diff --git a/server/AyaNova/Controllers/UserController.cs b/server/AyaNova/Controllers/UserController.cs index 2e662ac7..1b4578d1 100644 --- a/server/AyaNova/Controllers/UserController.cs +++ b/server/AyaNova/Controllers/UserController.cs @@ -62,7 +62,7 @@ namespace AyaNova.Api.Controllers return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); } - if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.User)) + if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, UserBiz.BizType)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -83,7 +83,7 @@ namespace AyaNova.Api.Controllers } //Log - EventLogProcessor.AddEntry(new Event(biz.UserId, o.Id, AyaType.User, AyaEvent.Retrieved), ct); + EventLogProcessor.AddEntry(new Event(biz.UserId, o.Id, UserBiz.BizType, AyaEvent.Retrieved), ct); ct.SaveChanges(); return Ok(new ApiOkResponse(o)); } @@ -107,7 +107,7 @@ namespace AyaNova.Api.Controllers return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); } - if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.User)) + if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, UserBiz.BizType)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -190,7 +190,7 @@ namespace AyaNova.Api.Controllers return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); } - if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.User, o.OwnerId)) + if (!Authorized.IsAuthorizedToModify(HttpContext.Items, UserBiz.BizType, o.OwnerId)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -257,7 +257,7 @@ namespace AyaNova.Api.Controllers return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); } - if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.User, o.OwnerId)) + if (!Authorized.IsAuthorizedToModify(HttpContext.Items, UserBiz.BizType, o.OwnerId)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -304,7 +304,7 @@ namespace AyaNova.Api.Controllers } //If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner - if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.User)) + if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, UserBiz.BizType)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -366,7 +366,7 @@ namespace AyaNova.Api.Controllers return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); } - if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, AyaType.User, dbObj.OwnerId)) + if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, UserBiz.BizType, dbObj.OwnerId)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } diff --git a/server/AyaNova/Controllers/WidgetController.cs b/server/AyaNova/Controllers/WidgetController.cs index ce85ab20..ca2d2ab1 100644 --- a/server/AyaNova/Controllers/WidgetController.cs +++ b/server/AyaNova/Controllers/WidgetController.cs @@ -65,7 +65,7 @@ namespace AyaNova.Api.Controllers return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); } - if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Widget)) + if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, WidgetBiz.BizType)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -76,7 +76,7 @@ namespace AyaNova.Api.Controllers } //Instantiate the business object handler - WidgetBiz biz = new WidgetBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items)); + WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext); var o = await biz.GetAsync(id); @@ -86,7 +86,7 @@ namespace AyaNova.Api.Controllers } //Log - EventLogProcessor.AddEntry(new Event(biz.userId, o.Id, AyaType.Widget, AyaEvent.Retrieved), ct); + EventLogProcessor.AddEntry(new Event(biz.userId, o.Id, WidgetBiz.BizType, AyaEvent.Retrieved), ct); ct.SaveChanges(); return Ok(new ApiOkResponse(o)); } @@ -108,7 +108,7 @@ namespace AyaNova.Api.Controllers return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); } - if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Widget)) + if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, WidgetBiz.BizType)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -119,7 +119,7 @@ namespace AyaNova.Api.Controllers } //Instantiate the business object handler - WidgetBiz biz = new WidgetBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items)); + WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext); ApiPagedResponse pr = await