From 741c2e72e9beedb3917fd794123cfe94322ca8e2 Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Tue, 15 Jun 2021 22:00:02 +0000 Subject: [PATCH] --- server/AyaNova/Controllers/AuthController.cs | 43 ++++++++++++++++---- server/AyaNova/biz/UserBiz.cs | 31 ++++++++++---- server/AyaNova/models/GlobalBizSettings.cs | 3 ++ 3 files changed, 60 insertions(+), 17 deletions(-) diff --git a/server/AyaNova/Controllers/AuthController.cs b/server/AyaNova/Controllers/AuthController.cs index ad4c6185..5454db4f 100644 --- a/server/AyaNova/Controllers/AuthController.cs +++ b/server/AyaNova/Controllers/AuthController.cs @@ -347,15 +347,40 @@ namespace AyaNova.Api.Controllers log.LogInformation($"User \"{u.Name}\" logged in from \"{HttpContext.Connection.RemoteIpAddress.ToString()}\" ok"); + //return appropriate data + + if (u.UserType == UserType.Customer | u.UserType == UserType.HeadOffice) + { + //customer type has special rights restrictions for UI features so return them here so client UI can enable or disable + + + return Ok(ApiOkResponse.Response(new + { + token = token, + name = u.Name, + usertype = u.UserType, + roles = ((int)u.Roles).ToString(), + dlt = DownloadToken, + tfa = u.TwoFactorEnabled, + CustomerAllowCSR = AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerDefaultWorkOrderReportId, + + })); + + } + else { - token = token, - name = u.Name, - usertype = u.UserType, - roles = ((int)u.Roles).ToString(), - dlt = DownloadToken, - tfa = u.TwoFactorEnabled - })); + //Non customer user + return Ok(ApiOkResponse.Response(new + { + token = token, + name = u.Name, + usertype = u.UserType, + roles = ((int)u.Roles).ToString(), + dlt = DownloadToken, + tfa = u.TwoFactorEnabled + })); + } //------------------------ /STANDARD BLOCK ------------------------- } @@ -664,7 +689,7 @@ namespace AyaNova.Api.Controllers return StatusCode(403, new ApiNotAuthorizedResponse()); } - + var u = await ct.User.FirstOrDefaultAsync(z => z.Id == id); if (u == null)//should never happen but ? return StatusCode(403, new ApiNotAuthorizedResponse()); @@ -673,7 +698,7 @@ namespace AyaNova.Api.Controllers u.TempToken = null; u.TwoFactorEnabled = false; await ct.SaveChangesAsync(); - return NoContent(); + return NoContent(); } //------------------------------------------------------ diff --git a/server/AyaNova/biz/UserBiz.cs b/server/AyaNova/biz/UserBiz.cs index 273e5144..f355165a 100644 --- a/server/AyaNova/biz/UserBiz.cs +++ b/server/AyaNova/biz/UserBiz.cs @@ -107,6 +107,20 @@ namespace AyaNova.Biz } } + internal static async Task CustomerUserEffectiveRights(long userId) + { + using (AyContext ct = ServiceProviderProvider.DBContext) + { + var UserInfo = await ct.User.AsNoTracking().Where(x => x.Id == userId).Select(x => new { x.UserType, x.HeadOfficeId, x.CustomerId, x.Tags }).FirstAsync(); + if (UserInfo.UserType != UserType.Customer && UserInfo.UserType != UserType.HeadOffice) + { + throw new System.NotSupportedException( + $"UserBiz::CustomerUserEffectiveRights - Requested for non Customer type user with ID {userId} who is UserType: {UserInfo.UserType}"); + } + + } + } + internal static UserBiz GetBiz(AyContext ct, Microsoft.AspNetCore.Http.HttpContext httpContext = null) { @@ -495,7 +509,7 @@ namespace AyaNova.Biz } var ResetCode = Hasher.GetRandomAlphanumericString(32); - + dbObject.PasswordResetCode = ResetCode; dbObject.PasswordResetCodeExpire = DateTime.UtcNow.AddHours(48);//This is not enough time to issue a reset code on a friday at 5pm and use it Monday before noon, but it is more understandable and clear await ct.SaveChangesAsync(); @@ -716,21 +730,22 @@ namespace AyaNova.Biz //SUPERUSER ACCOUNT CAN"T BE MODIFIED IN SOME WAYS - if(!isNew && proposedObj.Id==1){ + if (!isNew && proposedObj.Id == 1) + { //prevent certain changes to superuser account like roles etc - if(proposedObj.Roles!=currentObj.Roles) + if (proposedObj.Roles != currentObj.Roles) AddError(ApiErrorCode.NOT_AUTHORIZED, "Roles"); - - if(proposedObj.Active!=currentObj.Active) + + if (proposedObj.Active != currentObj.Active) AddError(ApiErrorCode.NOT_AUTHORIZED, "Active"); - if(proposedObj.Name!=currentObj.Name) + if (proposedObj.Name != currentObj.Name) AddError(ApiErrorCode.NOT_AUTHORIZED, "Name"); - if(proposedObj.UserType!=currentObj.UserType) + if (proposedObj.UserType != currentObj.UserType) AddError(ApiErrorCode.NOT_AUTHORIZED, "UserType"); - + } //TODO: Validation rules that require future other objects that aren't present yet: diff --git a/server/AyaNova/models/GlobalBizSettings.cs b/server/AyaNova/models/GlobalBizSettings.cs index 158843d5..4e2ca77a 100644 --- a/server/AyaNova/models/GlobalBizSettings.cs +++ b/server/AyaNova/models/GlobalBizSettings.cs @@ -88,6 +88,9 @@ namespace AyaNova.Models } } + + //Used internally and at client end as extended rights atop roles system in relation only to Contact (customer type users) + public record CustomerRightsRecord(bool CSR, bool WO, bool WOWIKI, bool UserSettings, bool NotifyServiceImminent, bool NotifyCSRAccepted, bool NotifyCSRRejected, bool NotifyWOCreated); } /* CREATE TABLE [dbo].[AGLOBAL](