admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2020-05-07 16:07:44 +00:00
parent 13c8b99b7b
commit 40093ec403
2 changed files with 195 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
devdocs/todo.txt
View File

@@ -13,7 +13,12 @@
todo: check attachment NOTES property is actually supported
- case https://rockfish.ayanova.com/default.htm#!/rfcaseEdit/2029
//todo: search tables in schema, I think there is a missing index here, need to look at the search query section again as it was changed several times from the original schema creation
todo: search tables in schema, I think there is a missing index here, need to look at the search query section again as it was changed several times from the original schema creation
todo: Routes should check rights *BEFORE* they fetch the object, not after, all routes affected
i.e. delete route instantiates biz object, then it fetchs object from db *then* it checks if they have rights to delete (generically, not specific to that object)
This is out of order as it triggers a db call even if they have no rights to do it
todo: log failed
- Download attempts with wrong key

189
server/AyaNova/Controllers/WorkOrderController.cs
View File

@@ -269,6 +269,195 @@ namespace AyaNova.Api.Controllers
//WorkOrder/{woid}/WorkorderItems <- all workorderitems, post to add new, put to update all as a collection
//WorkOrder/{woid}/WorkOrderItems/{woitemid} <- CRUD single woitemid
// /// <summary>
// /// Get full WorkOrder object
// /// </summary>
// /// <param name="id"></param>
// /// <returns>A single WorkOrder</returns>
// [HttpGet("{id}")]
// public async Task<IActionResult> GetWorkOrder([FromRoute] long id)
// {
// if (!serverState.IsOpen)
// return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
// //Instantiate the business object handler
// WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
// //NOTE: This is the first check and often the only check but in some cases with some objects this will also need to check biz object rules
// if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
// return StatusCode(403, new ApiNotAuthorizedResponse());
// if (!ModelState.IsValid)
// return BadRequest(new ApiErrorResponse(ModelState));
// var o = await biz.GetAsync(id);
// if (o == null)
// return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
// // NOTE: HERE would be the second check of biz rules before returning the object
// // in cases where there is also a business rule to affect retrieval on top of basic rights
// return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
// }
// //TODO: GET BY RELATIVE
// //get by descendent type and id
// /// <summary>
// /// Put (update) WorkOrder
// /// </summary>
// /// <param name="id"></param>
// /// <param name="inObj"></param>
// /// <returns></returns>
// [HttpPut("{id}")]
// public async Task<IActionResult> PutWorkOrder([FromRoute] long id, [FromBody] WorkOrder inObj)
// {
// if (!serverState.IsOpen)
// return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
// if (!ModelState.IsValid)
// return BadRequest(new ApiErrorResponse(ModelState));
// //Instantiate the business object handler
// WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
// var o = await biz.GetAsync(id, false);
// if (o == null)
// return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
// if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
// return StatusCode(403, new ApiNotAuthorizedResponse());
// try
// {
// if (!await biz.PutAsync(o, inObj))
// return BadRequest(new ApiErrorResponse(biz.Errors));
// }
// catch (DbUpdateConcurrencyException)
// {
// if (!await biz.ExistsAsync(id))
// return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
// else
// return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
// }
// return Ok(ApiOkResponse.Response(new { ConcurrencyToken = o.ConcurrencyToken }, true));
// }
// /// <summary>
// /// Post Workorder
// /// </summary>
// /// <param name="inObj"></param>
// /// <param name="apiVersion">Automatically filled from route path, no need to specify in body</param>
// /// <returns></returns>
// [HttpPost]
// public async Task<IActionResult> PostWorkOrder([FromBody] WorkOrder inObj, ApiVersion apiVersion)
// {
// if (!serverState.IsOpen)
// return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
// //Instantiate the business object handler
// WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
// //If a user has change roles
// if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
// return StatusCode(403, new ApiNotAuthorizedResponse());
// if (!ModelState.IsValid)
// return BadRequest(new ApiErrorResponse(ModelState));
// //Create and validate
// WorkOrder o = await biz.CreateAsync(inObj);
// if (o == null)
// return BadRequest(new ApiErrorResponse(biz.Errors));
// else
// return CreatedAtAction(nameof(WorkOrderController.GetWorkOrder), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
// }
/// <summary>
/// Delete WorkOrderItems
/// </summary>
/// <param name="workOrderId"></param>
/// <returns>Ok</returns>
[HttpDelete("{WorkOrderId}/WorkorderItems/")]
public async Task<IActionResult> DeleteWorkOrderItems([FromRoute] long workOrderId)
{
////WorkOrder/{woid}/WorkorderItems <- all workorderitems, post to add new, put to update all as a collection
///WorkOrder/{WorkOrderId}/WorkorderItems
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
//Instantiate the business object handler
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
var o = await biz.GetAsync(workOrderId, false);
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
//stubbed out for now just to see routes
// if (!await biz.DeleteItemsAsync(o))
// return BadRequest(new ApiErrorResponse(biz.Errors));
return NoContent();
}
/// <summary>
/// Delete WorkOrderItems
/// </summary>
/// <param name="workOrderId"></param>
/// <param name="workOrderItemId"></param>
/// <returns>Ok</returns>
[HttpDelete("{WorkOrderId}/WorkorderItems/{WorkOrderItemId}")]
public async Task<IActionResult> DeleteWorkOrderItem([FromRoute] long workOrderId, [FromRoute] long workOrderItemId)
{
////WorkOrder/{woid}/WorkorderItems <- all workorderitems, post to add new, put to update all as a collection
///WorkOrder/{WorkOrderId}/WorkorderItems
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
//Instantiate the business object handler
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
var o = await biz.GetAsync(workOrderId, false);
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
//stubbed out for now just to see routes
// if (!await biz.DeleteItemsAsync(o))
// return BadRequest(new ApiErrorResponse(biz.Errors));
return NoContent();
}
#endregion workorderitem