admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2019-05-16 22:28:28 +00:00
parent acc40671a0
commit 8fe776a3ac
21 changed files with 137 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

49
server/AyaNova/ControllerHelpers/Authorized.cs
View File

@@ -43,10 +43,10 @@ namespace AyaNova.Api.ControllerHelpers
/// <param name="HttpContextItems"></param>
/// <param name="objectType"></param>
/// <returns></returns>
internal static bool IsAuthorizedToReadFullRecord(IDictionary<object, object> HttpContextItems, AyaType objectType)
internal static bool HasReadFullRole(IDictionary<object, object> HttpContextItems, AyaType objectType)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
return IsAuthorizedToReadFullRecord(currentUserRoles, objectType);
return HasReadFullRole(currentUserRoles, objectType);
}
/// <summary>
@@ -55,7 +55,7 @@ namespace AyaNova.Api.ControllerHelpers
/// <param name="currentUserRoles"></param>
/// <param name="objectType"></param>
/// <returns></returns>
internal static bool IsAuthorizedToReadFullRecord(AuthorizationRoles currentUserRoles, AyaType objectType)
internal static bool HasReadFullRole(AuthorizationRoles currentUserRoles, AyaType objectType)
{
//NOTE: this assumes that if you can change you can read
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
@@ -75,10 +75,10 @@ namespace AyaNova.Api.ControllerHelpers
/// <param name="HttpContextItems"></param>
/// <param name="objectType"></param>
/// <returns></returns>
internal static bool IsAuthorizedToCreate(IDictionary<object, object> HttpContextItems, AyaType objectType)
internal static bool HasCreateRole(IDictionary<object, object> HttpContextItems, AyaType objectType)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
return IsAuthorizedToCreate(currentUserRoles, objectType);
return HasCreateRole(currentUserRoles, objectType);
}
/// <summary>
@@ -87,14 +87,11 @@ namespace AyaNova.Api.ControllerHelpers
/// <param name="currentUserRoles"></param>
/// <param name="objectType"></param>
/// <returns></returns>
internal static bool IsAuthorizedToCreate(AuthorizationRoles currentUserRoles, AyaType objectType)
internal static bool HasCreateRole(AuthorizationRoles currentUserRoles, AyaType objectType)
{
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
return true;
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).EditOwn))
return true;
return false;
}
@@ -107,13 +104,13 @@ namespace AyaNova.Api.ControllerHelpers
/// </summary>
/// <param name="HttpContextItems"></param>
/// <param name="objectType"></param>
/// <param name="ownerId"></param>
/// <returns></returns>
internal static bool IsAuthorizedToModify(IDictionary<object, object> HttpContextItems, AyaType objectType, long ownerId = -1)
internal static bool HasModifyRole(IDictionary<object, object> HttpContextItems, AyaType objectType)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
long currentUserId = UserIdFromContext.Id(HttpContextItems);
return IsAuthorizedToModify(currentUserRoles, currentUserId, objectType, ownerId);
return HasModifyRole(currentUserRoles, objectType);
}
@@ -121,19 +118,12 @@ namespace AyaNova.Api.ControllerHelpers
/// MODIFY
/// </summary>
/// <param name="currentUserRoles"></param>
/// <param name="currentUserId"></param>
/// <param name="objectType"></param>
/// <param name="ownerId"></param>
/// <returns></returns>
internal static bool IsAuthorizedToModify(AuthorizationRoles currentUserRoles, long currentUserId, AyaType objectType, long ownerId = -1)
internal static bool HasModifyRole(AuthorizationRoles currentUserRoles, AyaType objectType)
{
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
return true;
if (ownerId != -1)
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).EditOwn) && ownerId == currentUserId)
return true;
return false;
}
@@ -145,34 +135,29 @@ namespace AyaNova.Api.ControllerHelpers
/// </summary>
/// <param name="HttpContextItems"></param>
/// <param name="objectType"></param>
/// <param name="ownerId"></param>
/// <returns></returns>
//For now just going to treat as a modify, but for maximum flexibility keeping this as a separate method in case we change our minds in future
internal static bool IsAuthorizedToDelete(IDictionary<object, object> HttpContextItems, AyaType objectType, long ownerId = 1)
internal static bool HasDeleteRole(IDictionary<object, object> HttpContextItems, AyaType objectType)
{
AuthorizationRoles currentUserRoles = UserRolesFromContext.Roles(HttpContextItems);
long currentUserId = UserIdFromContext.Id(HttpContextItems);
return IsAuthorizedToDelete(currentUserRoles, currentUserId, objectType, ownerId);
return HasDeleteRole(currentUserRoles, objectType);
}
/// <summary>
/// DELETE
/// </summary>
/// <param name="currentUserRoles"></param>
/// <param name="currentUserId"></param>
/// <param name="objectType"></param>
/// <param name="ownerId"></param>
/// <param name="currentUserRoles"></param>
/// <param name="objectType"></param>
/// <returns></returns>
//For now just going to treat as a modify, but for maximum flexibility keeping this as a separate method in case we change our minds in future
internal static bool IsAuthorizedToDelete(AuthorizationRoles currentUserRoles, long currentUserId, AyaType objectType, long ownerId = 1)
internal static bool HasDeleteRole(AuthorizationRoles currentUserRoles, AyaType objectType)
{
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).Change))
return true;
if (currentUserRoles.HasAnyFlags(BizRoles.GetRoleSet(objectType).EditOwn) && ownerId == currentUserId)
return true;
return false;
}

