2018-09-04 18:38:39 +00:00
parent 1bfb8fcd8a
commit a0296e918d
6 changed files with 543 additions and 24 deletions
--- a/server/AyaNova/Controllers/UserController.cs
+++ b/server/AyaNova/Controllers/UserController.cs
@@ -0,0 +1,503 @@
+using System.Linq;
+using System.Threading.Tasks;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Routing;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.JsonPatch;
+using Microsoft.EntityFrameworkCore;
+using Microsoft.Extensions.Logging;
+
+using AyaNova.Models;
+using AyaNova.Api.ControllerHelpers;
+using AyaNova.Biz;
+
+
+namespace AyaNova.Api.Controllers
+{
+   
+    /// <summary>
+    /// Sample controller class used during development for testing purposes
+    /// </summary>
+    [ApiVersion("8.0")]
+    [Route("api/v{version:apiVersion}/[controller]")]
+    [Produces("application/json")]
+    [Authorize]
+    public class UserController : Controller
+    {
+        private readonly AyContext ct;
+        private readonly ILogger<UserController> log;
+        private readonly ApiServerState serverState;
+
+
+        /// <summary>
+        /// ctor
+        /// </summary>
+        /// <param name="dbcontext"></param>
+        /// <param name="logger"></param>
+        /// <param name="apiServerState"></param>  
+        public UserController(AyContext dbcontext, ILogger<UserController> logger, ApiServerState apiServerState)
+        {
+            ct = dbcontext;
+            log = logger;
+            serverState = apiServerState;
+        }
+
+
+
+
+        /// <summary>
+        /// Get User
+        /// 
+        /// Required roles:
+        /// BizAdminFull, InventoryFull, BizAdminLimited, InventoryLimited, TechFull, TechLimited, Accounting
+        /// </summary>
+        /// <param name="id"></param>
+        /// <returns>A single User</returns>
+        [HttpGet("{id}")]
+        public async Task<IActionResult> GetUser([FromRoute] long id)
+        {
+            if (serverState.IsClosed)
+            {
+                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            }
+
+            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User))
+            {
+                return StatusCode(401, new ApiNotAuthorizedResponse());
+            }
+
+            if (!ModelState.IsValid)
+            {
+                return BadRequest(new ApiErrorResponse(ModelState));
+            }
+
+            //Instantiate the business object handler
+            UserBiz biz = new UserBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
+
+            var o = await biz.GetAsync(id);
+
+            if (o == null)
+            {
+                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+            }
+
+            //Log
+            EventLogProcessor.AddEntry(new Event(biz.userId, o.Id, AyaType.User, AyaEvent.Retrieved), ct);
+            ct.SaveChanges();
+            return Ok(new ApiOkResponse(o));
+        }
+
+
+
+        /// <summary>
+        /// Get paged list of Users
+        /// 
+        /// Required roles:
+        /// BizAdminFull, InventoryFull, BizAdminLimited, InventoryLimited, TechFull, TechLimited, Accounting
+        /// 
+        /// </summary>
+        /// <returns>Paged collection of Users with paging data</returns>            
+        [HttpGet("List", Name = nameof(List))]//We MUST have a "Name" defined or we can't get the link for the pagination, non paged urls don't need a name
+        public async Task<IActionResult> List([FromQuery] PagingOptions pagingOptions)
+        {
+
+            if (serverState.IsClosed)
+            {
+                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            }
+
+            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User))
+            {
+                return StatusCode(401, new ApiNotAuthorizedResponse());
+            }
+
+            if (!ModelState.IsValid)
+            {
+                return BadRequest(new ApiErrorResponse(ModelState));
+            }
+
+            //Instantiate the business object handler
+            UserBiz biz = new UserBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
+
+            ApiPagedResponse<User> pr = await biz.GetManyAsync(Url, nameof(List), pagingOptions);
+            return Ok(new ApiOkWithPagingResponse<User>(pr));
+        }
+
+
+
+        /// <summary>
+        /// Get User pick list
+        /// 
+        /// Required roles:
+        /// BizAdminFull, InventoryFull, BizAdminLimited, InventoryLimited, TechFull, TechLimited, Accounting
+        /// 
+        /// This list supports querying the Name property
+        /// include a "q" parameter for string to search for 
+        /// use % for wildcards.
