From f245b68efc0f565f9b6c8a08d19382d604598915 Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Fri, 14 Dec 2018 19:45:53 +0000
Subject: [PATCH]

---
 devdocs/todo.txt                        |   9 +--
 server/AyaNova/biz/UserBiz.cs           | 103 ++++--------------------
 test/raven-integration/User/UserCrud.cs |  20 ++++-
 3 files changed, 31 insertions(+), 101 deletions(-)

diff --git a/devdocs/todo.txt b/devdocs/todo.txt
index b094d98d..5f6c2e44 100644
--- a/devdocs/todo.txt
+++ b/devdocs/todo.txt
@@ -68,14 +68,7 @@ TODO CLIENT STUFF
 ----------------
 
 TODO SERVER STUFF
-	- ProcessObjectKeywords improvement
-		-Should just be able to pass the object to be processed to a method that will automatically find the Name field and all text fields and process it accordingly
-		- May need a hint if there isn't a specific "Name" field but that's probably so rare that can just leave that out and continue the old way for any object without a Name
-	- Do these after doing the above as it may be all that's required for them anyway:
-		- WidgetBiz Create / CreateAsync share much the same code, move redundancies to common method
-			- This object will be replicated repeatedly so it always pays to clean it up more and more
-		- WidgetBiz Put/Patch also share nearly the same process keywords code, so move to common method!!
-
+	
 	- Delete user should delete private datafilters
 		- Did I code how to handle implications of user delete anywhere yet??
 	- LOG File names, when logs are rotated, I'm seeing the number 18 and 17 in the devops log file rotated names?!  Shouldn't it just be 1 to 3 or something, will that number keep growing infinitely?
diff --git a/server/AyaNova/biz/UserBiz.cs b/server/AyaNova/biz/UserBiz.cs
index bb2b68a0..bdf462ae 100644
--- a/server/AyaNova/biz/UserBiz.cs
+++ b/server/AyaNova/biz/UserBiz.cs
@@ -227,7 +227,7 @@ namespace AyaNova.Biz
 
 
         //get picklist (paged)
-       internal ApiPagedResponse<NameIdItem> GetPickList(IUrlHelper Url, string routeName, PagingOptions pagingOptions)
+        internal ApiPagedResponse<NameIdItem> GetPickList(IUrlHelper Url, string routeName, PagingOptions pagingOptions)
         {
             // pagingOptions.Offset = pagingOptions.Offset ?? PagingOptions.DefaultOffset;
             // pagingOptions.Limit = pagingOptions.Limit ?? PagingOptions.DefaultLimit;
@@ -547,97 +547,22 @@ namespace AyaNova.Biz
         //Can delete?
         private void ValidateCanDelete(User inObj)
         {
-            //TODO: Validate can delete a user
-            //TODO: handle all the related tables that require deletion
-            //whatever needs to be check to delete this object
-
-            /* V7 code related to this for reference
-            
-            	#region Direct delete
-			Criteria crit = (Criteria)Criteria;
-			if(crit.ID==User.AdministratorID || crit.ID==User.CurrentThreadUserID)
-			{
-				throw new System.Security.SecurityException(
-					string.Format(
-					LocalizedTextTable.GetLocalizedTextDirect("Error.Security.NotAuthorizedToDelete"),
-					LocalizedTextTable.GetLocalizedTextDirect("O.User")));
-			}
-
-			//CHANGE: 14-March-2006  reorganized this and added more items to delete so that a user can 
-			//actually be deleted
-
-			//Delete user and child objects
-			DBCommandWrapper cmDeleteUser = DBUtil.GetCommandFromSQL("DELETE FROM aUser WHERE aID = @ID;");
-			cmDeleteUser.AddInParameter("@ID",DbType.Guid,crit.ID);
-
-			DBCommandWrapper cmDeleteUserCertificationAssigned = DBUtil.GetCommandFromSQL("DELETE FROM aUserCertificationAssigned WHERE aUserID = @ID;");
-			cmDeleteUserCertificationAssigned.AddInParameter("@ID",DbType.Guid,crit.ID);
-
-			DBCommandWrapper cmDeleteUserSkillAssigned = DBUtil.GetCommandFromSQL("DELETE FROM aUserSkillAssigned WHERE aUserID = @ID;");
-			cmDeleteUserSkillAssigned.AddInParameter("@ID",DbType.Guid,crit.ID);
-					
-			DBCommandWrapper cmDeleteUserExplorerBarLayout = DBUtil.GetCommandFromSQL("DELETE FROM aUIExplorerBarLayout WHERE aUserID = @ID;");
-			cmDeleteUserExplorerBarLayout.AddInParameter("@ID",DbType.Guid,crit.ID);
-					
-			DBCommandWrapper cmDeleteUserGridLayout = DBUtil.GetCommandFromSQL("DELETE FROM aUIGridLayout WHERE aUserID = @ID;");
-			cmDeleteUserGridLayout.AddInParameter("@ID",DbType.Guid,crit.ID);
-
-			DBCommandWrapper cmDeleteUserFormSetting = DBUtil.GetCommandFromSQL("DELETE FROM aUIUserFormSetting WHERE aUserID = @ID;");
-			cmDeleteUserFormSetting.AddInParameter("@ID",DbType.Guid,crit.ID);
-
-            DBCommandWrapper cmDeleteUserGridLastView = DBUtil.GetCommandFromSQL("DELETE FROM aUIUserGridLastView WHERE aUserID = @ID;");
-            cmDeleteUserGridLastView.AddInParameter("@ID", DbType.Guid, crit.ID);
-           
-            DBCommandWrapper cmDeleteDeliveries = DBUtil.GetCommandFromSQL("DELETE FROM aNotifyDeliverySetting WHERE aUserID = @ID;");
-            cmDeleteDeliveries.AddInParameter("@ID", DbType.Guid, crit.ID);
-	
-
-			using (IDbConnection connection = DBUtil.DB.GetConnection())
-			{
-				connection.Open();
-				IDbTransaction transaction = connection.BeginTransaction();
-
-				try
-				{
-                    //Added: 16-Nov-2006 to clear out notification subscriptions when user 
-                    //is deleted
-                    NotifySubscriptions.DeleteItems(crit.ID, transaction);
-
-                    DBUtil.DB.ExecuteNonQuery(cmDeleteUserGridLastView, transaction);
-					DBUtil.DB.ExecuteNonQuery(cmDeleteUserGridLayout, transaction);
-					DBUtil.DB.ExecuteNonQuery(cmDeleteUserFormSetting, transaction);
-					DBUtil.DB.ExecuteNonQuery(cmDeleteUserExplorerBarLayout, transaction);
-					DBUtil.DB.ExecuteNonQuery(cmDeleteUserCertificationAssigned, transaction);
-					DBUtil.DB.ExecuteNonQuery(cmDeleteUserSkillAssigned, transaction);
-
-                    //Added:16-Nov-2006
-                    DBUtil.DB.ExecuteNonQuery(cmDeleteDeliveries, transaction);
 
