From 74fa5d2700c88d0cbc4883f890d1172e0f0c7de2 Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Mon, 7 Dec 2020 18:40:38 +0000 Subject: [PATCH] --- server/AyaNova/Controllers/UserController.cs | 2 - .../Controllers/UserOptionsController.cs | 20 ++++++---- server/AyaNova/biz/AyaFormFieldDefinitions.cs | 40 ++++++++++++++++++- 3 files changed, 50 insertions(+), 12 deletions(-) diff --git a/server/AyaNova/Controllers/UserController.cs b/server/AyaNova/Controllers/UserController.cs index 586696dd..dad24261 100644 --- a/server/AyaNova/Controllers/UserController.cs +++ b/server/AyaNova/Controllers/UserController.cs @@ -61,8 +61,6 @@ namespace AyaNova.Api.Controllers //Instantiate the business object handler UserBiz biz = UserBiz.GetBiz(ct, HttpContext); - - //Also used for Contacts (customer type user or ho type user) //by users with no User right so further biz rule required depending on usertype //this is just phase 1 diff --git a/server/AyaNova/Controllers/UserOptionsController.cs b/server/AyaNova/Controllers/UserOptionsController.cs index c6454768..f3e36f95 100644 --- a/server/AyaNova/Controllers/UserOptionsController.cs +++ b/server/AyaNova/Controllers/UserOptionsController.cs @@ -68,21 +68,25 @@ namespace AyaNova.Api.Controllers var UserId = UserIdFromContext.Id(HttpContext.Items); //Different than normal here: a user is *always* allowed to retrieve their own user options object - if (id != UserId && !Authorized.HasReadFullRole(HttpContext.Items, AyaType.UserOptions)) + if (id != UserId) { - return StatusCode(403, new ApiNotAuthorizedResponse()); + //Not users own options so need to check just as for User object as could be a Contact + + //Also used for Contacts (customer type user or ho type user) + //by users with no User right so further biz rule required depending on usertype + //this is just phase 1 + bool AllowedOutsideUser = Authorized.HasReadFullRole(HttpContext.Items, AyaType.Customer); + bool AllowedInsideUser = Authorized.HasReadFullRole(HttpContext.Items, AyaType.User); + + if (!AllowedOutsideUser && !AllowedInsideUser) + return StatusCode(403, new ApiNotAuthorizedResponse()); } //Instantiate the business object handler UserOptionsBiz biz = new UserOptionsBiz(ct, UserId, UserRolesFromContext.Roles(HttpContext.Items)); - var o = await biz.GetAsync(id); - - if (o == null) - { + if (o == null) return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); - } - return Ok(ApiOkResponse.Response(o)); } diff --git a/server/AyaNova/biz/AyaFormFieldDefinitions.cs b/server/AyaNova/biz/AyaFormFieldDefinitions.cs index 099d8815..8efde606 100644 --- a/server/AyaNova/biz/AyaFormFieldDefinitions.cs +++ b/server/AyaNova/biz/AyaFormFieldDefinitions.cs @@ -26,7 +26,8 @@ namespace AyaNova.Biz } } - + //No type form keys: + l.Add("Contact"); return l; } } @@ -119,6 +120,41 @@ namespace AyaNova.Biz } #endregion + #region CONTACT_KEY + { + List l = new List(); + l.Add(new AyaFormFieldDefinition { TKey = "Name", FieldKey = "Name", Hideable = false }); + l.Add(new AyaFormFieldDefinition { TKey = "UserEmployeeNumber", FieldKey = "EmployeeNumber" }); + l.Add(new AyaFormFieldDefinition { TKey = "AuthorizationRoles", FieldKey = "Roles", Hideable = false }); + l.Add(new AyaFormFieldDefinition { TKey = "UserNotes", FieldKey = "Notes" }); + l.Add(new AyaFormFieldDefinition { TKey = "UserType", FieldKey = "UserType", Hideable = false }); + l.Add(new AyaFormFieldDefinition { TKey = "Active", FieldKey = "Active", Hideable = false }); + l.Add(new AyaFormFieldDefinition { TKey = "LastLogin", FieldKey = "LastLogin" }); + l.Add(new AyaFormFieldDefinition { TKey = "Tags", FieldKey = "Tags" }); + l.Add(new AyaFormFieldDefinition { TKey = "Wiki", FieldKey = "Wiki" }); + l.Add(new AyaFormFieldDefinition { TKey = "Attachments", FieldKey = "Attachments" }); + + l.Add(new AyaFormFieldDefinition { TKey = "UserCustom1", FieldKey = "UserCustom1", IsCustomField = true }); + l.Add(new AyaFormFieldDefinition { TKey = "UserCustom2", FieldKey = "UserCustom2", IsCustomField = true }); + l.Add(new AyaFormFieldDefinition { TKey = "UserCustom3", FieldKey = "UserCustom3", IsCustomField = true }); + l.Add(new AyaFormFieldDefinition { TKey = "UserCustom4", FieldKey = "UserCustom4", IsCustomField = true }); + l.Add(new AyaFormFieldDefinition { TKey = "UserCustom5", FieldKey = "UserCustom5", IsCustomField = true }); + l.Add(new AyaFormFieldDefinition { TKey = "UserCustom6", FieldKey = "UserCustom6", IsCustomField = true }); + l.Add(new AyaFormFieldDefinition { TKey = "UserCustom7", FieldKey = "UserCustom7", IsCustomField = true }); + l.Add(new AyaFormFieldDefinition { TKey = "UserCustom8", FieldKey = "UserCustom8", IsCustomField = true }); + l.Add(new AyaFormFieldDefinition { TKey = "UserCustom9", FieldKey = "UserCustom9", IsCustomField = true }); + l.Add(new AyaFormFieldDefinition { TKey = "UserCustom10", FieldKey = "UserCustom10", IsCustomField = true }); + l.Add(new AyaFormFieldDefinition { TKey = "UserCustom11", FieldKey = "UserCustom11", IsCustomField = true }); + l.Add(new AyaFormFieldDefinition { TKey = "UserCustom12", FieldKey = "UserCustom12", IsCustomField = true }); + l.Add(new AyaFormFieldDefinition { TKey = "UserCustom13", FieldKey = "UserCustom13", IsCustomField = true }); + l.Add(new AyaFormFieldDefinition { TKey = "UserCustom14", FieldKey = "UserCustom14", IsCustomField = true }); + l.Add(new AyaFormFieldDefinition { TKey = "UserCustom15", FieldKey = "UserCustom15", IsCustomField = true }); + l.Add(new AyaFormFieldDefinition { TKey = "UserCustom16", FieldKey = "UserCustom16", IsCustomField = true }); + _ayaFormFields.Add("Contact", l); + } + #endregion + + #region Customer { List l = new List(); @@ -469,7 +505,7 @@ namespace AyaNova.Biz l.Add(new AyaFormFieldDefinition { TKey = "Wiki", FieldKey = "Wiki" }); l.Add(new AyaFormFieldDefinition { TKey = "Attachments", FieldKey = "Attachments" }); - //VENDOR FIELDS + //VENDOR FIELDS l.Add(new AyaFormFieldDefinition { TKey = "WebAddress", FieldKey = "WebAddress" }); l.Add(new AyaFormFieldDefinition { TKey = "HeadOfficeAccountNumber", FieldKey = "AccountNumber" }); l.Add(new AyaFormFieldDefinition { TKey = "VendorContact", FieldKey = "Contact" });