admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2018-09-06 15:28:41 +00:00
parent df0b8e53b4
commit 3b7c0d9e5a
2 changed files with 81 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

46
server/AyaNova/biz/UserBiz.cs
View File

@@ -203,39 +203,39 @@ namespace AyaNova.Biz
//patch
internal bool Patch(User dbObj, JsonPatchDocument<User> objectPatch, uint concurrencyToken)
{
TODO: turn this into a standard callable method for use with all objects
// TODO: turn this into a standard callable method for use with all objects
//should accept a list of not changeable properties and not allowed operations with
//a standard version that just works with most objects
//Then replicate this to widget and anything else with a patch ability
//also this might remove the need for the salt and password trickery below?
//Then update all the tests for all patches in integration tests to test for this
//check for in-valid patches
if (objectPatch.Operations.Any(m => m.path == "/id"))
{
AddError(ValidationErrorType.NotChangeable, "Id");
return false;
}
// //check for in-valid patches
// if (objectPatch.Operations.Any(m => m.path == "/id"))
// {
// AddError(ValidationErrorType.NotChangeable, "Id");
// return false;
// }
if (objectPatch.Operations.Any(m => m.path == "/ownerid"))
{
AddError(ValidationErrorType.NotChangeable, "OwnerId");
return false;
}
// if (objectPatch.Operations.Any(m => m.path == "/ownerid"))
// {
// AddError(ValidationErrorType.NotChangeable, "OwnerId");
// return false;
// }
if (objectPatch.Operations.Any(m => m.op == "add"))
{
AddError(ValidationErrorType.InvalidOperation, "add");
return false;
}
if (objectPatch.Operations.Any(m => m.op == "remove"))
{
AddError(ValidationErrorType.InvalidOperation, "remove");
return false;
}
// if (objectPatch.Operations.Any(m => m.op == "add"))
// {
// AddError(ValidationErrorType.InvalidOperation, "add");
// return false;
// }
// if (objectPatch.Operations.Any(m => m.op == "remove"))
// {
// AddError(ValidationErrorType.InvalidOperation, "remove");
// return false;
// }
if(!ValidateJsonPatch<User>.Validate(this,objectPatch)) return false;
//make a snapshot of the original for validation but update the original to preserve workflow
User snapshotObj = new User();

58
server/AyaNova/biz/ValidateJsonPatch.cs Normal file
View File

@@ -0,0 +1,58 @@
using System.Linq;
using System.Threading.Tasks;
using Microsoft.EntityFrameworkCore;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.JsonPatch;
using EnumsNET;
using AyaNova.Util;
using AyaNova.Api.ControllerHelpers;
using AyaNova.Biz;
using AyaNova.Models;
using Newtonsoft.Json.Linq;
using System;
using System.Collections.Generic;
namespace AyaNova.Biz
{
internal static class ValidateJsonPatch<T> where T : class
{
internal static bool Validate(BizObject biz, JsonPatchDocument<T> objectPatch)
{
bool IsValid = true;
//check for in-valid patches
if (objectPatch.Operations.Any(m => m.path == "/id"))
{
biz.AddError(ValidationErrorType.NotChangeable, "Id");
IsValid = false;
}
if (objectPatch.Operations.Any(m => m.path == "/ownerid"))
{
biz.AddError(ValidationErrorType.NotChangeable, "OwnerId");
IsValid = false;
}
if (objectPatch.Operations.Any(m => m.op == "add"))
{
biz.AddError(ValidationErrorType.InvalidOperation, "add");
IsValid = false;
}
if (objectPatch.Operations.Any(m => m.op == "remove"))
{
biz.AddError(ValidationErrorType.InvalidOperation, "remove");
IsValid = false;
}
return IsValid;
}
}//eoc
}//eons