diff --git a/devdocs/todo.txt b/devdocs/todo.txt
index f685c334..c9ab6742 100644
--- a/devdocs/todo.txt
+++ b/devdocs/todo.txt
@@ -25,6 +25,9 @@ Overall plan for now: anything standing in the way of making the initial client
- Localized text
- Search and search text indexing
- Auto visible id number assigning code
+ - User routes for create update delete the core User object (no user settings in it) {also see rights in BizRoles.cs as it is not fully fleshed out yet}
+ - UserOptions object will be used for user configurable settings, not core User stuff to avoid any rights issues or confusion or bypasses
+ - Make user options now even if it only has one setting, I will need it ongoing all the time for a ton of shit.
Created/Changed/Modifier/ Change / Audit log
- Flesh out and implement fully
diff --git a/server/AyaNova/Controllers/EventLogController.cs b/server/AyaNova/Controllers/EventLogController.cs
index 6dad1e78..b6fc05a0 100644
--- a/server/AyaNova/Controllers/EventLogController.cs
+++ b/server/AyaNova/Controllers/EventLogController.cs
@@ -43,81 +43,85 @@ namespace AyaNova.Api.Controllers
}
-//TODO: flesh out these routes, just text only for now
-//Need to set roles properly
-// User should be able to get own user log, but not someone else's without elevated rights, this is a bizadmin type thing, ops maybe shouldn't be able to see it? Or should? not sure
-//Owner or with rights to type should be able to get object log
-//SEE ATTACHMENT CONTROLLER FOR CODE TO GET RIGHTS TO AD-HOC OBJECTS
-//Actual log processor and constructor should be in EventLogProcessor
+ //TODO: code the log makers in EventLogProcessor
+ //
///
/// Get events as text document for object specified
///
/// Required roles:
- /// OpsAdminFull | OpsAdminLimited
+ /// Read rights to object type specified
+ ///
///
/// Event log for object
[HttpGet("ObjectLog")]
public async Task GetObjectLog([FromQuery] EventLogOptions opt)
{
- //Open or opsOnly and user is opsadminfull or opsadminlimited
- if (!serverState.IsOpenOrOpsOnly || (serverState.IsOpsOnly && !Authorized.HasAnyRole(HttpContext.Items, AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited)))
+ if (serverState.IsClosed)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
- if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Metrics))
+ if (!Authorized.IsAuthorizedToRead(HttpContext.Items, opt.AyType))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
- string sResult = await GetTheMetrics("plain");
+ var result = await EventLogProcessor.GetLogForObject(opt.AyId, ct);
//Log
EventLogProcessor.AddEntry(new Event(UserIdFromContext.Id(HttpContext.Items), 0, AyaType.Metrics, AyaEvent.Retrieved), ct);
- return Content(sResult);
+ return Content(result);
}
- ///
+ ///
/// Get events for a user as text document for object specified
///
/// Required roles:
- /// OpsAdminFull | OpsAdminLimited
+ /// Read rights to User object or UserId specified must be current API user
///
/// Event log for user
[HttpGet("UserLog")]
public async Task GetUserLog([FromQuery] EventLogOptions opt)
{
- //Open or opsOnly and user is opsadminfull or opsadminlimited
- if (!serverState.IsOpenOrOpsOnly || (serverState.IsOpsOnly && !Authorized.HasAnyRole(HttpContext.Items, AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited)))
+ if (serverState.IsClosed)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
- if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Metrics))
+ if (opt.AyType != AyaType.User)
+ {
+ //return bad request
+ return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_INVALID_VALUE, "AyType", "User type required"));
+ }
+
+ long UserId = UserIdFromContext.Id(HttpContext.Items);
+
+ //If not authorized to read a user and also not the current user asking for their own log then NO LOG FOR YOU!
+ if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User) && opt.AyId != UserId)
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
- string sResult = await GetTheMetrics("plain");
+ var result = await EventLogProcessor.GetLogForUser(opt.AyId, ct);
//Log
- EventLogProcessor.AddEntry(new Event(UserIdFromContext.Id(HttpContext.Items), 0, AyaType.Metrics, AyaEvent.Retrieved), ct);
+ EventLogProcessor.AddEntry(new Event(UserId, 0, AyaType.Metrics, AyaEvent.Retrieved), ct);
- return Content(sResult);
+ return Content(result);
}
-
+
//------------
public sealed class EventLogOptions
- {
+ {
[FromQuery]
public AyaType AyType { get; set; }
[FromQuery]
@@ -125,7 +129,7 @@ namespace AyaNova.Api.Controllers
[FromQuery]
public DateTime StartDate { get; set; }
[FromQuery]
- public DateTime EndDate { get; set; }
+ public DateTime EndDate { get; set; }
}
}//eoc
diff --git a/server/AyaNova/biz/BizRoles.cs b/server/AyaNova/biz/BizRoles.cs
index 3a3fa290..c446a28d 100644
--- a/server/AyaNova/biz/BizRoles.cs
+++ b/server/AyaNova/biz/BizRoles.cs
@@ -19,6 +19,20 @@ namespace AyaNova.Biz
//NOTE: do not need to add change roles to read roles, Authorized.cs takes care of that automatically
//by assuming if you can change you can read
#region All roles initialization
+
+ ////////////////////////////////////////////////////////////
+ //USER
+ //
+ //TODO: flesh this out more when user routes are made
+ //These rights only apply to the core User object itself
+ //any settings that are user configurable should go under a UserOptions object instead
+ roles.Add(AyaType.User, new BizRoleSet()
+ {
+ Change = AuthorizationRoles.BizAdminFull,
+ EditOwn = AuthorizationRoles.NoRole,//Only biz admin has full rights to edit a user?? Maybe minor changes are allowed or not stored as a User sub field for user configurable things
+ Read = AuthorizationRoles.BizAdminFull | AuthorizationRoles.BizAdminLimited
+ });
+
////////////////////////////////////////////////////////////
//WIDGET
//
diff --git a/server/AyaNova/biz/EventLogProcessor.cs b/server/AyaNova/biz/EventLogProcessor.cs
index 2f91b49f..2421d718 100644
--- a/server/AyaNova/biz/EventLogProcessor.cs
+++ b/server/AyaNova/biz/EventLogProcessor.cs
@@ -43,10 +43,20 @@ namespace AyaNova.Biz
ct.SaveChanges();
}
+ internal static Task GetLogForObject(long ayId, AyContext ct)
+ {
+ throw new NotImplementedException();
+ }
+
+ internal static Task GetLogForUser(long ayId, AyContext ct)
+ {
+ throw new NotImplementedException();
+ }
+
/////////////////////////////////////////////////////////////////////
-
+
}//eoc