biz.GetManyAsync(Url, nameof(ListWidgets), pagingOptions); return Ok(new ApiOkWithPagingResponse(pr)); @@ -155,7 +155,7 @@ namespace AyaNova.Api.Controllers } //Instantiate the business object handler - WidgetBiz biz = new WidgetBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items)); + WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext); ApiPagedResponse pr = await biz.GetPickListAsync(Url, nameof(WidgetPickList), pagingOptions, q); return Ok(new ApiOkWithPagingResponse(pr)); @@ -193,13 +193,13 @@ namespace AyaNova.Api.Controllers return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); } - if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.Widget, o.OwnerId)) + if (!Authorized.IsAuthorizedToModify(HttpContext.Items, WidgetBiz.BizType, o.OwnerId)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } //Instantiate the business object handler - WidgetBiz biz = new WidgetBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items)); + WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext); if (!biz.Put(o, inObj)) { @@ -209,9 +209,9 @@ namespace AyaNova.Api.Controllers try { //Log - EventLogProcessor.AddEntry(new Event(biz.userId, o.Id, AyaType.Widget, AyaEvent.Modified), ct); + EventLogProcessor.AddEntry(new Event(biz.userId, o.Id, WidgetBiz.BizType, AyaEvent.Modified), ct); await ct.SaveChangesAsync(); - Search.ProcessUpdatedObjectKeywords(ct, UserLocaleIdFromContext.Id(HttpContext.Items), o.Id, AyaType.Widget, o.Name, o.Notes, o.Name); + Search.ProcessUpdatedObjectKeywords(ct, UserLocaleIdFromContext.Id(HttpContext.Items), o.Id, WidgetBiz.BizType, o.Name, o.Notes, o.Name); } catch (DbUpdateConcurrencyException) { @@ -262,7 +262,7 @@ namespace AyaNova.Api.Controllers } //Instantiate the business object handler - WidgetBiz biz = new WidgetBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items)); + WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext); var o = await ct.Widget.SingleOrDefaultAsync(m => m.Id == id); @@ -272,7 +272,7 @@ namespace AyaNova.Api.Controllers return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); } - if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.Widget, o.OwnerId)) + if (!Authorized.IsAuthorizedToModify(HttpContext.Items, WidgetBiz.BizType, o.OwnerId)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -286,11 +286,11 @@ namespace AyaNova.Api.Controllers try { //Log - EventLogProcessor.AddEntry(new Event(biz.userId, o.Id, AyaType.Widget, AyaEvent.Modified), ct); + EventLogProcessor.AddEntry(new Event(biz.userId, o.Id, WidgetBiz.BizType, AyaEvent.Modified), ct); await ct.SaveChangesAsync(); //this will save the context as part of it's operations - Search.ProcessUpdatedObjectKeywords(ct, UserLocaleIdFromContext.Id(HttpContext.Items), o.Id, AyaType.Widget, o.Name, o.Notes, o.Name); + Search.ProcessUpdatedObjectKeywords(ct, UserLocaleIdFromContext.Id(HttpContext.Items), o.Id, WidgetBiz.BizType, o.Name, o.Notes, o.Name); } catch (DbUpdateConcurrencyException) @@ -326,7 +326,7 @@ namespace AyaNova.Api.Controllers } //If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner - if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.Widget)) + if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, WidgetBiz.BizType)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -337,7 +337,7 @@ namespace AyaNova.Api.Controllers } //Instantiate the business object handler - WidgetBiz biz = new WidgetBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items)); + WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext); //Create and validate Widget o = await biz.CreateAsync(inObj); @@ -354,11 +354,11 @@ namespace AyaNova.Api.Controllers await ct.SaveChangesAsync(); //Log now that we have the Id - EventLogProcessor.AddEntry(new Event(biz.userId, o.Id, AyaType.Widget, AyaEvent.Created), ct); + EventLogProcessor.AddEntry(new Event(biz.userId, o.Id, WidgetBiz.BizType, AyaEvent.Created), ct); await ct.SaveChangesAsync(); //this will save the context as part of it's operations - Search.ProcessNewObjectKeywords(ct, UserLocaleIdFromContext.Id(HttpContext.Items), o.Id, AyaType.Widget, o.Name, o.Notes, o.Name); + Search.ProcessNewObjectKeywords(ct, UserLocaleIdFromContext.Id(HttpContext.Items), o.Id, WidgetBiz.BizType, o.Name, o.Notes, o.Name); //return