devdocs/todo.txt

@@ -9,12 +9,8 @@ todo: all api routes, re-arrange code in controller in this order POST (and post
 	BIZ TOO
 todo: all api route URI's sb lower case with dashes if necessary (use plural noun scheme)
 	https://docs.microsoft.com/en-us/azure/architecture/best-practices/api-design#organize-the-api-around-resources
-todo: Controllers should not need to know about databases
-	refactor code so controller never fetches or deals with saving an object, all that is biz responsibility
-todo: Routes should check rights *BEFORE* they fetch the object, not after, all routes affected
-	i.e. delete route instantiates biz object, then it fetchs object from db *then* it checks if they have rights to delete (generically, not specific to that object)
-	This is out of order as it triggers a db call even if they have no rights to do it
-todo: all biz objects "ExistsAsync" is this required / necessary?
+
+
 ---
 todo: add query fail logging to datalist just like done with picklist so in production can catch mysterious problems more easily
 todo: AUTO ID GENERATOR 

server/AyaNova/Controllers/ContractController.cs

@@ -3,8 +3,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.AspNetCore.Authorization;
-
-using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Logging;
 using AyaNova.Models;
 using AyaNova.Api.ControllerHelpers;
@@ -13,7 +11,6 @@ using AyaNova.Biz;
 
 namespace AyaNova.Api.Controllers
 {
-
     [ApiController]
     [ApiVersion("8.0")]
     [Route("api/v{version:apiVersion}/[controller]")]
@@ -25,7 +22,6 @@ namespace AyaNova.Api.Controllers
         private readonly ILogger<ContractController> log;
         private readonly ApiServerState serverState;
 
-
         /// <summary>
         /// ctor
         /// </summary>
@@ -39,177 +35,116 @@ namespace AyaNova.Api.Controllers
             serverState = apiServerState;
         }
 
-
-        /// <summary>
-        /// Get full Contract object
-        /// </summary>
-        /// <param name="id"></param>
-        /// <returns>A single Contract</returns>
-        [HttpGet("{id}")]
-        public async Task<IActionResult> GetContract([FromRoute] long id)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
-            ContractBiz biz = ContractBiz.GetBiz(ct, HttpContext);
-
-            //NOTE: This is the first check and often the only check but in some cases with some objects this will also need to check biz object rules 
-            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            var o = await biz.GetAsync(id);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            // NOTE: HERE would be the second check of biz rules before returning the object
-            // in cases where there is also a business rule to affect retrieval on top of basic rights
-
-            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
-        }
-
-
-
-        /// <summary>
-        /// Put (update) Contract
-        /// </summary>
-        /// <param name="id"></param>
-        /// <param name="inObj"></param>
-        /// <returns></returns>
-        [HttpPut("{id}")]
-        public async Task<IActionResult> PutContract([FromRoute] long id, [FromBody] Contract inObj)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler       
-            ContractBiz biz = ContractBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            try
-            {
-                if (!await biz.PutAsync(o, inObj))
-                    return BadRequest(new ApiErrorResponse(biz.Errors));
-            }
-            catch (DbUpdateConcurrencyException)
-            {
-                if (!await biz.ExistsAsync(id))
-                    return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-                else
-                    return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
-            }
-            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));
-        }
-
-
         /// <summary>
         /// Create Contract
         /// </summary>
-        /// <param name="inObj"></param>
+        /// <param name="newObject"></param>
         /// <param name="apiVersion">From route path</param>
         /// <returns></returns>
         [HttpPost]
-        public async Task<IActionResult> PostContract([FromBody] Contract inObj, ApiVersion apiVersion)
+        public async Task<IActionResult> PostContract([FromBody] Contract newObject, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             ContractBiz biz = ContractBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Create and validate
-            Contract o = await biz.CreateAsync(inObj);
+            Contract o = await biz.CreateAsync(newObject);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(ContractController.GetContract), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
-
         }
 
         /// <summary>
         /// Duplicate Contract
+        /// (Wiki and Attachments are not duplicated)
         /// </summary>
-        /// <param name="id">Create a duplicate of this items id</param>
+        /// <param name="id">Source object id</param>
         /// <param name="apiVersion">From route path</param>
-        /// <returns></returns>
+        /// <returns>Contract</returns>
         [HttpPost("duplicate/{id}")]
         public async Task<IActionResult> DuplicateContract([FromRoute] long id, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             ContractBiz biz = ContractBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            var oSrc = await biz.GetAsync(id, false);
-            if (oSrc == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            //Create and validate
-            Contract o = await biz.DuplicateAsync(oSrc);
+            Contract o = await biz.DuplicateAsync(id);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(ContractController.GetContract), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
         }
 
+        /// <summary>
+        /// Get Contract
+        /// </summary>
+        /// <param name="id"></param>
+        /// <returns>Contract</returns>
+        [HttpGet("{id}")]
+        public async Task<IActionResult> GetContract([FromRoute] long id)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            ContractBiz biz = ContractBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            var o = await biz.GetAsync(id);
+            if (o == null) return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
+        }
 
+        /// <summary>
+        /// Put (update) Contract
+        /// </summary>        
+        /// <param name="updatedObject"></param>
+        /// <returns></returns>
+        [HttpPut]
+        public async Task<IActionResult> PutContract([FromBody] Contract updatedObject)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            ContractBiz biz = ContractBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            var o = await biz.PutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token 
+            if (o == null)
+            {
+                if (biz.Errors.Exists(m => m.Code == ApiErrorCode.CONCURRENCY_CONFLICT))
+                    return StatusCode(409, new ApiErrorResponse(biz.Errors));
+                else
+                    return BadRequest(new ApiErrorResponse(biz.Errors));
+            }
+            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));;
+        }
 
         /// <summary>
         /// Delete Contract
         /// </summary>
         /// <param name="id"></param>
-        /// <returns>Ok</returns>
+        /// <returns>NoContent</returns>
         [HttpDelete("{id}")]
         public async Task<IActionResult> DeleteContract([FromRoute] long id)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler
             ContractBiz biz = ContractBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
             if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!await biz.DeleteAsync(o))
+            if (!await biz.DeleteAsync(id))
                 return BadRequest(new ApiErrorResponse(biz.Errors));
-
             return NoContent();
         }
 

server/AyaNova/Controllers/HeadOfficeController.cs

@@ -3,8 +3,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.AspNetCore.Authorization;
-
-using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Logging;
 using AyaNova.Models;
 using AyaNova.Api.ControllerHelpers;
@@ -13,7 +11,6 @@ using AyaNova.Biz;
 
 namespace AyaNova.Api.Controllers
 {
-
     [ApiController]
     [ApiVersion("8.0")]
     [Route("api/v{version:apiVersion}/[controller]")]
@@ -25,7 +22,6 @@ namespace AyaNova.Api.Controllers
         private readonly ILogger<HeadOfficeController> log;
         private readonly ApiServerState serverState;
 
-
         /// <summary>
         /// ctor
         /// </summary>
@@ -39,176 +35,116 @@ namespace AyaNova.Api.Controllers
             serverState = apiServerState;
         }
 
