From a4fd59ce0a56a40acbe77ba013c48b366024dedd Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Tue, 30 Jun 2020 18:21:53 +0000 Subject: [PATCH] --- .../Controllers/AttachmentController.cs | 72 +++++++++++++++++++ server/AyaNova/biz/BizRoles.cs | 2 +- 2 files changed, 73 insertions(+), 1 deletion(-) diff --git a/server/AyaNova/Controllers/AttachmentController.cs b/server/AyaNova/Controllers/AttachmentController.cs index f6346ae5..33f8712a 100644 --- a/server/AyaNova/Controllers/AttachmentController.cs +++ b/server/AyaNova/Controllers/AttachmentController.cs @@ -423,7 +423,79 @@ namespace AyaNova.Api.Controllers return NoContent(); } + /// + /// Bulk delete attachments + /// + /// + /// No content + [HttpPost("bulk-delete")] + [Authorize] + public async Task PostBulkDelete([FromBody] List idList) + { + if (serverState.IsClosed) + return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + if (!ModelState.IsValid) + return BadRequest(new ApiErrorResponse(ModelState)); + if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.FileAttachment)) + return StatusCode(403, new ApiNotAuthorizedResponse()); + long UserId = UserIdFromContext.Id(HttpContext.Items); + + foreach (long id in idList) + { + var dbObject = await ct.FileAttachment.FirstOrDefaultAsync(z => z.Id == id); + if (dbObject == null) + continue; + //do the delete + //this handles removing the file if there are no refs left and also the db record for the attachment + await FileUtil.DeleteFileAttachmentAsync(dbObject, ct); + + //Event log process delete + await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, dbObject.AttachToObjectId, dbObject.AttachToObjectType, AyaEvent.AttachmentDelete, dbObject.DisplayFileName), ct); + + //Delete search index + await Search.ProcessDeletedObjectKeywordsAsync(dbObject.Id, AyaType.FileAttachment, ct); + } + return NoContent(); + } + /// + /// Bulk move attachments + /// + /// + /// No content + [HttpPost("bulk-move")] + [Authorize] + public async Task PostBulkMove([FromBody] List idList, [FromBody] AyaType toType, [FromBody] long toId) + { + if (serverState.IsClosed) + return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + if (!ModelState.IsValid) + return BadRequest(new ApiErrorResponse(ModelState)); + if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.FileAttachment)) + return StatusCode(403, new ApiNotAuthorizedResponse()); + if (!await BizObjectExistsInDatabase.ExistsAsync(toType, toId, ct)) + return BadRequest(new ApiErrorResponse(ApiErrorCode.NOT_FOUND, null, "LT:ErrorAPI2010")); + + long UserId = UserIdFromContext.Id(HttpContext.Items); + + foreach (long id in idList) + { + var dbObject = await ct.FileAttachment.FirstOrDefaultAsync(z => z.Id == id); + if (dbObject == null) + continue; + + //do the move + var msg = $"{dbObject.DisplayFileName} moved from {dbObject.AttachToObjectType}-{dbObject.AttachToObjectId} to {toType}-{toId} "; + dbObject.AttachToObjectId = toId; + dbObject.AttachToObjectType = toType; + await ct.SaveChangesAsync(); + + //Event log process move + await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, dbObject.AttachToObjectId, dbObject.AttachToObjectType, AyaEvent.AttachmentModified, msg), ct); + + } + return NoContent(); + } /// diff --git a/server/AyaNova/biz/BizRoles.cs b/server/AyaNova/biz/BizRoles.cs index f50e47ec..92c36ff4 100644 --- a/server/AyaNova/biz/BizRoles.cs +++ b/server/AyaNova/biz/BizRoles.cs @@ -434,7 +434,7 @@ namespace AyaNova.Biz // who are not allowed to see biz data roles.Add(AyaType.FileAttachment, new BizRoleSet() { - Change = AuthorizationRoles.BizAdminFull, + Change = AuthorizationRoles.BizAdminFull,//Need full rights only here because this is the rights checked for bulk delete etc so it's simpler than checking all the parent object rights if you know they already have all rights ReadFullRecord = AuthorizationRoles.BizAdminFull | AuthorizationRoles.BizAdminLimited });