admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2020-05-07 18:44:56 +00:00
parent f2c6002ac3
commit ea3e5fee2f
4 changed files with 98 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files

141
server/AyaNova/Controllers/WorkOrderController.cs
View File

@@ -237,16 +237,16 @@ namespace AyaNova.Api.Controllers
//but maybe handy? Like do I need delete on entire woitems collection?
//WorkOrder/{woid}/WorkorderItems <- all workorderitems, post to add new, put to update all as a collection
//WorkOrder/{woid}/WorkOrderItems/{woitemid} <- CRUD single woitemid
//https://docs.microsoft.com/en-us/azure/architecture/best-practices/api-design#define-operations-in-terms-of-http-methods
/*
Resource POST GET PUT DELETE
/customers Create a new customer Retrieve all customers Bulk update of customers Remove all customers
/customers/1 Error Retrieve the details for customer 1 Update the details of customer 1 if it exists Remove customer 1
/customers/1/orders Create a new order for customer 1 Retrieve all orders for customer 1 Bulk update of orders for customer 1 Remove all orders for customer 1
*/
//https://docs.microsoft.com/en-us/azure/architecture/best-practices/api-design#define-operations-in-terms-of-http-methods
/*
Resource POST GET PUT DELETE
/customers Create a new customer Retrieve all customers Bulk update of customers Remove all customers
/customers/1 Error Retrieve the details for customer 1 Update the details of customer 1 if it exists Remove customer 1
/customers/1/orders Create a new order for customer 1 Retrieve all orders for customer 1 Bulk update of orders for customer 1 Remove all orders for customer 1
*/
//So Post into a collection means create one item in that collection, never a whole collection being created at once
//GET PUT and DELETE on a collecdtion always mean the entire collection, POST is the outlier here
//So Post into a collection means create one item in that collection, never a whole collection being created at once
//GET PUT and DELETE on a collecdtion always mean the entire collection, POST is the outlier here
// /// <summary>
@@ -363,19 +363,53 @@ Resource POST GET PUT DELETE
//TODO: I can see adding or updating a collection of workorderitems but not deleting an entire collection
/// <summary>
/// Create WorkOrderItem
/// </summary>
/// <param name="newObject"></param>
/// <param name="apiVersion">Automatically filled from route path, no need to specify in body</param>
/// <returns></returns>
[HttpPost("/items")]
public async Task<IActionResult> PostWorkOrderItem([FromBody] WorkOrderItem newObject, ApiVersion apiVersion)
{
//NOTE: we don't need the workorder id in the route because the workorder item must contain the workorder id anyway
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
//Instantiate the business object handler
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
//If a user has change roles
if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
// //Create and validate
// WorkOrderItem o = await biz.CreateAsync(newObject);
// if (o == null)
// return BadRequest(new ApiErrorResponse(biz.Errors));
// else
// return CreatedAtAction(nameof(WorkOrderController.GetWorkOrder), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o));
return NoContent();
}
/// <summary>
/// Delete WorkOrderItem
/// </summary>
/// <param name="workOrderId"></param>
/// </summary>
/// <param name="workOrderItemId"></param>
/// <returns>Ok-no content</returns>
[HttpDelete("{WorkOrderId}/items/{WorkOrderItemId}")]
public async Task<IActionResult> DeleteWorkOrderItem([FromRoute] long workOrderId, [FromRoute] long workOrderItemId)
[HttpDelete("/items/{WorkOrderItemId}")]
public async Task<IActionResult> DeleteWorkOrderItem([FromRoute] long workOrderItemId)
{
//NOTE: we don't need the workorder id in the route because the workorder item must contain the workorder id anyway
//WorkOrder/{woid}/WorkorderItems <- all workorderitems, post to add new, put to update all as a collection
//WorkOrder/{WorkOrderId}/WorkorderItems
if (!serverState.IsOpen)
@@ -390,12 +424,17 @@ Resource POST GET PUT DELETE
if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
var o = await biz.GetAsync(workOrderId, false);
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
//Make sure the item exists first before getting into it
if (!o.WorkorderItems.Exists(m => m.Id == workOrderItemId))
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
//*******************************************************************************
//NOTE: I'm thinking there should be no db access in controller
//let the biz object return not found if necessary
//*******************************************************************************
// var o = await biz.GetAsync(workOrderId, false);
// if (o == null)
// return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
// //Make sure the item exists first before getting into it
// if (!o.WorkorderItems.Exists(m => m.Id == workOrderItemId))
// return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
