From 8f3118d309f14833416f3ca65de67bffe9e1d4c1 Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Fri, 15 May 2020 21:08:37 +0000 Subject: [PATCH] ayType aytype all now AyaType or ayaType --- devdocs/specs/core-log-business.txt | 2 +- .../AyaNova/ControllerHelpers/Authorized.cs | 25 ++++++++++++++++++- .../AyaNova/Controllers/EventLogController.cs | 6 ++--- .../AyaNova/Controllers/SearchController.cs | 6 ++--- .../AyaNova/biz/BizObjectExistsInDatabase.cs | 6 ++--- server/AyaNova/biz/BizObjectFactory.cs | 6 ++--- .../AyaNova/biz/BizObjectNameFetcherDirect.cs | 8 +++--- server/AyaNova/biz/EventLogProcessor.cs | 24 +++++++++--------- server/AyaNova/biz/WorkOrderBiz.cs | 22 +++++++++++++--- server/AyaNova/models/Event.cs | 10 ++++---- server/AyaNova/util/AySchema.cs | 4 +-- 11 files changed, 77 insertions(+), 42 deletions(-) diff --git a/devdocs/specs/core-log-business.txt b/devdocs/specs/core-log-business.txt index 4d2824ee..28ac9137 100644 --- a/devdocs/specs/core-log-business.txt +++ b/devdocs/specs/core-log-business.txt @@ -45,7 +45,7 @@ etc EVENT LOG DB SCHEMA ------------------------------------ -AYTYPE (object type int), +AYaTYPE (object type int), AYID (object id), AYEVENT (event of interest type int defined in central master enum of all events), TIMESTAMP (unix epoch), diff --git a/server/AyaNova/ControllerHelpers/Authorized.cs b/server/AyaNova/ControllerHelpers/Authorized.cs index e497a804..049fded4 100644 --- a/server/AyaNova/ControllerHelpers/Authorized.cs +++ b/server/AyaNova/ControllerHelpers/Authorized.cs @@ -37,7 +37,30 @@ namespace AyaNova.Api.ControllerHelpers return false; } + /// + /// any access at all? + /// + /// + /// + /// + internal static bool HasAnyRole(IDictionary HttpContextItems, AyaType objectType) + { + AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems); + return HasAnyRole(currentUserRoles, objectType); + } + /// + /// User has any access at all to this object? + /// + /// + /// + /// + internal static bool HasAnyRole(AuthorizationRoles currentUserRoles, AyaType objectType) + { + var RoleSet = BizRoles.GetRoleSet(objectType); + var AllowedRoles = RoleSet.ReadFullRecord | RoleSet.Change | RoleSet.Select; + return currentUserRoles.HasAnyFlags(AllowedRoles); + } /// /// READ FULL RECORD (not just name and id) @@ -97,7 +120,7 @@ namespace AyaNova.Api.ControllerHelpers var RoleSet = BizRoles.GetRoleSet(objectType); var AllowedRoles = RoleSet.ReadFullRecord | RoleSet.Change; return currentUserRoles.HasAnyFlags(AllowedRoles); - + // if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change)) // return true; diff --git a/server/AyaNova/Controllers/EventLogController.cs b/server/AyaNova/Controllers/EventLogController.cs index d830916f..bb5374e0 100644 --- a/server/AyaNova/Controllers/EventLogController.cs +++ b/server/AyaNova/Controllers/EventLogController.cs @@ -56,7 +56,7 @@ namespace AyaNova.Api.Controllers if (serverState.IsClosed) return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); - if (!Authorized.HasReadFullRole(HttpContext.Items, opt.AyType)) + if (!Authorized.HasReadFullRole(HttpContext.Items, opt.AyaType)) { return StatusCode(403, new ApiNotAuthorizedResponse()); } @@ -125,7 +125,7 @@ namespace AyaNova.Api.Controllers } public sealed class V7Event { - public AyaType AyType { get; set; } + public AyaType AyaType { get; set; } public long AyId { get; set; } public long Creator { get; set; } public long Modifier { get; set; } @@ -140,7 +140,7 @@ namespace AyaNova.Api.Controllers public sealed class EventLogOptions { [FromQuery] - public AyaType AyType { get; set; } + public AyaType AyaType { get; set; } [FromQuery] public long AyId { get; set; } [FromQuery] diff --git a/server/AyaNova/Controllers/SearchController.cs b/server/AyaNova/Controllers/SearchController.cs index c25ea9ac..a2a8a135 100644 --- a/server/AyaNova/Controllers/SearchController.cs +++ b/server/AyaNova/Controllers/SearchController.cs @@ -114,6 +114,7 @@ namespace AyaNova.Api.Controllers if (serverState.IsClosed) return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + //since this is for opening an entire object it's appropriate to check if they have read full role first if (!Authorized.HasReadFullRole(HttpContext.Items, ayaType)) return StatusCode(403, new ApiNotAuthorizedResponse()); @@ -140,11 +141,8 @@ namespace AyaNova.Api.Controllers } - // var res = await Search.GetInfoAsync(ct, UserTranslationIdFromContext.Id(HttpContext.Items), - // UserRolesFromContext.Roles(HttpContext.Items), UserIdFromContext.Id(HttpContext.Items), phrase, max, ayaType, id); - return Ok(ApiOkResponse.Response(res, true)); - } + } //------------ diff --git a/server/AyaNova/biz/BizObjectExistsInDatabase.cs b/server/AyaNova/biz/BizObjectExistsInDatabase.cs index bf68bd59..a439b1e5 100644 --- a/server/AyaNova/biz/BizObjectExistsInDatabase.cs +++ b/server/AyaNova/biz/BizObjectExistsInDatabase.cs @@ -21,14 +21,14 @@ namespace AyaNova.Biz //Returns existance status of object type and id specified in database - internal static async Task ExistsAsync(AyaType aytype, long id, AyContext ct = null) + internal static async Task ExistsAsync(AyaType ayaType, long id, AyContext ct = null) { //new up a context?? if (ct == null) { ct = ServiceProviderProvider.DBContext; } - switch (aytype) + switch (ayaType) { //CoreBizObject add here @@ -108,7 +108,7 @@ namespace AyaNova.Biz return await ct.WorkOrderTemplateItem.AnyAsync(m => m.Id == id); default: - throw new System.NotSupportedException($"AyaNova.Biz.BizObjectExistsInDatabase::ExistsAsync type {aytype.ToString()} is not supported"); + throw new System.NotSupportedException($"AyaNova.Biz.BizObjectExistsInDatabase::ExistsAsync type {ayaType.ToString()} is not supported"); } } diff --git a/server/AyaNova/biz/BizObjectFactory.cs b/server/AyaNova/biz/BizObjectFactory.cs index 6e980593..8f752f86 100644 --- a/server/AyaNova/biz/BizObjectFactory.cs +++ b/server/AyaNova/biz/BizObjectFactory.cs @@ -20,9 +20,9 @@ namespace AyaNova.Biz //Returns the biz object class that corresponds to the type presented //Used by SEARCH and objects with JOBS - internal static BizObject GetBizObject(AyaType aytype, AyContext dbcontext, long userId = 1, AuthorizationRoles roles = AuthorizationRoles.All) + internal static BizObject GetBizObject(AyaType ayaType, AyContext dbcontext, long userId = 1, AuthorizationRoles roles = AuthorizationRoles.All) { - switch (aytype) + switch (ayaType) { //CoreBizObject add here case AyaType.ServerJob: @@ -92,7 +92,7 @@ namespace AyaNova.Biz return new WorkOrderTemplateBiz(dbcontext, userId, ServerBootConfig.AYANOVA_DEFAULT_TRANSLATION_ID, roles); default: - throw new System.NotSupportedException($"AyaNova.BLL.BizObjectFactory::GetBizObject type {aytype.ToString()} is not supported"); + throw new System.NotSupportedException($"AyaNova.BLL.BizObjectFactory::GetBizObject type {ayaType.ToString()} is not supported"); } } diff --git a/server/AyaNova/biz/BizObjectNameFetcherDirect.cs b/server/AyaNova/biz/BizObjectNameFetcherDirect.cs index 63d3f6f5..e07625da 100644 --- a/server/AyaNova/biz/BizObjectNameFetcherDirect.cs +++ b/server/AyaNova/biz/BizObjectNameFetcherDirect.cs @@ -14,9 +14,9 @@ namespace AyaNova.Biz //Returns existance status of object type and id specified in database - internal static string Name(AyaType aytype, long id, System.Data.Common.DbCommand cmd) + internal static string Name(AyaType ayaType, long id, System.Data.Common.DbCommand cmd) { - if (aytype == AyaType.NoType || id == 0) + if (ayaType == AyaType.NoType || id == 0) { return "-"; } @@ -26,7 +26,7 @@ namespace AyaNova.Biz string COLUMN = "name"; //CoreBizObject add here BUT ONLY ADD IF AYATYPE NAME DIFFERS FROM TABLE NAME OR NO NAME FIELD AS PRIMARY