2018-09-04 18:54:27 +00:00
parent a0296e918d
commit 077b9c7617
3 changed files with 109 additions and 104 deletions
--- a/server/AyaNova/Controllers/UserController.cs
+++ b/server/AyaNova/Controllers/UserController.cs
@@ -50,7 +50,7 @@ namespace AyaNova.Api.Controllers
        /// Get User
        /// 
        /// Required roles:
-        /// BizAdminFull, InventoryFull, BizAdminLimited, InventoryLimited, TechFull, TechLimited, Accounting
+        /// BizAdminFull, BizAdminLimited
        /// </summary>
        /// <param name="id"></param>
        /// <returns>A single User</returns>
@@ -94,7 +94,7 @@ namespace AyaNova.Api.Controllers
        /// Get paged list of Users
        /// 
        /// Required roles: 
-        /// BizAdminFull, InventoryFull, BizAdminLimited, InventoryLimited, TechFull, TechLimited, Accounting
+        /// BizAdminFull, BizAdminLimited
        /// 
        /// </summary>
        /// <returns>Paged collection of Users with paging data</returns>            
@@ -129,14 +129,13 @@ namespace AyaNova.Api.Controllers
        /// <summary>
        /// Get User pick list
        /// 
-        /// Required roles:
+        /// Required roles: Any
        /// BizAdminFull, InventoryFull, BizAdminLimited, InventoryLimited, TechFull, TechLimited, Accounting
        /// 
        /// This list supports querying the Name property
        /// include a "q" parameter for string to search for 
        /// use % for wildcards.
        /// 
-        /// e.g. q=%Jones%
+        /// e.g. q=%ohn%
        /// 
        /// Query is case insensitive
        /// </summary>
@@ -149,11 +148,6 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
@@ -171,8 +165,7 @@ namespace AyaNova.Api.Controllers
        /// Put (update) User
        /// 
        /// Required roles:
-        /// BizAdminFull, InventoryFull
+        /// BizAdminFull
        /// TechFull (owned only)
        /// 
        /// </summary>
        /// <param name="id"></param>
@@ -243,8 +236,8 @@ namespace AyaNova.Api.Controllers
        /// Patch (update) User
        /// 
        /// Required roles:
-        /// BizAdminFull, InventoryFull
+        /// BizAdminFull
-        /// TechFull (owned only)
+        /// 
        /// </summary>
        /// <param name="id"></param>
        /// <param name="concurrencyToken"></param>
@@ -253,8 +246,6 @@ namespace AyaNova.Api.Controllers
        [HttpPatch("{id}/{concurrencyToken}")]
        public async Task<IActionResult> PatchUser([FromRoute] long id, [FromRoute] uint concurrencyToken, [FromBody]JsonPatchDocument<User> objectPatch)
        {
            //https://dotnetcoretutorials.com/2017/11/29/json-patch-asp-net-core/
            if (!serverState.IsOpen)
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
@@ -316,7 +307,8 @@ namespace AyaNova.Api.Controllers
        /// Post User
        /// 
        /// Required roles: 
-        /// BizAdminFull, InventoryFull, TechFull
+        /// BizAdminFull
        /// 
        /// </summary>
        /// <param name="inObj"></param>
        /// <returns></returns>
@@ -371,8 +363,7 @@ namespace AyaNova.Api.Controllers
        /// Delete User
        /// 
        /// Required roles:
-        /// BizAdminFull, InventoryFull
+        /// BizAdminFull
        /// TechFull (owned only)
        /// 
        /// </summary>
        /// <param name="id"></param>
@@ -380,7 +371,6 @@ namespace AyaNova.Api.Controllers
        [HttpDelete("{id}")]
        public async Task<IActionResult> DeleteUser([FromRoute] long id)
        {
            if (!serverState.IsOpen)
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
@@ -422,82 +412,13 @@ namespace AyaNova.Api.Controllers
        }
        private bool UserExists(long id)
        {
            return ct.User.Any(e => e.Id == id);
        }
        /// <summary>
        /// Get route that triggers exception for testing
        /// </summary>
        /// <returns>Nothing, triggers exception</returns>
        [HttpGet("exception")]
        public ActionResult GetException()
        {
            if (!serverState.IsOpen)
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
            throw new System.NotSupportedException("Test exception from User controller");
        }
        /// <summary>
        /// Get route that triggers an alternate type of exception for testing
        /// </summary>
        /// <returns>Nothing, triggers exception</returns>
        [HttpGet("altexception")]
        public ActionResult GetAltException()
        {
            if (!serverState.IsOpen)
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
            throw new System.ArgumentException("Test exception (ALT) from User controller");
        }
        /// <summary>
        /// Get route that submits a long running operation job for testing
        /// </summary>
        /// <returns>Nothing</returns>
        [HttpGet("TestUserJob")]
        public ActionResult TestUserJob()
        {
            if (!serverState.IsOpen)
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
            if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.JobOperations))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
            //Create the job here
            OpsJob j = new OpsJob();
            j.Name = "TestUserJob";
            j.JobType = JobType.TestUserJob;
            JobsBiz.AddJob(j, ct);
            return Accepted(new { JobId = j.GId });//202 accepted
        }
        //------------
-
+    }//eoc
-    }
+}//eons
 }
--- a/server/AyaNova/Controllers/WidgetController.cs
+++ b/server/AyaNova/Controllers/WidgetController.cs
@@ -96,14 +96,13 @@ namespace AyaNova.Api.Controllers
        /// <summary>
        /// Get paged list of widgets
        /// 
-        /// Required roles: Any role
+        /// Required roles: Any
        ///  
        /// </summary>
        /// <returns>Paged collection of widgets with paging data</returns>            
        [HttpGet("List", Name = nameof(List))]//We MUST have a "Name" defined or we can't get the link for the pagination, non paged urls don't need a name
        public async Task<IActionResult> List([FromQuery] PagingOptions pagingOptions)
        {
            if (serverState.IsClosed)
            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
@@ -150,11 +149,6 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
            }
            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Widget))
            {
                return StatusCode(401, new ApiNotAuthorizedResponse());
            }
            if (!ModelState.IsValid)
            {
                return BadRequest(new ApiErrorResponse(ModelState));
@@ -500,5 +494,5 @@ namespace AyaNova.Api.Controllers
        //------------
-    }
+    }//eoc
-}
+}//eons
--- a/server/AyaNova/biz/UserBiz.cs
+++ b/server/AyaNova/biz/UserBiz.cs
@@ -330,8 +330,98 @@ namespace AyaNova.Biz
        //Can delete?
