This commit is contained in:
@@ -56,6 +56,11 @@ namespace AyaNova.Api.Controllers
|
||||
if (!serverState.IsOpen)
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
|
||||
//This route is ONLY available to users with full rights to Global object
|
||||
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.Global))
|
||||
{
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
// AyaTypeId attachToObject = null;
|
||||
ApiUploadProcessor.ApiUploadedFilesResult uploadFormData = null;
|
||||
@@ -67,7 +72,7 @@ namespace AyaNova.Api.Controllers
|
||||
return BadRequest(new ApiErrorResponse(ApiErrorCode.INVALID_OPERATION, null, $"Expected a multipart request, but got {Request.ContentType}"));
|
||||
|
||||
//Save uploads to disk under temporary file names until we decide how to handle them
|
||||
// uploadFormData = await ApiUploadProcessor.ProcessUploadAsync(HttpContext);xx
|
||||
// uploadFormData = await ApiUploadProcessor.ProcessUploadAsync(HttpContext);xx
|
||||
|
||||
|
||||
string UploadAType = string.Empty;
|
||||
@@ -76,7 +81,7 @@ namespace AyaNova.Api.Controllers
|
||||
string Notes = string.Empty;
|
||||
List<UploadFileData> FileData = new List<UploadFileData>();
|
||||
|
||||
//Save uploads to disk under temporary file names until we decide how to handle them
|
||||
//Save uploads to disk under temporary file names until we decide how to handle them
|
||||
uploadFormData = await ApiUploadProcessor.ProcessUploadAsync(HttpContext);
|
||||
if (!string.IsNullOrWhiteSpace(uploadFormData.Error))
|
||||
{
|
||||
@@ -114,7 +119,7 @@ namespace AyaNova.Api.Controllers
|
||||
//Instantiate the business object handler
|
||||
AyaType TheType = System.Enum.Parse<AyaType>(UploadAType, true);
|
||||
log.LogDebug($"Instantiating biz object handler for {TheType}");
|
||||
var biz = BizObjectFactory.GetBizObject(TheType, ct);
|
||||
var biz = BizObjectFactory.GetBizObject(TheType, ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
|
||||
|
||||
if (!(biz is IImportAbleObject))
|
||||
return BadRequest(new ApiErrorResponse(ApiErrorCode.INVALID_OPERATION, null, $"Import not supported for {TheType} objects"));
|
||||
|
||||
@@ -14,8 +14,8 @@ namespace AyaNova.Biz
|
||||
//Used by SEARCH, REPORTING and objects with JOBS
|
||||
internal static BizObject GetBizObject(AyaType ayaType,
|
||||
AyContext ct,
|
||||
long userId = 1,
|
||||
AuthorizationRoles roles = AuthorizationRoles.All,
|
||||
long userId,
|
||||
AuthorizationRoles roles,
|
||||
long translationId = 0)
|
||||
{
|
||||
if (translationId == 0)
|
||||
@@ -89,8 +89,8 @@ namespace AyaNova.Biz
|
||||
case AyaType.WorkOrderItemTravel:
|
||||
case AyaType.WorkOrderItemUnit:
|
||||
case AyaType.WorkOrderItemOutsideService:
|
||||
return new WorkOrderBiz(ct, userId, translationId, roles, UserType.NotService);//default to not service for now arbitrarily on the principle of least access
|
||||
//---
|
||||
return new WorkOrderBiz(ct, userId, translationId, roles, UserType.Service);
|
||||
|
||||
|
||||
|
||||
//--- Quote
|
||||
@@ -105,7 +105,7 @@ namespace AyaNova.Biz
|
||||
case AyaType.QuoteItemTravel:
|
||||
case AyaType.QuoteItemUnit:
|
||||
case AyaType.QuoteItemOutsideService:
|
||||
return new QuoteBiz(ct, userId, translationId, roles, UserType.NotService);//default to not service for now arbitrarily on the principle of least access
|
||||
return new QuoteBiz(ct, userId, translationId, roles, UserType.Service);
|
||||
//---
|
||||
|
||||
|
||||
@@ -121,7 +121,7 @@ namespace AyaNova.Biz
|
||||
case AyaType.PMItemTravel:
|
||||
case AyaType.PMItemUnit:
|
||||
case AyaType.PMItemOutsideService:
|
||||
return new PMBiz(ct, userId, translationId, roles, UserType.NotService);//default to not service for now arbitrarily on the principle of least access
|
||||
return new PMBiz(ct, userId, translationId, roles, UserType.Service);
|
||||
//---
|
||||
|
||||
case AyaType.Reminder:
|
||||
|
||||
@@ -206,7 +206,7 @@ namespace AyaNova.Biz
|
||||
await CoreJobNotify.DoWorkAsync();
|
||||
await CoreNotificationSweeper.DoWorkAsync();
|
||||
|
||||
//PM GENERATION
|
||||
//PM GENERATION
|
||||
await CoreJobPMGenerate.DoWorkAsync();
|
||||
|
||||
//JOB SWEEPER / AND USER COUNT CHECK
|
||||
@@ -303,18 +303,18 @@ namespace AyaNova.Biz
|
||||
await UpdateJobStatusAsync(job.GId, JobStatus.Completed);
|
||||
break;
|
||||
case JobType.TestJob:
|
||||
o = (IJobObject)BizObjectFactory.GetBizObject(AyaType.ServerJob, ct);
|
||||
o = (IJobObject)BizObjectFactory.GetBizObject(AyaType.ServerJob, ct, 1, AuthorizationRoles.BizAdmin);
|
||||
break;
|
||||
case JobType.SeedTestData:
|
||||
o = (IJobObject)BizObjectFactory.GetBizObject(AyaType.TrialSeeder, ct);
|
||||
o = (IJobObject)BizObjectFactory.GetBizObject(AyaType.TrialSeeder, ct, 1, AuthorizationRoles.BizAdmin);
|
||||
break;
|
||||
case JobType.AttachmentMaintenance:
|
||||
o = (IJobObject)BizObjectFactory.GetBizObject(AyaType.FileAttachment, ct);
|
||||
o = (IJobObject)BizObjectFactory.GetBizObject(AyaType.FileAttachment, ct, 1, AuthorizationRoles.BizAdmin);
|
||||
break;
|
||||
case JobType.BatchCoreObjectOperation:
|
||||
//batch op, hand off to biz object to deal with
|
||||
//note, convention is that there is an idList in job.jobinfo json if preselected else it's all objects of type
|
||||
o = (IJobObject)BizObjectFactory.GetBizObject(job.AType, ct);
|
||||
o = (IJobObject)BizObjectFactory.GetBizObject(job.AType, ct, 1, AuthorizationRoles.BizAdmin);
|
||||
break;
|
||||
default:
|
||||
throw new System.NotSupportedException($"ProcessJobAsync type {job.JobType.ToString()} is not supported");
|
||||
|
||||
@@ -57,7 +57,7 @@ namespace AyaNova.Biz
|
||||
1,
|
||||
ServerBootConfig.AYANOVA_DEFAULT_TRANSLATION_ID,
|
||||
AuthorizationRoles.BizAdmin,
|
||||
UserType.NotService);//picked not service arbitrarily, probably a non-factor
|
||||
UserType.Service);
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user