server/AyaNova/biz/UserBiz.cs

@@ -203,6 +203,33 @@ namespace AyaNova.Biz
         //patch
         internal bool Patch(User dbObj, JsonPatchDocument<User> objectPatch, uint concurrencyToken)
         {
+            //check for in-valid patches
+            if (objectPatch.Operations.Any(m => m.path == "/id"))
+            {
+                AddError(ValidationErrorType.NotChangeable, "Id");
+                return false;
+            }
+
+            if (objectPatch.Operations.Any(m => m.path == "/ownerid"))
+            {
+                AddError(ValidationErrorType.NotChangeable, "OwnerId");
+                return false;
+            }
+
+            if (objectPatch.Operations.Any(m => m.op == "add"))
+            {
+                AddError(ValidationErrorType.InvalidOperation, "add");
+                return false;
+            }
+
+            if (objectPatch.Operations.Any(m => m.op == "remove"))
+            {
+                AddError(ValidationErrorType.InvalidOperation, "remove");
+                return false;
+            }
+
+
+
             //make a snapshot of the original for validation but update the original to preserve workflow           
             User snapshotObj = new User();
             CopyObject.Copy(dbObj, snapshotObj);

server/AyaNova/biz/UserOptionsBiz.cs

@@ -0,0 +1,120 @@
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.JsonPatch;
+using EnumsNET;
+using AyaNova.Util;
+using AyaNova.Api.ControllerHelpers;
+using AyaNova.Biz;
+using AyaNova.Models;
+
+
+namespace AyaNova.Biz
+{
+
+
+    internal class UserOptionsBiz : BizObject
+    {
+        private readonly AyContext ct;
+        public readonly long userId;
+        private readonly AuthorizationRoles userRoles;
+
+
+        internal UserOptionsBiz(AyContext dbcontext, long currentUserId, AuthorizationRoles UserRoles)
+        {
+            ct = dbcontext;
+            userId = currentUserId;
+            userRoles = UserRoles;
+        }
+
+
+        ////////////////////////////////////////////////////////////////////////////////////////////////
+        /// GET
+
+        //Get one
+        internal async Task<UserOptions> GetAsync(long fetchId)
+        {
+            //This is simple so nothing more here, but often will be copying to a different output object or some other ops
+            return await ct.UserOptions.SingleOrDefaultAsync(m => m.Id == fetchId);
+        }
+
+
+        ////////////////////////////////////////////////////////////////////////////////////////////////
+        //UPDATE
+        //
+
+        //put
+        internal bool Put(UserOptions dbObj, UserOptions inObj)
+        {
+
+            //Replace the db object with the PUT object
+            CopyObject.Copy(inObj, dbObj, "Id");
+            //Set "original" value of concurrency token to input token
+            //this will allow EF to check it out
+            ct.Entry(dbObj).OriginalValues["ConcurrencyToken"] = inObj.ConcurrencyToken;
+
+            Validate(dbObj);
+            if (HasErrors)
+                return false;
+
+            return true;
+        }
+
+        //patch
+        internal bool Patch(UserOptions dbObj, JsonPatchDocument<UserOptions> objectPatch, uint concurrencyToken)
+        {
+            //check for in-valid patches
+           if(objectPatch.Operations.Any(m=>m.path=="Id"))
+           {
+               AddError(ValidationErrorType.InvalidOperation,"Id");
+               return false;
+           }
+             
+            //Do the patching
+            objectPatch.ApplyTo(dbObj);
+          
+        
+            ct.Entry(dbObj).OriginalValues["ConcurrencyToken"] = concurrencyToken;
+            Validate(dbObj);
+            if (HasErrors)
+                return false;
+
+            return true;
+        }
+
+
+
+
+        ////////////////////////////////////////////////////////////////////////////////////////////////
+        //VALIDATION
+        //
+
+        //Can save or update?
+        private void Validate(UserOptions inObj)
+        {
+            //UserOptions is never new, it's created with the User object so were only here for an edit
+
+
+            //OwnerId required
+            if (inObj.OwnerId == 0)
+                AddError(ValidationErrorType.RequiredPropertyEmpty, "OwnerId");
+
+             //OwnerId required
+            if (inObj.UserId == 0)
+                AddError(ValidationErrorType.RequiredPropertyEmpty, "UserId");
+
+            //LOOKAT:Validate email address is legitimate (I put the EMailAddress attribute on the field in the model so I think it might validate)
+
+            return;
+        }
+
+
+
+        /////////////////////////////////////////////////////////////////////
+
+    }//eoc
+
+
+}//eons
+

server/AyaNova/biz/ValidationErrorType.cs

@@ -9,7 +9,8 @@ namespace AyaNova.Biz
         StartDateMustComeBeforeEndDate = 4,
         InvalidValue = 5,
         ReferentialIntegrity = 6, 
-        InvalidOperation = 7
+        InvalidOperation = 7,
+        NotChangeable=8
 
         //!! NOTE - UPDATE api-validation-error-codes.md documentation when adding items
 

server/AyaNova/models/AyContext.cs

@@ -82,7 +82,8 @@ namespace AyaNova.Models
             modelBuilder.Entity<User>()
                        .HasOne(p => p.UserOptions)
                        .WithOne(i => i.User)
-                       .HasForeignKey<UserOptions>(b => b.UserId);
+                       .HasForeignKey<UserOptions>(b => b.UserId)
+                       .OnDelete(DeleteBehavior.Cascade);//Hopefully will delete the useroptions with the user?
 
 
             //-----------

server/AyaNova/models/UserOptions.cs

@@ -14,6 +14,7 @@ namespace AyaNova.Models
         public long OwnerId { get; set; }
 
         //-------------
+        [EmailAddress]
         public string EmailAddress { get; set; }
         public decimal TimeZoneOffset { get; set; }
         public int UiColor { get; set; }