diff --git a/devdocs/todo.txt b/devdocs/todo.txt index 9fefe849..572b7b5e 100644 --- a/devdocs/todo.txt +++ b/devdocs/todo.txt @@ -4,7 +4,8 @@ eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJpYXQiOiIxNTcxODU5OTU0IiwiZXhwIjoiMTU3MjQ ## IMMEDIATE ITEMS - +Need to add separate role for mini to datalist because mini is used for picklists and everyone sb able to fetch a picklist in most cases but not the full list in some cases +Need to use the authorizationroles already set up for the lists so that I'm not duplicating effort Make up the USER datalists diff --git a/server/AyaNova/Controllers/DataListController.cs b/server/AyaNova/Controllers/DataListController.cs index eaab3222..6f21ec07 100644 --- a/server/AyaNova/Controllers/DataListController.cs +++ b/server/AyaNova/Controllers/DataListController.cs @@ -62,7 +62,7 @@ namespace AyaNova.Api.Controllers ApiPagedResponse pr = await DataListFetcher.GetResponse(listOptions.DataListKey, ct, Url, nameof(List), listOptions, UserId, UserRoles); return Ok(new ApiOkWithPagingResponse(pr)); } - catch (System.NotSupportedException) + catch (System.UnauthorizedAccessException) { return StatusCode(403, new ApiNotAuthorizedResponse()); } diff --git a/server/AyaNova/DataList/AyaDataList.cs b/server/AyaNova/DataList/AyaDataList.cs index eddb8997..0d2c4a79 100644 --- a/server/AyaNova/DataList/AyaDataList.cs +++ b/server/AyaNova/DataList/AyaDataList.cs @@ -20,7 +20,8 @@ namespace AyaNova.DataList public string SQLFrom { get; set; } public List FieldDefinitions { get; set; } - public AuthorizationRoles AllowedRoles { get; set; } + public AuthorizationRoles FullListAllowedRoles { get; set; } + public AuthorizationRoles MiniListAllowedRoles { get; set; } public AyaType DefaultListObjectType { get; set; } public string ListKey { get; set; } public string DefaultDataListDisplayTemplate { get; set; } diff --git a/server/AyaNova/DataList/DataListFetcher.cs b/server/AyaNova/DataList/DataListFetcher.cs index 287fc0fa..995e489a 100644 --- a/server/AyaNova/DataList/DataListFetcher.cs +++ b/server/AyaNova/DataList/DataListFetcher.cs @@ -26,9 +26,15 @@ namespace AyaNova.DataList } //check rights - if (!UserRoles.HasAnyFlags(DataList.AllowedRoles)) + if (listOptions.Mini) + { + if (!UserRoles.HasAnyFlags(DataList.MiniListAllowedRoles)) + throw new System.UnauthorizedAccessException("User roles insufficient for this mini format datalist"); + } + else { - throw new System.NotSupportedException("User roles insufficient for this datalist"); + if (!UserRoles.HasAnyFlags(DataList.FullListAllowedRoles)) + throw new System.UnauthorizedAccessException("User roles insufficient for this full format datalist"); } //FETCH DATALISTTEMPLATE HERE OR USE DEFAULT IF FAULTY OR NOT FOUND diff --git a/server/AyaNova/DataList/IAyaDataList.cs b/server/AyaNova/DataList/IAyaDataList.cs index 86f1d140..ce335fa4 100644 --- a/server/AyaNova/DataList/IAyaDataList.cs +++ b/server/AyaNova/DataList/IAyaDataList.cs @@ -13,8 +13,12 @@ namespace AyaNova.DataList //List of fields for this object List FieldDefinitions { get; set; } - //allowed roles to access this list - AuthorizationRoles AllowedRoles { get; set; } + //allowed roles to access the full list templated fields + AuthorizationRoles FullListAllowedRoles { get; set; } + + //allowed roles to access mini list templated fields + AuthorizationRoles MiniListAllowedRoles { get; set; } + //Default object type to open for rows of this list (use no object if no) AyaType DefaultListObjectType { get; set; } diff --git a/server/AyaNova/DataList/TestWidgetDataList.cs b/server/AyaNova/DataList/TestWidgetDataList.cs index a96dae57..9ef053da 100644 --- a/server/AyaNova/DataList/TestWidgetDataList.cs +++ b/server/AyaNova/DataList/TestWidgetDataList.cs @@ -9,7 +9,8 @@ namespace AyaNova.DataList { ListKey = nameof(TestWidgetDataList); SQLFrom = "from awidget left outer join auser on (awidget.userid=auser.id)"; - AllowedRoles = AuthorizationRoles.AllInternalStaff;//anyone but clients and subcontractors (just for test) + FullListAllowedRoles = AuthorizationRoles.AllInternalStaff;//anyone but clients and subcontractors (just for test) + MiniListAllowedRoles = AuthorizationRoles.All;//anyone (so can select on forms) DefaultListObjectType = AyaType.Widget; DefaultDataListDisplayTemplate = @" { diff --git a/server/AyaNova/DataList/TestWidgetUserEmailDataList.cs b/server/AyaNova/DataList/TestWidgetUserEmailDataList.cs index 1b24017b..7fe52314 100644 --- a/server/AyaNova/DataList/TestWidgetUserEmailDataList.cs +++ b/server/AyaNova/DataList/TestWidgetUserEmailDataList.cs @@ -17,7 +17,8 @@ namespace AyaNova.DataList { ListKey = nameof(TestWidgetUserEmailDataList); SQLFrom = "from awidget left outer join auser on (awidget.userid=auser.id) left outer join auseroptions on (auser.id=auseroptions.userid)"; - AllowedRoles = AuthorizationRoles.AllInternalStaff;//anyone but clients and subcontractors (just for test) + FullListAllowedRoles = AuthorizationRoles.AllInternalStaff;//anyone but clients and subcontractors (just for test) + MiniListAllowedRoles = AuthorizationRoles.All;//anyone (so can select on forms) DefaultListObjectType = AyaType.Widget; DefaultDataListDisplayTemplate = @" { diff --git a/server/AyaNova/DataList/UserDataList.cs b/server/AyaNova/DataList/UserDataList.cs new file mode 100644 index 00000000..2d102b7a --- /dev/null +++ b/server/AyaNova/DataList/UserDataList.cs @@ -0,0 +1,127 @@ +using System.Collections.Generic; +using AyaNova.Biz; +namespace AyaNova.DataList +{ + internal class UserDataList : AyaDataList + { + + public UserDataList() + { + ListKey = nameof(UserDataList); + SQLFrom = "from auser"; + FullListAllowedRoles = AuthorizationRoles.AllInternalStaff;//anyone but clients and subcontractors (just for test) + MiniListAllowedRoles = AuthorizationRoles.All;//anyone (so can select on forms) + DefaultListObjectType = AyaType.Widget; + DefaultDataListDisplayTemplate = @" + { + ""full"":[""widgetname"",""widgetserial"",""widgetdollaramount"",""widgetroles"",""widgetstartdate"",""widgetactive"",""username""], + ""mini"":[""widgetname"",""widgetserial""] + } + "; + + //NOTE: Due to the join, all the sql id and name fields that can conflict with the joined (in this case User) table need to be specified completely + FieldDefinitions = new List(); + FieldDefinitions.Add(new AyaDataListFieldDefinition { FieldKey = "df", AyaObjectType = (int)AyaType.Widget, SqlIdColumnName = "awidget.id" }); + FieldDefinitions.Add(new AyaDataListFieldDefinition + { + LtKey = "WidgetName", + FieldKey = "widgetname", + UiFieldDataType = (int)AyaUiFieldDataType.Text, + SqlIdColumnName = "awidget.id", + SqlValueColumnName = "awidget.name" + }); + FieldDefinitions.Add(new AyaDataListFieldDefinition + { + LtKey = "WidgetSerial", + FieldKey = "widgetserial", + UiFieldDataType = (int)AyaUiFieldDataType.Integer, + SqlValueColumnName = "awidget.serial" + }); + FieldDefinitions.Add(new AyaDataListFieldDefinition + { + LtKey = "WidgetDollarAmount", + FieldKey = "widgetdollaramount", + UiFieldDataType = (int)AyaUiFieldDataType.Currency, + SqlValueColumnName = "awidget.dollaramount" + }); + FieldDefinitions.Add(new AyaDataListFieldDefinition + { + LtKey = "WidgetCount", + FieldKey = "widgetcount", + UiFieldDataType = (int)AyaUiFieldDataType.Integer, + SqlValueColumnName = "awidget.count" + }); + FieldDefinitions.Add(new AyaDataListFieldDefinition + { + LtKey = "WidgetRoles", + FieldKey = "widgetroles", + UiFieldDataType = (int)AyaUiFieldDataType.Enum, + EnumType = typeof(AuthorizationRoles).ToString(), + SqlValueColumnName = "awidget.roles" + }); + FieldDefinitions.Add(new AyaDataListFieldDefinition + { + LtKey = "WidgetStartDate", + FieldKey = "widgetstartdate", + UiFieldDataType = (int)AyaUiFieldDataType.DateTime, + SqlValueColumnName = "awidget.startdate" + }); + FieldDefinitions.Add(new AyaDataListFieldDefinition + { + LtKey = "WidgetEndDate", + FieldKey = "widgetenddate", + UiFieldDataType = (int)AyaUiFieldDataType.DateTime, + SqlValueColumnName = "awidget.enddate" + }); + FieldDefinitions.Add(new AyaDataListFieldDefinition + { + LtKey = "WidgetNotes", + FieldKey = "widgetnotes", + UiFieldDataType = (int)AyaUiFieldDataType.Text, + SqlValueColumnName = "awidget.notes" + }); + + //FieldDefinitions.Add(new AyaDataListFieldDefinition { LtKey = "User", FieldKey = "userid", UiFieldDataType = (int)AyaUiFieldDataType.Text, AyaObjectType = (int)AyaType.User }); + FieldDefinitions.Add(new AyaDataListFieldDefinition + { + FieldKey = "username", + LtKey = "User", + UiFieldDataType = (int)AyaUiFieldDataType.Text, + AyaObjectType = (int)AyaType.User, + SqlIdColumnName = "auser.id", + SqlValueColumnName = "auser.name" + }); + FieldDefinitions.Add(new AyaDataListFieldDefinition + { + LtKey = "Active", + FieldKey = "widgetactive", + UiFieldDataType = (int)AyaUiFieldDataType.Bool, + SqlValueColumnName = "awidget.active" + }); + FieldDefinitions.Add(new AyaDataListFieldDefinition + { + LtKey = "Tags", + FieldKey = "widgettags", + UiFieldDataType = (int)AyaUiFieldDataType.Tags, + SqlValueColumnName = "awidget.tags" + }); + + FieldDefinitions.Add(new AyaDataListFieldDefinition { LtKey = "WidgetCustom1", FieldKey = "widgetcustom1", IsCustomField = true }); + FieldDefinitions.Add(new AyaDataListFieldDefinition { LtKey = "WidgetCustom2", FieldKey = "widgetcustom2", IsCustomField = true }); + FieldDefinitions.Add(new AyaDataListFieldDefinition { LtKey = "WidgetCustom3", FieldKey = "widgetcustom3", IsCustomField = true }); + FieldDefinitions.Add(new AyaDataListFieldDefinition { LtKey = "WidgetCustom4", FieldKey = "widgetcustom4", IsCustomField = true }); + FieldDefinitions.Add(new AyaDataListFieldDefinition { LtKey = "WidgetCustom5", FieldKey = "widgetcustom5", IsCustomField = true }); + FieldDefinitions.Add(new AyaDataListFieldDefinition { LtKey = "WidgetCustom6", FieldKey = "widgetcustom6", IsCustomField = true }); + FieldDefinitions.Add(new AyaDataListFieldDefinition { LtKey = "WidgetCustom7", FieldKey = "widgetcustom7", IsCustomField = true }); + FieldDefinitions.Add(new AyaDataListFieldDefinition { LtKey = "WidgetCustom8", FieldKey = "widgetcustom8", IsCustomField = true }); + FieldDefinitions.Add(new AyaDataListFieldDefinition { LtKey = "WidgetCustom9", FieldKey = "widgetcustom9", IsCustomField = true }); + FieldDefinitions.Add(new AyaDataListFieldDefinition { LtKey = "WidgetCustom10", FieldKey = "widgetcustom10", IsCustomField = true }); + FieldDefinitions.Add(new AyaDataListFieldDefinition { LtKey = "WidgetCustom11", FieldKey = "widgetcustom11", IsCustomField = true }); + FieldDefinitions.Add(new AyaDataListFieldDefinition { LtKey = "WidgetCustom12", FieldKey = "widgetcustom12", IsCustomField = true }); + FieldDefinitions.Add(new AyaDataListFieldDefinition { LtKey = "WidgetCustom13", FieldKey = "widgetcustom13", IsCustomField = true }); + FieldDefinitions.Add(new AyaDataListFieldDefinition { LtKey = "WidgetCustom14", FieldKey = "widgetcustom14", IsCustomField = true }); + FieldDefinitions.Add(new AyaDataListFieldDefinition { LtKey = "WidgetCustom15", FieldKey = "widgetcustom15", IsCustomField = true }); + FieldDefinitions.Add(new AyaDataListFieldDefinition { LtKey = "WidgetCustom16", FieldKey = "widgetcustom16", IsCustomField = true }); + } + }//eoc +}//eons \ No newline at end of file