admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2021-06-15 22:00:02 +00:00
parent 83196ae6de
commit 741c2e72e9
3 changed files with 60 additions and 17 deletions
Download Patch File Download Diff File Expand all files Collapse all files

43
server/AyaNova/Controllers/AuthController.cs
View File

@@ -347,15 +347,40 @@ namespace AyaNova.Api.Controllers
log.LogInformation($"User \"{u.Name}\" logged in from \"{HttpContext.Connection.RemoteIpAddress.ToString()}\" ok"); log.LogInformation($"User \"{u.Name}\" logged in from \"{HttpContext.Connection.RemoteIpAddress.ToString()}\" ok");
//return appropriate data
if (u.UserType == UserType.Customer | u.UserType == UserType.HeadOffice)
{
//customer type has special rights restrictions for UI features so return them here so client UI can enable or disable
return Ok(ApiOkResponse.Response(new return Ok(ApiOkResponse.Response(new
{
token = token,
name = u.Name,
usertype = u.UserType,
roles = ((int)u.Roles).ToString(),
dlt = DownloadToken,
tfa = u.TwoFactorEnabled,
CustomerAllowCSR = AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerDefaultWorkOrderReportId,
}));
}
else
{ {
token = token, //Non customer user
name = u.Name, return Ok(ApiOkResponse.Response(new
usertype = u.UserType, {
roles = ((int)u.Roles).ToString(), token = token,
dlt = DownloadToken, name = u.Name,
tfa = u.TwoFactorEnabled usertype = u.UserType,
})); roles = ((int)u.Roles).ToString(),
dlt = DownloadToken,
tfa = u.TwoFactorEnabled
}));
}
//------------------------ /STANDARD BLOCK ------------------------- //------------------------ /STANDARD BLOCK -------------------------
} }
@@ -664,7 +689,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(403, new ApiNotAuthorizedResponse()); return StatusCode(403, new ApiNotAuthorizedResponse());
} }
var u = await ct.User.FirstOrDefaultAsync(z => z.Id == id); var u = await ct.User.FirstOrDefaultAsync(z => z.Id == id);
if (u == null)//should never happen but ? if (u == null)//should never happen but ?
return StatusCode(403, new ApiNotAuthorizedResponse()); return StatusCode(403, new ApiNotAuthorizedResponse());
@@ -673,7 +698,7 @@ namespace AyaNova.Api.Controllers
u.TempToken = null; u.TempToken = null;
u.TwoFactorEnabled = false; u.TwoFactorEnabled = false;
await ct.SaveChangesAsync(); await ct.SaveChangesAsync();
return NoContent(); return NoContent();
} }
//------------------------------------------------------ //------------------------------------------------------

31
server/AyaNova/biz/UserBiz.cs
View File

@@ -107,6 +107,20 @@ namespace AyaNova.Biz
} }
} }
internal static async Task<CustomerRightsRecord> CustomerUserEffectiveRights(long userId)
{
using (AyContext ct = ServiceProviderProvider.DBContext)
{
var UserInfo = await ct.User.AsNoTracking().Where(x => x.Id == userId).Select(x => new { x.UserType, x.HeadOfficeId, x.CustomerId, x.Tags }).FirstAsync();
if (UserInfo.UserType != UserType.Customer && UserInfo.UserType != UserType.HeadOffice)
{
throw new System.NotSupportedException(
$"UserBiz::CustomerUserEffectiveRights - Requested for non Customer type user with ID {userId} who is UserType: {UserInfo.UserType}");
}
}
}
internal static UserBiz GetBiz(AyContext ct, Microsoft.AspNetCore.Http.HttpContext httpContext = null) internal static UserBiz GetBiz(AyContext ct, Microsoft.AspNetCore.Http.HttpContext httpContext = null)
{ {
@@ -495,7 +509,7 @@ namespace AyaNova.Biz
} }
var ResetCode = Hasher.GetRandomAlphanumericString(32); var ResetCode = Hasher.GetRandomAlphanumericString(32);
dbObject.PasswordResetCode = ResetCode; dbObject.PasswordResetCode = ResetCode;
dbObject.PasswordResetCodeExpire = DateTime.UtcNow.AddHours(48);//This is not enough time to issue a reset code on a friday at 5pm and use it Monday before noon, but it is more understandable and clear dbObject.PasswordResetCodeExpire = DateTime.UtcNow.AddHours(48);//This is not enough time to issue a reset code on a friday at 5pm and use it Monday before noon, but it is more understandable and clear
await ct.SaveChangesAsync(); await ct.SaveChangesAsync();
@@ -716,21 +730,22 @@ namespace AyaNova.Biz
//SUPERUSER ACCOUNT CAN"T BE MODIFIED IN SOME WAYS //SUPERUSER ACCOUNT CAN"T BE MODIFIED IN SOME WAYS
if(!isNew && proposedObj.Id==1){ if (!isNew && proposedObj.Id == 1)
{
//prevent certain changes to superuser account like roles etc //prevent certain changes to superuser account like roles etc
if(proposedObj.Roles!=currentObj.Roles) if (proposedObj.Roles != currentObj.Roles)
AddError(ApiErrorCode.NOT_AUTHORIZED, "Roles"); AddError(ApiErrorCode.NOT_AUTHORIZED, "Roles");
if(proposedObj.Active!=currentObj.Active) if (proposedObj.Active != currentObj.Active)
AddError(ApiErrorCode.NOT_AUTHORIZED, "Active"); AddError(ApiErrorCode.NOT_AUTHORIZED, "Active");
if(proposedObj.Name!=currentObj.Name) if (proposedObj.Name != currentObj.Name)
AddError(ApiErrorCode.NOT_AUTHORIZED, "Name"); AddError(ApiErrorCode.NOT_AUTHORIZED, "Name");
if(proposedObj.UserType!=currentObj.UserType) if (proposedObj.UserType != currentObj.UserType)
AddError(ApiErrorCode.NOT_AUTHORIZED, "UserType"); AddError(ApiErrorCode.NOT_AUTHORIZED, "UserType");
} }
//TODO: Validation rules that require future other objects that aren't present yet: //TODO: Validation rules that require future other objects that aren't present yet:

3
server/AyaNova/models/GlobalBizSettings.cs
View File

@@ -88,6 +88,9 @@ namespace AyaNova.Models
} }
} }
//Used internally and at client end as extended rights atop roles system in relation only to Contact (customer type users)
public record CustomerRightsRecord(bool CSR, bool WO, bool WOWIKI, bool UserSettings, bool NotifyServiceImminent, bool NotifyCSRAccepted, bool NotifyCSRRejected, bool NotifyWOCreated);
} }
/* /*
CREATE TABLE [dbo].[AGLOBAL]( CREATE TABLE [dbo].[AGLOBAL](