admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2021-02-11 22:24:05 +00:00
parent 0843e24bc5
commit 498759f93c
1 changed files with 27 additions and 31 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
server/AyaNova/biz/UserBiz.cs
View File

@@ -279,7 +279,8 @@ namespace AyaNova.Biz
// // // //
// internal async Task<User> PutAsync(User putObject) // internal async Task<User> PutAsync(User putObject)
// { // {
// User dbObject = await ct.User.SingleOrDefaultAsync(z => z.Id == putObject.Id); // //todo: update to use the new PUT methodology
// var dbObject = await GetAsync(putObject.Id, false);
// if (dbObject == null) // if (dbObject == null)
// { // {
// AddError(ApiErrorCode.NOT_FOUND, "id"); // AddError(ApiErrorCode.NOT_FOUND, "id");
@@ -359,13 +360,17 @@ namespace AyaNova.Biz
// //
internal async Task<User> PutAsync(User putObject) internal async Task<User> PutAsync(User putObject)
{ {
//todo: update to use the new PUT methodology
var dbObject = await GetAsync(putObject.Id, false); var dbObject = await GetAsync(putObject.Id, false);
if (dbObject == null) if (dbObject == null)
{ {
AddError(ApiErrorCode.NOT_FOUND, "id"); AddError(ApiErrorCode.NOT_FOUND, "id");
return null; return null;
} }
if (dbObject.Concurrency != putObject.Concurrency)
{
AddError(ApiErrorCode.CONCURRENCY_CONFLICT);
return null;
}
//Also used for Contacts (customer type user or ho type user) //Also used for Contacts (customer type user or ho type user)
//by users with no User right but with Customer rights so need to double check here //by users with no User right but with Customer rights so need to double check here
if ( if (
@@ -377,42 +382,33 @@ namespace AyaNova.Biz
return null; return null;
} }
putObject.Tags = TagBiz.NormalizeTags(putObject.Tags);
User SnapshotOfOriginalDBObj = new User(); putObject.CustomFields = JsonUtil.CompactJson(putObject.CustomFields);
CopyObject.Copy(dbObject, SnapshotOfOriginalDBObj); await ValidateAsync(putObject, dbObject);
CopyObject.Copy(putObject, dbObject, "Id, Salt, CurrentAuthToken, LoginKey, DlKey, DlKeyExpire"); if (HasErrors) return null;
dbObject.Tags = TagBiz.NormalizeTags(dbObject.Tags); var OriginalSalt = dbObject.Salt;
dbObject.CustomFields = JsonUtil.CompactJson(dbObject.CustomFields); var OriginalPW = dbObject.Password;
var OriginalLogin = dbObject.Login;
ct.Replace(dbObject, putObject);
//NOTE: It's valid to call this without intending to change login or password (null values) //NOTE: It's valid to call this without intending to change login or password (null values)
//Is the user updating the password? //Is the user updating the password?
if (!string.IsNullOrWhiteSpace(putObject.Password)) if (!string.IsNullOrWhiteSpace(putObject.Password))
{ {
//YES password is being updated: //YES password is being updated:
dbObject.Password = Hasher.hash(SnapshotOfOriginalDBObj.Salt, putObject.Password); putObject.Password = Hasher.hash(OriginalSalt, putObject.Password);
} }
else else
{ {
//No, use the snapshot password value //No, use the snapshot password value
dbObject.Password = SnapshotOfOriginalDBObj.Password; putObject.Password = OriginalPW;
dbObject.Salt = SnapshotOfOriginalDBObj.Salt; putObject.Salt = OriginalSalt;
} }
//Updating login? //Updating login?
if (!string.IsNullOrWhiteSpace(putObject.Login)) if (string.IsNullOrWhiteSpace(putObject.Login))
{
//YES Login is being updated:
dbObject.Login = putObject.Login;
}
else
{ {
//No, use the original value //No, use the original value
dbObject.Login = SnapshotOfOriginalDBObj.Login; putObject.Login = OriginalLogin;
} }
ct.Entry(dbObject).OriginalValues["Concurrency"] = putObject.Concurrency;
await ValidateAsync(dbObject, SnapshotOfOriginalDBObj);
if (HasErrors) return null;
try try
{ {
await ct.SaveChangesAsync(); await ct.SaveChangesAsync();
@@ -426,14 +422,14 @@ namespace AyaNova.Biz
return null; return null;
} }
await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, dbObject.Id, BizType, AyaEvent.Modified), ct); await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, dbObject.Id, BizType, AyaEvent.Modified), ct);
await SearchIndexAsync(dbObject, false); await SearchIndexAsync(putObject, false);
await TagBiz.ProcessUpdateTagsInRepositoryAsync(ct, dbObject.Tags, SnapshotOfOriginalDBObj.Tags); await TagBiz.ProcessUpdateTagsInRepositoryAsync(ct, putObject.Tags, dbObject.Tags);
await HandlePotentialNotificationEvent(AyaEvent.Modified, dbObject, SnapshotOfOriginalDBObj); await HandlePotentialNotificationEvent(AyaEvent.Modified, putObject, dbObject);
return putObject;
return dbObject;
} }
///////////////////////////////////////////// /////////////////////////////////////////////
//PASSWORD //PASSWORD
// //
@@ -600,7 +596,7 @@ namespace AyaNova.Biz
//Note: will cascade delete notifyevent, and notification automatically //Note: will cascade delete notifyevent, and notification automatically
await ct.Database.ExecuteSqlInterpolatedAsync($"delete from anotifysubscription where userid = {dbObject.Id}"); await ct.Database.ExecuteSqlInterpolatedAsync($"delete from anotifysubscription where userid = {dbObject.Id}");
//personal datalist options //personal datalist options
await ct.Database.ExecuteSqlInterpolatedAsync($"delete from adatalistsavedfilter where public = {false} and userid = {dbObject.Id}"); await ct.Database.ExecuteSqlInterpolatedAsync($"delete from adatalistsavedfilter where public = {false} and userid = {dbObject.Id}");
await ct.Database.ExecuteSqlInterpolatedAsync($"delete from adatalistcolumnview where userid = {dbObject.Id}"); await ct.Database.ExecuteSqlInterpolatedAsync($"delete from adatalistcolumnview where userid = {dbObject.Id}");
//Dashboard view //Dashboard view
await ct.Database.ExecuteSqlInterpolatedAsync($"delete from adashboardview where userid = {dbObject.Id}"); await ct.Database.ExecuteSqlInterpolatedAsync($"delete from adashboardview where userid = {dbObject.Id}");