-
-        /// <summary>
-        /// Get full HeadOffice object
-        /// </summary>
-        /// <param name="id"></param>
-        /// <returns>A single HeadOffice</returns>
-        [HttpGet("{id}")]
-        public async Task<IActionResult> GetHeadOffice([FromRoute] long id)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
-            HeadOfficeBiz biz = HeadOfficeBiz.GetBiz(ct, HttpContext);
-
-            //NOTE: This is the first check and often the only check but in some cases with some objects this will also need to check biz object rules 
-            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            var o = await biz.GetAsync(id);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            // NOTE: HERE would be the second check of biz rules before returning the object
-            // in cases where there is also a business rule to affect retrieval on top of basic rights
-
-            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
-        }
-
-
-
-        /// <summary>
-        /// Put (update) HeadOffice
-        /// </summary>
-        /// <param name="id"></param>
-        /// <param name="inObj"></param>
-        /// <returns></returns>
-        [HttpPut("{id}")]
-        public async Task<IActionResult> PutHeadOffice([FromRoute] long id, [FromBody] HeadOffice inObj)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler       
-            HeadOfficeBiz biz = HeadOfficeBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            try
-            {
-                if (!await biz.PutAsync(o, inObj))
-                    return BadRequest(new ApiErrorResponse(biz.Errors));
-            }
-            catch (DbUpdateConcurrencyException)
-            {
-                if (!await biz.ExistsAsync(id))
-                    return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-                else
-                    return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
-            }
-            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));
-        }
-
         /// <summary>
         /// Create HeadOffice
         /// </summary>
-        /// <param name="inObj"></param>
+        /// <param name="newObject"></param>
         /// <param name="apiVersion">From route path</param>
         /// <returns></returns>
         [HttpPost]
-        public async Task<IActionResult> PostHeadOffice([FromBody] HeadOffice inObj, ApiVersion apiVersion)
+        public async Task<IActionResult> PostHeadOffice([FromBody] HeadOffice newObject, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             HeadOfficeBiz biz = HeadOfficeBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Create and validate
-            HeadOffice o = await biz.CreateAsync(inObj);
+            HeadOffice o = await biz.CreateAsync(newObject);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(HeadOfficeController.GetHeadOffice), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
-
         }
 
         /// <summary>
         /// Duplicate HeadOffice
+        /// (Wiki and Attachments are not duplicated)
         /// </summary>
-        /// <param name="id">Create a duplicate of this items id</param>
+        /// <param name="id">Source object id</param>
         /// <param name="apiVersion">From route path</param>
-        /// <returns></returns>
+        /// <returns>HeadOffice</returns>
         [HttpPost("duplicate/{id}")]
         public async Task<IActionResult> DuplicateHeadOffice([FromRoute] long id, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             HeadOfficeBiz biz = HeadOfficeBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            var oSrc = await biz.GetAsync(id, false);
-            if (oSrc == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            //Create and validate
-            HeadOffice o = await biz.DuplicateAsync(oSrc);
+            HeadOffice o = await biz.DuplicateAsync(id);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(HeadOfficeController.GetHeadOffice), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
         }
 
+        /// <summary>
+        /// Get HeadOffice
+        /// </summary>
+        /// <param name="id"></param>
+        /// <returns>HeadOffice</returns>
+        [HttpGet("{id}")]
+        public async Task<IActionResult> GetHeadOffice([FromRoute] long id)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            HeadOfficeBiz biz = HeadOfficeBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            var o = await biz.GetAsync(id);
+            if (o == null) return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
+        }
 
+        /// <summary>
+        /// Put (update) HeadOffice
+        /// </summary>        
+        /// <param name="updatedObject"></param>
+        /// <returns></returns>
+        [HttpPut]
+        public async Task<IActionResult> PutHeadOffice([FromBody] HeadOffice updatedObject)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            HeadOfficeBiz biz = HeadOfficeBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            var o = await biz.PutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token 
+            if (o == null)
+            {
+                if (biz.Errors.Exists(m => m.Code == ApiErrorCode.CONCURRENCY_CONFLICT))
+                    return StatusCode(409, new ApiErrorResponse(biz.Errors));
+                else
+                    return BadRequest(new ApiErrorResponse(biz.Errors));
+            }
+            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));;
+        }
 
         /// <summary>
         /// Delete HeadOffice
         /// </summary>
         /// <param name="id"></param>
-        /// <returns>Ok</returns>
+        /// <returns>NoContent</returns>
         [HttpDelete("{id}")]
         public async Task<IActionResult> DeleteHeadOffice([FromRoute] long id)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler
             HeadOfficeBiz biz = HeadOfficeBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
             if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!await biz.DeleteAsync(o))
+            if (!await biz.DeleteAsync(id))
                 return BadRequest(new ApiErrorResponse(biz.Errors));
-
             return NoContent();
         }
 

server/AyaNova/Controllers/LoanUnitController.cs

@@ -3,8 +3,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.AspNetCore.Authorization;
-
-using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Logging;
 using AyaNova.Models;
 using AyaNova.Api.ControllerHelpers;
@@ -13,7 +11,6 @@ using AyaNova.Biz;
 
 namespace AyaNova.Api.Controllers
 {
-
     [ApiController]
     [ApiVersion("8.0")]
     [Route("api/v{version:apiVersion}/[controller]")]
@@ -25,7 +22,6 @@ namespace AyaNova.Api.Controllers
         private readonly ILogger<LoanUnitController> log;
         private readonly ApiServerState serverState;
 
-
         /// <summary>
         /// ctor
         /// </summary>
@@ -39,177 +35,116 @@ namespace AyaNova.Api.Controllers
             serverState = apiServerState;
         }
 
-
-        /// <summary>
-        /// Get full LoanUnit object
-        /// </summary>
-        /// <param name="id"></param>
-        /// <returns>A single LoanUnit</returns>
-        [HttpGet("{id}")]
-        public async Task<IActionResult> GetLoanUnit([FromRoute] long id)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
-            LoanUnitBiz biz = LoanUnitBiz.GetBiz(ct, HttpContext);
-
-            //NOTE: This is the first check and often the only check but in some cases with some objects this will also need to check biz object rules 
-            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            var o = await biz.GetAsync(id);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            // NOTE: HERE would be the second check of biz rules before returning the object
-            // in cases where there is also a business rule to affect retrieval on top of basic rights
-
-            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
-        }
-
-
-
-        /// <summary>
-        /// Put (update) LoanUnit
-        /// </summary>
-        /// <param name="id"></param>
-        /// <param name="inObj"></param>
-        /// <returns></returns>
-        [HttpPut("{id}")]
-        public async Task<IActionResult> PutLoanUnit([FromRoute] long id, [FromBody] LoanUnit inObj)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler       
-            LoanUnitBiz biz = LoanUnitBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            try
-            {
-                if (!await biz.PutAsync(o, inObj))
-                    return BadRequest(new ApiErrorResponse(biz.Errors));
-            }
-            catch (DbUpdateConcurrencyException)
-            {
-                if (!await biz.ExistsAsync(id))
-                    return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-                else
-                    return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
-            }
-            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));
-        }
-
-
         /// <summary>
         /// Create LoanUnit
         /// </summary>
-        /// <param name="inObj"></param>
+        /// <param name="newObject"></param>
         /// <param name="apiVersion">From route path</param>
         /// <returns></returns>
         [HttpPost]
-        public async Task<IActionResult> PostLoanUnit([FromBody] LoanUnit inObj, ApiVersion apiVersion)
+        public async Task<IActionResult> PostLoanUnit([FromBody] LoanUnit newObject, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             LoanUnitBiz biz = LoanUnitBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Create and validate
-            LoanUnit o = await biz.CreateAsync(inObj);
+            LoanUnit o = await biz.CreateAsync(newObject);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(LoanUnitController.GetLoanUnit), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
-
         }
 
