server/AyaNova/biz/UserBiz.cs

@@ -203,39 +203,8 @@ namespace AyaNova.Biz
         //patch
         internal bool Patch(User dbObj, JsonPatchDocument<User> objectPatch, uint concurrencyToken)
         {
-           // TODO: turn this into a standard callable method for use with all objects
-            //should accept a list of not changeable properties and not allowed operations with 
-            //a standard version that just works with most objects
-            //Then replicate this to widget and anything else with a patch ability
-            //also this might remove the need for the salt and password trickery below?
-            //Then update all the tests for all patches in integration tests to test for this 
-
-            // //check for in-valid patches
-            // if (objectPatch.Operations.Any(m => m.path == "/id"))
-            // {
-            //     AddError(ValidationErrorType.NotChangeable, "Id");
-            //     return false;
-            // }
-
-            // if (objectPatch.Operations.Any(m => m.path == "/ownerid"))
-            // {
-            //     AddError(ValidationErrorType.NotChangeable, "OwnerId");
-            //     return false;
-            // }
-
-            // if (objectPatch.Operations.Any(m => m.op == "add"))
-            // {
-            //     AddError(ValidationErrorType.InvalidOperation, "add");
-            //     return false;
-            // }
-
-            // if (objectPatch.Operations.Any(m => m.op == "remove"))
-            // {
-            //     AddError(ValidationErrorType.InvalidOperation, "remove");
-            //     return false;
-            // }
-
-            if(!ValidateJsonPatch<User>.Validate(this,objectPatch)) return false;
+            //Validate Patch is allowed
+            if (!ValidateJsonPatch<User>.Validate(this, objectPatch)) return false;
 
             //make a snapshot of the original for validation but update the original to preserve workflow           
             User snapshotObj = new User();
@@ -255,7 +224,6 @@ namespace AyaNova.Biz
             Validate(dbObj, snapshotObj);
             if (HasErrors)
                 return false;
-
             return true;
         }
 

server/AyaNova/biz/ValidateJsonPatch.cs

@@ -19,10 +19,26 @@ namespace AyaNova.Biz
     internal static class ValidateJsonPatch<T> where T : class
     {
 
-        internal static bool Validate(BizObject biz, JsonPatchDocument<T> objectPatch)  
+        internal static bool Validate(BizObject biz, JsonPatchDocument<T> objectPatch, string protectedProperties = "")
         {
             bool IsValid = true;
 
+            string[] ProtectedProperties = null;
+            if (!string.IsNullOrEmpty(protectedProperties))
+            {
+                protectedProperties = protectedProperties.Replace(", ", ",").Replace(" ,", ",").Trim();
+                ProtectedProperties = protectedProperties.Split(new char[1] { ',' }, StringSplitOptions.RemoveEmptyEntries);
+            }
+
+            foreach (string Property in ProtectedProperties)
+            {
+                if (objectPatch.Operations.Any(m => m.path == $"/{Property.ToLowerInvariant()}"))
+                {
+                    biz.AddError(ValidationErrorType.NotChangeable, Property);
+                    IsValid = false;
+                }
+            }
+
             //check for in-valid patches
             if (objectPatch.Operations.Any(m => m.path == "/id"))
             {