NAME-LIKE COLUMN - switch (aytype) + switch (ayaType) { //Oddballs only, otherwise let default handle it @@ -58,7 +58,7 @@ namespace AyaNova.Biz case AyaType.WorkOrderItemUnit: return "-"; default: - TABLE = "a" + aytype.ToString().ToLowerInvariant(); + TABLE = "a" + ayaType.ToString().ToLowerInvariant(); break; } diff --git a/server/AyaNova/biz/EventLogProcessor.cs b/server/AyaNova/biz/EventLogProcessor.cs index 29d4817c..27a34795 100644 --- a/server/AyaNova/biz/EventLogProcessor.cs +++ b/server/AyaNova/biz/EventLogProcessor.cs @@ -20,7 +20,7 @@ namespace AyaNova.Biz /// internal static async Task LogEventToDatabaseAsync(Event newEvent, AyContext ct) { - //System.Diagnostics.Debug.WriteLine($"Event log event for {newEvent.AyId}:{newEvent.AyType} {newEvent.AyEvent} {newEvent.Created}"); + //System.Diagnostics.Debug.WriteLine($"Event log event for {newEvent.AyId}:{newEvent.AyaType} {newEvent.AyEvent} {newEvent.Created}"); await ct.Event.AddAsync(newEvent); await ct.SaveChangesAsync(); @@ -33,14 +33,14 @@ namespace AyaNova.Biz /// remove all prior entries for object, add one deleted entry /// /// - /// + /// /// /// /// - internal static async Task DeleteObjectLogAsync(long userId, AyaType ayType, long ayId, string textra, AyContext ct) + internal static async Task DeleteObjectLogAsync(long userId, AyaType ayaType, long ayId, string textra, AyContext ct) { - await ct.Database.ExecuteSqlInterpolatedAsync($"delete from aevent where aytype = {ayType} and ayid={ayId}"); - await ct.Event.AddAsync(new Event(userId, ayId, ayType, AyaEvent.Deleted, textra)); + await ct.Database.ExecuteSqlInterpolatedAsync($"delete from aevent where ayatype = {ayaType} and ayid={ayId}"); + await ct.Event.AddAsync(new Event(userId, ayId, ayaType, AyaEvent.Deleted, textra)); await ct.SaveChangesAsync(); } @@ -57,7 +57,7 @@ namespace AyaNova.Biz //Set up the query var q = ct.Event.Select(m => m).AsNoTracking(); - q = q.Where(m => m.AyId == opt.AyId && m.AyType == opt.AyType); + q = q.Where(m => m.AyId == opt.AyId && m.AyaType == opt.AyaType); q = q.OrderByDescending(m => m.Created); q = q.Skip(offset).Take(limit); @@ -77,7 +77,7 @@ namespace AyaNova.Biz Name = BizObjectNameFetcherDirect.Name(AyaType.User, m.UserId, command) }).ToArray(); - ret.Name = BizObjectNameFetcherDirect.Name(opt.AyType, opt.AyId, command); + ret.Name = BizObjectNameFetcherDirect.Name(opt.AyaType, opt.AyId, command); return ret; } } @@ -115,11 +115,11 @@ namespace AyaNova.Biz { Date = m.Created, - ObjectType = m.AyType, + ObjectType = m.AyaType, ObjectId = m.AyId, Event = m.AyEvent, Textra = m.Textra, - Name = BizObjectNameFetcherDirect.Name(m.AyType, m.AyId, command) + Name = BizObjectNameFetcherDirect.Name(m.AyaType, m.AyId, command) }).ToArray(); ret.Name = BizObjectNameFetcherDirect.Name(AyaType.User, opt.UserId, command); @@ -137,14 +137,14 @@ namespace AyaNova.Biz internal static async Task V7_Modify_LogAsync(AyaNova.Api.Controllers.EventLogController.V7Event ev, AyContext ct) { //delete the automatically created entry from the exported object - await ct.Database.ExecuteSqlInterpolatedAsync($"delete from aevent where aytype = {ev.AyType} and ayid={ev.AyId}"); + await ct.Database.ExecuteSqlInterpolatedAsync($"delete from aevent where ayatype = {ev.AyaType} and ayid={ev.AyId}"); //Now create the entries to reflect the original data from v7 //CREATED - await EventLogProcessor.LogEventToDatabaseAsync(new Event(ev.Creator, ev.AyId, ev.AyType, AyaEvent.Created, ev.Created, null), ct); + await EventLogProcessor.LogEventToDatabaseAsync(new Event(ev.Creator, ev.AyId, ev.AyaType, AyaEvent.Created, ev.Created, null), ct); //MODIFIED - await EventLogProcessor.LogEventToDatabaseAsync(new Event(ev.Modifier, ev.AyId, ev.AyType, AyaEvent.Modified, ev.Modified, null), ct); + await EventLogProcessor.LogEventToDatabaseAsync(new