This commit is contained in:
@@ -78,15 +78,15 @@ namespace AyaNova.Api.Controllers
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
|
||||
var dbObj = await ct.FileAttachment.SingleOrDefaultAsync(z => z.Id == id);
|
||||
if (dbObj == null)
|
||||
var dbObject = await ct.FileAttachment.SingleOrDefaultAsync(z => z.Id == id);
|
||||
if (dbObject == null)
|
||||
{
|
||||
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
||||
}
|
||||
|
||||
long UserId = UserIdFromContext.Id(HttpContext.Items);
|
||||
|
||||
if (!Authorized.HasModifyRole(HttpContext.Items, dbObj.AttachToObjectType))
|
||||
if (!Authorized.HasModifyRole(HttpContext.Items, dbObject.AttachToObjectType))
|
||||
{
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
@@ -95,27 +95,27 @@ namespace AyaNova.Api.Controllers
|
||||
try
|
||||
{
|
||||
string ChangeTextra = string.Empty;
|
||||
if (dbObj.DisplayFileName != inObj.DisplayFileName)
|
||||
if (dbObject.DisplayFileName != inObj.DisplayFileName)
|
||||
{
|
||||
ChangeTextra = $"\"{dbObj.DisplayFileName}\" => \"{inObj.DisplayFileName}\"";
|
||||
ChangeTextra = $"\"{dbObject.DisplayFileName}\" => \"{inObj.DisplayFileName}\"";
|
||||
}
|
||||
if (dbObj.Notes != inObj.Notes)
|
||||
if (dbObject.Notes != inObj.Notes)
|
||||
{
|
||||
if (!string.IsNullOrWhiteSpace(ChangeTextra))
|
||||
ChangeTextra += ", ";
|
||||
ChangeTextra += "Notes";
|
||||
}
|
||||
dbObj.DisplayFileName = inObj.DisplayFileName;
|
||||
dbObj.Notes = inObj.Notes;
|
||||
dbObject.DisplayFileName = inObj.DisplayFileName;
|
||||
dbObject.Notes = inObj.Notes;
|
||||
|
||||
|
||||
|
||||
//Set "original" value of concurrency token to input token
|
||||
//this will allow EF to check it out
|
||||
ct.Entry(dbObj).OriginalValues["Concurrency"] = inObj.Concurrency;
|
||||
ct.Entry(dbObject).OriginalValues["Concurrency"] = inObj.Concurrency;
|
||||
|
||||
//Log event and save context
|
||||
await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, dbObj.AttachToObjectId, dbObj.AttachToObjectType, AyaEvent.AttachmentModified, ChangeTextra), ct);
|
||||
await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, dbObject.AttachToObjectId, dbObject.AttachToObjectType, AyaEvent.AttachmentModified, ChangeTextra), ct);
|
||||
|
||||
|
||||
|
||||
@@ -133,7 +133,7 @@ namespace AyaNova.Api.Controllers
|
||||
}
|
||||
|
||||
//Normallyh wouldn't return a whole list but in this case the UI demands it because of reactivity issues
|
||||
var ret = await GetFileListForObjectAsync(dbObj.AttachToObjectType, dbObj.AttachToObjectId);
|
||||
var ret = await GetFileListForObjectAsync(dbObject.AttachToObjectType, dbObject.AttachToObjectId);
|
||||
return Ok(ApiOkResponse.Response(ret));
|
||||
}
|
||||
|
||||
@@ -367,28 +367,28 @@ namespace AyaNova.Api.Controllers
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
}
|
||||
|
||||
var dbObj = await ct.FileAttachment.SingleOrDefaultAsync(z => z.Id == id);
|
||||
if (dbObj == null)
|
||||
var dbObject = await ct.FileAttachment.SingleOrDefaultAsync(z => z.Id == id);
|
||||
if (dbObject == null)
|
||||
{
|
||||
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
||||
}
|
||||
|
||||
long UserId = UserIdFromContext.Id(HttpContext.Items);
|
||||
|
||||
if (!Authorized.HasDeleteRole(HttpContext.Items, dbObj.AttachToObjectType))
|
||||
if (!Authorized.HasDeleteRole(HttpContext.Items, dbObject.AttachToObjectType))
|
||||
{
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//do the delete
|
||||
//this handles removing the file if there are no refs left and also the db record for the attachment
|
||||
await FileUtil.DeleteFileAttachmentAsync(dbObj, ct);
|
||||
await FileUtil.DeleteFileAttachmentAsync(dbObject, ct);
|
||||
|
||||
//Event log process delete
|
||||
await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, dbObj.AttachToObjectId, dbObj.AttachToObjectType, AyaEvent.AttachmentDelete, dbObj.DisplayFileName), ct);
|
||||
await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, dbObject.AttachToObjectId, dbObject.AttachToObjectType, AyaEvent.AttachmentDelete, dbObject.DisplayFileName), ct);
|
||||
|
||||
//Delete search index
|
||||
await Search.ProcessDeletedObjectKeywordsAsync(dbObj.Id, AyaType.FileAttachment);
|
||||
await Search.ProcessDeletedObjectKeywordsAsync(dbObject.Id, AyaType.FileAttachment, ct);
|
||||
|
||||
return NoContent();
|
||||
}
|
||||
@@ -448,8 +448,8 @@ namespace AyaNova.Api.Controllers
|
||||
}
|
||||
|
||||
//Ok, user has a valid download key and it's not expired yet so get the attachment record
|
||||
var dbObj = await ct.FileAttachment.SingleOrDefaultAsync(z => z.Id == id);
|
||||
if (dbObj == null)
|
||||
var dbObject = await ct.FileAttachment.SingleOrDefaultAsync(z => z.Id == id);
|
||||
if (dbObject == null)
|
||||
{
|
||||
await Task.Delay(nFailedAuthDelay);//fishing protection
|
||||
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
||||
@@ -457,15 +457,15 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
|
||||
//is this allowed?
