From 5fdd5c73ba84209772950b0559f76ceb03303a7f Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Mon, 18 Oct 2021 19:46:09 +0000
Subject: [PATCH]

---
 server/AyaNova/Controllers/FormCustomController.cs | 10 +++++-----
 .../AyaNova/Controllers/UserOptionsController.cs   |  4 ++--
 server/AyaNova/biz/UserBiz.cs                      | 14 +++++++++++++-
 3 files changed, 20 insertions(+), 8 deletions(-)

diff --git a/server/AyaNova/Controllers/FormCustomController.cs b/server/AyaNova/Controllers/FormCustomController.cs
index 3e3dd1d1..701ab8db 100644
--- a/server/AyaNova/Controllers/FormCustomController.cs
+++ b/server/AyaNova/Controllers/FormCustomController.cs
@@ -56,7 +56,7 @@ namespace AyaNova.Api.Controllers
         [HttpGet("{formkey}")]
         public async Task<IActionResult> GetFormCustom([FromRoute] string formkey, [FromQuery] uint? concurrency)
         {
-            if (serverState.IsClosed)
+            if (serverState.IsClosed && UserIdFromContext.Id(HttpContext.Items) != 1)//bypass for superuser to fix fundamental problems
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             //Instantiate the business object handler
@@ -104,7 +104,7 @@ namespace AyaNova.Api.Controllers
         [HttpGet("availablecustomtypes")]
         public ActionResult GetAvailableCustomTypes()
         {
-            if (!serverState.IsOpen)
+            if (!serverState.IsOpen && UserIdFromContext.Id(HttpContext.Items) != 1)//bypass for superuser to fix fundamental problems
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.FormCustom))
@@ -124,7 +124,7 @@ namespace AyaNova.Api.Controllers
         [HttpGet("availablecustomizableformkeys")]
         public ActionResult GetAvailableCustomizableFormKeys()
         {
-            if (!serverState.IsOpen)
+            if (!serverState.IsOpen && UserIdFromContext.Id(HttpContext.Items) != 1)//bypass for superuser to fix fundamental problems
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.FormCustom))
@@ -147,7 +147,7 @@ namespace AyaNova.Api.Controllers
         [HttpPut("{formkey}")]
         public async Task<IActionResult> PutFormCustom([FromRoute] string formkey, [FromBody] FormCustom inObj)
         {
-            if (!serverState.IsOpen)
+            if (!serverState.IsOpen && UserIdFromContext.Id(HttpContext.Items) != 1)//bypass for superuser to fix fundamental problems
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!ModelState.IsValid)
@@ -186,7 +186,7 @@ namespace AyaNova.Api.Controllers
         [HttpGet("form-key/{id}")]
         public async Task<IActionResult> GetFormKeyFromId(long id)
         {
-            if (!serverState.IsOpen)
+            if (!serverState.IsOpen && UserIdFromContext.Id(HttpContext.Items) != 1)//bypass for superuser to fix fundamental problems
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.FormCustom))
diff --git a/server/AyaNova/Controllers/UserOptionsController.cs b/server/AyaNova/Controllers/UserOptionsController.cs
index 8199c39e..3c02ba9a 100644
--- a/server/AyaNova/Controllers/UserOptionsController.cs
+++ b/server/AyaNova/Controllers/UserOptionsController.cs
@@ -53,7 +53,7 @@ namespace AyaNova.Api.Controllers
         [HttpGet("{id}")]
         public async Task<IActionResult> GetUserOptions([FromRoute] long id)
         {
-            if (!serverState.IsOpen)
+            if (!serverState.IsOpen && UserIdFromContext.Id(HttpContext.Items) != 1)//bypass for superuser to fix fundamental problems
             {
                 //Exception for SuperUser account to handle licensing issues
                 if (UserIdFromContext.Id(HttpContext.Items) != 1)
@@ -137,7 +137,7 @@ namespace AyaNova.Api.Controllers
         [HttpPut("{id}")]
         public async Task<IActionResult> PutUserOptions([FromRoute] long id, [FromBody] UserOptions inObj)
         {
-            if (serverState.IsClosed)
+            if (serverState.IsClosed && UserIdFromContext.Id(HttpContext.Items) != 1)//bypass for superuser to fix fundamental problems
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!ModelState.IsValid)
diff --git a/server/AyaNova/biz/UserBiz.cs b/server/AyaNova/biz/UserBiz.cs
index db852451..46ec6952 100644
--- a/server/AyaNova/biz/UserBiz.cs
+++ b/server/AyaNova/biz/UserBiz.cs
@@ -724,7 +724,19 @@ namespace AyaNova.Biz
 
             //Remove the object
             ct.User.Remove(dbObject);
-            await ct.SaveChangesAsync();
+            try
+            {
+                await ct.SaveChangesAsync();
+            }
+            catch (Microsoft.EntityFrameworkCore.DbUpdateException)
+            {
+                //SPECIAL EXCEPTION
+                //seeded data isn't always attributed to the user who would normally have created data so 
+                //this could fail due to referential integrity as they wouldn't be in the event log check above
+                //easiest workaround to avoid having to check a whole host of items is to just check if this fails due to ref.integrity and return sane message
+                AddError(ApiErrorCode.INVALID_OPERATION, "generalerror", await Translate("ErrorDBForeignKeyViolation"));
+                return false;
+            }
 
             await EventLogProcessor.DeleteObjectLogAsync(UserId, BizType, dbObject.Id, dbObject.Name, ct);
             await Search.ProcessDeletedObjectKeywordsAsync(dbObject.Id, BizType, ct);