admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2018-12-14 19:45:53 +00:00
parent 0da38fb1db
commit f245b68efc
3 changed files with 31 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
devdocs/todo.txt
View File

@@ -68,13 +68,6 @@ TODO CLIENT STUFF
---------------- ----------------
TODO SERVER STUFF TODO SERVER STUFF
- ProcessObjectKeywords improvement
-Should just be able to pass the object to be processed to a method that will automatically find the Name field and all text fields and process it accordingly
- May need a hint if there isn't a specific "Name" field but that's probably so rare that can just leave that out and continue the old way for any object without a Name
- Do these after doing the above as it may be all that's required for them anyway:
- WidgetBiz Create / CreateAsync share much the same code, move redundancies to common method
- This object will be replicated repeatedly so it always pays to clean it up more and more
- WidgetBiz Put/Patch also share nearly the same process keywords code, so move to common method!!
- Delete user should delete private datafilters - Delete user should delete private datafilters
- Did I code how to handle implications of user delete anywhere yet?? - Did I code how to handle implications of user delete anywhere yet??

99
server/AyaNova/biz/UserBiz.cs
View File

@@ -547,98 +547,23 @@ namespace AyaNova.Biz
//Can delete? //Can delete?
private void ValidateCanDelete(User inObj) private void ValidateCanDelete(User inObj)
{ {
//TODO: Validate can delete a user
//TODO: handle all the related tables that require deletion
//whatever needs to be check to delete this object
/* V7 code related to this for reference
#region Direct delete //To make this simple and avoid a whole host of issues and work
Criteria crit = (Criteria)Criteria; //I've decided that a user can't be deleted if they have *any* activity in the event log
if(crit.ID==User.AdministratorID || crit.ID==User.CurrentThreadUserID) //this way a newly created user can be deleted before they do any real work still to cover a scenario where a user
//makes a user but then doesn't need it or did it wrong
//This avoids the whole issues related to having to check every table everywhere for their work and
//the associated fuckery with trying to back them out of those tables without knock-on effects
//They can always make any user inactive to get rid of them and it will mean referential integrity issues are not there
//There's only one rule - have they done anything eventlog worthy yet?
if (ct.Event.Select(m => m).Where(m => m.OwnerId == inObj.Id).Count() > 0)
{ {
throw new System.Security.SecurityException( AddError(ValidationErrorType.InvalidOperation, "user", "[E_ACTIVE_NOT_DELETABLE] This user shows activity in the database and can not be deleted. Set inactive instead.");
string.Format( return;
LocalizedTextTable.GetLocalizedTextDirect("Error.Security.NotAuthorizedToDelete"),
LocalizedTextTable.GetLocalizedTextDirect("O.User")));
} }
//CHANGE: 14-March-2006 reorganized this and added more items to delete so that a user can
//actually be deleted
//Delete user and child objects
DBCommandWrapper cmDeleteUser = DBUtil.GetCommandFromSQL("DELETE FROM aUser WHERE aID = @ID;");
cmDeleteUser.AddInParameter("@ID",DbType.Guid,crit.ID);
DBCommandWrapper cmDeleteUserCertificationAssigned = DBUtil.GetCommandFromSQL("DELETE FROM aUserCertificationAssigned WHERE aUserID = @ID;");
cmDeleteUserCertificationAssigned.AddInParameter("@ID",DbType.Guid,crit.ID);
DBCommandWrapper cmDeleteUserSkillAssigned = DBUtil.GetCommandFromSQL("DELETE FROM aUserSkillAssigned WHERE aUserID = @ID;");
cmDeleteUserSkillAssigned.AddInParameter("@ID",DbType.Guid,crit.ID);
DBCommandWrapper cmDeleteUserExplorerBarLayout = DBUtil.GetCommandFromSQL("DELETE FROM aUIExplorerBarLayout WHERE aUserID = @ID;");
cmDeleteUserExplorerBarLayout.AddInParameter("@ID",DbType.Guid,crit.ID);
DBCommandWrapper cmDeleteUserGridLayout = DBUtil.GetCommandFromSQL("DELETE FROM aUIGridLayout WHERE aUserID = @ID;");
cmDeleteUserGridLayout.AddInParameter("@ID",DbType.Guid,crit.ID);
DBCommandWrapper cmDeleteUserFormSetting = DBUtil.GetCommandFromSQL("DELETE FROM aUIUserFormSetting WHERE aUserID = @ID;");
cmDeleteUserFormSetting.AddInParameter("@ID",DbType.Guid,crit.ID);
DBCommandWrapper cmDeleteUserGridLastView = DBUtil.GetCommandFromSQL("DELETE FROM aUIUserGridLastView WHERE aUserID = @ID;");
cmDeleteUserGridLastView.AddInParameter("@ID", DbType.Guid, crit.ID);
DBCommandWrapper cmDeleteDeliveries = DBUtil.GetCommandFromSQL("DELETE FROM aNotifyDeliverySetting WHERE aUserID = @ID;");
cmDeleteDeliveries.AddInParameter("@ID", DbType.Guid, crit.ID);
using (IDbConnection connection = DBUtil.DB.GetConnection())
{
connection.Open();
IDbTransaction transaction = connection.BeginTransaction();
try
{
//Added: 16-Nov-2006 to clear out notification subscriptions when user
//is deleted
NotifySubscriptions.DeleteItems(crit.ID, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUserGridLastView, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUserGridLayout, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUserFormSetting, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUserExplorerBarLayout, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUserCertificationAssigned, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUserSkillAssigned, transaction);
//Added:16-Nov-2006
DBUtil.DB.ExecuteNonQuery(cmDeleteDeliveries, transaction);
DBUtil.DB.ExecuteNonQuery(cmDeleteUser, transaction);
DBUtil.RemoveKeywords(transaction,RootObjectTypes.User,crit.ID);
DBUtil.RemoveDocs(transaction,RootObjectTypes.User,crit.ID);
// Commit the transaction
transaction.Commit();
}
catch
{
// Rollback transaction
transaction.Rollback();
throw;
}
finally
{
connection.Close();
}
}
#endregion
*/
} }

