only) + /// BizAdminFull /// /// /// @@ -243,8 +236,8 @@ namespace AyaNova.Api.Controllers /// Patch (update) User /// /// Required roles: - /// BizAdminFull, InventoryFull - /// TechFull (owned only) + /// BizAdminFull + /// /// /// /// @@ -253,8 +246,6 @@ namespace AyaNova.Api.Controllers [HttpPatch("{id}/{concurrencyToken}")] public async Task PatchUser([FromRoute] long id, [FromRoute] uint concurrencyToken, [FromBody]JsonPatchDocument objectPatch) { - //https://dotnetcoretutorials.com/2017/11/29/json-patch-asp-net-core/ - if (!serverState.IsOpen) { return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); @@ -316,7 +307,8 @@ namespace AyaNova.Api.Controllers /// Post User /// /// Required roles: - /// BizAdminFull, InventoryFull, TechFull + /// BizAdminFull + /// /// /// /// @@ -371,8 +363,7 @@ namespace AyaNova.Api.Controllers /// Delete User /// /// Required roles: - /// BizAdminFull, InventoryFull - /// TechFull (owned only) + /// BizAdminFull /// /// /// @@ -380,7 +371,6 @@ namespace AyaNova.Api.Controllers [HttpDelete("{id}")] public async Task DeleteUser([FromRoute] long id) { - if (!serverState.IsOpen) { return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); @@ -422,82 +412,13 @@ namespace AyaNova.Api.Controllers } - - private bool UserExists(long id) { return ct.User.Any(e => e.Id == id); } - - - /// - /// Get route that triggers exception for testing - /// - /// Nothing, triggers exception - [HttpGet("exception")] - public ActionResult GetException() - { - if (!serverState.IsOpen) - { - return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); - } - - if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User)) - { - return StatusCode(401, new ApiNotAuthorizedResponse()); - } - - throw new System.NotSupportedException("Test exception from User controller"); - } - - /// - /// Get route that triggers an alternate type of exception for testing - /// - /// Nothing, triggers exception - [HttpGet("altexception")] - public ActionResult GetAltException() - { - if (!serverState.IsOpen) - { - return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); - } - - if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User)) - { - return StatusCode(401, new ApiNotAuthorizedResponse()); - } - - throw new System.ArgumentException("Test exception (ALT) from User controller"); - } - - - /// - /// Get route that submits a long running operation job for testing - /// - /// Nothing - [HttpGet("TestUserJob")] - public ActionResult TestUserJob() - { - if (!serverState.IsOpen) - { - return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); - } - - if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.JobOperations)) - { - return StatusCode(401, new ApiNotAuthorizedResponse()); - } - - //Create the job here - OpsJob j = new OpsJob(); - j.Name = "TestUserJob"; - j.JobType = JobType.TestUserJob; - JobsBiz.AddJob(j, ct); - return Accepted(new { JobId = j.GId });//202 accepted - } + //------------ - - } -} \ No newline at end of file + }//eoc +}//eons \ No newline at end of file diff --git a/server/AyaNova/Controllers/WidgetController.cs b/server/AyaNova/Controllers/WidgetController.cs index 3ad893f8..b92a5bee 100644 --- a/server/AyaNova/Controllers/WidgetController.cs +++ b/server/AyaNova/Controllers/WidgetController.cs @@ -96,14 +96,13 @@ namespace AyaNova.Api.Controllers /// /// Get paged list of widgets /// - /// Required roles: Any role - /// + /// Required roles: Any + /// /// /// Paged collection of widgets with paging data [HttpGet("List", Name = nameof(List))]//We MUST have a "Name" defined or we can't get the link for the pagination, non paged urls don't need a name public async Task List([FromQuery] PagingOptions pagingOptions) { - if (serverState.IsClosed) { return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); @@ -150,11 +149,6 @@ namespace AyaNova.Api.Controllers return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); } - if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Widget)) - { - return StatusCode(401, new