20
server/AyaNova/Controllers/AttachmentController.cs
View File

@@ -186,14 +186,14 @@ namespace AyaNova.Api.Controllers
if (!badRequest)
{
//check if object exists
long attachToObjectOwnerId = attachToObject.OwnerId(ct);
if (attachToObjectOwnerId == -1)
{
badRequest = true;
errorMessage = "Invalid attach object";
}
else
{
// long attachToObjectOwnerId = attachToObject.OwnerId(ct);
// if (attachToObjectOwnerId == -1)
// {
// badRequest = true;
// errorMessage = "Invalid attach object";
// }
// else
// {
// User needs modify rights to the object type in question
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, attachToObject.ObjectType, attachToObjectOwnerId))
{
@@ -202,7 +202,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(403, new ApiNotAuthorizedResponse());
}
}
//}
}
@@ -369,7 +369,7 @@ namespace AyaNova.Api.Controllers
}
//is this allowed?
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, dbObj.AttachToObjectType))
if (!Authorized.HasReadFullRole(HttpContext.Items, dbObj.AttachToObjectType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}

6
server/AyaNova/Controllers/DataFilterController.cs
View File

@@ -61,7 +61,7 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
DataFilterBiz biz = DataFilterBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -71,7 +71,7 @@ namespace AyaNova.Api.Controllers
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
return Ok(ApiOkResponse.Response(o, !Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType)));
return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
}
@@ -164,7 +164,7 @@ namespace AyaNova.Api.Controllers
DataFilterBiz biz = DataFilterBiz.GetBiz(ct, HttpContext);
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)

4
server/AyaNova/Controllers/EventLogController.cs
View File

@@ -61,7 +61,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, opt.AyType))
if (!Authorized.HasReadFullRole(HttpContext.Items, opt.AyType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -97,7 +97,7 @@ namespace AyaNova.Api.Controllers
long UserId = UserIdFromContext.Id(HttpContext.Items);
//If not authorized to read a user and also not the current user asking for their own log then NO LOG FOR YOU!
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.User) && opt.AyId != UserId)
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.User) && opt.AyId != UserId)
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}

