From 2d444e111675ed84df592108b06003f3b4145d21 Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Fri, 11 Dec 2020 23:54:12 +0000 Subject: [PATCH] --- server/AyaNova/Controllers/MemoController.cs | 162 +++++++++++++++++++ server/AyaNova/biz/MemoBiz.cs | 30 +++- 2 files changed, 187 insertions(+), 5 deletions(-) create mode 100644 server/AyaNova/Controllers/MemoController.cs diff --git a/server/AyaNova/Controllers/MemoController.cs b/server/AyaNova/Controllers/MemoController.cs new file mode 100644 index 00000000..8b74931f --- /dev/null +++ b/server/AyaNova/Controllers/MemoController.cs @@ -0,0 +1,162 @@ +using System.Threading.Tasks; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Mvc; +using Microsoft.AspNetCore.Routing; +using Microsoft.AspNetCore.Authorization; +using Microsoft.Extensions.Logging; +using AyaNova.Models; +using AyaNova.Api.ControllerHelpers; +using AyaNova.Biz; + + +namespace AyaNova.Api.Controllers +{ + [ApiController] + [ApiVersion("8.0")] + [Route("api/v{version:apiVersion}/memo")] + [Produces("application/json")] + [Authorize] + public class MemoController : ControllerBase + { + private readonly AyContext ct; + private readonly ILogger log; + private readonly ApiServerState serverState; + + /// + /// ctor + /// + /// + /// + /// + public MemoController(AyContext dbcontext, ILogger logger, ApiServerState apiServerState) + { + ct = dbcontext; + log = logger; + serverState = apiServerState; + } + + /// + /// Create Memo + /// + /// + /// From route path + /// + [HttpPost] + public async Task PostMemo([FromBody] Memo newObject, ApiVersion apiVersion) + { + if (!serverState.IsOpen) + return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + MemoBiz biz = MemoBiz.GetBiz(ct, HttpContext); + if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType)) + return StatusCode(403, new ApiNotAuthorizedResponse()); + if (!ModelState.IsValid) + return BadRequest(new ApiErrorResponse(ModelState)); + Memo o = await biz.CreateAsync(newObject); + if (o == null) + return BadRequest(new ApiErrorResponse(biz.Errors)); + else + return CreatedAtAction(nameof(MemoController.GetMemo), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o)); + } + + + //NO DUPLICATING MEMOS + // /// + // /// Duplicate Memo + // /// (Wiki and Attachments are not duplicated) + // /// + // /// Source object id + // /// From route path + // /// Memo + // [HttpPost("duplicate/{id}")] + // public async Task DuplicateMemo([FromRoute] long id, ApiVersion apiVersion) + // { + // if (!serverState.IsOpen) + // return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + // MemoBiz biz = MemoBiz.GetBiz(ct, HttpContext); + // if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType)) + // return StatusCode(403, new ApiNotAuthorizedResponse()); + // if (!ModelState.IsValid) + // return BadRequest(new ApiErrorResponse(ModelState)); + // Memo o = await biz.DuplicateAsync(id); + // if (o == null) + // return BadRequest(new ApiErrorResponse(biz.Errors)); + // else + // return CreatedAtAction(nameof(MemoController.GetMemo), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o)); + // } + + /// + /// Get Memo + /// + /// + /// Memo + [HttpGet("{id}")] + public async Task GetMemo([FromRoute] long id) + { + if (!serverState.IsOpen) + return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + MemoBiz biz = MemoBiz.GetBiz(ct, HttpContext); + if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType)) + return StatusCode(403, new ApiNotAuthorizedResponse()); + if (!ModelState.IsValid) + return BadRequest(new ApiErrorResponse(ModelState)); + var o = await biz.GetAsync(id); + if (o == null) return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); + return Ok(ApiOkResponse.Response(o)); + } + + //NO UPDATING MEMOS + // /// + // /// Put (update) Memo + // /// + // /// + // /// + // [HttpPut] + // public async Task PutMemo([FromBody] Memo