ApiNotAuthorizedResponse()); - } - if (!ModelState.IsValid) { return BadRequest(new ApiErrorResponse(ModelState)); @@ -500,5 +494,5 @@ namespace AyaNova.Api.Controllers //------------ - } -} \ No newline at end of file + }//eoc +}//eons \ No newline at end of file diff --git a/server/AyaNova/biz/UserBiz.cs b/server/AyaNova/biz/UserBiz.cs index 2542db5e..1f93c48b 100644 --- a/server/AyaNova/biz/UserBiz.cs +++ b/server/AyaNova/biz/UserBiz.cs @@ -330,8 +330,98 @@ namespace AyaNova.Biz //Can delete? private void ValidateCanDelete(User inObj) { + //TODO: Validate can delete a user + //TODO: handle all the related tables that require deletion //whatever needs to be check to delete this object + /* V7 code related to this for reference + + #region Direct delete + Criteria crit = (Criteria)Criteria; + if(crit.ID==User.AdministratorID || crit.ID==User.CurrentThreadUserID) + { + throw new System.Security.SecurityException( + string.Format( + LocalizedTextTable.GetLocalizedTextDirect("Error.Security.NotAuthorizedToDelete"), + LocalizedTextTable.GetLocalizedTextDirect("O.User"))); + } + + //CHANGE: 14-March-2006 reorganized this and added more items to delete so that a user can + //actually be deleted + + //Delete user and child objects + DBCommandWrapper cmDeleteUser = DBUtil.GetCommandFromSQL("DELETE FROM aUser WHERE aID = @ID;"); + cmDeleteUser.AddInParameter("@ID",DbType.Guid,crit.ID); + + DBCommandWrapper cmDeleteUserCertificationAssigned = DBUtil.GetCommandFromSQL("DELETE FROM aUserCertificationAssigned WHERE aUserID = @ID;"); + cmDeleteUserCertificationAssigned.AddInParameter("@ID",DbType.Guid,crit.ID); + + DBCommandWrapper cmDeleteUserSkillAssigned = DBUtil.GetCommandFromSQL("DELETE FROM aUserSkillAssigned WHERE aUserID = @ID;"); + cmDeleteUserSkillAssigned.AddInParameter("@ID",DbType.Guid,crit.ID); + + DBCommandWrapper cmDeleteUserExplorerBarLayout = DBUtil.GetCommandFromSQL("DELETE FROM aUIExplorerBarLayout WHERE aUserID = @ID;"); + cmDeleteUserExplorerBarLayout.AddInParameter("@ID",DbType.Guid,crit.ID); + + DBCommandWrapper cmDeleteUserGridLayout = DBUtil.GetCommandFromSQL("DELETE FROM aUIGridLayout WHERE aUserID = @ID;"); + cmDeleteUserGridLayout.AddInParameter("@ID",DbType.Guid,crit.ID); + + DBCommandWrapper cmDeleteUserFormSetting = DBUtil.GetCommandFromSQL("DELETE FROM aUIUserFormSetting WHERE aUserID = @ID;"); + cmDeleteUserFormSetting.AddInParameter("@ID",DbType.Guid,crit.ID); + + DBCommandWrapper cmDeleteUserGridLastView = DBUtil.GetCommandFromSQL("DELETE FROM aUIUserGridLastView WHERE aUserID = @ID;"); + cmDeleteUserGridLastView.AddInParameter("@ID", DbType.Guid, crit.ID); + + DBCommandWrapper cmDeleteDeliveries = DBUtil.GetCommandFromSQL("DELETE FROM aNotifyDeliverySetting WHERE aUserID = @ID;"); + cmDeleteDeliveries.AddInParameter("@ID", DbType.Guid, crit.ID); + + + using (IDbConnection connection = DBUtil.DB.GetConnection()) + { + connection.Open(); + IDbTransaction transaction = connection.BeginTransaction(); + + try + { + //Added: 16-Nov-2006 to clear out notification subscriptions when user + //is deleted + NotifySubscriptions.DeleteItems(crit.ID, transaction); + + DBUtil.DB.ExecuteNonQuery(cmDeleteUserGridLastView, transaction); + DBUtil.DB.ExecuteNonQuery(cmDeleteUserGridLayout, transaction); + DBUtil.DB.ExecuteNonQuery(cmDeleteUserFormSetting, transaction); + DBUtil.DB.ExecuteNonQuery(cmDeleteUserExplorerBarLayout, transaction); + DBUtil.DB.ExecuteNonQuery(cmDeleteUserCertificationAssigned, transaction); + DBUtil.DB.ExecuteNonQuery(cmDeleteUserSkillAssigned, transaction); + + //Added:16-Nov-2006 + DBUtil.DB.ExecuteNonQuery(cmDeleteDeliveries, transaction); + + + DBUtil.DB.ExecuteNonQuery(cmDeleteUser, transaction); + DBUtil.RemoveKeywords(transaction,RootObjectTypes.User,crit.ID); + DBUtil.RemoveDocs(transaction,RootObjectTypes.User,crit.ID); + + // Commit the transaction + transaction.Commit(); + + } + catch + { + // Rollback transaction + transaction.Rollback(); + throw; + } + finally + { + connection.Close(); + } + } + + + #endregion + + */ + }