This commit is contained in:
@@ -101,7 +101,7 @@ namespace AyaNova.Api.Controllers
|
||||
[HttpGet("download/{fileName}")]
|
||||
public async Task<IActionResult> DownloadAsync([FromRoute] string fileName, [FromQuery] string t)
|
||||
{
|
||||
|
||||
|
||||
if (!serverState.IsOpen)
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
var DownloadUser = await UserBiz.ValidateDownloadTokenAndReturnUserAsync(t, ct);
|
||||
@@ -109,7 +109,7 @@ namespace AyaNova.Api.Controllers
|
||||
{
|
||||
await Task.Delay(AyaNova.Util.ServerBootConfig.FAILED_AUTH_DELAY);//DOS protection
|
||||
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
|
||||
}
|
||||
}
|
||||
|
||||
if (!Authorized.HasModifyRole(DownloadUser.Roles, AyaType.Backup))//not technically modify but treating as such as a backup is very sensitive data
|
||||
{
|
||||
@@ -130,6 +130,29 @@ namespace AyaNova.Api.Controllers
|
||||
}
|
||||
|
||||
|
||||
/// <summary>
|
||||
/// Delete Backup
|
||||
/// </summary>
|
||||
/// <param name="name"></param>
|
||||
/// <returns>NoContent</returns>
|
||||
[HttpDelete("{name}")]
|
||||
[Authorize]
|
||||
public ActionResult DeleteBackupFile([FromRoute] string name)
|
||||
{
|
||||
if (!serverState.IsOpen)
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
CustomerBiz biz = CustomerBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.Backup))
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
FileUtil.EraseBackupFile(name);
|
||||
//never errors only no content
|
||||
|
||||
return NoContent();
|
||||
}
|
||||
|
||||
|
||||
//DANGER: MUST ADD AUTHORIZE ATTRIBUTE TO ANY NEW ROUTES
|
||||
//[Authorize]
|
||||
|
||||
|
||||
@@ -60,29 +60,6 @@ namespace AyaNova.Api.Controllers
|
||||
return CreatedAtAction(nameof(CustomerController.GetCustomer), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
|
||||
}
|
||||
|
||||
// /// <summary>
|
||||
// /// Duplicate Customer
|
||||
// /// (Wiki and Attachments are not duplicated)
|
||||
// /// </summary>
|
||||
// /// <param name="id">Source object id</param>
|
||||
// /// <param name="apiVersion">From route path</param>
|
||||
// /// <returns>Customer</returns>
|
||||
// [HttpPost("duplicate/{id}")]
|
||||
// public async Task<IActionResult> DuplicateCustomer([FromRoute] long id, ApiVersion apiVersion)
|
||||
// {
|
||||
// if (!serverState.IsOpen)
|
||||
// return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
// CustomerBiz biz = CustomerBiz.GetBiz(ct, HttpContext);
|
||||
// if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
|
||||
// return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
// if (!ModelState.IsValid)
|
||||
// return BadRequest(new ApiErrorResponse(ModelState));
|
||||
// Customer o = await biz.DuplicateAsync(id);
|
||||
// if (o == null)
|
||||
// return BadRequest(new ApiErrorResponse(biz.Errors));
|
||||
// else
|
||||
// return CreatedAtAction(nameof(CustomerController.GetCustomer), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
|
||||
// }
|
||||
|
||||
/// <summary>
|
||||
/// Get Customer
|
||||
|
||||
Reference in New Issue
Block a user