|
||||
if (!Authorized.HasReadFullRole(DownloadUser.Roles, dbObj.AttachToObjectType))
|
||||
if (!Authorized.HasReadFullRole(DownloadUser.Roles, dbObject.AttachToObjectType))
|
||||
{
|
||||
await Task.Delay(nFailedAuthDelay);//DOS protection
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//they are allowed, let's send the file
|
||||
string mimetype = dbObj.ContentType;
|
||||
var filePath = FileUtil.GetPermanentAttachmentFilePath(dbObj.StoredFileName);
|
||||
string mimetype = dbObject.ContentType;
|
||||
var filePath = FileUtil.GetPermanentAttachmentFilePath(dbObject.StoredFileName);
|
||||
if (!System.IO.File.Exists(filePath))
|
||||
{
|
||||
//TODO: notify OPSNOTIFY
|
||||
@@ -473,16 +473,16 @@ namespace AyaNova.Api.Controllers
|
||||
//and a red light on the dashboard
|
||||
//TODO: this should reset the validity
|
||||
|
||||
var errText = $"Physical file {dbObj.StoredFileName} not found despite attachment record, this file is missing";
|
||||
var errText = $"Physical file {dbObject.StoredFileName} not found despite attachment record, this file is missing";
|
||||
log.LogError(errText);
|
||||
|
||||
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND, null, errText));
|
||||
}
|
||||
|
||||
//Log
|
||||
await EventLogProcessor.LogEventToDatabaseAsync(new Event(DownloadUser.Id, dbObj.AttachToObjectId, dbObj.AttachToObjectType, AyaEvent.AttachmentDownload, dbObj.DisplayFileName), ct);
|
||||
await EventLogProcessor.LogEventToDatabaseAsync(new Event(DownloadUser.Id, dbObject.AttachToObjectId, dbObject.AttachToObjectType, AyaEvent.AttachmentDownload, dbObject.DisplayFileName), ct);
|
||||
|
||||
return PhysicalFile(filePath, mimetype, dbObj.DisplayFileName);
|
||||
return PhysicalFile(filePath, mimetype, dbObject.DisplayFileName);
|
||||
|
||||
}
|
||||
|
||||
@@ -491,11 +491,11 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
async private Task<object> GetFileListForObjectAsync(AyaType ayaType, long ayaId)
|
||||
{
|
||||
var l = await ct.FileAttachment.AsNoTracking().Where(z => z.AttachToObjectId == ayaId && z.AttachToObjectType == ayaType)
|
||||
.Select(z => new { z.Id, z.Concurrency, z.ContentType, z.DisplayFileName, z.LastModified, z.Notes })
|
||||
.ToArrayAsync();
|
||||
var v = l.OrderBy(z => z.DisplayFileName);
|
||||
return v;
|
||||
return await ct.FileAttachment.AsNoTracking().Where(z => z.AttachToObjectId == ayaId && z.AttachToObjectType == ayaType).OrderBy(z => z.DisplayFileName)
|
||||
.Select(z => new { z.Id, z.Concurrency, z.ContentType, z.DisplayFileName, z.LastModified, z.Notes })
|
||||
.ToArrayAsync();
|
||||
// var v = l.OrderBy(z => z.DisplayFileName);
|
||||
// return v;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -226,8 +226,8 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
//Fetch translation and it's children
|
||||
//(fetch here so can return proper REST responses on failing basic validity)
|
||||
var dbObj = await ct.Translation.Include(z => z.TranslationItems).SingleOrDefaultAsync(z => z.Id == id);
|
||||
if (dbObj == null)
|
||||
var dbObject = await ct.Translation.Include(z => z.TranslationItems).SingleOrDefaultAsync(z => z.Id == id);
|
||||
if (dbObject == null)
|
||||
{
|
||||
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
||||
}
|
||||
@@ -240,7 +240,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
//Instantiate the business object handler
|
||||
TranslationBiz biz = TranslationBiz.GetBiz(ct, HttpContext);
|
||||
if (!await biz.DeleteAsync(dbObj))
|
||||
if (!await biz.DeleteAsync(dbObject))
|
||||
{
|
||||
return BadRequest(new ApiErrorResponse(biz.Errors));
|
||||
}
|
||||
|
||||
@@ -260,8 +260,8 @@ namespace AyaNova.Api.Controllers
|
||||
//Instantiate the business object handler
|
||||
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
|
||||
|
||||
var dbObj = await ct.User.SingleOrDefaultAsync(z => z.Id == id);
|
||||
if (dbObj == null)
|
||||
var dbObject = await ct.User.SingleOrDefaultAsync(z => z.Id == id);
|
||||
if (dbObject == null)
|
||||
{
|
||||
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
||||
}
|
||||
@@ -272,7 +272,7 @@ namespace AyaNova.Api.Controllers
|
||||
}
|
||||
|
||||
|
||||
if (!await biz.DeleteAsync(dbObj))
|
||||
if (!await biz.DeleteAsync(dbObject))
|
||||
{
|
||||
return BadRequest(new ApiErrorResponse(biz.Errors));
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user