admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2020-12-18 00:03:32 +00:00
parent 206f9ec423
commit 875fbe2804
7 changed files with 74 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
server/AyaNova/biz/BizObject.cs
View File

@@ -43,10 +43,10 @@ namespace AyaNova.Biz
public void ClearErrors() => _errors.Clear();
public void AddvalidationError(ValidationError validationError)
{
_errors.Add(validationError);
}
// public void AddvalidationError(ValidationError validationError)
// {
// _errors.Add(validationError);
// }
public bool PropertyHasErrors(string propertyName)
{
@@ -56,9 +56,9 @@ namespace AyaNova.Biz
}
public void AddError(ApiErrorCode errorCode, string propertyName = null, string errorMessage = null)
public void AddError(ApiErrorCode errorCode, string propertyName = "generalerror", string errorMessage = null)
{
//if Target is generalerror that means show in UI in general error box of form
_errors.Add(new ValidationError() { Code = errorCode, Message = errorMessage, Target = propertyName });
}
@@ -73,14 +73,14 @@ namespace AyaNova.Biz
if (!HasErrors) return string.Empty;
StringBuilder sb = new StringBuilder();
// sb.AppendLine("LT:Errors - ");
// sb.AppendLine("LT:Errors - ");
foreach (ValidationError e in _errors)
{
var msg = $"LT:{ApiErrorCodeStockMessage.GetTranslationCodeForApiErrorCode(e.Code)}";
if(!string.IsNullOrWhiteSpace(e.Message))
msg+=$", {e.Message}";
if(!string.IsNullOrWhiteSpace(e.Target) && e.Target!="errorbox")
msg+=$", field: {e.Target}";
if (!string.IsNullOrWhiteSpace(e.Message))
msg += $", {e.Message}";
if (!string.IsNullOrWhiteSpace(e.Target) && e.Target != "generalerror")
msg += $", field: {e.Target}";
sb.AppendLine(msg);
}
return sb.ToString();

2
server/AyaNova/biz/CustomerBiz.cs
View File

@@ -308,7 +308,7 @@ namespace AyaNova.Biz
// {
// //Note: errorbox will ensure it appears in the general errror box and not field specific
// //the translation key is to indicate what the linked object is that is causing the error
// AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "errorbox", "LT:Contact");
// AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", "LT:Contact");
// }
//return await Task.CompletedTask;

2
server/AyaNova/biz/HeadOfficeBiz.cs
View File

@@ -272,7 +272,7 @@ namespace AyaNova.Biz
{
//Note: errorbox will ensure it appears in the general errror box and not field specific
//the translation key is to indicate what the linked object is that is causing the error
AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "errorbox", "LT:Customer");
AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", "LT:Customer");
}
}

10
server/AyaNova/biz/IBizObject.cs
View File

@@ -35,11 +35,11 @@ namespace AyaNova.Biz
/// <param name="propertyName"></param>
void AddError(ApiErrorCode errorCode, string propertyName = null, string errorMessage = null);
/// <summary>
///
/// </summary>
/// <param name="validationError"></param>
void AddvalidationError(ValidationError validationError);
// /// <summary>
// ///
// /// </summary>
// /// <param name="validationError"></param>
// void AddvalidationError(ValidationError validationError);

2
server/AyaNova/biz/ReportBiz.cs
View File

@@ -307,7 +307,7 @@ namespace AyaNova.Biz
{
//Note: errorbox will ensure it appears in the general errror box and not field specific
//the translation key is to indicate what the linked object is that is causing the error
AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "errorbox", "LT:NotifySubscription");
AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", "LT:NotifySubscription");
}
}

