admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2018-08-27 19:55:41 +00:00
parent 08370fb774
commit 635626cb78
4 changed files with 55 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
devdocs/todo.txt
View File

@@ -25,6 +25,9 @@ Overall plan for now: anything standing in the way of making the initial client
- Localized text
- Search and search text indexing
- Auto visible id number assigning code
- User routes for create update delete the core User object (no user settings in it) {also see rights in BizRoles.cs as it is not fully fleshed out yet}
- UserOptions object will be used for user configurable settings, not core User stuff to avoid any rights issues or confusion or bypasses
- Make user options now even if it only has one setting, I will need it ongoing all the time for a ton of shit.
Created/Changed/Modifier/ Change / Audit log
- Flesh out and implement fully

50
server/AyaNova/Controllers/EventLogController.cs
View File

@@ -43,81 +43,85 @@ namespace AyaNova.Api.Controllers
}
//TODO: flesh out these routes, just text only for now
//Need to set roles properly
// User should be able to get own user log, but not someone else's without elevated rights, this is a bizadmin type thing, ops maybe shouldn't be able to see it? Or should? not sure
//Owner or with rights to type should be able to get object log
//SEE ATTACHMENT CONTROLLER FOR CODE TO GET RIGHTS TO AD-HOC OBJECTS
//Actual log processor and constructor should be in EventLogProcessor
//TODO: code the log makers in EventLogProcessor
//
/// <summary>
/// Get events as text document for object specified
///
/// Required roles:
/// OpsAdminFull | OpsAdminLimited
/// Read rights to object type specified
///
/// </summary>
/// <returns>Event log for object</returns>
[HttpGet("ObjectLog")]
public async Task<IActionResult> GetObjectLog([FromQuery] EventLogOptions opt)
{
//Open or opsOnly and user is opsadminfull or opsadminlimited
if (!serverState.IsOpenOrOpsOnly || (serverState.IsOpsOnly && !Authorized.HasAnyRole(HttpContext.Items, AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited)))
if (serverState.IsClosed)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Metrics))
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, opt.AyType))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
string sResult = await GetTheMetrics("plain");
var result = await EventLogProcessor.GetLogForObject(opt.AyId, ct);
//Log
EventLogProcessor.AddEntry(new Event(UserIdFromContext.Id(HttpContext.Items), 0, AyaType.Metrics, AyaEvent.Retrieved), ct);
return Content(sResult);
return Content(result);
}
/// <summary>
/// <summary>
/// Get events for a user as text document for object specified
///
/// Required roles:
/// OpsAdminFull | OpsAdminLimited
/// Read rights to User object or UserId specified must be current API user
/// </summary>
/// <returns>Event log for user</returns>
[HttpGet("UserLog")]
public async Task<IActionResult> GetUserLog([FromQuery] EventLogOptions opt)
{
//Open or opsOnly and user is opsadminfull or opsadminlimited
if (!serverState.IsOpenOrOpsOnly || (serverState.IsOpsOnly && !Authorized.HasAnyRole(HttpContext.Items, AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited)))
if (serverState.IsClosed)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.Metrics))
if (opt.AyType != AyaType.User)
{
//return bad request
return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_INVALID_VALUE, "AyType", "User type required"));
}
long UserId = UserIdFromContext.Id(HttpContext.Items);
//If not authorized to read a user and also not the current user asking for their own log then NO LOG FOR YOU!
if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User) && opt.AyId != UserId)
{
return StatusCode(401, new ApiNotAuthorizedResponse());
}
string sResult = await GetTheMetrics("plain");
var result = await EventLogProcessor.GetLogForUser(opt.AyId, ct);
//Log
EventLogProcessor.AddEntry(new Event(UserIdFromContext.Id(HttpContext.Items), 0, AyaType.Metrics, AyaEvent.Retrieved), ct);
EventLogProcessor.AddEntry(new Event(UserId, 0, AyaType.Metrics, AyaEvent.Retrieved), ct);
return Content(sResult);
return Content(result);
}
//------------
public sealed class EventLogOptions
{
{
[FromQuery]
public AyaType AyType { get; set; }
[FromQuery]
@@ -125,7 +129,7 @@ namespace AyaNova.Api.Controllers
[FromQuery]
public DateTime StartDate { get; set; }
[FromQuery]
public DateTime EndDate { get; set; }
public DateTime EndDate { get; set; }
}
}//eoc

14
server/AyaNova/biz/BizRoles.cs
View File

@@ -19,6 +19,20 @@ namespace AyaNova.Biz
//NOTE: do not need to add change roles to read roles, Authorized.cs takes care of that automatically
//by assuming if you can change you can read
#region All roles initialization
////////////////////////////////////////////////////////////
//USER
//
//TODO: flesh this out more when user routes are made
//These rights only apply to the core User object itself
//any settings that are user configurable should go under a UserOptions object instead
roles.Add(AyaType.User, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull,
EditOwn = AuthorizationRoles.NoRole,//Only biz admin has full rights to edit a user?? Maybe minor changes are allowed or not stored as a User sub field for user configurable things
Read = AuthorizationRoles.BizAdminFull | AuthorizationRoles.BizAdminLimited
});
////////////////////////////////////////////////////////////
//WIDGET
//

12
server/AyaNova/biz/EventLogProcessor.cs
View File

@@ -43,10 +43,20 @@ namespace AyaNova.Biz
ct.SaveChanges();
}
internal static Task<string> GetLogForObject(long ayId, AyContext ct)
{
throw new NotImplementedException();
}
internal static Task<string> GetLogForUser(long ayId, AyContext ct)
{
throw new NotImplementedException();
}
/////////////////////////////////////////////////////////////////////
}//eoc