diff --git a/.vscode/launch.json b/.vscode/launch.json index f92c39ec..976f60e9 100644 --- a/.vscode/launch.json +++ b/.vscode/launch.json @@ -52,7 +52,7 @@ "AYANOVA_FOLDER_USER_FILES": "c:\\temp\\RavenTestData\\userfiles", "AYANOVA_FOLDER_BACKUP_FILES": "c:\\temp\\RavenTestData\\backupfiles", "AYANOVA_FOLDER_TEMPORARY_SERVER_FILES": "c:\\temp\\RavenTestData\\tempfiles", - "AYANOVA_SERVER_TEST_MODE": "false", + "AYANOVA_SERVER_TEST_MODE": "true", "AYANOVA_SERVER_TEST_MODE_SEEDLEVEL": "small", "AYANOVA_SERVER_TEST_MODE_TZ_OFFSET": "-7", "AYANOVA_BACKUP_PG_DUMP_PATH": "C:\\data\\code\\postgres_13\\bin\\" diff --git a/server/AyaNova/Controllers/FormSettingController.cs b/server/AyaNova/Controllers/FormSettingController.cs new file mode 100644 index 00000000..efeaacac --- /dev/null +++ b/server/AyaNova/Controllers/FormSettingController.cs @@ -0,0 +1,135 @@ +using System.Threading.Tasks; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Mvc; +using Microsoft.AspNetCore.Routing; +using Microsoft.AspNetCore.Authorization; +using Microsoft.Extensions.Logging; +using AyaNova.Models; +using AyaNova.Api.ControllerHelpers; +using AyaNova.Biz; + + + +namespace AyaNova.Api.Controllers +{ + [ApiController] + [ApiVersion("8.0")] + [Route("api/v{version:apiVersion}/form-setting")] + [Produces("application/json")] + [Authorize] + public class FormSettingController : ControllerBase + { + private readonly AyContext ct; + private readonly ILogger log; + private readonly ApiServerState serverState; + + /// + /// ctor + /// + /// + /// + /// + public FormSettingController(AyContext dbcontext, ILogger logger, ApiServerState apiServerState) + { + ct = dbcontext; + log = logger; + serverState = apiServerState; + } + + /// + /// Create FormSetting + /// + /// + /// From route path + /// + [HttpPost] + public async Task PostFormSetting([FromBody] FormSetting newObject, ApiVersion apiVersion) + { + if (!serverState.IsOpen) + return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + FormSettingBiz biz = FormSettingBiz.GetBiz(ct, HttpContext); + if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType)) + return StatusCode(403, new ApiNotAuthorizedResponse()); + if (!ModelState.IsValid) + return BadRequest(new ApiErrorResponse(ModelState)); + FormSetting o = await biz.CreateAsync(newObject); + if (o == null) + return BadRequest(new ApiErrorResponse(biz.Errors)); + else + return CreatedAtAction(nameof(FormSettingController.GetFormSetting), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o)); + } + + + /// + /// Get FormSetting + /// + /// + /// FormSetting + [HttpGet("{formKey}")] + public async Task GetFormSetting([FromRoute] string formKey) + { + if (!serverState.IsOpen) + return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + FormSettingBiz biz = FormSettingBiz.GetBiz(ct, HttpContext); + if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType)) + return StatusCode(403, new ApiNotAuthorizedResponse()); + if (!ModelState.IsValid) + return BadRequest(new ApiErrorResponse(ModelState)); + var o = await biz.GetAsync(formKey); + if (o == null) return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); + return Ok(ApiOkResponse.Response(o)); + } + + /// + /// Update FormSetting + /// + /// + /// + [HttpPut] + public async Task PutFormSetting([FromBody] FormSetting updatedObject) + { + if (!serverState.IsOpen) + return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + if (!ModelState.IsValid) + return BadRequest(new ApiErrorResponse(ModelState)); + FormSettingBiz biz = FormSettingBiz.GetBiz(ct, HttpContext); + if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType)) + return StatusCode(403, new ApiNotAuthorizedResponse()); + var o = await biz.PutAsync(updatedObject); + if (o == null) + { + if (biz.Errors.Exists(z => z.Code == ApiErrorCode.CONCURRENCY_CONFLICT)) + return StatusCode(409, new ApiErrorResponse(biz.Errors)); + else + return BadRequest(new ApiErrorResponse(biz.Errors)); + } + return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency })); ; + } + + /// + /// Delete FormSetting + /// + /// + /// NoContent + [HttpDelete("{formKey}")] + public async Task DeleteFormSetting([FromRoute] string formKey) + { + if (!serverState.IsOpen) + return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + if (!ModelState.IsValid) + return BadRequest(new ApiErrorResponse(ModelState)); + FormSettingBiz biz = FormSettingBiz.GetBiz(ct, HttpContext); + if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType)) + return StatusCode(403, new ApiNotAuthorizedResponse()); + if (!await biz.DeleteAsync(formKey)) + return BadRequest(new ApiErrorResponse(biz.Errors)); + return NoContent(); + } + + + + //------------ + + + }//eoc +}//eons \ No newline at end of file diff --git a/server/AyaNova/biz/AyaType.cs b/server/AyaNova/biz/AyaType.cs index b9db3129..faac7afd 100644 --- a/server/AyaNova/biz/AyaType.cs +++ b/server/AyaNova/biz/AyaType.cs @@ -23,7 +23,7 @@ namespace AyaNova.Biz NoType = 0, Global = 1, - UNUSED_2 = 2, + FormSetting = 2, [CoreBizObject,ReportableBizObject] User = 3, ServerState = 4, diff --git a/server/AyaNova/biz/BizRoles.cs b/server/AyaNova/biz/BizRoles.cs index 50a574b0..968c78e5 100644 --- a/server/AyaNova/biz/BizRoles.cs +++ b/server/AyaNova/biz/BizRoles.cs @@ -241,7 +241,7 @@ namespace AyaNova.Biz Select = AuthorizationRoles.All }); - ///////////////////////////////////////////////////////////////// + ///////////////////////////////////////////////////////////////// //PartInventoryDataList // same as PO // @@ -257,7 +257,7 @@ namespace AyaNova.Biz Select = AuthorizationRoles.All }); - ///////////////////////////////////////////////////////////////// + ///////////////////////////////////////////////////////////////// //PartInventoryRequestDataList // same as PO // @@ -274,7 +274,7 @@ namespace AyaNova.Biz }); - + //////////////////////////////////////////////////////////// //Project // @@ -658,7 +658,7 @@ namespace AyaNova.Biz }); - + //////////////////////////////////////////////////////////// //SERVERSTATE @@ -775,7 +775,16 @@ namespace AyaNova.Biz ReadFullRecord = AuthorizationRoles.All }); - + //////////////////////////////////////////////////////////// + //FORMSETTING + // Note: this is only ever modified by user personally + // so it is accessible by all and biz rules + //restrict to own userid + roles.Add(AyaType.FormSetting, new BizRoleSet() + { + Change = AuthorizationRoles.All, + ReadFullRecord = AuthorizationRoles.All + }); //////////////////////////////////////////////////////////// //FORMCUSTOM @@ -895,9 +904,9 @@ namespace AyaNova.Biz //GENERATE CLIENT COMPATIBLE JSON FROM ROLES OUTPUT TO DEBUG LOG //And seperately, set the JSON variable so can copy from debug variable "value" property for lastRoles here to compare - // string json = Newtonsoft.Json.JsonConvert.SerializeObject(roles, Newtonsoft.Json.Formatting.None); - // System.Diagnostics.Debugger.Log(1, "JSONFRAGMENTFORCLIENT", "BizRoles.cs -> biz-role-rights.js Client roles JSON fragment:\n\n"); - // System.Diagnostics.Debugger.Log(1, "JSONFRAGMENTFORCLIENT", json + "\n\n"); + string json = Newtonsoft.Json.JsonConvert.SerializeObject(roles, Newtonsoft.Json.Formatting.None); + System.Diagnostics.Debugger.Log(1, "JSONFRAGMENTFORCLIENT", "BizRoles.cs -> biz-role-rights.js Client roles JSON fragment:\n\n"); + System.Diagnostics.Debugger.Log(1, "JSONFRAGMENTFORCLIENT", json + "\n\n"); //ONGOING VALIDATION TO CATCH MISMATCH WHEN NEW ROLES ADDED (wont' catch changes to existing unfortunately) diff --git a/server/AyaNova/biz/FormCustomBiz.cs b/server/AyaNova/biz/FormCustomBiz.cs index e64590a9..09c0772f 100644 --- a/server/AyaNova/biz/FormCustomBiz.cs +++ b/server/AyaNova/biz/FormCustomBiz.cs @@ -10,11 +10,13 @@ using AyaNova.Models; namespace AyaNova.Biz { - + //## NOTE this is a *GLOBAL* form custom that applies to all users as configured by someone with rights to do so + //this is *not* a personal customization system internal class FormCustomBiz : BizObject { + internal FormCustomBiz(AyContext dbcontext, long currentUserId, long userTranslationId, AuthorizationRoles UserRoles) { ct = dbcontext; diff --git a/server/AyaNova/biz/FormSettingBiz.cs b/server/AyaNova/biz/FormSettingBiz.cs new file mode 100644 index 00000000..2485828e --- /dev/null +++ b/server/AyaNova/biz/FormSettingBiz.cs @@ -0,0 +1,156 @@ +using System.Threading.Tasks; +using