admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2018-08-27 19:55:41 +00:00
parent 08370fb774
commit 635626cb78
4 changed files with 55 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
devdocs/todo.txt
View File

@@ -25,6 +25,9 @@ Overall plan for now: anything standing in the way of making the initial client
- Localized text - Localized text
- Search and search text indexing - Search and search text indexing
- Auto visible id number assigning code - Auto visible id number assigning code
- User routes for create update delete the core User object (no user settings in it) {also see rights in BizRoles.cs as it is not fully fleshed out yet}
- UserOptions object will be used for user configurable settings, not core User stuff to avoid any rights issues or confusion or bypasses
- Make user options now even if it only has one setting, I will need it ongoing all the time for a ton of shit.
Created/Changed/Modifier/ Change / Audit log Created/Changed/Modifier/ Change / Audit log
- Flesh out and implement fully - Flesh out and implement fully

50
server/AyaNova/Controllers/EventLogController.cs
View File

@@ -43,81 +43,85 @@ namespace AyaNova.Api.Controllers
} }
//TODO: flesh out these routes, just text only for now //TODO: code the log makers in EventLogProcessor
//Need to set roles properly //
// User should be able to get own user log, but not someone else's without elevated rights, this is a bizadmin type thing, ops maybe shouldn't be able to see it? Or should? not sure
//Owner or with rights to type should be able to get object log
//SEE ATTACHMENT CONTROLLER FOR CODE TO GET RIGHTS TO AD-HOC OBJECTS
//Actual log processor and constructor should be in EventLogProcessor
/// <summary> /// <summary>
/// Get events as text document for object specified /// Get events as text document for object specified
/// ///
/// Required roles: /// Required roles:
/// OpsAdminFull | OpsAdminLimited /// Read rights to object type specified
///
/// </summary> /// </summary>
/// <returns>Event log for object</returns> /// <returns>Event log for object</returns>
[HttpGet("ObjectLog")] [HttpGet("ObjectLog")]
public async Task<IActionResult> GetObjectLog([FromQuery] EventLogOptions opt) public async Task<IActionResult> GetObjectLog([FromQuery] EventLogOptions opt)
{ {
//Open or opsOnly and user is opsadminfull or opsadminlimited if (serverState.IsClosed)
if (!serverState.IsOpenOrOpsOnly || (serverState.IsOpsOnly && !Authorized.HasAnyRole(HttpContext.Items, AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited)))
{ {
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
} }
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Metrics)) if (!Authorized.IsAuthorizedToRead(HttpContext.Items, opt.AyType))
{ {
return StatusCode(401, new ApiNotAuthorizedResponse()); return StatusCode(401, new ApiNotAuthorizedResponse());
} }
string sResult = await GetTheMetrics("plain"); var result = await EventLogProcessor.GetLogForObject(opt.AyId, ct);
//Log //Log
EventLogProcessor.AddEntry(new Event(UserIdFromContext.Id(HttpContext.Items), 0, AyaType.Metrics, AyaEvent.Retrieved), ct); EventLogProcessor.AddEntry(new Event(UserIdFromContext.Id(HttpContext.Items), 0, AyaType.Metrics, AyaEvent.Retrieved), ct);
return Content(sResult); return Content(result);
} }
/// <summary> /// <summary>
/// Get events for a user as text document for object specified /// Get events for a user as text document for object specified
/// ///
/// Required roles: /// Required roles:
/// OpsAdminFull | OpsAdminLimited /// Read rights to User object or UserId specified must be current API user
/// </summary> /// </summary>
/// <returns>Event log for user</returns> /// <returns>Event log for user</returns>
[HttpGet("UserLog")] [HttpGet("UserLog")]
public async Task<IActionResult> GetUserLog([FromQuery] EventLogOptions opt) public async Task<IActionResult> GetUserLog([FromQuery] EventLogOptions opt)
{ {
//Open or opsOnly and user is opsadminfull or opsadminlimited if (serverState.IsClosed)
if (!serverState.IsOpenOrOpsOnly || (serverState.IsOpsOnly && !Authorized.HasAnyRole(HttpContext.Items, AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited)))
{ {
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
} }
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Metrics)) if (opt.AyType != AyaType.User)
{
//return bad request
return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_INVALID_VALUE, "AyType", "User type required"));
}
long UserId = UserIdFromContext.Id(HttpContext.Items);
//If not authorized to read a user and also not the current user asking for their own log then NO LOG FOR YOU!
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User) && opt.AyId != UserId)
{ {
return StatusCode(401, new ApiNotAuthorizedResponse()); return StatusCode(401, new ApiNotAuthorizedResponse());
} }
string sResult = await GetTheMetrics("plain"); var result = await EventLogProcessor.GetLogForUser(opt.AyId, ct);
//Log //Log
EventLogProcessor.AddEntry(new Event(UserIdFromContext.Id(HttpContext.Items), 0, AyaType.Metrics, AyaEvent.Retrieved), ct); EventLogProcessor.AddEntry(new Event(UserId, 0, AyaType.Metrics, AyaEvent.Retrieved), ct);
return Content(sResult); return Content(result);
} }
//------------ //------------
public sealed class EventLogOptions public sealed class EventLogOptions
{ {
[FromQuery] [FromQuery]
public AyaType AyType { get; set; } public AyaType AyType { get; set; }
[FromQuery] [FromQuery]
@@ -125,7 +129,7 @@ namespace AyaNova.Api.Controllers
[FromQuery] [FromQuery]
public DateTime StartDate { get; set; } public DateTime StartDate { get; set; }
[FromQuery] [FromQuery]
public DateTime EndDate { get; set; } public DateTime EndDate { get; set; }
} }
}//eoc }//eoc

14
server/AyaNova/biz/BizRoles.cs
View File

@@ -19,6 +19,20 @@ namespace AyaNova.Biz
//NOTE: do not need to add change roles to read roles, Authorized.cs takes care of that automatically //NOTE: do not need to add change roles to read roles, Authorized.cs takes care of that automatically
//by assuming if you can change you can read //by assuming if you can change you can read
#region All roles initialization #region All roles initialization
////////////////////////////////////////////////////////////
//USER
//
//TODO: flesh this out more when user routes are made
//These rights only apply to the core User object itself
//any settings that are user configurable should go under a UserOptions object instead
roles.Add(AyaType.User, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull,
EditOwn = AuthorizationRoles.NoRole,//Only biz admin has full rights to edit a user?? Maybe minor changes are allowed or not stored as a User sub field for user configurable things
Read = AuthorizationRoles.BizAdminFull | AuthorizationRoles.BizAdminLimited
});
//////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////
//WIDGET //WIDGET
// //

12
server/AyaNova/biz/EventLogProcessor.cs
View File

@@ -43,10 +43,20 @@ namespace AyaNova.Biz
ct.SaveChanges(); ct.SaveChanges();
} }
internal static Task<string> GetLogForObject(long ayId, AyContext ct)
{
throw new NotImplementedException();
}
internal static Task<string> GetLogForUser(long ayId, AyContext ct)
{
throw new NotImplementedException();
}
///////////////////////////////////////////////////////////////////// /////////////////////////////////////////////////////////////////////
}//eoc }//eoc