admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2018-08-24 17:05:33 +00:00
parent 871182ebdb
commit 33626df512
8 changed files with 70 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
server/AyaNova/Controllers/AttachmentController.cs
View File

@@ -59,7 +59,7 @@ namespace AyaNova.Api.Controllers
//TODO: Centralize this code somewhere else, it's going to be needed for backup as well
//consider the 1 hour thing, is this legit depending on client?
@@ -224,18 +224,23 @@ namespace AyaNova.Api.Controllers
return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_INVALID_VALUE, null, errorMessage));
}
long UserId = UserIdFromContext.Id(HttpContext.Items);
//We have our files and a confirmed AyObject, ready to attach and save permanently
if (uploadFormData.UploadedFiles.Count > 0)
{
foreach (UploadedFileInfo a in uploadFormData.UploadedFiles)
{
var v = FileUtil.storeFileAttachment(a.InitialUploadedPathName, a.MimeType, a.OriginalFileName, UserIdFromContext.Id(HttpContext.Items), attachToObject, ct);
var v = FileUtil.storeFileAttachment(a.InitialUploadedPathName, a.MimeType, a.OriginalFileName, UserId, attachToObject, ct);
returnList.Add(new NameIdItem()
{
Name = v.DisplayFileName,
Id = v.Id
});
//Log
EventLogProcessor.AddEntry(new Event(UserId, attachToObject.ObjectId, attachToObject.ObjectType, AyaEvent.AttachmentCreate, v.DisplayFileName), ct);
}
}
}
@@ -289,6 +294,7 @@ namespace AyaNova.Api.Controllers
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
long UserId = UserIdFromContext.Id(HttpContext.Items);
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, dbObj.AttachToObjectType, dbObj.OwnerId))
{
@@ -299,6 +305,9 @@ namespace AyaNova.Api.Controllers
//this handles removing the file if there are no refs left and also the db record for the attachment
FileUtil.deleteFileAttachment(dbObj, ct);
//Log
EventLogProcessor.AddEntry(new Event(UserId, dbObj.AttachToObjectId, dbObj.AttachToObjectType, AyaEvent.AttachmentDelete, dbObj.DisplayFileName), ct);
return NoContent();
}
@@ -339,8 +348,8 @@ namespace AyaNova.Api.Controllers
}
//Make sure the token provided is for the current user
long lAuthenticatedUserId = UserIdFromContext.Id(HttpContext.Items);
if (lAuthenticatedUserId != dlkeyUser.Id)
long UserId = UserIdFromContext.Id(HttpContext.Items);
if (UserId != dlkeyUser.Id)
{
return BadRequest(new ApiErrorResponse(ApiErrorCode.NOT_AUTHORIZED, "dlkey", "Download token not valid"));
}
@@ -375,6 +384,9 @@ namespace AyaNova.Api.Controllers
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND, null, $"Physical file {dbObj.StoredFileName} not found despite attachment record, this file is missing"));
}
//Log
EventLogProcessor.AddEntry(new Event(UserId, dbObj.AttachToObjectId, dbObj.AttachToObjectType, AyaEvent.AttachmentDownload, dbObj.DisplayFileName), ct);
return PhysicalFile(filePath, mimetype, dbObj.DisplayFileName);
}