16
test/raven-integration/User/UserCrud.cs
View File

@@ -89,6 +89,18 @@ namespace raven_integration
} }
/// <summary>
///
/// </summary>
[Fact]
public async void UserWithActivityShouldNotBeDeleteable()
{
ApiResponse a = await Util.DeleteAsync("User/1", await Util.GetTokenAsync("manager", "l3tm3in"));
Util.ValidateErrorCodeResponse(a, 2200, 400);
a.ObjectResponse["error"]["details"][0]["message"].Value<string>().Should().Contain("[E_ACTIVE_NOT_DELETABLE]");
}
/// <summary> /// <summary>
/// Test not found /// Test not found
/// </summary> /// </summary>
@@ -454,8 +466,8 @@ namespace raven_integration
for (int i = 0; i < ItemCount - 1; i++) for (int i = 0; i < ItemCount - 1; i++)
{ {
var firstName = a.ObjectResponse["data"][i]["name"].Value<string>().Replace(" ",""); var firstName = a.ObjectResponse["data"][i]["name"].Value<string>().Replace(" ", "");
var secondName = a.ObjectResponse["data"][i + 1]["name"].Value<string>().Replace(" ",""); var secondName = a.ObjectResponse["data"][i + 1]["name"].Value<string>().Replace(" ", "");
int comparison = String.Compare(firstName, secondName, comparisonType: StringComparison.OrdinalIgnoreCase); int comparison = String.Compare(firstName, secondName, comparisonType: StringComparison.OrdinalIgnoreCase);
comparison.Should().BeNegative(); comparison.Should().BeNegative();
} }