admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2018-12-14 19:45:53 +00:00
parent 0da38fb1db
commit f245b68efc
3 changed files with 31 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
devdocs/todo.txt
View File

@@ -68,14 +68,7 @@ TODO CLIENT STUFF
----------------
TODO SERVER STUFF
- ProcessObjectKeywords improvement
-Should just be able to pass the object to be processed to a method that will automatically find the Name field and all text fields and process it accordingly
- May need a hint if there isn't a specific "Name" field but that's probably so rare that can just leave that out and continue the old way for any object without a Name
- Do these after doing the above as it may be all that's required for them anyway:
- WidgetBiz Create / CreateAsync share much the same code, move redundancies to common method
- This object will be replicated repeatedly so it always pays to clean it up more and more
- WidgetBiz Put/Patch also share nearly the same process keywords code, so move to common method!!
- Delete user should delete private datafilters
- Did I code how to handle implications of user delete anywhere yet??
- LOG File names, when logs are rotated, I'm seeing the number 18 and 17 in the devops log file rotated names?! Shouldn't it just be 1 to 3 or something, will that number keep growing infinitely?

103
server/AyaNova/biz/UserBiz.cs
View File

@@ -227,7 +227,7 @@ namespace AyaNova.Biz
//get picklist (paged)
internal ApiPagedResponse<NameIdItem> GetPickList(IUrlHelper Url, string routeName, PagingOptions pagingOptions)
internal ApiPagedResponse<NameIdItem> GetPickList(IUrlHelper Url, string routeName, PagingOptions pagingOptions)
{
// pagingOptions.Offset = pagingOptions.Offset ?? PagingOptions.DefaultOffset;
// pagingOptions.Limit = pagingOptions.Limit ?? PagingOptions.DefaultLimit;
@@ -547,97 +547,22 @@ namespace AyaNova.Biz
//Can delete?
private void ValidateCanDelete(User inObj)
{
//TODO: Validate can delete a user
//TODO: handle all the related tables that require deletion
//whatever needs to be check to delete this object
/* V7 code related to this for reference
#region Direct delete
Criteria crit = (Criteria)Criteria;
if(crit.ID==User.AdministratorID || crit.ID==User.CurrentThreadUserID)
{
throw new System.Security.SecurityException(
string.Format(
LocalizedTextTable.GetLocalizedTextDirect("Error.Security.NotAuthorizedToDelete"),
LocalizedTextTable.GetLocalizedTextDirect("O.User")));
}
//CHANGE: 14-March-2006 reorganized this and added more items to delete so that a user can
//actually be deleted
//Delete user and child objects
DBCommandWrapper cmDeleteUser = DBUtil.GetCommandFromSQL("DELETE FROM aUser WHERE aID = @ID;");
cmDeleteUser.AddInParameter("@ID",DbType.Guid,crit.ID);
DBCommandWrapper cmDeleteUserCertificationAssigned = DBUtil.GetCommandFromSQL("DELETE FROM aUserCertificationAssigned WHERE aUserID = @ID;");
cmDeleteUserCertificationAssigned.AddInParameter("@ID",DbType.Guid,crit.ID);
DBCommandWrapper cmDeleteUserSkillAssigned = DBUtil.GetCommandFromSQL("DELETE FROM aUserSkillAssigned WHERE aUserID = @ID;");
cmDeleteUserSkillAssigned.AddInParameter("@ID",DbType.Guid,crit.ID);
DBCommandWrapper cmDeleteUserExplorerBarLayout = DBUtil.GetCommandFromSQL("DELETE FROM aUIExplorerBarLayout WHERE aUserID = @ID;");
cmDeleteUserExplorerBarLayout.AddInParameter("@ID",DbType.Guid,crit.ID);
DBCommandWrapper cmDeleteUserGridLayout = DBUtil.GetCommandFromSQL("DELETE FROM aUIGridLayout WHERE aUserID = @ID;");
cmDeleteUserGridLayout.AddInParameter("@ID",DbType.Guid,crit.ID);
DBCommandWrapper cmDeleteUserFormSetting = DBUtil.GetCommandFromSQL("DELETE FROM aUIUserFormSetting WHERE aUserID = @ID;");
cmDeleteUserFormSetting.AddInParameter("@ID",DbType.Guid,crit.ID);
DBCommandWrapper cmDeleteUserGridLastView = DBUtil.GetCommandFromSQL("DELETE FROM aUIUserGridLastView WHERE aUserID = @ID;");
cmDeleteUserGridLastView.AddInParameter("@ID", DbType.Guid, crit.ID);
DBCommandWrapper cmDeleteDeliveries = DBUtil.GetCommandFromSQL("DELETE FROM aNotifyDeliverySetting WHERE aUserID = @ID;");
cmDeleteDeliveries.AddInParameter("@ID", DbType.Guid, crit.ID);
using (IDbConnection connection = DBUtil.DB.GetConnection())
{
connection.Open();
IDbTransaction transaction = connection.BeginTransaction();
try
{
//Added: 16-Nov-2006 to clear out notification subscriptions when user
//is deleted
NotifySubscriptions.DeleteItems(crit.ID, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUserGridLastView, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUserGridLayout, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUserFormSetting, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUserExplorerBarLayout, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUserCertificationAssigned, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUserSkillAssigned, transaction);
//Added:16-Nov-2006
DBUtil.DB.ExecuteNonQuery(cmDeleteDeliveries, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUser, transaction);
DBUtil.RemoveKeywords(transaction,RootObjectTypes.User,crit.ID);
DBUtil.RemoveDocs(transaction,RootObjectTypes.User,crit.ID);
// Commit the transaction
transaction.Commit();
}
catch
{
// Rollback transaction
transaction.Rollback();
throw;
}
finally
{
connection.Close();
}
}
//To make this simple and avoid a whole host of issues and work
//I've decided that a user can't be deleted if they have *any* activity in the event log
//this way a newly created user can be deleted before they do any real work still to cover a scenario where a user
//makes a user but then doesn't need it or did it wrong
//This avoids the whole issues related to having to check every table everywhere for their work and
//the associated fuckery with trying to back them out of those tables without knock-on effects
//They can always make any user inactive to get rid of them and it will mean referential integrity issues are not there
#endregion
*/
//There's only one rule - have they done anything eventlog worthy yet?
if (ct.Event.Select(m => m).Where(m => m.OwnerId == inObj.Id).Count() > 0)
{
AddError(ValidationErrorType.InvalidOperation, "user", "[E_ACTIVE_NOT_DELETABLE] This user shows activity in the database and can not be deleted. Set inactive instead.");
return;
}
}

