admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2020-12-18 00:03:32 +00:00
parent 206f9ec423
commit 875fbe2804
7 changed files with 74 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
server/AyaNova/biz/BizObject.cs
View File

@@ -43,10 +43,10 @@ namespace AyaNova.Biz
public void ClearErrors() => _errors.Clear(); public void ClearErrors() => _errors.Clear();
public void AddvalidationError(ValidationError validationError) // public void AddvalidationError(ValidationError validationError)
{ // {
_errors.Add(validationError); // _errors.Add(validationError);
} // }
public bool PropertyHasErrors(string propertyName) public bool PropertyHasErrors(string propertyName)
{ {
@@ -56,9 +56,9 @@ namespace AyaNova.Biz
} }
public void AddError(ApiErrorCode errorCode, string propertyName = null, string errorMessage = null) public void AddError(ApiErrorCode errorCode, string propertyName = "generalerror", string errorMessage = null)
{ {
//if Target is generalerror that means show in UI in general error box of form
_errors.Add(new ValidationError() { Code = errorCode, Message = errorMessage, Target = propertyName }); _errors.Add(new ValidationError() { Code = errorCode, Message = errorMessage, Target = propertyName });
} }
@@ -73,14 +73,14 @@ namespace AyaNova.Biz
if (!HasErrors) return string.Empty; if (!HasErrors) return string.Empty;
StringBuilder sb = new StringBuilder(); StringBuilder sb = new StringBuilder();
// sb.AppendLine("LT:Errors - "); // sb.AppendLine("LT:Errors - ");
foreach (ValidationError e in _errors) foreach (ValidationError e in _errors)
{ {
var msg = $"LT:{ApiErrorCodeStockMessage.GetTranslationCodeForApiErrorCode(e.Code)}"; var msg = $"LT:{ApiErrorCodeStockMessage.GetTranslationCodeForApiErrorCode(e.Code)}";
if(!string.IsNullOrWhiteSpace(e.Message)) if (!string.IsNullOrWhiteSpace(e.Message))
msg+=$", {e.Message}"; msg += $", {e.Message}";
if(!string.IsNullOrWhiteSpace(e.Target) && e.Target!="errorbox") if (!string.IsNullOrWhiteSpace(e.Target) && e.Target != "generalerror")
msg+=$", field: {e.Target}"; msg += $", field: {e.Target}";
sb.AppendLine(msg); sb.AppendLine(msg);
} }
return sb.ToString(); return sb.ToString();

2
server/AyaNova/biz/CustomerBiz.cs
View File

@@ -308,7 +308,7 @@ namespace AyaNova.Biz
// { // {
// //Note: errorbox will ensure it appears in the general errror box and not field specific // //Note: errorbox will ensure it appears in the general errror box and not field specific
// //the translation key is to indicate what the linked object is that is causing the error // //the translation key is to indicate what the linked object is that is causing the error
// AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "errorbox", "LT:Contact"); // AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", "LT:Contact");
// } // }
//return await Task.CompletedTask; //return await Task.CompletedTask;

2
server/AyaNova/biz/HeadOfficeBiz.cs
View File

@@ -272,7 +272,7 @@ namespace AyaNova.Biz
{ {
//Note: errorbox will ensure it appears in the general errror box and not field specific //Note: errorbox will ensure it appears in the general errror box and not field specific
//the translation key is to indicate what the linked object is that is causing the error //the translation key is to indicate what the linked object is that is causing the error
AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "errorbox", "LT:Customer"); AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", "LT:Customer");
} }
} }

10
server/AyaNova/biz/IBizObject.cs
View File

@@ -35,11 +35,11 @@ namespace AyaNova.Biz
/// <param name="propertyName"></param> /// <param name="propertyName"></param>
void AddError(ApiErrorCode errorCode, string propertyName = null, string errorMessage = null); void AddError(ApiErrorCode errorCode, string propertyName = null, string errorMessage = null);
/// <summary> // /// <summary>
/// // ///
/// </summary> // /// </summary>
/// <param name="validationError"></param> // /// <param name="validationError"></param>
void AddvalidationError(ValidationError validationError); // void AddvalidationError(ValidationError validationError);

2
server/AyaNova/biz/ReportBiz.cs
View File

@@ -307,7 +307,7 @@ namespace AyaNova.Biz
{ {
//Note: errorbox will ensure it appears in the general errror box and not field specific //Note: errorbox will ensure it appears in the general errror box and not field specific
//the translation key is to indicate what the linked object is that is causing the error //the translation key is to indicate what the linked object is that is causing the error
AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "errorbox", "LT:NotifySubscription"); AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", "LT:NotifySubscription");
} }
} }