+        /// 
+        /// e.g. q=%Jones%
+        /// 
+        /// Query is case insensitive
+        /// </summary>
+        /// <returns>Paged id/name collection of Users with paging data</returns>    
+        [HttpGet("PickList", Name = nameof(UserPickList))]
+        public async Task<IActionResult> UserPickList([FromQuery] string q, [FromQuery] PagingOptions pagingOptions)
+        {
+            if (serverState.IsClosed)
+            {
+                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            }
+
+            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User))
+            {
+                return StatusCode(401, new ApiNotAuthorizedResponse());
+            }
+
+            if (!ModelState.IsValid)
+            {
+                return BadRequest(new ApiErrorResponse(ModelState));
+            }
+
+            //Instantiate the business object handler
+            UserBiz biz = new UserBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
+
+            ApiPagedResponse<NameIdItem> pr = await biz.GetPickListAsync(Url, nameof(UserPickList), pagingOptions, q);
+            return Ok(new ApiOkWithPagingResponse<NameIdItem>(pr));
+        }
+
+
+        /// <summary>
+        /// Put (update) User
+        /// 
+        /// Required roles:
+        /// BizAdminFull, InventoryFull
+        /// TechFull (owned only)
+        /// 
+        /// </summary>
+        /// <param name="id"></param>
+        /// <param name="inObj"></param>
+        /// <returns></returns>
+        [HttpPut("{id}")]
+        public async Task<IActionResult> PutUser([FromRoute] long id, [FromBody] User inObj)
+        {
+            if (!serverState.IsOpen)
+            {
+                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            }
+
+            if (!ModelState.IsValid)
+            {
+                return BadRequest(new ApiErrorResponse(ModelState));
+            }
+
+            var o = await ct.User.SingleOrDefaultAsync(m => m.Id == id);
+
+            if (o == null)
+            {
+                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+            }
+
+            if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.User, o.OwnerId))
+            {
+                return StatusCode(401, new ApiNotAuthorizedResponse());
+            }
+
+            //Instantiate the business object handler       
+            UserBiz biz = new UserBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
+
+            if (!biz.Put(o, inObj))
+            {
+                return BadRequest(new ApiErrorResponse(biz.Errors));
+            }
+
+            try
+            {
+                //Log
+                EventLogProcessor.AddEntry(new Event(biz.userId, o.Id, AyaType.User, AyaEvent.Modified), ct);
+                await ct.SaveChangesAsync();
+            }
+            catch (DbUpdateConcurrencyException)
+            {
+                if (!UserExists(id))
+                {
+                    return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+                }
+                else
+                {
+                    //exists but was changed by another user
+                    //I considered returning new and old record, but where would it end?
+                    //Better to let the client decide what to do than to send extra data that is not required
+                    return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
+                }
+            }
+
+
+
+            return Ok(new ApiOkResponse(new { ConcurrencyToken = o.ConcurrencyToken }));
+        }
+
+
+
+        /// <summary>
+        /// Patch (update) User
+        /// 
+        /// Required roles:
+        /// BizAdminFull, InventoryFull
+        /// TechFull (owned only)
+        /// </summary>
+        /// <param name="id"></param>
+        /// <param name="concurrencyToken"></param>
+        /// <param name="objectPatch"></param>
+        /// <returns></returns>
+        [HttpPatch("{id}/{concurrencyToken}")]
+        public async Task<IActionResult> PatchUser([FromRoute] long id, [FromRoute] uint concurrencyToken, [FromBody]JsonPatchDocument<User> objectPatch)
+        {
+            //https://dotnetcoretutorials.com/2017/11/29/json-patch-asp-net-core/
+
+            if (!serverState.IsOpen)
+            {
+                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            }
+
+            if (!ModelState.IsValid)
+            {
+                return BadRequest(new ApiErrorResponse(ModelState));
+            }
+
+            //Instantiate the business object handler
+            UserBiz biz = new UserBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
+
+
+            var o = await ct.User.SingleOrDefaultAsync(m => m.Id == id);
+
+            if (o == null)
+            {
+                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+            }
+
+            if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.User, o.OwnerId))
+            {
+                return StatusCode(401, new ApiNotAuthorizedResponse());
+            }
+
+            //patch and validate
+            if (!biz.Patch(o, objectPatch, concurrencyToken))
+            {
+                return BadRequest(new ApiErrorResponse(biz.Errors));
+            }
+
+            try
+            {
+                //Log
+                EventLogProcessor.AddEntry(new Event(biz.userId, o.Id, AyaType.User, AyaEvent.Modified), ct);
+                await ct.SaveChangesAsync();
+            }
+            catch (DbUpdateConcurrencyException)
+            {
+                if (!UserExists(id))
+                {
+                    return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+                }
+                else
+                {
+                    return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
+                }
+            }
+
+
+
+