         /// <summary>
         /// Duplicate LoanUnit
+        /// (Wiki and Attachments are not duplicated)
         /// </summary>
-        /// <param name="id">Create a duplicate of this items id</param>
+        /// <param name="id">Source object id</param>
         /// <param name="apiVersion">From route path</param>
-        /// <returns></returns>
+        /// <returns>LoanUnit</returns>
         [HttpPost("duplicate/{id}")]
         public async Task<IActionResult> DuplicateLoanUnit([FromRoute] long id, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             LoanUnitBiz biz = LoanUnitBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            var oSrc = await biz.GetAsync(id, false);
-            if (oSrc == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            //Create and validate
-            LoanUnit o = await biz.DuplicateAsync(oSrc);
+            LoanUnit o = await biz.DuplicateAsync(id);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(LoanUnitController.GetLoanUnit), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
         }
 
+        /// <summary>
+        /// Get LoanUnit
+        /// </summary>
+        /// <param name="id"></param>
+        /// <returns>LoanUnit</returns>
+        [HttpGet("{id}")]
+        public async Task<IActionResult> GetLoanUnit([FromRoute] long id)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            LoanUnitBiz biz = LoanUnitBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            var o = await biz.GetAsync(id);
+            if (o == null) return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
+        }
 
+        /// <summary>
+        /// Put (update) LoanUnit
+        /// </summary>        
+        /// <param name="updatedObject"></param>
+        /// <returns></returns>
+        [HttpPut]
+        public async Task<IActionResult> PutLoanUnit([FromBody] LoanUnit updatedObject)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            LoanUnitBiz biz = LoanUnitBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            var o = await biz.PutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token 
+            if (o == null)
+            {
+                if (biz.Errors.Exists(m => m.Code == ApiErrorCode.CONCURRENCY_CONFLICT))
+                    return StatusCode(409, new ApiErrorResponse(biz.Errors));
+                else
+                    return BadRequest(new ApiErrorResponse(biz.Errors));
+            }
+            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));;
+        }
 
         /// <summary>
         /// Delete LoanUnit
         /// </summary>
         /// <param name="id"></param>
-        /// <returns>Ok</returns>
+        /// <returns>NoContent</returns>
         [HttpDelete("{id}")]
         public async Task<IActionResult> DeleteLoanUnit([FromRoute] long id)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler
             LoanUnitBiz biz = LoanUnitBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
             if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!await biz.DeleteAsync(o))
+            if (!await biz.DeleteAsync(id))
                 return BadRequest(new ApiErrorResponse(biz.Errors));
-
             return NoContent();
         }
 

server/AyaNova/Controllers/PMTemplateController.cs

@@ -3,8 +3,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.AspNetCore.Authorization;
-
-using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Logging;
 using AyaNova.Models;
 using AyaNova.Api.ControllerHelpers;
@@ -13,7 +11,6 @@ using AyaNova.Biz;
 
 namespace AyaNova.Api.Controllers
 {
-
     [ApiController]
     [ApiVersion("8.0")]
     [Route("api/v{version:apiVersion}/[controller]")]
@@ -25,7 +22,6 @@ namespace AyaNova.Api.Controllers
         private readonly ILogger<PMTemplateController> log;
         private readonly ApiServerState serverState;
 
-
         /// <summary>
         /// ctor
         /// </summary>
@@ -39,177 +35,116 @@ namespace AyaNova.Api.Controllers
             serverState = apiServerState;
         }
 
-
-        /// <summary>
-        /// Get full PMTemplate object
-        /// </summary>
-        /// <param name="id"></param>
-        /// <returns>A single PMTemplate</returns>
-        [HttpGet("{id}")]
-        public async Task<IActionResult> GetPMTemplate([FromRoute] long id)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
-            PMTemplateBiz biz = PMTemplateBiz.GetBiz(ct, HttpContext);
-
-            //NOTE: This is the first check and often the only check but in some cases with some objects this will also need to check biz object rules 
-            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            var o = await biz.GetAsync(id);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            // NOTE: HERE would be the second check of biz rules before returning the object
-            // in cases where there is also a business rule to affect retrieval on top of basic rights
-
-            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
-        }
-
-
-
-        /// <summary>
-        /// Put (update) PMTemplate
-        /// </summary>
-        /// <param name="id"></param>
-        /// <param name="inObj"></param>
-        /// <returns></returns>
-        [HttpPut("{id}")]
-        public async Task<IActionResult> PutPMTemplate([FromRoute] long id, [FromBody] PMTemplate inObj)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler       
-            PMTemplateBiz biz = PMTemplateBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            try
-            {
-                if (!await biz.PutAsync(o, inObj))
-                    return BadRequest(new ApiErrorResponse(biz.Errors));
-            }
-            catch (DbUpdateConcurrencyException)
-            {
-                if (!await biz.ExistsAsync(id))
-                    return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-                else
-                    return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
-            }
-            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));
-        }
-
-
         /// <summary>
         /// Create PMTemplate
         /// </summary>
-        /// <param name="inObj"></param>
+        /// <param name="newObject"></param>
         /// <param name="apiVersion">From route path</param>
         /// <returns></returns>
         [HttpPost]
-        public async Task<IActionResult> PostPMTemplate([FromBody] PMTemplate inObj, ApiVersion apiVersion)
+        public async Task<IActionResult> PostPMTemplate([FromBody] PMTemplate newObject, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             PMTemplateBiz biz = PMTemplateBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Create and validate
-            PMTemplate o = await biz.CreateAsync(inObj);
+            PMTemplate o = await biz.CreateAsync(newObject);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(PMTemplateController.GetPMTemplate), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
-
         }
 
         /// <summary>
         /// Duplicate PMTemplate
+        /// (Wiki and Attachments are not duplicated)
         /// </summary>
-        /// <param name="id">Create a duplicate of this items id</param>
+        /// <param name="id">Source object id</param>
         /// <param name="apiVersion">From route path</param>
-        /// <returns></returns>
+        /// <returns>PMTemplate</returns>
         [HttpPost("duplicate/{id}")]
         public async Task<IActionResult> DuplicatePMTemplate([FromRoute] long id, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             PMTemplateBiz biz = PMTemplateBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            var oSrc = await biz.GetAsync(id, false);
-            if (oSrc == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            //Create and validate
-            PMTemplate o = await biz.DuplicateAsync(oSrc);
+            PMTemplate o = await biz.DuplicateAsync(id);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(PMTemplateController.GetPMTemplate), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
         }
 