updatedObject) + // { + // if (!serverState.IsOpen) + // return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + // if (!ModelState.IsValid) + // return BadRequest(new ApiErrorResponse(ModelState)); + // MemoBiz biz = MemoBiz.GetBiz(ct, HttpContext); + // if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType)) + // return StatusCode(403, new ApiNotAuthorizedResponse()); + // var o = await biz.PutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token + // if (o == null) + // { + // if (biz.Errors.Exists(z => z.Code == ApiErrorCode.CONCURRENCY_CONFLICT)) + // return StatusCode(409, new ApiErrorResponse(biz.Errors)); + // else + // return BadRequest(new ApiErrorResponse(biz.Errors)); + // } + // return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }));; + // } + + /// + /// Delete Memo + /// + /// + /// NoContent + [HttpDelete("{id}")] + public async Task DeleteMemo([FromRoute] long id) + { + if (!serverState.IsOpen) + return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + if (!ModelState.IsValid) + return BadRequest(new ApiErrorResponse(ModelState)); + MemoBiz biz = MemoBiz.GetBiz(ct, HttpContext); + if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType)) + return StatusCode(403, new ApiNotAuthorizedResponse()); + if (!await biz.DeleteAsync(id)) + return BadRequest(new ApiErrorResponse(biz.Errors)); + return NoContent(); + } + + + + + + //------------ + + + }//eoc +}//eons \ No newline at end of file diff --git a/server/AyaNova/biz/MemoBiz.cs b/server/AyaNova/biz/MemoBiz.cs index 97bcdb96..76cb164e 100644 --- a/server/AyaNova/biz/MemoBiz.cs +++ b/server/AyaNova/biz/MemoBiz.cs @@ -42,7 +42,8 @@ namespace AyaNova.Biz // internal async Task CreateAsync(Memo newObject) { - await ValidateAsync(newObject, null); + + await ValidateAsync(newObject);//a bit different, can't update a memo so only need to worry about new objects if (HasErrors) return null; else @@ -103,8 +104,11 @@ namespace AyaNova.Biz return ret; } + + //////////////////////////////////////////////////////////////////////////////////////////////// - //UPDATE + //UPDATE - ## NOTE: only internally, not exposed to controller route only here for batch ops + // // internal async Task PutAsync(Memo putObject) { @@ -120,7 +124,7 @@ namespace AyaNova.Biz dbObject.Tags = TagBiz.NormalizeTags(dbObject.Tags); dbObject.CustomFields = JsonUtil.CompactJson(dbObject.CustomFields); ct.Entry(dbObject).OriginalValues["Concurrency"] = putObject.Concurrency; - await ValidateAsync(dbObject, SnapshotOfOriginalDBObj); + await ValidateAsync(dbObject); if (HasErrors) return null; try { @@ -208,10 +212,25 @@ namespace AyaNova.Biz //VALIDATION // - private async Task ValidateAsync(Memo proposedObj, Memo currentObj) + private async Task ValidateAsync(Memo proposedObj) { - bool isNew = currentObj == null; + //skip validation if seeding + if (ServerBootConfig.SEEDING) return; + + //Only can send a memo from your own account or alternatively as the SuperUser account due to v7Import or other import tasks + if (proposedObj.FromId != UserId && proposedObj.FromId != 1) + { + AddError(ApiErrorCode.NOT_AUTHORIZED, "FromId", "No impersonation"); + return;//no need to bother with any other validation, this is not allowed + } + + //valid TO ID? + if (!await ct.User.AnyAsync(m => m.Id == proposedObj.ToId)) + { + AddError(ApiErrorCode.VALIDATION_INVALID_VALUE, "ToId"); + return;//no need to bother with any other validation + } //Name ("subject") is still required for a memo, empty subject not valid //also, subject was required by biz rule in v7 so no need to worry about that on migrate @@ -219,6 +238,7 @@ namespace AyaNova.Biz AddError(ApiErrorCode.VALIDATION_REQUIRED, "Name"); + //Name does *NOT* need to be unique because for memo it's actually the subject line //just kept internal naming the same to make coding easier with less workarounds