This commit is contained in:
@@ -228,7 +228,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
|
||||
//Create and validate
|
||||
User o = await biz.CreateAsync(inObj);
|
||||
dtUser o = await biz.CreateAsync(inObj);
|
||||
|
||||
if (o == null)
|
||||
{
|
||||
@@ -241,7 +241,7 @@ namespace AyaNova.Api.Controllers
|
||||
//return success and link
|
||||
//NOTE: this is a USER object so we don't want to return some key fields for security reasons
|
||||
//which is why the object is "cleaned" before return
|
||||
return CreatedAtAction(nameof(UserController.GetUser), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(UserBiz.CleanUserForReturn(o)));
|
||||
return CreatedAtAction(nameof(UserController.GetUser), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -47,7 +47,7 @@ namespace AyaNova.Biz
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
//CREATE
|
||||
internal async Task<User> CreateAsync(User inObj)
|
||||
internal async Task<dtUser> CreateAsync(User inObj)
|
||||
{
|
||||
//password and login are optional but in the sense that they can be left out in a PUT
|
||||
// but if left out here we need to generate a random value instead so they can't login but the code is happy
|
||||
@@ -101,11 +101,10 @@ namespace AyaNova.Biz
|
||||
//TAGS
|
||||
await TagUtil.ProcessUpdateTagsInRepositoryAsync(ct, inObj.Tags, null);
|
||||
|
||||
//Accept, but never return a User's password or login
|
||||
inObj.Password = null;
|
||||
inObj.Login = null;
|
||||
dtUser retUser = new dtUser();
|
||||
CopyObject.Copy(inObj, retUser);
|
||||
return retUser;
|
||||
|
||||
return inObj;
|
||||
|
||||
}
|
||||
}
|
||||
@@ -123,11 +122,13 @@ namespace AyaNova.Biz
|
||||
{
|
||||
//Log
|
||||
await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, fetchId, BizType, AyaEvent.Retrieved), ct);
|
||||
}
|
||||
|
||||
dtUser retUser = new dtUser();
|
||||
CopyObject.Copy(dbFullUser, retUser);
|
||||
return retUser;
|
||||
|
||||
dtUser retUser = new dtUser();
|
||||
CopyObject.Copy(dbFullUser, retUser);
|
||||
return retUser;
|
||||
}
|
||||
else return null;
|
||||
}
|
||||
|
||||
|
||||
@@ -144,7 +145,7 @@ namespace AyaNova.Biz
|
||||
CopyObject.Copy(dbObj, SnapshotOfOriginalDBObj);
|
||||
|
||||
//Update the db object with the PUT object values
|
||||
CopyObject.Copy(inObj, dbObj, "Id, Salt, CurrentAuthToken");
|
||||
CopyObject.Copy(inObj, dbObj, "Id, Salt, CurrentAuthToken, DlKey, DlKeyExpire");
|
||||
dbObj.Tags = TagUtil.NormalizeTags(dbObj.Tags);
|
||||
dbObj.CustomFields = JsonUtil.CompactJson(dbObj.CustomFields);
|
||||
|
||||
@@ -507,24 +508,26 @@ namespace AyaNova.Biz
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
// Utilities
|
||||
//
|
||||
internal static object CleanUserForReturn(User o)
|
||||
{
|
||||
return new
|
||||
{
|
||||
Id = o.Id,
|
||||
ConcurrencyToken = o.ConcurrencyToken,
|
||||
Active = o.Active,
|
||||
Name = o.Name,
|
||||
Roles = o.Roles,
|
||||
TranslationId = o.UserOptions.TranslationId,
|
||||
UserType = o.UserType,
|
||||
EmployeeNumber = o.EmployeeNumber,
|
||||
Notes = o.Notes,
|
||||
CustomerId = o.CustomerId,
|
||||
HeadOfficeId = o.HeadOfficeId,
|
||||
SubVendorId = o.SubVendorId
|
||||
};
|
||||
}
|
||||
|
||||
//replaced by dtUser object instead
|
||||
// internal static object CleanUserForReturn(User o)
|
||||
// {
|
||||
// return new
|
||||
// {
|
||||
// Id = o.Id,
|
||||
// ConcurrencyToken = o.ConcurrencyToken,
|
||||
// Active = o.Active,
|
||||
// Name = o.Name,
|
||||
// Roles = o.Roles,
|
||||
// TranslationId = o.UserOptions.TranslationId,
|
||||
// UserType = o.UserType,
|
||||
// EmployeeNumber = o.EmployeeNumber,
|
||||
// Notes = o.Notes,
|
||||
// CustomerId = o.CustomerId,
|
||||
// HeadOfficeId = o.HeadOfficeId,
|
||||
// SubVendorId = o.SubVendorId
|
||||
// };
|
||||
// }
|
||||
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user