This commit is contained in:
@@ -423,7 +423,79 @@ namespace AyaNova.Api.Controllers
|
||||
return NoContent();
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Bulk delete attachments
|
||||
///
|
||||
/// </summary>
|
||||
/// <returns>No content</returns>
|
||||
[HttpPost("bulk-delete")]
|
||||
[Authorize]
|
||||
public async Task<IActionResult> PostBulkDelete([FromBody] List<long> idList)
|
||||
{
|
||||
if (serverState.IsClosed)
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.FileAttachment))
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
long UserId = UserIdFromContext.Id(HttpContext.Items);
|
||||
|
||||
foreach (long id in idList)
|
||||
{
|
||||
var dbObject = await ct.FileAttachment.FirstOrDefaultAsync(z => z.Id == id);
|
||||
if (dbObject == null)
|
||||
continue;
|
||||
//do the delete
|
||||
//this handles removing the file if there are no refs left and also the db record for the attachment
|
||||
await FileUtil.DeleteFileAttachmentAsync(dbObject, ct);
|
||||
|
||||
//Event log process delete
|
||||
await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, dbObject.AttachToObjectId, dbObject.AttachToObjectType, AyaEvent.AttachmentDelete, dbObject.DisplayFileName), ct);
|
||||
|
||||
//Delete search index
|
||||
await Search.ProcessDeletedObjectKeywordsAsync(dbObject.Id, AyaType.FileAttachment, ct);
|
||||
}
|
||||
return NoContent();
|
||||
}
|
||||
/// <summary>
|
||||
/// Bulk move attachments
|
||||
///
|
||||
/// </summary>
|
||||
/// <returns>No content</returns>
|
||||
[HttpPost("bulk-move")]
|
||||
[Authorize]
|
||||
public async Task<IActionResult> PostBulkMove([FromBody] List<long> idList, [FromBody] AyaType toType, [FromBody] long toId)
|
||||
{
|
||||
if (serverState.IsClosed)
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.FileAttachment))
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
if (!await BizObjectExistsInDatabase.ExistsAsync(toType, toId, ct))
|
||||
return BadRequest(new ApiErrorResponse(ApiErrorCode.NOT_FOUND, null, "LT:ErrorAPI2010"));
|
||||
|
||||
long UserId = UserIdFromContext.Id(HttpContext.Items);
|
||||
|
||||
foreach (long id in idList)
|
||||
{
|
||||
var dbObject = await ct.FileAttachment.FirstOrDefaultAsync(z => z.Id == id);
|
||||
if (dbObject == null)
|
||||
continue;
|
||||
|
||||
//do the move
|
||||
var msg = $"{dbObject.DisplayFileName} moved from {dbObject.AttachToObjectType}-{dbObject.AttachToObjectId} to {toType}-{toId} ";
|
||||
dbObject.AttachToObjectId = toId;
|
||||
dbObject.AttachToObjectType = toType;
|
||||
await ct.SaveChangesAsync();
|
||||
|
||||
//Event log process move
|
||||
await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, dbObject.AttachToObjectId, dbObject.AttachToObjectType, AyaEvent.AttachmentModified, msg), ct);
|
||||
|
||||
}
|
||||
return NoContent();
|
||||
}
|
||||
|
||||
|
||||
/// <summary>
|
||||
|
||||
@@ -434,7 +434,7 @@ namespace AyaNova.Biz
|
||||
// who are not allowed to see biz data
|
||||
roles.Add(AyaType.FileAttachment, new BizRoleSet()
|
||||
{
|
||||
Change = AuthorizationRoles.BizAdminFull,
|
||||
Change = AuthorizationRoles.BizAdminFull,//Need full rights only here because this is the rights checked for bulk delete etc so it's simpler than checking all the parent object rights if you know they already have all rights
|
||||
ReadFullRecord = AuthorizationRoles.BizAdminFull | AuthorizationRoles.BizAdminLimited
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user