diff --git a/server/AyaNova/Controllers/MemoController.cs b/server/AyaNova/Controllers/MemoController.cs index 8b74931f..99d31bc0 100644 --- a/server/AyaNova/Controllers/MemoController.cs +++ b/server/AyaNova/Controllers/MemoController.cs @@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Routing; using Microsoft.AspNetCore.Authorization; using Microsoft.Extensions.Logging; +using Microsoft.EntityFrameworkCore; using AyaNova.Models; using AyaNova.Api.ControllerHelpers; using AyaNova.Biz; @@ -92,6 +93,8 @@ namespace AyaNova.Api.Controllers [HttpGet("{id}")] public async Task GetMemo([FromRoute] long id) { + //NOTE: In this case always getting own memo only + //also it's always just for read only purposes so it should include from user name if (!serverState.IsOpen) return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); MemoBiz biz = MemoBiz.GetBiz(ct, HttpContext); @@ -101,7 +104,25 @@ namespace AyaNova.Api.Controllers return BadRequest(new ApiErrorResponse(ModelState)); var o = await biz.GetAsync(id); if (o == null) return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); - return Ok(ApiOkResponse.Response(o)); + var fromUser = await ct.User.AsNoTracking().SingleOrDefaultAsync(z => z.Id == o.FromId); + var from = "??"; + if (fromUser != null) from = fromUser.Name; + var ret = new + { + Id = o.Id, + Name = o.Name, + Notes = o.Notes, + Wiki = o.Wiki, + CustomFields = o.CustomFields, + Tags = o.Tags, + Viewed = o.Viewed, + Replied = o.Replied, + FromId = o.FromId, + ToId = o.ToId, + Sent = o.Sent, + FromName = from + }; + return Ok(ApiOkResponse.Response(ret)); } //NO UPDATING MEMOS diff --git a/server/AyaNova/biz/AyaFormFieldDefinitions.cs b/server/AyaNova/biz/AyaFormFieldDefinitions.cs index e46e30a2..0db180c8 100644 --- a/server/AyaNova/biz/AyaFormFieldDefinitions.cs +++ b/server/AyaNova/biz/AyaFormFieldDefinitions.cs @@ -344,6 +344,7 @@ namespace AyaNova.Biz l.Add(new AyaFormFieldDefinition { TKey = "MemoSubject", FieldKey = "MemoSubject", Hideable = false }); l.Add(new AyaFormFieldDefinition { TKey = "MemoMessage", FieldKey = "MemoMessage", Hideable = false }); l.Add(new AyaFormFieldDefinition { TKey = "MemoToID", FieldKey = "MemoToID", Hideable = false }); + l.Add(new AyaFormFieldDefinition { TKey = "MemoFromID", FieldKey = "MemoFromID", Hideable = false }); l.Add(new AyaFormFieldDefinition { TKey = "Tags", FieldKey = "Tags" }); l.Add(new AyaFormFieldDefinition { TKey = "Wiki", FieldKey = "Wiki" }); diff --git a/server/AyaNova/biz/MemoBiz.cs b/server/AyaNova/biz/MemoBiz.cs index 76cb164e..d585cdba 100644 --- a/server/AyaNova/biz/MemoBiz.cs +++ b/server/AyaNova/biz/MemoBiz.cs @@ -98,7 +98,7 @@ namespace AyaNova.Biz // internal async Task GetAsync(long id, bool logTheGetEvent = true) { - var ret = await ct.Memo.SingleOrDefaultAsync(m => m.Id == id); + var ret = await ct.Memo.SingleOrDefaultAsync(m => m.Id == id && m.ToId==UserId);//## SECURITY, if need general purpose then make new method if (logTheGetEvent && ret != null) await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, id, BizType, AyaEvent.Retrieved), ct); return ret; diff --git a/server/AyaNova/util/Seeder.cs b/server/AyaNova/util/Seeder.cs index c8315ed1..cbce1b79 100644 --- a/server/AyaNova/util/Seeder.cs +++ b/server/AyaNova/util/Seeder.cs @@ -713,8 +713,8 @@ namespace AyaNova.Util for (int x = 0; x < 10; x++) { Memo memo = new Memo(); - memo.Name = Fake.Rant.Review(); - memo.Notes = Fake.Lorem.Paragraph(); + memo.Name = Fake.Rant.Review("AyaNova"); + memo.Notes = Fake.Lorem.Paragraphs(); memo.ToId = 1; memo.FromId = Fake.Random.Long(2, 15); memo.Tags = RandomTags();