 
-					DBUtil.DB.ExecuteNonQuery(cmDeleteUser, transaction);
-					DBUtil.RemoveKeywords(transaction,RootObjectTypes.User,crit.ID);
-					DBUtil.RemoveDocs(transaction,RootObjectTypes.User,crit.ID);
-					
-					// Commit the transaction
-					transaction.Commit();
-							
-				}
-				catch
-				{
-					// Rollback transaction 
-					transaction.Rollback();
-					throw;
-				}
-				finally
-				{
-					connection.Close();
-				}
-			}
+            //To make this simple and avoid a whole host of issues and work
+            //I've decided that a user can't be deleted if they have *any* activity in the event log
+            //this way a newly created user can be deleted before they do any real work still to cover a scenario where a user
+            //makes a user but then doesn't need it or did it wrong
+            //This avoids the whole issues related to having to check every table everywhere for their work and 
+            //the associated fuckery with trying to back them out of those tables without knock-on effects
+            //They can always make any user inactive to get rid of them and it will mean referential integrity issues are not there
 
-
-			#endregion
-		
-             */
+            //There's only one rule - have they done anything eventlog worthy yet?
+            if (ct.Event.Select(m => m).Where(m => m.OwnerId == inObj.Id).Count() > 0)
+            {
+                AddError(ValidationErrorType.InvalidOperation, "user", "[E_ACTIVE_NOT_DELETABLE] This user shows activity in the database and can not be deleted.  Set inactive instead.");
+                return;
+            }
 
         }
 
diff --git a/test/raven-integration/User/UserCrud.cs b/test/raven-integration/User/UserCrud.cs
index ba6dface..4a30cde2 100644
--- a/test/raven-integration/User/UserCrud.cs
+++ b/test/raven-integration/User/UserCrud.cs
@@ -89,6 +89,18 @@ namespace raven_integration
         }
 
 
+        /// <summary>
+        /// 
+        /// </summary>       
+        [Fact]
+        public async void UserWithActivityShouldNotBeDeleteable()
+        {
+            ApiResponse a = await Util.DeleteAsync("User/1", await Util.GetTokenAsync("manager", "l3tm3in"));
+            Util.ValidateErrorCodeResponse(a, 2200, 400);
+            a.ObjectResponse["error"]["details"][0]["message"].Value<string>().Should().Contain("[E_ACTIVE_NOT_DELETABLE]");
+        }
+
+
         /// <summary>
         /// Test not found
         /// </summary>       
@@ -436,7 +448,7 @@ namespace raven_integration
         }
 
 
- /// <summary>
+        /// <summary>
         /// 
         /// </summary>
         [Fact]
@@ -454,8 +466,8 @@ namespace raven_integration
 
             for (int i = 0; i < ItemCount - 1; i++)
             {
-                var firstName = a.ObjectResponse["data"][i]["name"].Value<string>().Replace(" ","");
-                var secondName = a.ObjectResponse["data"][i + 1]["name"].Value<string>().Replace(" ","");
+                var firstName = a.ObjectResponse["data"][i]["name"].Value<string>().Replace(" ", "");
+                var secondName = a.ObjectResponse["data"][i + 1]["name"].Value<string>().Replace(" ", "");
                 int comparison = String.Compare(firstName, secondName, comparisonType: StringComparison.OrdinalIgnoreCase);
                 comparison.Should().BeNegative();
             }
@@ -504,7 +516,7 @@ namespace raven_integration
 
             d = new JObject();
             d.name = Util.Uniquify(NameStart);
-           d.active = false;
+            d.active = false;
             d.login = Util.Uniquify("LOGIN");
             d.password = Util.Uniquify("PASSWORD");
             d.roles = 0;//norole