From 7ecd9eda9da8087c8a9826118027380b3b5aeb9b Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Thu, 6 Sep 2018 15:35:19 +0000 Subject: [PATCH] --- server/AyaNova/biz/UserBiz.cs | 36 ++----------------------- server/AyaNova/biz/ValidateJsonPatch.cs | 18 ++++++++++++- 2 files changed, 19 insertions(+), 35 deletions(-) diff --git a/server/AyaNova/biz/UserBiz.cs b/server/AyaNova/biz/UserBiz.cs index 901d4514..a1b824f8 100644 --- a/server/AyaNova/biz/UserBiz.cs +++ b/server/AyaNova/biz/UserBiz.cs @@ -203,39 +203,8 @@ namespace AyaNova.Biz //patch internal bool Patch(User dbObj, JsonPatchDocument objectPatch, uint concurrencyToken) { - // TODO: turn this into a standard callable method for use with all objects - //should accept a list of not changeable properties and not allowed operations with - //a standard version that just works with most objects - //Then replicate this to widget and anything else with a patch ability - //also this might remove the need for the salt and password trickery below? - //Then update all the tests for all patches in integration tests to test for this - - // //check for in-valid patches - // if (objectPatch.Operations.Any(m => m.path == "/id")) - // { - // AddError(ValidationErrorType.NotChangeable, "Id"); - // return false; - // } - - // if (objectPatch.Operations.Any(m => m.path == "/ownerid")) - // { - // AddError(ValidationErrorType.NotChangeable, "OwnerId"); - // return false; - // } - - // if (objectPatch.Operations.Any(m => m.op == "add")) - // { - // AddError(ValidationErrorType.InvalidOperation, "add"); - // return false; - // } - - // if (objectPatch.Operations.Any(m => m.op == "remove")) - // { - // AddError(ValidationErrorType.InvalidOperation, "remove"); - // return false; - // } - - if(!ValidateJsonPatch.Validate(this,objectPatch)) return false; + //Validate Patch is allowed + if (!ValidateJsonPatch.Validate(this, objectPatch)) return false; //make a snapshot of the original for validation but update the original to preserve workflow User snapshotObj = new User(); @@ -255,7 +224,6 @@ namespace AyaNova.Biz Validate(dbObj, snapshotObj); if (HasErrors) return false; - return true; } diff --git a/server/AyaNova/biz/ValidateJsonPatch.cs b/server/AyaNova/biz/ValidateJsonPatch.cs index f183b49f..abb58556 100644 --- a/server/AyaNova/biz/ValidateJsonPatch.cs +++ b/server/AyaNova/biz/ValidateJsonPatch.cs @@ -19,10 +19,26 @@ namespace AyaNova.Biz internal static class ValidateJsonPatch where T : class { - internal static bool Validate(BizObject biz, JsonPatchDocument objectPatch) + internal static bool Validate(BizObject biz, JsonPatchDocument objectPatch, string protectedProperties = "") { bool IsValid = true; + string[] ProtectedProperties = null; + if (!string.IsNullOrEmpty(protectedProperties)) + { + protectedProperties = protectedProperties.Replace(", ", ",").Replace(" ,", ",").Trim(); + ProtectedProperties = protectedProperties.Split(new char[1] { ',' }, StringSplitOptions.RemoveEmptyEntries); + } + + foreach (string Property in ProtectedProperties) + { + if (objectPatch.Operations.Any(m => m.path == $"/{Property.ToLowerInvariant()}")) + { + biz.AddError(ValidationErrorType.NotChangeable, Property); + IsValid = false; + } + } + //check for in-valid patches if (objectPatch.Operations.Any(m => m.path == "/id")) {