20
test/raven-integration/User/UserCrud.cs
View File

@@ -89,6 +89,18 @@ namespace raven_integration
}
/// <summary>
///
/// </summary>
[Fact]
public async void UserWithActivityShouldNotBeDeleteable()
{
ApiResponse a = await Util.DeleteAsync("User/1", await Util.GetTokenAsync("manager", "l3tm3in"));
Util.ValidateErrorCodeResponse(a, 2200, 400);
a.ObjectResponse["error"]["details"][0]["message"].Value<string>().Should().Contain("[E_ACTIVE_NOT_DELETABLE]");
}
/// <summary>
/// Test not found
/// </summary>
@@ -436,7 +448,7 @@ namespace raven_integration
}
/// <summary>
/// <summary>
///
/// </summary>
[Fact]
@@ -454,8 +466,8 @@ namespace raven_integration
for (int i = 0; i < ItemCount - 1; i++)
{
var firstName = a.ObjectResponse["data"][i]["name"].Value<string>().Replace(" ","");
var secondName = a.ObjectResponse["data"][i + 1]["name"].Value<string>().Replace(" ","");
var firstName = a.ObjectResponse["data"][i]["name"].Value<string>().Replace(" ", "");
var secondName = a.ObjectResponse["data"][i + 1]["name"].Value<string>().Replace(" ", "");
int comparison = String.Compare(firstName, secondName, comparisonType: StringComparison.OrdinalIgnoreCase);
comparison.Should().BeNegative();
}
@@ -504,7 +516,7 @@ namespace raven_integration
d = new JObject();
d.name = Util.Uniquify(NameStart);
d.active = false;
d.active = false;
d.login = Util.Uniquify("LOGIN");
d.password = Util.Uniquify("PASSWORD");
d.roles = 0;//norole