+        /// <summary>
+        /// Get PMTemplate
+        /// </summary>
+        /// <param name="id"></param>
+        /// <returns>PMTemplate</returns>
+        [HttpGet("{id}")]
+        public async Task<IActionResult> GetPMTemplate([FromRoute] long id)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            PMTemplateBiz biz = PMTemplateBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            var o = await biz.GetAsync(id);
+            if (o == null) return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
+        }
 
+        /// <summary>
+        /// Put (update) PMTemplate
+        /// </summary>        
+        /// <param name="updatedObject"></param>
+        /// <returns></returns>
+        [HttpPut]
+        public async Task<IActionResult> PutPMTemplate([FromBody] PMTemplate updatedObject)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            PMTemplateBiz biz = PMTemplateBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            var o = await biz.PutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token 
+            if (o == null)
+            {
+                if (biz.Errors.Exists(m => m.Code == ApiErrorCode.CONCURRENCY_CONFLICT))
+                    return StatusCode(409, new ApiErrorResponse(biz.Errors));
+                else
+                    return BadRequest(new ApiErrorResponse(biz.Errors));
+            }
+            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));;
+        }
 
         /// <summary>
         /// Delete PMTemplate
         /// </summary>
         /// <param name="id"></param>
-        /// <returns>Ok</returns>
+        /// <returns>NoContent</returns>
         [HttpDelete("{id}")]
         public async Task<IActionResult> DeletePMTemplate([FromRoute] long id)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler
             PMTemplateBiz biz = PMTemplateBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
             if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!await biz.DeleteAsync(o))
+            if (!await biz.DeleteAsync(id))
                 return BadRequest(new ApiErrorResponse(biz.Errors));
-
             return NoContent();
         }
 

server/AyaNova/Controllers/PartController.cs

@@ -3,8 +3,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.AspNetCore.Authorization;
-
-using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Logging;
 using AyaNova.Models;
 using AyaNova.Api.ControllerHelpers;
@@ -13,7 +11,6 @@ using AyaNova.Biz;
 
 namespace AyaNova.Api.Controllers
 {
-
     [ApiController]
     [ApiVersion("8.0")]
     [Route("api/v{version:apiVersion}/[controller]")]
@@ -25,7 +22,6 @@ namespace AyaNova.Api.Controllers
         private readonly ILogger<PartController> log;
         private readonly ApiServerState serverState;
 
-
         /// <summary>
         /// ctor
         /// </summary>
@@ -39,177 +35,116 @@ namespace AyaNova.Api.Controllers
             serverState = apiServerState;
         }
 
-
-        /// <summary>
-        /// Get full Part object
-        /// </summary>
-        /// <param name="id"></param>
-        /// <returns>A single Part</returns>
-        [HttpGet("{id}")]
-        public async Task<IActionResult> GetPart([FromRoute] long id)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
-            PartBiz biz = PartBiz.GetBiz(ct, HttpContext);
-
-            //NOTE: This is the first check and often the only check but in some cases with some objects this will also need to check biz object rules 
-            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            var o = await biz.GetAsync(id);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            // NOTE: HERE would be the second check of biz rules before returning the object
-            // in cases where there is also a business rule to affect retrieval on top of basic rights
-
-            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
-        }
-
-
-
-        /// <summary>
-        /// Put (update) Part
-        /// </summary>
-        /// <param name="id"></param>
-        /// <param name="inObj"></param>
-        /// <returns></returns>
-        [HttpPut("{id}")]
-        public async Task<IActionResult> PutPart([FromRoute] long id, [FromBody] Part inObj)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler       
-            PartBiz biz = PartBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            try
-            {
-                if (!await biz.PutAsync(o, inObj))
-                    return BadRequest(new ApiErrorResponse(biz.Errors));
-            }
-            catch (DbUpdateConcurrencyException)
-            {
-                if (!await biz.ExistsAsync(id))
-                    return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-                else
-                    return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
-            }
-            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));
-        }
-
-
         /// <summary>
         /// Create Part
         /// </summary>
-        /// <param name="inObj"></param>
+        /// <param name="newObject"></param>
         /// <param name="apiVersion">From route path</param>
         /// <returns></returns>
         [HttpPost]
-        public async Task<IActionResult> PostPart([FromBody] Part inObj, ApiVersion apiVersion)
+        public async Task<IActionResult> PostPart([FromBody] Part newObject, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             PartBiz biz = PartBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Create and validate
-            Part o = await biz.CreateAsync(inObj);
+            Part o = await biz.CreateAsync(newObject);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(PartController.GetPart), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
-
         }
 
         /// <summary>
         /// Duplicate Part
+        /// (Wiki and Attachments are not duplicated)
         /// </summary>
-        /// <param name="id">Create a duplicate of this items id</param>
+        /// <param name="id">Source object id</param>
         /// <param name="apiVersion">From route path</param>
-        /// <returns></returns>
+        /// <returns>Part</returns>
         [HttpPost("duplicate/{id}")]
         public async Task<IActionResult> DuplicatePart([FromRoute] long id, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             PartBiz biz = PartBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            var oSrc = await biz.GetAsync(id, false);
-            if (oSrc == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            //Create and validate
-            Part o = await biz.DuplicateAsync(oSrc);
+            Part o = await biz.DuplicateAsync(id);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(PartController.GetPart), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
         }
 
+        /// <summary>
+        /// Get Part
+        /// </summary>
+        /// <param name="id"></param>
+        /// <returns>Part</returns>
+        [HttpGet("{id}")]
+        public async Task<IActionResult> GetPart([FromRoute] long id)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            PartBiz biz = PartBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            var o = await biz.GetAsync(id);
+            if (o == null) return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
+        }
 
+        /// <summary>
+        /// Put (update) Part
+        /// </summary>        
+        /// <param name="updatedObject"></param>
+        /// <returns></returns>
+        [HttpPut]
+        public async Task<IActionResult> PutPart([FromBody] Part updatedObject)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            PartBiz biz = PartBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            var o = await biz.PutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token 
+            if (o == null)
+            {
+                if (biz.Errors.Exists(m => m.Code == ApiErrorCode.CONCURRENCY_CONFLICT))
+                    return StatusCode(409, new ApiErrorResponse(biz.Errors));
+                else
+                    return BadRequest(new ApiErrorResponse(biz.Errors));
+            }
+            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));;
+        }
 
