From 1f59768b63db766282435ced36ef5af22eeec8b9 Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Thu, 3 Nov 2022 21:02:09 +0000 Subject: [PATCH] case 4232 --- server/AyaNova/biz/QuoteBiz.cs | 43 ++++++++++++++++++++++++++++------ 1 file changed, 36 insertions(+), 7 deletions(-) diff --git a/server/AyaNova/biz/QuoteBiz.cs b/server/AyaNova/biz/QuoteBiz.cs index 47f92380..8b51176d 100644 --- a/server/AyaNova/biz/QuoteBiz.cs +++ b/server/AyaNova/biz/QuoteBiz.cs @@ -9,6 +9,7 @@ using System.Linq; using System; using Newtonsoft.Json.Linq; using System.Collections.Generic; +using EnumsNET; namespace AyaNova.Biz { @@ -1130,14 +1131,38 @@ namespace AyaNova.Biz // internal async Task StateCreateAsync(QuoteState newObject) { - await StateValidateAsync(newObject, null); + await StatePreliminaryValidateCanAddAsync(newObject); if (HasErrors) return null; else { - await ct.QuoteState.AddAsync(newObject); + var quote = await ct.Quote.FirstOrDefaultAsync(x => x.Id == newObject.QuoteId); - var newStatusInfo = await ct.QuoteStatus.AsNoTracking().FirstOrDefaultAsync(x => x.Id == newObject.QuoteStatusId); + var NewStatusInfo = await ct.QuoteStatus.AsNoTracking().FirstOrDefaultAsync(x => x.Id == newObject.QuoteStatusId); + + QuoteStatus LastStatusInfo = null; + if (quote.LastStatusId != null) + LastStatusInfo = await ct.QuoteStatus.AsNoTracking().FirstOrDefaultAsync(x => x.Id == quote.LastStatusId); + + //Level 2 validation - Quote status RemoveRoles, SelectRoles and User roles + + //If we have a last role, can it be removed by this User? + if (LastStatusInfo != null && CurrentUserRoles.HasAnyFlags(LastStatusInfo.RemoveRoles) == false) + { + AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror", "LT:QuoteQuoteStatusType -> LT:RemoveRoles"); + return null; + } + //Can the new role be selected by this user? + if (CurrentUserRoles.HasAnyFlags(NewStatusInfo.SelectRoles) == false) + { + AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror", "LT:QuoteQuoteStatusType -> LT:SelectRoles"); + return null; + } + //Seems legit, we'll allow it + + + + await ct.QuoteState.AddAsync(newObject); quote.LastStatusId = newObject.QuoteStatusId; await ct.SaveChangesAsync(); newObject.NewQuoteConcurrency = quote.Concurrency; @@ -1217,8 +1242,13 @@ namespace AyaNova.Biz //////////////////////////////////////////////////////////////////////////////////////////////// //VALIDATION - // - private async Task StateValidateAsync(QuoteState proposedObj, QuoteState currentObj) + // + //NOTE: states are only ever *added* to a quote order when validation is called + //never deleted, there is deeper validation needed for states related to roles etc + //so this validation just does the preliminary check to see if a change of state is even possible + //before further processing inside the actual update code in the caller + // + private async Task StatePreliminaryValidateCanAddAsync(QuoteState proposedObj) { //of all restricted users, only a restricted tech can change status @@ -1228,8 +1258,7 @@ namespace AyaNova.Biz return; } - //run validation and biz rules - bool isNew = currentObj == null; + //does it have a valid quote id if (proposedObj.QuoteId == 0)