        private void ValidateCanDelete(User inObj)
        {
            //TODO: Validate can delete a user
            //TODO: handle all the related tables that require deletion
            //whatever needs to be check to delete this object
            /* V7 code related to this for reference
            	#region Direct delete
 			Criteria crit = (Criteria)Criteria;
 			if(crit.ID==User.AdministratorID || crit.ID==User.CurrentThreadUserID)
 			{
 				throw new System.Security.SecurityException(
 					string.Format(
 					LocalizedTextTable.GetLocalizedTextDirect("Error.Security.NotAuthorizedToDelete"),
 					LocalizedTextTable.GetLocalizedTextDirect("O.User")));
 			}
 			//CHANGE: 14-March-2006  reorganized this and added more items to delete so that a user can 
 			//actually be deleted
 			//Delete user and child objects
 			DBCommandWrapper cmDeleteUser = DBUtil.GetCommandFromSQL("DELETE FROM aUser WHERE aID = @ID;");
 			cmDeleteUser.AddInParameter("@ID",DbType.Guid,crit.ID);
 			DBCommandWrapper cmDeleteUserCertificationAssigned = DBUtil.GetCommandFromSQL("DELETE FROM aUserCertificationAssigned WHERE aUserID = @ID;");
 			cmDeleteUserCertificationAssigned.AddInParameter("@ID",DbType.Guid,crit.ID);
 			DBCommandWrapper cmDeleteUserSkillAssigned = DBUtil.GetCommandFromSQL("DELETE FROM aUserSkillAssigned WHERE aUserID = @ID;");
 			cmDeleteUserSkillAssigned.AddInParameter("@ID",DbType.Guid,crit.ID);
 			DBCommandWrapper cmDeleteUserExplorerBarLayout = DBUtil.GetCommandFromSQL("DELETE FROM aUIExplorerBarLayout WHERE aUserID = @ID;");
 			cmDeleteUserExplorerBarLayout.AddInParameter("@ID",DbType.Guid,crit.ID);
 			DBCommandWrapper cmDeleteUserGridLayout = DBUtil.GetCommandFromSQL("DELETE FROM aUIGridLayout WHERE aUserID = @ID;");
 			cmDeleteUserGridLayout.AddInParameter("@ID",DbType.Guid,crit.ID);
 			DBCommandWrapper cmDeleteUserFormSetting = DBUtil.GetCommandFromSQL("DELETE FROM aUIUserFormSetting WHERE aUserID = @ID;");
 			cmDeleteUserFormSetting.AddInParameter("@ID",DbType.Guid,crit.ID);
            DBCommandWrapper cmDeleteUserGridLastView = DBUtil.GetCommandFromSQL("DELETE FROM aUIUserGridLastView WHERE aUserID = @ID;");
            cmDeleteUserGridLastView.AddInParameter("@ID", DbType.Guid, crit.ID);
            DBCommandWrapper cmDeleteDeliveries = DBUtil.GetCommandFromSQL("DELETE FROM aNotifyDeliverySetting WHERE aUserID = @ID;");
            cmDeleteDeliveries.AddInParameter("@ID", DbType.Guid, crit.ID);
 			using (IDbConnection connection = DBUtil.DB.GetConnection())
 			{
 				connection.Open();
 				IDbTransaction transaction = connection.BeginTransaction();
 				try
 				{
                    //Added: 16-Nov-2006 to clear out notification subscriptions when user 
                    //is deleted
                    NotifySubscriptions.DeleteItems(crit.ID, transaction);
                    DBUtil.DB.ExecuteNonQuery(cmDeleteUserGridLastView, transaction);
 					DBUtil.DB.ExecuteNonQuery(cmDeleteUserGridLayout, transaction);
 					DBUtil.DB.ExecuteNonQuery(cmDeleteUserFormSetting, transaction);
 					DBUtil.DB.ExecuteNonQuery(cmDeleteUserExplorerBarLayout, transaction);
 					DBUtil.DB.ExecuteNonQuery(cmDeleteUserCertificationAssigned, transaction);
 					DBUtil.DB.ExecuteNonQuery(cmDeleteUserSkillAssigned, transaction);
                    //Added:16-Nov-2006
                    DBUtil.DB.ExecuteNonQuery(cmDeleteDeliveries, transaction);
 					DBUtil.DB.ExecuteNonQuery(cmDeleteUser, transaction);
 					DBUtil.RemoveKeywords(transaction,RootObjectTypes.User,crit.ID);
 					DBUtil.RemoveDocs(transaction,RootObjectTypes.User,crit.ID);
 					// Commit the transaction
 					transaction.Commit();
 				}
 				catch
 				{
 					// Rollback transaction 
 					transaction.Rollback();
 					throw;
 				}
 				finally
 				{
 					connection.Close();
 				}
 			}
 			#endregion
             */
        }