+            return Ok(new ApiOkResponse(new { ConcurrencyToken = o.ConcurrencyToken }));
+        }
+
+
+        /// <summary>
+        /// Post User
+        /// 
+        /// Required roles: 
+        /// BizAdminFull, InventoryFull, TechFull
+        /// </summary>
+        /// <param name="inObj"></param>
+        /// <returns></returns>
+        [HttpPost]
+        public async Task<IActionResult> PostUser([FromBody] User inObj)
+        {
+            if (!serverState.IsOpen)
+            {
+                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            }
+
+            //If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
+            if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.User))
+            {
+                return StatusCode(401, new ApiNotAuthorizedResponse());
+            }
+
+            if (!ModelState.IsValid)
+            {
+                return BadRequest(new ApiErrorResponse(ModelState));
+            }
+
+            //Instantiate the business object handler
+            UserBiz biz = new UserBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
+
+            //Create and validate
+            User o = await biz.CreateAsync(inObj);
+
+            if (o == null)
+            {
+                //error return
+                return BadRequest(new ApiErrorResponse(biz.Errors));
+            }
+            else
+            {
+
+                //save to get Id
+                await ct.SaveChangesAsync();
+
+                //Log now that we have the Id
+                EventLogProcessor.AddEntry(new Event(biz.userId, o.Id, AyaType.User, AyaEvent.Created), ct);
+                await ct.SaveChangesAsync();
+
+                //return success and link
+                return CreatedAtAction("GetUser", new { id = o.Id }, new ApiCreatedResponse(o));
+            }
+        }
+
+
+
+        /// <summary>
+        /// Delete User
+        /// 
+        /// Required roles:
+        /// BizAdminFull, InventoryFull
+        /// TechFull (owned only)
+        /// 
+        /// </summary>
+        /// <param name="id"></param>
+        /// <returns>Ok</returns>
+        [HttpDelete("{id}")]
+        public async Task<IActionResult> DeleteUser([FromRoute] long id)
+        {
+
+            if (!serverState.IsOpen)
+            {
+                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            }
+
+            if (!ModelState.IsValid)
+            {
+                return BadRequest(new ApiErrorResponse(ModelState));
+            }
+
+            var dbObj = await ct.User.SingleOrDefaultAsync(m => m.Id == id);
+            if (dbObj == null)
+            {
+                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+            }
+
+            if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, AyaType.User, dbObj.OwnerId))
+            {
+                return StatusCode(401, new ApiNotAuthorizedResponse());
+            }
+
+            //Instantiate the business object handler
+            UserBiz biz = new UserBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
+            if (!biz.Delete(dbObj))
+            {
+                return BadRequest(new ApiErrorResponse(biz.Errors));
+            }
+
+            //Log
+            EventLogProcessor.DeleteObject(biz.userId, AyaType.User, dbObj.Id, dbObj.Name, ct);
+
+            await ct.SaveChangesAsync();
+
+            //Delete children / attached objects 
+            biz.DeleteChildren(dbObj);
+
+
+            return NoContent();
+        }
+
+
+
+
+        private bool UserExists(long id)
+        {
+            return ct.User.Any(e => e.Id == id);
+        }
+
+
+        /// <summary>
+        /// Get route that triggers exception for testing
+        /// </summary>
+        /// <returns>Nothing, triggers exception</returns>
+        [HttpGet("exception")]
+        public ActionResult GetException()
+        {
+            if (!serverState.IsOpen)
+            {
+                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            }
+
+            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User))
+            {
+                return StatusCode(401, new ApiNotAuthorizedResponse());
+            }
+
+            throw new System.NotSupportedException("Test exception from User controller");
+        }
+
+        /// <summary>
+        /// Get route that triggers an alternate type of exception for testing
+        /// </summary>
+        /// <returns>Nothing, triggers exception</returns>
+        [HttpGet("altexception")]
+        public ActionResult GetAltException()
+        {
+            if (!serverState.IsOpen)
+            {
+                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            }
+
+            if (!Authorized.IsAuthorizedToRead(HttpContext.Items, AyaType.User))
+            {
+                return StatusCode(401, new ApiNotAuthorizedResponse());
+            }
+
+            throw new System.ArgumentException("Test exception (ALT) from User controller");
+        }
+
+
+        /// <summary>
+        /// Get route that submits a long running operation job for testing
+        /// </summary>
+        /// <returns>Nothing</returns>
+        [HttpGet("TestUserJob")]
+        public ActionResult TestUserJob()
+        {
+            if (!serverState.IsOpen)
+            {
+                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            }
+
+            if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.JobOperations))
+            {
+                return StatusCode(401, new ApiNotAuthorizedResponse());
+            }
+
+            //Create the job here
+            OpsJob j = new OpsJob();
+            j.Name = "TestUserJob";
+            j.JobType = JobType.TestUserJob;
+            JobsBiz.AddJob(j, ct);
+            return Accepted(new { JobId = j.GId });//202 accepted
+        }
+
+        //------------
+
+
+    }
+}