         /// <summary>
         /// Delete Part
         /// </summary>
         /// <param name="id"></param>
-        /// <returns>Ok</returns>
+        /// <returns>NoContent</returns>
         [HttpDelete("{id}")]
         public async Task<IActionResult> DeletePart([FromRoute] long id)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler
             PartBiz biz = PartBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
             if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!await biz.DeleteAsync(o))
+            if (!await biz.DeleteAsync(id))
                 return BadRequest(new ApiErrorResponse(biz.Errors));
-
             return NoContent();
         }
 

server/AyaNova/Controllers/ProjectController.cs

@@ -3,8 +3,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.AspNetCore.Authorization;
-
-using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Logging;
 using AyaNova.Models;
 using AyaNova.Api.ControllerHelpers;
@@ -13,7 +11,6 @@ using AyaNova.Biz;
 
 namespace AyaNova.Api.Controllers
 {
-
     [ApiController]
     [ApiVersion("8.0")]
     [Route("api/v{version:apiVersion}/[controller]")]
@@ -25,7 +22,6 @@ namespace AyaNova.Api.Controllers
         private readonly ILogger<ProjectController> log;
         private readonly ApiServerState serverState;
 
-
         /// <summary>
         /// ctor
         /// </summary>
@@ -39,177 +35,116 @@ namespace AyaNova.Api.Controllers
             serverState = apiServerState;
         }
 
-
-        /// <summary>
-        /// Get full Project object
-        /// </summary>
-        /// <param name="id"></param>
-        /// <returns>A single Project</returns>
-        [HttpGet("{id}")]
-        public async Task<IActionResult> GetProject([FromRoute] long id)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
-            ProjectBiz biz = ProjectBiz.GetBiz(ct, HttpContext);
-
-            //NOTE: This is the first check and often the only check but in some cases with some objects this will also need to check biz object rules 
-            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            var o = await biz.GetAsync(id);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            // NOTE: HERE would be the second check of biz rules before returning the object
-            // in cases where there is also a business rule to affect retrieval on top of basic rights
-
-            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
-        }
-
-
-
-        /// <summary>
-        /// Put (update) Project
-        /// </summary>
-        /// <param name="id"></param>
-        /// <param name="inObj"></param>
-        /// <returns></returns>
-        [HttpPut("{id}")]
-        public async Task<IActionResult> PutProject([FromRoute] long id, [FromBody] Project inObj)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler       
-            ProjectBiz biz = ProjectBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            try
-            {
-                if (!await biz.PutAsync(o, inObj))
-                    return BadRequest(new ApiErrorResponse(biz.Errors));
-            }
-            catch (DbUpdateConcurrencyException)
-            {
-                if (!await biz.ExistsAsync(id))
-                    return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-                else
-                    return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
-            }
-            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));
-        }
-
-      
         /// <summary>
         /// Create Project
         /// </summary>
-        /// <param name="inObj"></param>
+        /// <param name="newObject"></param>
         /// <param name="apiVersion">From route path</param>
         /// <returns></returns>
         [HttpPost]
-        public async Task<IActionResult> PostProject([FromBody] Project inObj, ApiVersion apiVersion)
+        public async Task<IActionResult> PostProject([FromBody] Project newObject, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             ProjectBiz biz = ProjectBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Create and validate
-            Project o = await biz.CreateAsync(inObj);
+            Project o = await biz.CreateAsync(newObject);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(ProjectController.GetProject), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
-
         }
 
         /// <summary>
         /// Duplicate Project
+        /// (Wiki and Attachments are not duplicated)
         /// </summary>
-        /// <param name="id">Create a duplicate of this items id</param>
+        /// <param name="id">Source object id</param>
         /// <param name="apiVersion">From route path</param>
-        /// <returns></returns>
+        /// <returns>Project</returns>
         [HttpPost("duplicate/{id}")]
         public async Task<IActionResult> DuplicateProject([FromRoute] long id, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             ProjectBiz biz = ProjectBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            var oSrc = await biz.GetAsync(id, false);
-            if (oSrc == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            //Create and validate
-            Project o = await biz.DuplicateAsync(oSrc);
+            Project o = await biz.DuplicateAsync(id);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(ProjectController.GetProject), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
         }
 
+        /// <summary>
+        /// Get Project
+        /// </summary>
+        /// <param name="id"></param>
+        /// <returns>Project</returns>
+        [HttpGet("{id}")]
+        public async Task<IActionResult> GetProject([FromRoute] long id)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            ProjectBiz biz = ProjectBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            var o = await biz.GetAsync(id);
+            if (o == null) return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
+        }
 
+        /// <summary>
+        /// Put (update) Project
+        /// </summary>        
+        /// <param name="updatedObject"></param>
+        /// <returns></returns>
+        [HttpPut]
+        public async Task<IActionResult> PutProject([FromBody] Project updatedObject)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            ProjectBiz biz = ProjectBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            var o = await biz.PutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token 
+            if (o == null)
+            {
+                if (biz.Errors.Exists(m => m.Code == ApiErrorCode.CONCURRENCY_CONFLICT))
+                    return StatusCode(409, new ApiErrorResponse(biz.Errors));
+                else
+                    return BadRequest(new ApiErrorResponse(biz.Errors));
+            }
+            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));;
+        }
 
         /// <summary>
         /// Delete Project
         /// </summary>
         /// <param name="id"></param>
-        /// <returns>Ok</returns>
+        /// <returns>NoContent</returns>
         [HttpDelete("{id}")]
         public async Task<IActionResult> DeleteProject([FromRoute] long id)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler
             ProjectBiz biz = ProjectBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
             if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!await biz.DeleteAsync(o))
+            if (!await biz.DeleteAsync(id))
                 return BadRequest(new ApiErrorResponse(biz.Errors));
-
             return NoContent();
         }
 

server/AyaNova/Controllers/PurchaseOrderController.cs

@@ -3,8 +3,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.AspNetCore.Authorization;
-
-using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Logging;
 using AyaNova.Models;
 using AyaNova.Api.ControllerHelpers;
@@ -13,7 +11,6 @@ using AyaNova.Biz;
 
 namespace AyaNova.Api.Controllers
 {
-
     [ApiController]
     [ApiVersion("8.0")]
     [Route("api/v{version:apiVersion}/[controller]")]
@@ -25,7 +22,6 @@ namespace AyaNova.Api.Controllers
         private readonly ILogger<PurchaseOrderController> log;
         private readonly ApiServerState serverState;
 
-
         /// <summary>
         /// ctor
         /// </summary>
@@ -39,177 +35,116 @@ namespace AyaNova.Api.Controllers
             serverState = apiServerState;
         }
 