Event(ev.Modifier, ev.AyId, ev.AyaType, AyaEvent.Modified, ev.Modified, null), ct); await ct.SaveChangesAsync(); diff --git a/server/AyaNova/biz/WorkOrderBiz.cs b/server/AyaNova/biz/WorkOrderBiz.cs index 2bf777db..3ae4e991 100644 --- a/server/AyaNova/biz/WorkOrderBiz.cs +++ b/server/AyaNova/biz/WorkOrderBiz.cs @@ -255,10 +255,24 @@ namespace AyaNova.Biz //////////////////////////////////////////////////////////////////////////////////////////////// // GET ANCESTOR // - internal static async Task GetAncestor(AyaType ayType, long id, AyContext ct) + internal static async Task GetAncestor(AyaType ayaType, long id, AyContext ct) { - //Note: there could be rules checking here in future, i.e. can only get own workorder or something - //if so, then need to implement AddError and in route handle Null return with Error check just like PUT route does now + switch (ayaType) + { + case AyaType.WorkOrderItem: + case AyaType.WorkOrderItemExpense: + case AyaType.WorkOrderItemLabor: + case AyaType.WorkOrderItemLoan: + case AyaType.WorkOrderItemPart: + case AyaType.WorkOrderItemPartRequest: + case AyaType.WorkOrderItemScheduledUser: + case AyaType.WorkOrderItemTask: + case AyaType.WorkOrderItemTravel: + + default: + throw new System.NotSupportedException($"WorkOrderBiz::GetAncestor -> AyaType {ayaType.ToString()} is not supported"); + + } //https://docs.microsoft.com/en-us/ef/core/querying/related-data //docs say this will not query twice but will recognize the duplicate woitem bit which is required for multiple grandchild collections @@ -285,7 +299,7 @@ namespace AyaNova.Biz .SingleOrDefaultAsync(m => m.Id == id); - + } private async Task WorkOrderSearchIndexAsync(WorkOrder obj, bool isNew) diff --git a/server/AyaNova/models/Event.cs b/server/AyaNova/models/Event.cs index 6d202646..1e9793b2 100644 --- a/server/AyaNova/models/Event.cs +++ b/server/AyaNova/models/Event.cs @@ -19,7 +19,7 @@ namespace AyaNova.Models [Required] public long AyId { get; set; } [Required] - public AyaType AyType { get; set; } + public AyaType AyaType { get; set; } [Required] public AyaEvent AyEvent { get; set; } @@ -32,12 +32,12 @@ namespace AyaNova.Models Created = System.DateTime.UtcNow; } - public Event(long userId, long ayId, AyaType ayType, AyaEvent ayEvent, string textra = null) + public Event(long userId, long ayId, AyaType ayaType, AyaEvent ayEvent, string textra = null) { Created = System.DateTime.UtcNow; UserId = userId; AyId = ayId; - AyType = ayType; + AyaType = ayaType; AyEvent = ayEvent; if (textra != null) { @@ -47,12 +47,12 @@ namespace AyaNova.Models } } - public Event(long userId, long ayId, AyaType ayType, AyaEvent ayEvent, DateTime created, string textra = null) + public Event(long userId, long ayId, AyaType ayaType, AyaEvent ayEvent, DateTime created, string textra = null) { Created = created; UserId = userId; AyId = ayId; - AyType = ayType; + AyaType = ayaType; AyEvent = ayEvent; if (textra != null) { diff --git a/server/AyaNova/util/AySchema.cs b/server/AyaNova/util/AySchema.cs index 2deb0395..a081d5aa 100644 --- a/server/AyaNova/util/AySchema.cs +++ b/server/AyaNova/util/AySchema.cs @@ -144,9 +144,9 @@ namespace AyaNova.Util //create aevent biz event log table await ExecQueryAsync("CREATE TABLE aevent (id BIGINT GENERATED ALWAYS AS IDENTITY PRIMARY KEY, created timestamp not null, userid bigint not null," + - "ayid bigint not null, aytype integer not null, ayevent integer not null, textra varchar(255))"); + "ayid bigint not null, ayatype integer not null, ayevent integer not null, textra varchar(255))"); //INDEX: Most selective first as there is more unique ID's than unique types - await ExecQueryAsync("CREATE INDEX aevent_typeid_idx ON aevent (ayid, aytype);"); + await ExecQueryAsync("CREATE INDEX aevent_typeid_idx ON aevent (ayid, ayatype);"); await ExecQueryAsync("CREATE INDEX aevent_userid_idx ON aevent (userid);");