admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2020-12-07 16:19:47 +00:00
parent 79049cb9e6
commit f25706b02e
1 changed files with 43 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

68
server/AyaNova/Controllers/UserController.cs
View File

@@ -61,23 +61,30 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
{
//Also used for Contacts (customer type user or ho type user)
//by users with no User right so further biz rule required depending on usertype
//this is just phase 1
bool AllowedOutsideUser = Authorized.HasReadFullRole(HttpContext.Items, AyaType.Customer);
bool AllowedInsideUser = Authorized.HasReadFullRole(HttpContext.Items, AyaType.User);
if (!AllowedOutsideUser && !AllowedInsideUser)
return StatusCode(403, new ApiNotAuthorizedResponse());
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
var o = await biz.GetAsync(id);
if (o == null)
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
bool IsOutsideUser = (o.UserType == UserType.Customer || o.UserType == UserType.HeadOffice);
if (IsOutsideUser && !AllowedOutsideUser)
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!IsOutsideUser && !AllowedInsideUser)
return StatusCode(403, new ApiNotAuthorizedResponse());
return Ok(ApiOkResponse.Response(o));
}
@@ -97,8 +104,13 @@ namespace AyaNova.Api.Controllers
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
//Also used for Contacts (customer type user or ho type user)
//by users with no User right so further biz rule required depending on usertype
//this is just phase 1
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.User) && !Authorized.HasModifyRole(HttpContext.Items, AyaType.Customer))
return StatusCode(403, new ApiNotAuthorizedResponse());
var o = await biz.PutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token
if (o == null)
{
@@ -126,27 +138,21 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
//If a user has change roles
if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
{
//Also used for Contacts (customer type user or ho type user)
//by users with no User right so further biz rule required depending on usertype
//this is just phase 1
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.User) && !Authorized.HasCreateRole(HttpContext.Items, AyaType.Customer))
return StatusCode(403, new ApiNotAuthorizedResponse());
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
//Create and validate
dtUser o = await biz.CreateAsync(inObj);
if (o == null)
{
//error return
return BadRequest(new ApiErrorResponse(biz.Errors));
}
else
{
@@ -170,8 +176,14 @@ namespace AyaNova.Api.Controllers
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
//Also used for Contacts (customer type user or ho type user)
//by users with no User right so further biz rule required depending on usertype
//this is just phase 1
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.User) && !Authorized.HasCreateRole(HttpContext.Items, AyaType.Customer))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
User o = await biz.DuplicateAsync(id);
@@ -195,8 +207,14 @@ namespace AyaNova.Api.Controllers
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
if (!Authorized.HasDeleteRole(HttpContext.Items, biz.BizType))
//Also used for Contacts (customer type user or ho type user)
//by users with no User right so further biz rule required depending on usertype
//this is just phase 1
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.User) && !Authorized.HasDeleteRole(HttpContext.Items, AyaType.Customer))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!await biz.DeleteAsync(id))
return BadRequest(new ApiErrorResponse(biz.Errors));
return NoContent();
@@ -295,7 +313,7 @@ namespace AyaNova.Api.Controllers
return Ok(ApiOkResponse.Response(ret));
}
/// <summary>
/// <summary>
/// Get list of HeadOffice Contact Users
/// (Rights to HeadOffice object required)
/// </summary>
@@ -347,7 +365,7 @@ namespace AyaNova.Api.Controllers
return Ok(ApiOkResponse.Response(u.UserType != UserType.Customer && u.UserType != UserType.HeadOffice));
}
//------------