64
server/AyaNova/biz/Review.cs
View File

@@ -214,11 +214,11 @@ namespace AyaNova.Biz
- RULE Roles: BizAdminFull, DispatchFull, InventoryFull, Accounting, SalesFull can create and assign to anyone else. - RULE Roles: BizAdminFull, DispatchFull, InventoryFull, Accounting, SalesFull can create and assign to anyone else.
- RULE Any other inside role can create for themselves only. (outside roles have no rights to this object so no need to check) - RULE Any other inside role can create for themselves only. (outside roles have no rights to this object so no need to check)
- RULE Limited roles can only set completed date and enter completion notes not otherwise change or create or delete. - RULE Limited roles can only set completed date and enter completion notes not otherwise change or create or delete.
- BIZ RULE users with more than limited roles can assign other users to follow up. Limited roles can only set completed status not otherwise change or create or delete. - BIZ RULE users with more than limited roles can assign other users
*/ */
bool isNew = currentObj == null; bool isNew = currentObj == null;
bool SelfAssigned = proposedObj.AssignedByUserId == UserId && proposedObj.UserId == UserId;
bool HasSupervisorRole = bool HasSupervisorRole =
CurrentUserRoles.HasFlag(AuthorizationRoles.BizAdminFull) || CurrentUserRoles.HasFlag(AuthorizationRoles.BizAdminFull) ||
CurrentUserRoles.HasFlag(AuthorizationRoles.DispatchFull) || CurrentUserRoles.HasFlag(AuthorizationRoles.DispatchFull) ||
@@ -226,16 +226,55 @@ namespace AyaNova.Biz
CurrentUserRoles.HasFlag(AuthorizationRoles.SalesFull) || CurrentUserRoles.HasFlag(AuthorizationRoles.SalesFull) ||
CurrentUserRoles.HasFlag(AuthorizationRoles.AccountingFull); CurrentUserRoles.HasFlag(AuthorizationRoles.AccountingFull);
//Checks for non supervisors
if (!HasSupervisorRole)
{
//Non supervisor can't create a Review and assign to other User
if (isNew && !SelfAssigned)
{
AddError(ApiErrorCode.NOT_AUTHORIZED, "UserId");
return;//no need to check any further this is disqualifying completely
}
//Non supervisory roles can only change / set certain fields for non self reviews
if (!isNew && !SelfAssigned)
{
if (
(currentObj.Name != proposedObj.Name) ||
(currentObj.Notes != proposedObj.Notes) ||
(currentObj.Wiki != proposedObj.Wiki) ||
(currentObj.Tags != proposedObj.Tags) ||
(currentObj.DueDate != proposedObj.DueDate) ||
(currentObj.UserId != proposedObj.UserId) ||
(currentObj.AssignedByUserId != proposedObj.AssignedByUserId) ||
(currentObj.Notes != proposedObj.Notes) ||
(currentObj.Notes != proposedObj.Notes))
{
AddError(ApiErrorCode.VALIDATION_NOT_CHANGEABLE, "generalerror");
return;
}
}
}
//Can't change assigned object id and type after initial save
if (!isNew)
{
if (proposedObj.ObjectId != currentObj.ObjectId)
{
AddError(ApiErrorCode.VALIDATION_NOT_CHANGEABLE, "ObjectId");
return;
}
if (proposedObj.ObjectType != currentObj.ObjectType)
{
AddError(ApiErrorCode.VALIDATION_NOT_CHANGEABLE, "ObjectType");
return;
}
}
//Name required //Name required
if (string.IsNullOrWhiteSpace(proposedObj.Name)) if (string.IsNullOrWhiteSpace(proposedObj.Name))
AddError(ApiErrorCode.VALIDATION_REQUIRED, "Name"); AddError(ApiErrorCode.VALIDATION_REQUIRED, "Name");
if(!HasSupervisorRole && proposedObj.Self){
AddError(ApiErrorCode.NOT_AUTHORIZED, "UserId");
}
//Any form customizations to validate? //Any form customizations to validate?
var FormCustomization = await ct.FormCustom.AsNoTracking().SingleOrDefaultAsync(x => x.FormKey == AyaType.Review.ToString()); var FormCustomization = await ct.FormCustom.AsNoTracking().SingleOrDefaultAsync(x => x.FormKey == AyaType.Review.ToString());
if (FormCustomization != null) if (FormCustomization != null)
@@ -253,8 +292,15 @@ namespace AyaNova.Biz
private void ValidateCanDelete(Review inObj) private void ValidateCanDelete(Review inObj)
{ {
//whatever needs to be check to delete this object bool SelfAssigned = inObj.AssignedByUserId == UserId && inObj.UserId == UserId;
//TODO: There are specific rules for this beyond regular roles see case 3511 bool HasSupervisorRole =
CurrentUserRoles.HasFlag(AuthorizationRoles.BizAdminFull) ||
CurrentUserRoles.HasFlag(AuthorizationRoles.DispatchFull) ||
CurrentUserRoles.HasFlag(AuthorizationRoles.InventoryFull) ||
CurrentUserRoles.HasFlag(AuthorizationRoles.SalesFull) ||
CurrentUserRoles.HasFlag(AuthorizationRoles.AccountingFull);
if (!SelfAssigned && !HasSupervisorRole)
AddError(ApiErrorCode.NOT_AUTHORIZED);
} }

10
server/AyaNova/models/Review.cs
View File

@@ -47,16 +47,6 @@ namespace AyaNova.Models
} }
[NotMapped]
public bool Self
{
get
{
return (UserId == AssignedByUserId);
}
}
public Review() public Review()
{ {
Tags = new List<string>(); Tags = new List<string>();