diff --git a/server/AyaNova/biz/UserBiz.cs b/server/AyaNova/biz/UserBiz.cs index b1fd47f1..901d4514 100644 --- a/server/AyaNova/biz/UserBiz.cs +++ b/server/AyaNova/biz/UserBiz.cs @@ -203,39 +203,39 @@ namespace AyaNova.Biz //patch internal bool Patch(User dbObj, JsonPatchDocument objectPatch, uint concurrencyToken) { - TODO: turn this into a standard callable method for use with all objects + // TODO: turn this into a standard callable method for use with all objects //should accept a list of not changeable properties and not allowed operations with //a standard version that just works with most objects //Then replicate this to widget and anything else with a patch ability //also this might remove the need for the salt and password trickery below? //Then update all the tests for all patches in integration tests to test for this - //check for in-valid patches - if (objectPatch.Operations.Any(m => m.path == "/id")) - { - AddError(ValidationErrorType.NotChangeable, "Id"); - return false; - } + // //check for in-valid patches + // if (objectPatch.Operations.Any(m => m.path == "/id")) + // { + // AddError(ValidationErrorType.NotChangeable, "Id"); + // return false; + // } - if (objectPatch.Operations.Any(m => m.path == "/ownerid")) - { - AddError(ValidationErrorType.NotChangeable, "OwnerId"); - return false; - } + // if (objectPatch.Operations.Any(m => m.path == "/ownerid")) + // { + // AddError(ValidationErrorType.NotChangeable, "OwnerId"); + // return false; + // } - if (objectPatch.Operations.Any(m => m.op == "add")) - { - AddError(ValidationErrorType.InvalidOperation, "add"); - return false; - } - - if (objectPatch.Operations.Any(m => m.op == "remove")) - { - AddError(ValidationErrorType.InvalidOperation, "remove"); - return false; - } + // if (objectPatch.Operations.Any(m => m.op == "add")) + // { + // AddError(ValidationErrorType.InvalidOperation, "add"); + // return false; + // } + // if (objectPatch.Operations.Any(m => m.op == "remove")) + // { + // AddError(ValidationErrorType.InvalidOperation, "remove"); + // return false; + // } + if(!ValidateJsonPatch.Validate(this,objectPatch)) return false; //make a snapshot of the original for validation but update the original to preserve workflow User snapshotObj = new User(); diff --git a/server/AyaNova/biz/ValidateJsonPatch.cs b/server/AyaNova/biz/ValidateJsonPatch.cs new file mode 100644 index 00000000..f183b49f --- /dev/null +++ b/server/AyaNova/biz/ValidateJsonPatch.cs @@ -0,0 +1,58 @@ +using System.Linq; +using System.Threading.Tasks; +using Microsoft.EntityFrameworkCore; +using Microsoft.AspNetCore.Mvc; +using Microsoft.AspNetCore.JsonPatch; +using EnumsNET; +using AyaNova.Util; +using AyaNova.Api.ControllerHelpers; +using AyaNova.Biz; +using AyaNova.Models; +using Newtonsoft.Json.Linq; +using System; +using System.Collections.Generic; + +namespace AyaNova.Biz +{ + + + internal static class ValidateJsonPatch where T : class + { + + internal static bool Validate(BizObject biz, JsonPatchDocument objectPatch) + { + bool IsValid = true; + + //check for in-valid patches + if (objectPatch.Operations.Any(m => m.path == "/id")) + { + biz.AddError(ValidationErrorType.NotChangeable, "Id"); + IsValid = false; + } + + if (objectPatch.Operations.Any(m => m.path == "/ownerid")) + { + biz.AddError(ValidationErrorType.NotChangeable, "OwnerId"); + IsValid = false; + } + + if (objectPatch.Operations.Any(m => m.op == "add")) + { + biz.AddError(ValidationErrorType.InvalidOperation, "add"); + IsValid = false; + } + + if (objectPatch.Operations.Any(m => m.op == "remove")) + { + biz.AddError(ValidationErrorType.InvalidOperation, "remove"); + IsValid = false; + } + + return IsValid; + } + + + + }//eoc + +}//eons \ No newline at end of file