@@ -416,13 +455,11 @@ Resource POST GET PUT DELETE
/// <summary>
/// Delete WorkOrderItemLabor
/// </summary>
/// <param name="workOrderId"></param>
/// <param name="workOrderItemId"></param>
/// </summary>
/// <param name="workOrderItemLaborId"></param>
/// <returns>Ok-no content</returns>
[HttpDelete("{WorkOrderId}/items/{WorkOrderItemId}/labors/{WorkOrderItemLaborId}")]
public async Task<IActionResult> DeleteWorkOrderItemLabor([FromRoute] long workOrderId, [FromRoute] long workOrderItemId, [FromRoute] long workOrderItemLaborId)
[HttpDelete("/items/labors/{WorkOrderItemLaborId}")]
public async Task<IActionResult> DeleteWorkOrderItemLabor([FromRoute] long workOrderItemLaborId)
{
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
@@ -436,19 +473,25 @@ Resource POST GET PUT DELETE
if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
var o = await biz.GetAsync(workOrderId, false);
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
//*******************************************************************************
//NOTE: I'm thinking there should be no db access in controller
//let the biz object return not found if necessary
//*******************************************************************************
//Get WorkorderItem
var woitem = o.WorkorderItems.FirstOrDefault(m => m.Id == workOrderItemId);
if (woitem == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
//Get WorkOrderItemLabor
var woitemlabor = woitem.WorkorderItemLabors.FirstOrDefault(m => m.Id == workOrderItemLaborId);
if (woitem == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
// var o = await biz.GetAsync(workOrderId, false);
// if (o == null)
// return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
// //Get WorkorderItem
// var woitem = o.WorkorderItems.FirstOrDefault(m => m.Id == workOrderItemId);
// if (woitem == null)
// return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
// //Get WorkOrderItemLabor
// var woitemlabor = woitem.WorkorderItemLabors.FirstOrDefault(m => m.Id == workOrderItemLaborId);
// if (woitem == null)
// return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
@@ -466,13 +509,11 @@ Resource POST GET PUT DELETE
/// <summary>
/// Delete WorkOrderItemPart
/// </summary>
/// <param name="workOrderId"></param>
/// <param name="workOrderItemId"></param>
/// </summary>
/// <param name="workOrderItemPartId"></param>
/// <returns>Ok-no content</returns>
[HttpDelete("{WorkOrderId}/items/{WorkOrderItemId}/parts/{WorkOrderItemPartId}")]
public async Task<IActionResult> DeleteWorkOrderItemPart([FromRoute] long workOrderId, [FromRoute] long workOrderItemId, [FromRoute] long workOrderItemPartId)
[HttpDelete("/items/parts/{WorkOrderItemPartId}")]
public async Task<IActionResult> DeleteWorkOrderItemPart([FromRoute] long workOrderItemPartId)
{
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
@@ -486,12 +527,18 @@ Resource POST GET PUT DELETE
if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
var o = await biz.GetAsync(workOrderId, false);
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
//Make sure the item exists first before getting into it
if (!o.WorkorderItems.Exists(m => m.Id == workOrderItemId))
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
//*******************************************************************************
//NOTE: I'm thinking there should be no db access in controller
//let the biz object return not found if necessary
//*******************************************************************************
// var o = await biz.GetAsync(workOrderId, false);
// if (o == null)
// return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
// //Make sure the item exists first before getting into it
// if (!o.WorkorderItems.Exists(m => m.Id == workOrderItemId))
// return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));

2
server/AyaNova/biz/AyaType.cs
View File

@@ -96,7 +96,7 @@ namespace AyaNova.Biz
//AyaNova.Biz.BizObjectNameFetcherDIRECT
//and in the CLIENT in ayatype.js
//and need TRANSLATION KEYS because any type could show in the event log at teh client end
//and need TRANSLATION KEYS because any type could show in the event log at the client end
}

4
server/AyaNova/biz/BizRoles.cs
View File

@@ -366,7 +366,7 @@ namespace AyaNova.Biz
{
Change = AuthorizationRoles.BizAdminFull | AuthorizationRoles.OpsAdminFull,
//Anyone can read it because they need to to open a form, but also in UI
//only the bizadminlimited actually gets a link to see teh customization page
//only the bizadminlimited actually gets a link to see the customization page
ReadFullRecord = AuthorizationRoles.All
});
@@ -390,7 +390,7 @@ namespace AyaNova.Biz
//Only BizAdminFull can modify forms
Change = AuthorizationRoles.BizAdminFull,
//Anyone can read it because they need to to open a form, but also in UI
//only the bizadminlimited actually gets a link to see teh customization page
//only the bizadminlimited actually gets a link to see the customization page
ReadFullRecord = AuthorizationRoles.All
});