admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2019-05-16 22:28:28 +00:00
parent acc40671a0
commit 8fe776a3ac
21 changed files with 137 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
server/AyaNova/Controllers/AttachmentController.cs
View File

@@ -186,14 +186,14 @@ namespace AyaNova.Api.Controllers
if (!badRequest)
{
//check if object exists
long attachToObjectOwnerId = attachToObject.OwnerId(ct);
if (attachToObjectOwnerId == -1)
{
badRequest = true;
errorMessage = "Invalid attach object";
}
else
{
// long attachToObjectOwnerId = attachToObject.OwnerId(ct);
// if (attachToObjectOwnerId == -1)
// {
// badRequest = true;
// errorMessage = "Invalid attach object";
// }
// else
// {
// User needs modify rights to the object type in question
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, attachToObject.ObjectType, attachToObjectOwnerId))
{
@@ -202,7 +202,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(403, new ApiNotAuthorizedResponse());
}
}
//}
}
@@ -369,7 +369,7 @@ namespace AyaNova.Api.Controllers
}
//is this allowed?
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, dbObj.AttachToObjectType))
if (!Authorized.HasReadFullRole(HttpContext.Items, dbObj.AttachToObjectType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}

6
server/AyaNova/Controllers/DataFilterController.cs
View File

@@ -61,7 +61,7 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
DataFilterBiz biz = DataFilterBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -71,7 +71,7 @@ namespace AyaNova.Api.Controllers
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
return Ok(ApiOkResponse.Response(o, !Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType)));
return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
}
@@ -164,7 +164,7 @@ namespace AyaNova.Api.Controllers
DataFilterBiz biz = DataFilterBiz.GetBiz(ct, HttpContext);
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)

4
server/AyaNova/Controllers/EventLogController.cs
View File

@@ -61,7 +61,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, opt.AyType))
if (!Authorized.HasReadFullRole(HttpContext.Items, opt.AyType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -97,7 +97,7 @@ namespace AyaNova.Api.Controllers
long UserId = UserIdFromContext.Id(HttpContext.Items);
//If not authorized to read a user and also not the current user asking for their own log then NO LOG FOR YOU!
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.User) && opt.AyId != UserId)
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.User) && opt.AyId != UserId)
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}

12
server/AyaNova/Controllers/FormCustomController.cs
View File

@@ -66,7 +66,7 @@ namespace AyaNova.Api.Controllers
FormCustomBiz biz = FormCustomBiz.GetBiz(ct, HttpContext);
//Just have to be authenticated for this one
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -87,7 +87,7 @@ namespace AyaNova.Api.Controllers
}
}
return Ok(ApiOkResponse.Response(o, !Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType)));
return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
}
@@ -109,7 +109,7 @@ namespace AyaNova.Api.Controllers
if (serverState.IsClosed)
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.FormCustom))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.FormCustom))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -140,7 +140,7 @@ namespace AyaNova.Api.Controllers
if (serverState.IsClosed)
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.FormCustom))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.FormCustom))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -164,7 +164,7 @@ namespace AyaNova.Api.Controllers
if (serverState.IsClosed)
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.FormCustom))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.FormCustom))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -236,7 +236,7 @@ namespace AyaNova.Api.Controllers
FormCustomBiz biz = FormCustomBiz.GetBiz(ct, HttpContext);
//check rights
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)

8
server/AyaNova/Controllers/ImportAyaNova7Controller.cs
View File

@@ -71,7 +71,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.AyaNova7Import))
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.AyaNova7Import))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -164,7 +164,7 @@ namespace AyaNova.Api.Controllers
}
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, AyaType.AyaNova7Import))
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.AyaNova7Import))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -192,7 +192,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.AyaNova7Import))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.AyaNova7Import))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -245,7 +245,7 @@ namespace AyaNova.Api.Controllers
// #endif
//Create, in that they are creating new data in AyaNova
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.AyaNova7Import))
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.AyaNova7Import))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}

4
server/AyaNova/Controllers/JobOperationsController.cs
View File

@@ -63,7 +63,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.JobOperations))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.JobOperations))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -102,7 +102,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.JobOperations))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.JobOperations))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}

6
server/AyaNova/Controllers/LicenseController.cs
View File

@@ -60,7 +60,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.License))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.License))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -92,7 +92,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.License))
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.License))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -155,7 +155,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.License))
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.License))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}

4
server/AyaNova/Controllers/LogFilesController.cs
View File

@@ -60,7 +60,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.LogFile))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.LogFile))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -107,7 +107,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.LogFile))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.LogFile))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}

4
server/AyaNova/Controllers/MetricsController.cs
View File

@@ -60,7 +60,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Metrics))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.Metrics))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -90,7 +90,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Metrics))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.Metrics))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}

2
server/AyaNova/Controllers/ServerStateController.cs
View File

@@ -68,7 +68,7 @@ namespace AyaNova.Api.Controllers
[Authorize]
public ActionResult PostServerState([FromBody] ServerStateModel state)
{
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.ServerState))
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.ServerState))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}

10
server/AyaNova/Controllers/UserController.cs
View File

@@ -65,7 +65,7 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -83,7 +83,7 @@ namespace AyaNova.Api.Controllers
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
return Ok(ApiOkResponse.Response(o, !Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType)));
return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
}
@@ -105,7 +105,7 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
return Ok(new
@@ -135,7 +135,7 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -328,7 +328,7 @@ namespace AyaNova.Api.Controllers
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}

4
server/AyaNova/Controllers/UserOptionsController.cs
View File

@@ -68,7 +68,7 @@ namespace AyaNova.Api.Controllers
var UserId = UserIdFromContext.Id(HttpContext.Items);
//Different than normal here: a user is *always* allowed to retrieve their own user options object
if (id != UserId && !Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.UserOptions))
if (id != UserId && !Authorized.HasReadFullRole(HttpContext.Items, AyaType.UserOptions))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -83,7 +83,7 @@ namespace AyaNova.Api.Controllers
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
return Ok(ApiOkResponse.Response(o, !Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType)));
return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
}

22
server/AyaNova/Controllers/WidgetController.cs
View File

@@ -64,7 +64,8 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
//NOTE: This is the first check and often the only check but in some cases with some objects this will also need to check biz object rules
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -74,7 +75,10 @@ namespace AyaNova.Api.Controllers
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
return Ok(ApiOkResponse.Response(o, !Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType)));
// NOTE: HERE would be the second check of biz rules before returning the object
// in cases where there is also a business rule to affect retrieval on top of basic rights
return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
}
@@ -95,7 +99,7 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
return Ok(new
@@ -121,7 +125,7 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -185,7 +189,7 @@ namespace AyaNova.Api.Controllers
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
try
@@ -234,7 +238,7 @@ namespace AyaNova.Api.Controllers
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
try
@@ -272,7 +276,7 @@ namespace AyaNova.Api.Controllers
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
@@ -315,7 +319,7 @@ namespace AyaNova.Api.Controllers
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, biz.BizType, o.OwnerId))
if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!biz.Delete(o))
@@ -360,7 +364,7 @@ namespace AyaNova.Api.Controllers
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.JobOperations))
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.JobOperations))
return StatusCode(403, new ApiNotAuthorizedResponse());
//Create the job here