-
-        /// <summary>
-        /// Get full PurchaseOrder object
-        /// </summary>
-        /// <param name="id"></param>
-        /// <returns>A single PurchaseOrder</returns>
-        [HttpGet("{id}")]
-        public async Task<IActionResult> GetPurchaseOrder([FromRoute] long id)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
-            PurchaseOrderBiz biz = PurchaseOrderBiz.GetBiz(ct, HttpContext);
-
-            //NOTE: This is the first check and often the only check but in some cases with some objects this will also need to check biz object rules 
-            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            var o = await biz.GetAsync(id);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            // NOTE: HERE would be the second check of biz rules before returning the object
-            // in cases where there is also a business rule to affect retrieval on top of basic rights
-
-            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
-        }
-
-
-
-        /// <summary>
-        /// Put (update) PurchaseOrder
-        /// </summary>
-        /// <param name="id"></param>
-        /// <param name="inObj"></param>
-        /// <returns></returns>
-        [HttpPut("{id}")]
-        public async Task<IActionResult> PutPurchaseOrder([FromRoute] long id, [FromBody] PurchaseOrder inObj)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler       
-            PurchaseOrderBiz biz = PurchaseOrderBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            try
-            {
-                if (!await biz.PutAsync(o, inObj))
-                    return BadRequest(new ApiErrorResponse(biz.Errors));
-            }
-            catch (DbUpdateConcurrencyException)
-            {
-                if (!await biz.ExistsAsync(id))
-                    return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-                else
-                    return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
-            }
-            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));
-        }
-
-
         /// <summary>
         /// Create PurchaseOrder
         /// </summary>
-        /// <param name="inObj"></param>
+        /// <param name="newObject"></param>
         /// <param name="apiVersion">From route path</param>
         /// <returns></returns>
         [HttpPost]
-        public async Task<IActionResult> PostPurchaseOrder([FromBody] PurchaseOrder inObj, ApiVersion apiVersion)
+        public async Task<IActionResult> PostPurchaseOrder([FromBody] PurchaseOrder newObject, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             PurchaseOrderBiz biz = PurchaseOrderBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Create and validate
-            PurchaseOrder o = await biz.CreateAsync(inObj);
+            PurchaseOrder o = await biz.CreateAsync(newObject);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(PurchaseOrderController.GetPurchaseOrder), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
-
         }
 
         /// <summary>
         /// Duplicate PurchaseOrder
+        /// (Wiki and Attachments are not duplicated)
         /// </summary>
-        /// <param name="id">Create a duplicate of this items id</param>
+        /// <param name="id">Source object id</param>
         /// <param name="apiVersion">From route path</param>
-        /// <returns></returns>
+        /// <returns>PurchaseOrder</returns>
         [HttpPost("duplicate/{id}")]
         public async Task<IActionResult> DuplicatePurchaseOrder([FromRoute] long id, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             PurchaseOrderBiz biz = PurchaseOrderBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            var oSrc = await biz.GetAsync(id, false);
-            if (oSrc == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            //Create and validate
-            PurchaseOrder o = await biz.DuplicateAsync(oSrc);
+            PurchaseOrder o = await biz.DuplicateAsync(id);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(PurchaseOrderController.GetPurchaseOrder), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
         }
 
+        /// <summary>
+        /// Get PurchaseOrder
+        /// </summary>
+        /// <param name="id"></param>
+        /// <returns>PurchaseOrder</returns>
+        [HttpGet("{id}")]
+        public async Task<IActionResult> GetPurchaseOrder([FromRoute] long id)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            PurchaseOrderBiz biz = PurchaseOrderBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            var o = await biz.GetAsync(id);
+            if (o == null) return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
+        }
 
+        /// <summary>
+        /// Put (update) PurchaseOrder
+        /// </summary>        
+        /// <param name="updatedObject"></param>
+        /// <returns></returns>
+        [HttpPut]
+        public async Task<IActionResult> PutPurchaseOrder([FromBody] PurchaseOrder updatedObject)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            PurchaseOrderBiz biz = PurchaseOrderBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            var o = await biz.PutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token 
+            if (o == null)
+            {
+                if (biz.Errors.Exists(m => m.Code == ApiErrorCode.CONCURRENCY_CONFLICT))
+                    return StatusCode(409, new ApiErrorResponse(biz.Errors));
+                else
+                    return BadRequest(new ApiErrorResponse(biz.Errors));
+            }
+            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));;
+        }
 
         /// <summary>
         /// Delete PurchaseOrder
         /// </summary>
         /// <param name="id"></param>
-        /// <returns>Ok</returns>
+        /// <returns>NoContent</returns>
         [HttpDelete("{id}")]
         public async Task<IActionResult> DeletePurchaseOrder([FromRoute] long id)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler
             PurchaseOrderBiz biz = PurchaseOrderBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
             if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!await biz.DeleteAsync(o))
+            if (!await biz.DeleteAsync(id))
                 return BadRequest(new ApiErrorResponse(biz.Errors));
-
             return NoContent();
         }
 

server/AyaNova/Controllers/UnitController.cs

@@ -3,8 +3,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.AspNetCore.Authorization;
-
-using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Logging;
 using AyaNova.Models;
 using AyaNova.Api.ControllerHelpers;
@@ -13,7 +11,6 @@ using AyaNova.Biz;
 
 namespace AyaNova.Api.Controllers
 {
-
     [ApiController]
     [ApiVersion("8.0")]
     [Route("api/v{version:apiVersion}/[controller]")]
@@ -25,7 +22,6 @@ namespace AyaNova.Api.Controllers
         private readonly ILogger<UnitController> log;
         private readonly ApiServerState serverState;
 
-
         /// <summary>
         /// ctor
         /// </summary>
@@ -39,177 +35,116 @@ namespace AyaNova.Api.Controllers
             serverState = apiServerState;
         }
 
-
-        /// <summary>
-        /// Get full Unit object
-        /// </summary>
-        /// <param name="id"></param>
-        /// <returns>A single Unit</returns>
-        [HttpGet("{id}")]
-        public async Task<IActionResult> GetUnit([FromRoute] long id)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
-            UnitBiz biz = UnitBiz.GetBiz(ct, HttpContext);
-
-            //NOTE: This is the first check and often the only check but in some cases with some objects this will also need to check biz object rules 
-            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            var o = await biz.GetAsync(id);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            // NOTE: HERE would be the second check of biz rules before returning the object
-            // in cases where there is also a business rule to affect retrieval on top of basic rights
-
-            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
-        }
-
-
-
-        /// <summary>
-        /// Put (update) Unit
-        /// </summary>
-        /// <param name="id"></param>
-        /// <param name="inObj"></param>
-        /// <returns></returns>
-        [HttpPut("{id}")]
-        public async Task<IActionResult> PutUnit([FromRoute] long id, [FromBody] Unit inObj)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler       
-            UnitBiz biz = UnitBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            try
-            {
-                if (!await biz.PutAsync(o, inObj))
-                    return BadRequest(new ApiErrorResponse(biz.Errors));
-            }
-            catch (DbUpdateConcurrencyException)
-            {
-                if (!await biz.ExistsAsync(id))
-                    return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-                else
-                    return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
-            }
-            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));
-        }
-
-
         /// <summary>
         /// Create Unit
         /// </summary>
-        /// <param name="inObj"></param>
+        /// <param name="newObject"></param>
         /// <param name="apiVersion">From route path</param>
         /// <returns></returns>
         [HttpPost]
-        public async Task<IActionResult> PostUnit([FromBody] Unit inObj, ApiVersion apiVersion)
+        public async Task<IActionResult> PostUnit([FromBody] Unit newObject, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             UnitBiz biz = UnitBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Create and validate
-            Unit o = await biz.CreateAsync(inObj);
+            Unit o = await biz.CreateAsync(newObject);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(UnitController.GetUnit), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
-
         }
 