success and link @@ -398,24 +398,25 @@ namespace AyaNova.Api.Controllers return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); } - if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, AyaType.Widget, dbObj.OwnerId)) + if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, WidgetBiz.BizType, dbObj.OwnerId)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } //Instantiate the business object handler - WidgetBiz biz = new WidgetBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items)); + WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext); + if (!biz.Delete(dbObj)) { return BadRequest(new ApiErrorResponse(biz.Errors)); } //Log - EventLogProcessor.DeleteObject(biz.userId, AyaType.Widget, dbObj.Id, dbObj.Name, ct); + EventLogProcessor.DeleteObject(biz.userId, WidgetBiz.BizType, dbObj.Id, dbObj.Name, ct); await ct.SaveChangesAsync(); //This will directly execute and is not part of context for saving purposes - Search.ProcessDeletedObjectKeywords(ct, dbObj.Id, AyaType.Widget); + Search.ProcessDeletedObjectKeywords(ct, dbObj.Id, WidgetBiz.BizType); //Delete children / attached objects @@ -446,7 +447,7 @@ namespace AyaNova.Api.Controllers return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); } - if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Widget)) + if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, WidgetBiz.BizType)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } @@ -466,7 +467,7 @@ namespace AyaNova.Api.Controllers return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason)); } - if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Widget)) + if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, WidgetBiz.BizType)) { return StatusCode(401, new ApiNotAuthorizedResponse()); } diff --git a/server/AyaNova/biz/UserBiz.cs b/server/AyaNova/biz/UserBiz.cs index 80842f56..629d26a7 100644 --- a/server/AyaNova/biz/UserBiz.cs +++ b/server/AyaNova/biz/UserBiz.cs @@ -18,6 +18,7 @@ namespace AyaNova.Biz internal class UserBiz : BizObject, IJobObject, IImportAyaNova7Object { + public static AyaType BizType = AyaType.User; private readonly AyContext ct; public readonly long UserId; public readonly long UserLocaleId; @@ -81,11 +82,11 @@ namespace AyaNova.Biz await ct.SaveChangesAsync(); //Log event - EventLogProcessor.AddEntry(new Event(UserId, outObj.Id, AyaType.User, AyaEvent.Created), ct); + EventLogProcessor.AddEntry(new Event(UserId, outObj.Id, BizType, AyaEvent.Created), ct); await ct.SaveChangesAsync(); //SEARCH INDEXING - Search.ProcessNewObjectKeywords(ct, UserLocaleId, outObj.Id, AyaType.User, outObj.Name, outObj.EmployeeNumber, outObj.Notes, outObj.Name); + Search.ProcessNewObjectKeywords(ct, UserLocaleId, outObj.Id, BizType, outObj.Name, outObj.EmployeeNumber, outObj.Notes, outObj.Name); return outObj; @@ -218,10 +219,10 @@ namespace AyaNova.Biz //Log modification - EventLogProcessor.AddEntry(new Event(UserId, dbObj.Id, AyaType.User, AyaEvent.Modified), ct); + EventLogProcessor.AddEntry(new Event(UserId, dbObj.Id, BizType, AyaEvent.Modified), ct); ct.SaveChanges(); //Update keywords - Search.ProcessUpdatedObjectKeywords(ct, UserLocaleId, dbObj.Id, AyaType.User, dbObj.Name, dbObj.EmployeeNumber, dbObj.Notes, dbObj.Name); + Search.ProcessUpdatedObjectKeywords(ct, UserLocaleId, dbObj.Id, BizType, dbObj.Name, dbObj.EmployeeNumber, dbObj.Notes, dbObj.Name); return true; } @@ -252,10 +253,10 @@ namespace AyaNova.Biz return false; //Log modification - EventLogProcessor.AddEntry(new Event(UserId, dbObj.Id, AyaType.User, AyaEvent.Modified), ct); + EventLogProcessor.AddEntry(new Event(UserId, dbObj.Id, BizType, AyaEvent.Modified), ct); ct.SaveChanges(); //Update keywords - Search.ProcessUpdatedObjectKeywords(ct, UserLocaleId, dbObj.Id, AyaType.User, dbObj.Name, dbObj.EmployeeNumber, dbObj.Notes, dbObj.Name); + Search.ProcessUpdatedObjectKeywords(ct, UserLocaleId, dbObj.Id, BizType, dbObj.Name, dbObj.EmployeeNumber, dbObj.Notes, dbObj.Name); return true; } @@ -280,14 +281,14 @@ namespace AyaNova.Biz ct.Database.ExecuteSqlCommand($"delete from auseroptions where userid={dbObj.Id}"); //Event log process delete - EventLogProcessor.DeleteObject(UserId, AyaType.User, dbObj.Id, dbObj.Name, ct); + EventLogProcessor.DeleteObject(UserId, BizType, dbObj.Id, dbObj.Name, ct); ct.SaveChanges(); //Delete search index - Search.ProcessDeletedObjectKeywords(ct, dbObj.Id, AyaType.User); + Search.ProcessDeletedObjectKeywords(ct, dbObj.Id, BizType); //TAGS - TagMapBiz.DeleteAllForObject(new AyaTypeId(AyaType.User, dbObj.Id), ct); + TagMapBiz.DeleteAllForObject(new AyaTypeId(BizType, dbObj.Id), ct); ct.SaveChanges(); return true; @@ -671,7 +672,7 @@ namespace AyaNova.Biz //skip the administrator account but add it to the map for all the other import code that requires it if (V7Id == new Guid("2ecc77fc-69e2-4a7e-b88d-bd0ecaf36aed")) { - var mapItem = new ImportAyaNova7MapItem(V7Id, AyaType.User, 1); + var mapItem = new ImportAyaNova7MapItem(V7Id, BizType, 1); importMap.Add(mapItem); return true; } @@ -718,7 +719,7 @@ namespace AyaNova.Biz else { await ct.SaveChangesAsync(); - var mapItem = new ImportAyaNova7MapItem(V7Id, AyaType.User, o.Id); + var mapItem = new ImportAyaNova7MapItem(V7Id, BizType, o.Id); importMap.Add(mapItem); @@ -728,7 +729,7 @@ namespace AyaNova.Biz break; case "eventlog": { - await ImportAyaNova7Biz.LogEventCreatedModifiedEvents(j, importMap, AyaType.User, ct); + await ImportAyaNova7Biz.LogEventCreatedModifiedEvents(j, importMap, BizType, ct); } break; case "locale": @@ -813,22 +814,7 @@ namespace AyaNova.Biz } - // private static async Task LogEventCreatedModifiedEvents(JObject j, List importMap, AyaType ayaType, AyContext ct) - // { - // var V7Id = new Guid(j["ID"].Value()); - // var RavenUserId = importMap.Where(m => m.V7ObjectId == V7Id).First().NewObjectAyaTypeId.ObjectId; - // var Creator = importMap.Where(m => m.V7ObjectId == new Guid(j["Creator"].Value())).First().NewObjectAyaTypeId.ObjectId; - // var Modifier = importMap.Where(m => m.V7ObjectId == new Guid(j["Modifier"].Value())).First().NewObjectAyaTypeId.ObjectId; - // var Created = j["Created"].Value(); - // var Modified = j["Modified"].Value(); - // //handle EventLog entries for users now that we have the user's created - // //Created - // EventLogProcessor.AddEntry(new Event(Creator, RavenUserId, AyaType.User, AyaEvent.Created, Created), ct); - // //MODIFIED - // EventLogProcessor.AddEntry(new Event(Modifier, RavenUserId, AyaType.User, AyaEvent.Modified, Modified), ct); - // await ct.SaveChangesAsync(); - // } //Other job handlers here... diff --git a/server/AyaNova/biz/WidgetBiz.cs b/server/AyaNova/biz/WidgetBiz.cs index 7b1428bc..ca014d4d 100644 --- a/server/AyaNova/biz/WidgetBiz.cs +++ b/server/AyaNova/biz/WidgetBiz.cs @@ -16,18 +16,30 @@ namespace AyaNova.Biz internal class WidgetBiz : BizObject, IJobObject { + public static AyaType BizType = AyaType.Widget; private readonly AyContext ct; public readonly long userId; + public readonly long UserLocaleId; private readonly AuthorizationRoles userRoles; - internal WidgetBiz(AyContext dbcontext, long currentUserId, AuthorizationRoles UserRoles) + internal WidgetBiz(AyContext dbcontext, long currentUserId, long userLocaleId, AuthorizationRoles UserRoles) { ct = dbcontext; userId = currentUserId; userRoles = UserRoles; } + internal static WidgetBiz GetBiz(AyContext ct, Microsoft.AspNetCore.Http.HttpContext httpContext) + { + return new WidgetBiz(ct, UserIdFromContext.Id(httpContext.Items), UserLocaleIdFromContext.Id(httpContext.Items), UserRolesFromContext.Roles(httpContext.Items)); + } + + //Version for internal use + internal static WidgetBiz GetBizInternal(AyContext ct) + { + return new WidgetBiz(ct, 1, ServerBootConfig.AYANOVA_DEFAULT_LANGUAGE_ID, AuthorizationRoles.BizAdminFull); + } //////////////////////////////////////////////////////////////////////////////////////////////// //CREATE @@ -41,7 +53,7 @@ namespace AyaNova.Biz //do stuff with widget Widget outObj = inObj; outObj.OwnerId = userId; - + //TagHelper(collection of tags??) await ct.Widget.AddAsync(outObj); return outObj; @@ -191,7 +203,7 @@ namespace AyaNova.Biz internal void DeleteChildren(Widget dbObj) { //TAGS - TagMapBiz.DeleteAllForObject(new AyaTypeId(AyaType.Widget, dbObj.Id), ct); + TagMapBiz.DeleteAllForObject(new AyaTypeId(BizType, dbObj.Id), ct); } ////////////////////////////////////////////////////////////////////////////////////////////////