12
server/AyaNova/Controllers/FormCustomController.cs
View File

@@ -66,7 +66,7 @@ namespace AyaNova.Api.Controllers
FormCustomBiz biz = FormCustomBiz.GetBiz(ct, HttpContext);
//Just have to be authenticated for this one
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -87,7 +87,7 @@ namespace AyaNova.Api.Controllers
}
}
return Ok(ApiOkResponse.Response(o, !Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType)));
return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
}
@@ -109,7 +109,7 @@ namespace AyaNova.Api.Controllers
if (serverState.IsClosed)
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.FormCustom))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.FormCustom))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -140,7 +140,7 @@ namespace AyaNova.Api.Controllers
if (serverState.IsClosed)
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.FormCustom))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.FormCustom))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -164,7 +164,7 @@ namespace AyaNova.Api.Controllers
if (serverState.IsClosed)
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.FormCustom))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.FormCustom))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -236,7 +236,7 @@ namespace AyaNova.Api.Controllers
FormCustomBiz biz = FormCustomBiz.GetBiz(ct, HttpContext);
//check rights
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)

8
server/AyaNova/Controllers/ImportAyaNova7Controller.cs
View File

@@ -71,7 +71,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.AyaNova7Import))
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.AyaNova7Import))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -164,7 +164,7 @@ namespace AyaNova.Api.Controllers
}
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, AyaType.AyaNova7Import))
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.AyaNova7Import))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -192,7 +192,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.AyaNova7Import))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.AyaNova7Import))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -245,7 +245,7 @@ namespace AyaNova.Api.Controllers
// #endif
//Create, in that they are creating new data in AyaNova
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.AyaNova7Import))
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.AyaNova7Import))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}

4
server/AyaNova/Controllers/JobOperationsController.cs
View File

@@ -63,7 +63,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.JobOperations))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.JobOperations))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -102,7 +102,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.JobOperations))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.JobOperations))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}

6
server/AyaNova/Controllers/LicenseController.cs
View File

@@ -60,7 +60,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.License))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.License))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -92,7 +92,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.License))
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.License))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -155,7 +155,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.License))
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.License))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}

4
server/AyaNova/Controllers/LogFilesController.cs
View File

@@ -60,7 +60,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.LogFile))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.LogFile))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -107,7 +107,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.LogFile))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.LogFile))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}

4
server/AyaNova/Controllers/MetricsController.cs
View File

@@ -60,7 +60,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Metrics))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.Metrics))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -90,7 +90,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Metrics))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.Metrics))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}

2
server/AyaNova/Controllers/ServerStateController.cs
View File

@@ -68,7 +68,7 @@ namespace AyaNova.Api.Controllers
[Authorize]
public ActionResult PostServerState([FromBody] ServerStateModel state)
{
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.ServerState))
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.ServerState))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}

10
server/AyaNova/Controllers/UserController.cs
View File

@@ -65,7 +65,7 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -83,7 +83,7 @@ namespace AyaNova.Api.Controllers
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
return Ok(ApiOkResponse.Response(o, !Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType)));
return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
}
@@ -105,7 +105,7 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
return Ok(new
@@ -135,7 +135,7 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -328,7 +328,7 @@ namespace AyaNova.Api.Controllers
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}

4
server/AyaNova/Controllers/UserOptionsController.cs
View File

@@ -68,7 +68,7 @@ namespace AyaNova.Api.Controllers
var UserId = UserIdFromContext.Id(HttpContext.Items);
//Different than normal here: a user is *always* allowed to retrieve their own user options object
if (id != UserId && !Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.UserOptions))
if (id != UserId && !Authorized.HasReadFullRole(HttpContext.Items, AyaType.UserOptions))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -83,7 +83,7 @@ namespace AyaNova.Api.Controllers
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
return Ok(ApiOkResponse.Response(o, !Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType)));
return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
}