Microsoft.EntityFrameworkCore; +using AyaNova.Util; +using AyaNova.Api.ControllerHelpers; +using AyaNova.Models; + +namespace AyaNova.Biz +{ + + //## This class manages personal form settings for users + + internal class FormSettingBiz : BizObject + { + internal FormSettingBiz(AyContext dbcontext, long currentUserId, long userTranslationId, AuthorizationRoles UserRoles) + { + ct = dbcontext; + UserId = currentUserId; + UserTranslationId = userTranslationId; + CurrentUserRoles = UserRoles; + BizType = AyaType.FormSetting; + } + + internal static FormSettingBiz GetBiz(AyContext ct, Microsoft.AspNetCore.Http.HttpContext httpContext = null) + { + if (httpContext != null) + return new FormSettingBiz(ct, UserIdFromContext.Id(httpContext.Items), UserTranslationIdFromContext.Id(httpContext.Items), UserRolesFromContext.Roles(httpContext.Items)); + else + return new FormSettingBiz(ct, 1, ServerBootConfig.AYANOVA_DEFAULT_TRANSLATION_ID, AuthorizationRoles.BizAdmin); + } + + //////////////////////////////////////////////////////////////////////////////////////////////// + //EXISTS + internal async Task ExistsAsync(long id) + { + return await ct.FormSetting.AnyAsync(z => z.Id == id); + } + + //////////////////////////////////////////////////////////////////////////////////////////////// + //CREATE + // + internal async Task CreateAsync(FormSetting newObject) + { + Validate(newObject, null); + if (HasErrors) + return null; + else + { + newObject.Setting = JsonUtil.CompactJson(newObject.Setting); + await ct.FormSetting.AddAsync(newObject); + await ct.SaveChangesAsync(); + return newObject; + } + } + + + + //////////////////////////////////////////////////////////////////////////////////////////////// + //GET + // + internal async Task GetAsync(string formKey) + { + var ret = await ct.FormSetting.AsNoTracking().SingleOrDefaultAsync(m => m.FormKey == formKey && m.UserId == UserId); + return ret; + } + + //////////////////////////////////////////////////////////////////////////////////////////////// + //UPDATE + // + internal async Task PutAsync(FormSetting putObject) + { + var dbObject = await GetAsync(putObject.FormKey); + if (dbObject == null) + { + AddError(ApiErrorCode.NOT_FOUND, "formKey"); + return null; + } + if (dbObject.Concurrency != putObject.Concurrency) + { + AddError(ApiErrorCode.CONCURRENCY_CONFLICT); + return null; + } + + putObject.Setting = JsonUtil.CompactJson(putObject.Setting); + Validate(putObject, dbObject); + if (HasErrors) return null; + ct.Replace(dbObject, putObject); + try + { + await ct.SaveChangesAsync(); + } + catch (DbUpdateConcurrencyException) + { + if (!await ExistsAsync(putObject.Id)) + AddError(ApiErrorCode.NOT_FOUND); + else + AddError(ApiErrorCode.CONCURRENCY_CONFLICT); + return null; + } + + return putObject; + } + + //////////////////////////////////////////////////////////////////////////////////////////////// + //DELETE + // + internal async Task DeleteAsync(string formKey) + { + using (var transaction = await ct.Database.BeginTransactionAsync()) + { + var dbObject = await GetAsync(formKey); + if (dbObject == null) + { + AddError(ApiErrorCode.NOT_FOUND); + return false; + } + ValidateCanDelete(dbObject); + if (HasErrors) + return false; + ct.FormSetting.Remove(dbObject); + await ct.SaveChangesAsync(); + await transaction.CommitAsync(); + return true; + } + } + + + + //////////////////////////////////////////////////////////////////////////////////////////////// + //VALIDATION + // + + private void Validate(FormSetting proposedObj, FormSetting currentObj) + { + if (proposedObj.UserId != UserId) + { + AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror", "A user can only modify their own personal form settings. UserId does not match current api user logged in."); + } + } + + private void ValidateCanDelete(FormSetting inObj) + { + if (inObj.UserId != UserId) + { + AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror", "A user can only modify their own personal form settings. UserId does not match current api user logged in."); + } + + } + + + ///////////////////////////////////////////////////////////////////// + + }//eoc + + +}//eons + diff --git a/server/AyaNova/models/AyContext.cs