         /// <summary>
         /// Duplicate Unit
+        /// (Wiki and Attachments are not duplicated)
         /// </summary>
-        /// <param name="id">Create a duplicate of this items id</param>
+        /// <param name="id">Source object id</param>
         /// <param name="apiVersion">From route path</param>
-        /// <returns></returns>
+        /// <returns>Unit</returns>
         [HttpPost("duplicate/{id}")]
         public async Task<IActionResult> DuplicateUnit([FromRoute] long id, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             UnitBiz biz = UnitBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            var oSrc = await biz.GetAsync(id, false);
-            if (oSrc == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            //Create and validate
-            Unit o = await biz.DuplicateAsync(oSrc);
+            Unit o = await biz.DuplicateAsync(id);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(UnitController.GetUnit), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
         }
 
+        /// <summary>
+        /// Get Unit
+        /// </summary>
+        /// <param name="id"></param>
+        /// <returns>Unit</returns>
+        [HttpGet("{id}")]
+        public async Task<IActionResult> GetUnit([FromRoute] long id)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            UnitBiz biz = UnitBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            var o = await biz.GetAsync(id);
+            if (o == null) return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
+        }
 
+        /// <summary>
+        /// Put (update) Unit
+        /// </summary>        
+        /// <param name="updatedObject"></param>
+        /// <returns></returns>
+        [HttpPut]
+        public async Task<IActionResult> PutUnit([FromBody] Unit updatedObject)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            UnitBiz biz = UnitBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            var o = await biz.PutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token 
+            if (o == null)
+            {
+                if (biz.Errors.Exists(m => m.Code == ApiErrorCode.CONCURRENCY_CONFLICT))
+                    return StatusCode(409, new ApiErrorResponse(biz.Errors));
+                else
+                    return BadRequest(new ApiErrorResponse(biz.Errors));
+            }
+            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));;
+        }
 
         /// <summary>
         /// Delete Unit
         /// </summary>
         /// <param name="id"></param>
-        /// <returns>Ok</returns>
+        /// <returns>NoContent</returns>
         [HttpDelete("{id}")]
         public async Task<IActionResult> DeleteUnit([FromRoute] long id)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler
             UnitBiz biz = UnitBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
             if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!await biz.DeleteAsync(o))
+            if (!await biz.DeleteAsync(id))
                 return BadRequest(new ApiErrorResponse(biz.Errors));
-
             return NoContent();
         }
 

server/AyaNova/Controllers/UnitModelController.cs

@@ -3,8 +3,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.AspNetCore.Authorization;
-
-using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Logging;
 using AyaNova.Models;
 using AyaNova.Api.ControllerHelpers;
@@ -13,7 +11,6 @@ using AyaNova.Biz;
 
 namespace AyaNova.Api.Controllers
 {
-
     [ApiController]
     [ApiVersion("8.0")]
     [Route("api/v{version:apiVersion}/[controller]")]
@@ -25,7 +22,6 @@ namespace AyaNova.Api.Controllers
         private readonly ILogger<UnitModelController> log;
         private readonly ApiServerState serverState;
 
-
         /// <summary>
         /// ctor
         /// </summary>
@@ -39,177 +35,116 @@ namespace AyaNova.Api.Controllers
             serverState = apiServerState;
         }
 
-
-        /// <summary>
-        /// Get full UnitModel object
-        /// </summary>
-        /// <param name="id"></param>
-        /// <returns>A single UnitModel</returns>
-        [HttpGet("{id}")]
-        public async Task<IActionResult> GetUnitModel([FromRoute] long id)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
-            UnitModelBiz biz = UnitModelBiz.GetBiz(ct, HttpContext);
-
-            //NOTE: This is the first check and often the only check but in some cases with some objects this will also need to check biz object rules 
-            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            var o = await biz.GetAsync(id);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            // NOTE: HERE would be the second check of biz rules before returning the object
-            // in cases where there is also a business rule to affect retrieval on top of basic rights
-
-            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
-        }
-
-
-
-        /// <summary>
-        /// Put (update) UnitModel
-        /// </summary>
-        /// <param name="id"></param>
-        /// <param name="inObj"></param>
-        /// <returns></returns>
-        [HttpPut("{id}")]
-        public async Task<IActionResult> PutUnitModel([FromRoute] long id, [FromBody] UnitModel inObj)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler       
-            UnitModelBiz biz = UnitModelBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            try
-            {
-                if (!await biz.PutAsync(o, inObj))
-                    return BadRequest(new ApiErrorResponse(biz.Errors));
-            }
-            catch (DbUpdateConcurrencyException)
-            {
-                if (!await biz.ExistsAsync(id))
-                    return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-                else
-                    return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
-            }
-            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));
-        }
-
-
         /// <summary>
         /// Create UnitModel
         /// </summary>
-        /// <param name="inObj"></param>
+        /// <param name="newObject"></param>
         /// <param name="apiVersion">From route path</param>
         /// <returns></returns>
         [HttpPost]
-        public async Task<IActionResult> PostUnitModel([FromBody] UnitModel inObj, ApiVersion apiVersion)
+        public async Task<IActionResult> PostUnitModel([FromBody] UnitModel newObject, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             UnitModelBiz biz = UnitModelBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Create and validate
-            UnitModel o = await biz.CreateAsync(inObj);
+            UnitModel o = await biz.CreateAsync(newObject);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(UnitModelController.GetUnitModel), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
-
         }
 
         /// <summary>
         /// Duplicate UnitModel
+        /// (Wiki and Attachments are not duplicated)
         /// </summary>
-        /// <param name="id">Create a duplicate of this items id</param>
+        /// <param name="id">Source object id</param>
         /// <param name="apiVersion">From route path</param>
-        /// <returns></returns>
+        /// <returns>UnitModel</returns>
         [HttpPost("duplicate/{id}")]
         public async Task<IActionResult> DuplicateUnitModel([FromRoute] long id, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             UnitModelBiz biz = UnitModelBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            var oSrc = await biz.GetAsync(id, false);
-            if (oSrc == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            //Create and validate
-            UnitModel o = await biz.DuplicateAsync(oSrc);
+            UnitModel o = await biz.DuplicateAsync(id);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(UnitModelController.GetUnitModel), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
         }
 
+        /// <summary>
+        /// Get UnitModel
+        /// </summary>
+        /// <param name="id"></param>
+        /// <returns>UnitModel</returns>
+        [HttpGet("{id}")]
+        public async Task<IActionResult> GetUnitModel([FromRoute] long id)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            UnitModelBiz biz = UnitModelBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            var o = await biz.GetAsync(id);
+            if (o == null) return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
+        }
 