22
server/AyaNova/Controllers/WidgetController.cs
View File

@@ -64,7 +64,8 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
//NOTE: This is the first check and often the only check but in some cases with some objects this will also need to check biz object rules
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -74,7 +75,10 @@ namespace AyaNova.Api.Controllers
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
return Ok(ApiOkResponse.Response(o, !Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType)));
// NOTE: HERE would be the second check of biz rules before returning the object
// in cases where there is also a business rule to affect retrieval on top of basic rights
return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
}
@@ -95,7 +99,7 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
return Ok(new
@@ -121,7 +125,7 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -185,7 +189,7 @@ namespace AyaNova.Api.Controllers
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
try
@@ -234,7 +238,7 @@ namespace AyaNova.Api.Controllers
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
try
@@ -272,7 +276,7 @@ namespace AyaNova.Api.Controllers
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -315,7 +319,7 @@ namespace AyaNova.Api.Controllers
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, biz.BizType, o.OwnerId))
if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!biz.Delete(o))
@@ -360,7 +364,7 @@ namespace AyaNova.Api.Controllers
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.JobOperations))
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.JobOperations))
return StatusCode(403, new ApiNotAuthorizedResponse());
//Create the job here

64
server/AyaNova/biz/AyaObjectOwnerId.cs
View File

@@ -1,48 +1,48 @@
using AyaNova.Models;
using AyaNova.Biz;
// using AyaNova.Models;
// using AyaNova.Biz;
using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Metadata;
using System.Reflection;
using System;
// using Microsoft.EntityFrameworkCore;
// using Microsoft.EntityFrameworkCore.Metadata;
// using System.Reflection;
// using System;
namespace AyaNova.Biz
{
// namespace AyaNova.Biz
// {
/// <summary>
/// Returns owner Id if the object exists or 0 if exists but there is no owner ID property or -1 if the object doesn't exist
/// </summary>
internal static class AyaObjectOwnerId
{
internal static long Get(AyaTypeId o, AyContext ct)
{
if (o.IsEmpty) return -1;
// /// <summary>
// /// Returns owner Id if the object exists or 0 if exists but there is no owner ID property or -1 if the object doesn't exist
// /// </summary>
// internal static class AyaObjectOwnerId
// {
// internal static long Get(AyaTypeId o, AyContext ct)
// {
// if (o.IsEmpty) return -1;
//Get the type of the model of AyaObject
Type t = Type.GetType("AyaNova.Models." + o.ObjectType.ToString());
// //Get the type of the model of AyaObject
// Type t = Type.GetType("AyaNova.Models." + o.ObjectType.ToString());
//Run a find query on the db context based on the model's type
object record = ct.Find(t, o.ObjectId);
if (record == null)
{
return -1;
}
// //Run a find query on the db context based on the model's type
// object record = ct.Find(t, o.ObjectId);
// if (record == null)
// {
// return -1;
// }
PropertyInfo ownerIdPropertyInfo = record.GetType().GetProperty("OwnerId");
// PropertyInfo ownerIdPropertyInfo = record.GetType().GetProperty("OwnerId");
if (ownerIdPropertyInfo == null)
return 0;//object exists and it doesn't have an ownerID property
// if (ownerIdPropertyInfo == null)
// return 0;//object exists and it doesn't have an ownerID property
long ret = (long)ownerIdPropertyInfo.GetValue(record, null);
// long ret = (long)ownerIdPropertyInfo.GetValue(record, null);
return ret;
// return ret;
}
// }
}
// }
}//eons
// }//eons

18
server/AyaNova/biz/AyaTypeId.cs
View File

@@ -71,15 +71,15 @@ namespace AyaNova.Biz
}
}
/// <summary>
/// Get the ownerId for the object in question
/// </summary>
/// <param name="ct">db context</param>
/// <returns>0 if object doesn't have an owner Id, the owner Id or -1 if the object doesn't exist in the db</returns>
public long OwnerId(AyContext ct)
{
return AyaObjectOwnerId.Get(this, ct);
}
// /// <summary>
// /// Get the ownerId for the object in question
// /// </summary>
// /// <param name="ct">db context</param>
// /// <returns>0 if object doesn't have an owner Id, the owner Id or -1 if the object doesn't exist in the db</returns>
// public long OwnerId(AyContext ct)
// {
// return AyaObjectOwnerId.Get(this, ct);
// }
/// <summary>

