This commit is contained in:
@@ -158,7 +158,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
|
||||
|
||||
/// <summary>
|
||||
/// <summary>
|
||||
/// Get Report list for object
|
||||
/// </summary>
|
||||
/// <param name="ayType">Type of object</param>
|
||||
@@ -171,6 +171,9 @@ namespace AyaNova.Api.Controllers
|
||||
ReportBiz biz = ReportBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
//extra check if they have rights to the type of object in question, this nips it in the bud before they even get to the fetch data stage later
|
||||
if (!Authorized.HasReadFullRole(HttpContext.Items, ayType))
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
var o = await biz.GetReportListAsync(ayType);
|
||||
@@ -180,7 +183,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
|
||||
//======================================================================================================
|
||||
public class ObjectReportDataParameter
|
||||
public class ObjectReportDataParameter
|
||||
{
|
||||
public AyaType ObjectType { get; set; }
|
||||
public long[] ObjectIdArray { get; set; }
|
||||
@@ -198,15 +201,15 @@ namespace AyaNova.Api.Controllers
|
||||
if (!serverState.IsOpen)
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
ReportBiz biz = ReportBiz.GetBiz(ct, HttpContext);
|
||||
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
|
||||
var reportData = await biz.GetReportData(reportDataParam.ObjectType, reportDataParam.ObjectIdArray);
|
||||
if (reportData == null)
|
||||
return BadRequest(new ApiErrorResponse(biz.Errors));
|
||||
else
|
||||
return Ok(ApiOkResponse.Response(reportData));
|
||||
return Ok(ApiOkResponse.Response(reportData));
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -163,21 +163,23 @@ namespace AyaNova.Biz
|
||||
}
|
||||
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
//GET LIST
|
||||
//
|
||||
internal async Task<List<NameIdItem>> GetReportListAsync(AyaType ayType)
|
||||
{
|
||||
var rpts = await ct.Report.AsNoTracking().Where(z=>z.ObjectType==ayType && z.Active==true).Select(z=> new {id=z.Id,name=z.Name,roles=z.Roles}).ToListAsync();
|
||||
var ret=new List<NameIdItem>();
|
||||
foreach(var item in rpts){
|
||||
if(CurrentUserRoles.HasAnyFlags(item.roles)){
|
||||
ret.Add(new NameIdItem(){Name=item.name,Id=item.id});
|
||||
var rpts = await ct.Report.AsNoTracking().Where(z => z.ObjectType == ayType && z.Active == true).Select(z => new { id = z.Id, name = z.Name, roles = z.Roles }).ToListAsync();
|
||||
var ret = new List<NameIdItem>();
|
||||
foreach (var item in rpts)
|
||||
{
|
||||
if (CurrentUserRoles.HasAnyFlags(item.roles))
|
||||
{
|
||||
ret.Add(new NameIdItem() { Name = item.name, Id = item.id });
|
||||
}
|
||||
}
|
||||
|
||||
//Sort by name
|
||||
return ret.OrderBy(z=>z.Name).ToList();
|
||||
return ret.OrderBy(z => z.Name).ToList();
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user