64
server/AyaNova/biz/Review.cs
View File

@@ -214,11 +214,11 @@ namespace AyaNova.Biz
- RULE Roles: BizAdminFull, DispatchFull, InventoryFull, Accounting, SalesFull can create and assign to anyone else.
- RULE Any other inside role can create for themselves only. (outside roles have no rights to this object so no need to check)
- RULE Limited roles can only set completed date and enter completion notes not otherwise change or create or delete.
- BIZ RULE users with more than limited roles can assign other users to follow up. Limited roles can only set completed status not otherwise change or create or delete.
- BIZ RULE users with more than limited roles can assign other users
*/
bool isNew = currentObj == null;
bool SelfAssigned = proposedObj.AssignedByUserId == UserId && proposedObj.UserId == UserId;
bool HasSupervisorRole =
CurrentUserRoles.HasFlag(AuthorizationRoles.BizAdminFull) ||
CurrentUserRoles.HasFlag(AuthorizationRoles.DispatchFull) ||
@@ -226,16 +226,55 @@ namespace AyaNova.Biz
CurrentUserRoles.HasFlag(AuthorizationRoles.SalesFull) ||
CurrentUserRoles.HasFlag(AuthorizationRoles.AccountingFull);
//Checks for non supervisors
if (!HasSupervisorRole)
{
//Non supervisor can't create a Review and assign to other User
if (isNew && !SelfAssigned)
{
AddError(ApiErrorCode.NOT_AUTHORIZED, "UserId");
return;//no need to check any further this is disqualifying completely
}
//Non supervisory roles can only change / set certain fields for non self reviews
if (!isNew && !SelfAssigned)
{
if (
(currentObj.Name != proposedObj.Name) ||
(currentObj.Notes != proposedObj.Notes) ||
(currentObj.Wiki != proposedObj.Wiki) ||
(currentObj.Tags != proposedObj.Tags) ||
(currentObj.DueDate != proposedObj.DueDate) ||
(currentObj.UserId != proposedObj.UserId) ||
(currentObj.AssignedByUserId != proposedObj.AssignedByUserId) ||
(currentObj.Notes != proposedObj.Notes) ||
(currentObj.Notes != proposedObj.Notes))
{
AddError(ApiErrorCode.VALIDATION_NOT_CHANGEABLE, "generalerror");
return;
}
}
}
//Can't change assigned object id and type after initial save
if (!isNew)
{
if (proposedObj.ObjectId != currentObj.ObjectId)
{
AddError(ApiErrorCode.VALIDATION_NOT_CHANGEABLE, "ObjectId");
return;
}
if (proposedObj.ObjectType != currentObj.ObjectType)
{
AddError(ApiErrorCode.VALIDATION_NOT_CHANGEABLE, "ObjectType");
return;
}
}
//Name required
if (string.IsNullOrWhiteSpace(proposedObj.Name))
AddError(ApiErrorCode.VALIDATION_REQUIRED, "Name");
if(!HasSupervisorRole && proposedObj.Self){
AddError(ApiErrorCode.NOT_AUTHORIZED, "UserId");
}
//Any form customizations to validate?
var FormCustomization = await ct.FormCustom.AsNoTracking().SingleOrDefaultAsync(x => x.FormKey == AyaType.Review.ToString());
if (FormCustomization != null)
@@ -253,8 +292,15 @@ namespace AyaNova.Biz
private void ValidateCanDelete(Review inObj)
{
//whatever needs to be check to delete this object
//TODO: There are specific rules for this beyond regular roles see case 3511
bool SelfAssigned = inObj.AssignedByUserId == UserId && inObj.UserId == UserId;
bool HasSupervisorRole =
CurrentUserRoles.HasFlag(AuthorizationRoles.BizAdminFull) ||
CurrentUserRoles.HasFlag(AuthorizationRoles.DispatchFull) ||
CurrentUserRoles.HasFlag(AuthorizationRoles.InventoryFull) ||
CurrentUserRoles.HasFlag(AuthorizationRoles.SalesFull) ||
CurrentUserRoles.HasFlag(AuthorizationRoles.AccountingFull);
if (!SelfAssigned && !HasSupervisorRole)
AddError(ApiErrorCode.NOT_AUTHORIZED);
}

10
server/AyaNova/models/Review.cs
View File

@@ -47,16 +47,6 @@ namespace AyaNova.Models
}
[NotMapped]
public bool Self
{
get
{
return (UserId == AssignedByUserId);
}
}
public Review()
{
Tags = new List<string>();