b/server/AyaNova/models/AyContext.cs index 664bf026..7b4ee02e 100644 --- a/server/AyaNova/models/AyContext.cs +++ b/server/AyaNova/models/AyContext.cs @@ -25,6 +25,7 @@ namespace AyaNova.Models public virtual DbSet DataListColumnView { get; set; } public virtual DbSet Tag { get; set; } public virtual DbSet FormCustom { get; set; } + public virtual DbSet FormSetting { get; set; } public virtual DbSet PickListTemplate { get; set; } public virtual DbSet License { get; set; } public virtual DbSet Memo { get; set; } diff --git a/server/AyaNova/models/FormCustom.cs b/server/AyaNova/models/FormCustom.cs index 025216f2..30fe4840 100644 --- a/server/AyaNova/models/FormCustom.cs +++ b/server/AyaNova/models/FormCustom.cs @@ -5,6 +5,9 @@ namespace AyaNova.Models /* ## NOTE: there is only one formcustom per ayatype, the formkey is the ayatype enum name + + This is a *GLOBAL* setting that applies to ALL users + for personal form settings (such as used by schedule form) see FormSetting.cs - Like DataFilter, holds a JSON fragment in one field and the form key in another field - JSON FRAGMENT holds items that differ from stock, Hide not valid for non hideable core fields diff --git a/server/AyaNova/models/FormSetting.cs b/server/AyaNova/models/FormSetting.cs new file mode 100644 index 00000000..410c43e1 --- /dev/null +++ b/server/AyaNova/models/FormSetting.cs @@ -0,0 +1,24 @@ +using System.ComponentModel.DataAnnotations; + +namespace AyaNova.Models +{ + + /* + ## NOTE: this is for PERSONAL form settings such as schedule, for globally applicable form settings and customization see formcustom.cs + + + */ + public class FormSetting + { + public long Id { get; set; } + public uint Concurrency { get; set; } + + [Required, MaxLength(255)] + public string FormKey { get; set; }//max 255 characters ascii set + [Required] + public string Setting { get; set; }//JSON fragment of form customization template, top level is array. + [Required] + public long UserId {get;set;} + + } +} diff --git a/server/AyaNova/util/AySchema.cs b/server/AyaNova/util/AySchema.cs index b642a60f..756e3183 100644 --- a/server/AyaNova/util/AySchema.cs +++ b/server/AyaNova/util/AySchema.cs @@ -22,16 +22,16 @@ namespace AyaNova.Util //!!!!WARNING: BE SURE TO UPDATE THE DbUtil::EmptyBizDataFromDatabaseForSeedingOrImportingAsync WHEN NEW TABLES ADDED!!!! private const int DESIRED_SCHEMA_LEVEL = 1; - internal const long EXPECTED_COLUMN_COUNT = 1273; - internal const long EXPECTED_INDEX_COUNT = 144; - internal const long EXPECTED_CHECK_CONSTRAINTS = 514; - internal const long EXPECTED_FOREIGN_KEY_CONSTRAINTS = 192; + internal const long EXPECTED_COLUMN_COUNT = 1277; + internal const long EXPECTED_INDEX_COUNT = 145; + internal const long EXPECTED_CHECK_CONSTRAINTS = 518; + internal const long EXPECTED_FOREIGN_KEY_CONSTRAINTS = 193; internal const long EXPECTED_VIEWS = 10; internal const long EXPECTED_ROUTINES = 2; //!!!!WARNING: BE SURE TO UPDATE THE DbUtil::EmptyBizDataFromDatabaseForSeedingOrImportingAsync WHEN NEW TABLES ADDED!!!! - ///////////////////////////////////////////////////////////////// C1273:I144:CC514:FC192:V10:R2 + ///////////////////////////////////////////////////////////////// (C1277:I145:CC518:FC193:V10:R2) /* @@ -368,7 +368,7 @@ BEGIN case ayatype when 0 then return 'LT:NoType'; when 1 then return 'LT:Global'; - when 2 then return 'LT:UNUSED'; + when 2 then return 'FormSetting'; when 3 then aytable = 'auser'; when 4 then return 'LT:ServerState'; when 5 then return 'LT:License'; @@ -518,6 +518,9 @@ $BODY$ LANGUAGE PLPGSQL STABLE"); await ExecQueryAsync("CREATE TABLE atag (id BIGINT GENERATED ALWAYS AS IDENTITY PRIMARY KEY, name TEXT NOT NULL UNIQUE, refcount BIGINT NOT NULL)"); await ExecQueryAsync("CREATE TABLE aformcustom (id BIGINT GENERATED ALWAYS AS IDENTITY PRIMARY KEY, " + + "userid BIGINT NOT NULL REFERENCES auser ON DELETE CASCADE, formkey VARCHAR(255) NOT NULL, setting TEXT NOT NULL)"); + + await ExecQueryAsync("CREATE TABLE aformsetting (id BIGINT GENERATED ALWAYS AS IDENTITY PRIMARY KEY, " + "formkey VARCHAR(255) NOT NULL, template TEXT, UNIQUE(formkey))"); await ExecQueryAsync("CREATE TABLE apicklisttemplate (id INTEGER NOT NULL PRIMARY KEY, "