+        /// <summary>
+        /// Put (update) UnitModel
+        /// </summary>        
+        /// <param name="updatedObject"></param>
+        /// <returns></returns>
+        [HttpPut]
+        public async Task<IActionResult> PutUnitModel([FromBody] UnitModel updatedObject)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            UnitModelBiz biz = UnitModelBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            var o = await biz.PutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token 
+            if (o == null)
+            {
+                if (biz.Errors.Exists(m => m.Code == ApiErrorCode.CONCURRENCY_CONFLICT))
+                    return StatusCode(409, new ApiErrorResponse(biz.Errors));
+                else
+                    return BadRequest(new ApiErrorResponse(biz.Errors));
+            }
+            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));;
+        }
 
         /// <summary>
         /// Delete UnitModel
         /// </summary>
         /// <param name="id"></param>
-        /// <returns>Ok</returns>
+        /// <returns>NoContent</returns>
         [HttpDelete("{id}")]
         public async Task<IActionResult> DeleteUnitModel([FromRoute] long id)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler
             UnitModelBiz biz = UnitModelBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
             if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!await biz.DeleteAsync(o))
+            if (!await biz.DeleteAsync(id))
                 return BadRequest(new ApiErrorResponse(biz.Errors));
-
             return NoContent();
         }
 

server/AyaNova/Controllers/VendorController.cs

@@ -3,8 +3,6 @@ using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.AspNetCore.Authorization;
-
-using Microsoft.EntityFrameworkCore;
 using Microsoft.Extensions.Logging;
 using AyaNova.Models;
 using AyaNova.Api.ControllerHelpers;
@@ -13,7 +11,6 @@ using AyaNova.Biz;
 
 namespace AyaNova.Api.Controllers
 {
-
     [ApiController]
     [ApiVersion("8.0")]
     [Route("api/v{version:apiVersion}/[controller]")]
@@ -25,7 +22,6 @@ namespace AyaNova.Api.Controllers
         private readonly ILogger<VendorController> log;
         private readonly ApiServerState serverState;
 
-
         /// <summary>
         /// ctor
         /// </summary>
@@ -39,177 +35,116 @@ namespace AyaNova.Api.Controllers
             serverState = apiServerState;
         }
 
-
-        /// <summary>
-        /// Get full Vendor object
-        /// </summary>
-        /// <param name="id"></param>
-        /// <returns>A single Vendor</returns>
-        [HttpGet("{id}")]
-        public async Task<IActionResult> GetVendor([FromRoute] long id)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
-            VendorBiz biz = VendorBiz.GetBiz(ct, HttpContext);
-
-            //NOTE: This is the first check and often the only check but in some cases with some objects this will also need to check biz object rules 
-            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            var o = await biz.GetAsync(id);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            // NOTE: HERE would be the second check of biz rules before returning the object
-            // in cases where there is also a business rule to affect retrieval on top of basic rights
-
-            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
-        }
-
-
-
-        /// <summary>
-        /// Put (update) Vendor
-        /// </summary>
-        /// <param name="id"></param>
-        /// <param name="inObj"></param>
-        /// <returns></returns>
-        [HttpPut("{id}")]
-        public async Task<IActionResult> PutVendor([FromRoute] long id, [FromBody] Vendor inObj)
-        {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            if (!ModelState.IsValid)
-                return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler       
-            VendorBiz biz = VendorBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            try
-            {
-                if (!await biz.PutAsync(o, inObj))
-                    return BadRequest(new ApiErrorResponse(biz.Errors));
-            }
-            catch (DbUpdateConcurrencyException)
-            {
-                if (!await biz.ExistsAsync(id))
-                    return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-                else
-                    return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
-            }
-            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));
-        }
-
-
         /// <summary>
         /// Create Vendor
         /// </summary>
-        /// <param name="inObj"></param>
+        /// <param name="newObject"></param>
         /// <param name="apiVersion">From route path</param>
         /// <returns></returns>
         [HttpPost]
-        public async Task<IActionResult> PostVendor([FromBody] Vendor inObj, ApiVersion apiVersion)
+        public async Task<IActionResult> PostVendor([FromBody] Vendor newObject, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             VendorBiz biz = VendorBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Create and validate
-            Vendor o = await biz.CreateAsync(inObj);
+            Vendor o = await biz.CreateAsync(newObject);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(VendorController.GetVendor), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
-
         }
 
         /// <summary>
         /// Duplicate Vendor
+        /// (Wiki and Attachments are not duplicated)
         /// </summary>
-        /// <param name="id">Create a duplicate of this items id</param>
+        /// <param name="id">Source object id</param>
         /// <param name="apiVersion">From route path</param>
-        /// <returns></returns>
+        /// <returns>Vendor</returns>
         [HttpPost("duplicate/{id}")]
         public async Task<IActionResult> DuplicateVendor([FromRoute] long id, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
-            //Instantiate the business object handler
             VendorBiz biz = VendorBiz.GetBiz(ct, HttpContext);
-
-            //If a user has change roles
             if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            var oSrc = await biz.GetAsync(id, false);
-            if (oSrc == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
-            //Create and validate
-            Vendor o = await biz.DuplicateAsync(oSrc);
+            Vendor o = await biz.DuplicateAsync(id);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
             else
                 return CreatedAtAction(nameof(VendorController.GetVendor), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
-
         }
 
+        /// <summary>
+        /// Get Vendor
+        /// </summary>
+        /// <param name="id"></param>
+        /// <returns>Vendor</returns>
+        [HttpGet("{id}")]
+        public async Task<IActionResult> GetVendor([FromRoute] long id)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            VendorBiz biz = VendorBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            var o = await biz.GetAsync(id);
+            if (o == null) return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
+        }
 
+        /// <summary>
+        /// Put (update) Vendor
+        /// </summary>        
+        /// <param name="updatedObject"></param>
+        /// <returns></returns>
+        [HttpPut]
+        public async Task<IActionResult> PutVendor([FromBody] Vendor updatedObject)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            VendorBiz biz = VendorBiz.GetBiz(ct, HttpContext);
+            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+            var o = await biz.PutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token 
+            if (o == null)
+            {
+                if (biz.Errors.Exists(m => m.Code == ApiErrorCode.CONCURRENCY_CONFLICT))
+                    return StatusCode(409, new ApiErrorResponse(biz.Errors));
+                else
+                    return BadRequest(new ApiErrorResponse(biz.Errors));
+            }
+            return Ok(ApiOkResponse.Response(new { Concurrency = o.Concurrency }, true));;
+        }
 
         /// <summary>
         /// Delete Vendor
         /// </summary>
         /// <param name="id"></param>
-        /// <returns>Ok</returns>
+        /// <returns>NoContent</returns>
         [HttpDelete("{id}")]
         public async Task<IActionResult> DeleteVendor([FromRoute] long id)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
-
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
-
-            //Instantiate the business object handler
             VendorBiz biz = VendorBiz.GetBiz(ct, HttpContext);
-
-            var o = await biz.GetAsync(id, false);
-            if (o == null)
-                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-
             if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
-
-            if (!await biz.DeleteAsync(o))
+            if (!await biz.DeleteAsync(id))
                 return BadRequest(new ApiErrorResponse(biz.Errors));
-
             return NoContent();
         }