3
server/AyaNova/biz/BizRoleSet.cs
View File

@@ -6,8 +6,7 @@ namespace AyaNova.Biz
/// </summary>
public class BizRoleSet
{
public AuthorizationRoles Change { get; set; }
public AuthorizationRoles EditOwn { get; set; }
public AuthorizationRoles Change { get; set; }
public AuthorizationRoles ReadFullRecord { get; set; }
}//eoc

14
server/AyaNova/biz/BizRoles.cs
View File

@@ -36,8 +36,7 @@ namespace AyaNova.Biz
//
roles.Add(AyaType.User, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull,
EditOwn = AuthorizationRoles.NoRole,//no one can make a user but a bizadminfull
Change = AuthorizationRoles.BizAdminFull,
ReadFullRecord = AuthorizationRoles.BizAdminLimited
});
@@ -48,7 +47,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.UserOptions, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull,
EditOwn = AuthorizationRoles.NoRole,//no one can make a user but a bizadminfull
ReadFullRecord = AuthorizationRoles.BizAdminLimited
});
@@ -60,7 +58,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.Widget, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.InventoryFull,
EditOwn = AuthorizationRoles.TechFull,
ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.InventoryLimited
});
@@ -70,7 +67,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.ServerState, new BizRoleSet()
{
Change = AuthorizationRoles.OpsAdminFull,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.AnyRole
});
@@ -81,7 +77,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.License, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.OpsAdminFull,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.BizAdminLimited | AuthorizationRoles.OpsAdminLimited
});
@@ -91,7 +86,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.LogFile, new BizRoleSet()
{
Change = AuthorizationRoles.NoRole,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited
});
@@ -105,7 +99,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.JobOperations, new BizRoleSet()
{
Change = AuthorizationRoles.OpsAdminFull,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.OpsAdminLimited | AuthorizationRoles.BizAdminFull | AuthorizationRoles.BizAdminLimited
});
@@ -115,7 +108,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.AyaNova7Import, new BizRoleSet()
{
Change = AuthorizationRoles.OpsAdminFull,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.NoRole
});
@@ -126,7 +118,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.Metrics, new BizRoleSet()
{
Change = AuthorizationRoles.NoRole,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited
});
@@ -137,7 +128,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.Locale, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.OpsAdminFull,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.AnyRole
});
@@ -148,7 +138,6 @@ namespace AyaNova.Biz
roles.Add(AyaType.DataFilter, new BizRoleSet()
{
Change = AuthorizationRoles.BizAdminFull,
EditOwn = AuthorizationRoles.AnyRole,
ReadFullRecord = AuthorizationRoles.AnyRole
});
@@ -159,7 +148,6 @@ namespace AyaNova.Biz
{
//Only BizAdminFull can modify forms
Change = AuthorizationRoles.BizAdminFull,
EditOwn = AuthorizationRoles.NoRole,
ReadFullRecord = AuthorizationRoles.AnyRole
});

2
server/AyaNova/biz/Search.cs
View File

@@ -313,7 +313,7 @@ namespace AyaNova.Biz
List<AyaTypeId> CanReadMatchingObjects = new List<AyaTypeId>();
foreach (AyaTypeId t in MatchingObjects)
{
if (AyaNova.Api.ControllerHelpers.Authorized.IsAuthorizedToReadFullRecord(currentUserRoles, t.ObjectType))
if (AyaNova.Api.ControllerHelpers.Authorized.HasReadFullRole(currentUserRoles, t.ObjectType))
{
CanReadMatchingObjects.Add(t);
}