2020-04-28 18:58:38 +00:00
parent 8d4af9bc4e
commit f5f2c6c2a4
5 changed files with 62 additions and 14 deletions
--- a/server/AyaNova/Controllers/EventLogController.cs
+++ b/server/AyaNova/Controllers/EventLogController.cs
@@ -107,14 +107,14 @@ namespace AyaNova.Api.Controllers
        /// <param name="apiVersion">Automatically filled from route path, no need to specify in body</param>
        /// <returns></returns>
        [ApiExplorerSettings(IgnoreApi = true)]
-        [HttpPost]
+        [HttpPost("v7")]
        public async Task<IActionResult> PostV7Modify([FromBody] V7Event inObj, ApiVersion apiVersion)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

-            //Only biz admin full users can do this
-            if (!Authorized.HasAnyRole(HttpContext.Items, AuthorizationRoles.BizAdminFull))
+           //NOTE: only bizadmin full and opsadminfull have this right so it's perfect for this task
+            if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.License))           
                return StatusCode(403, new ApiNotAuthorizedResponse());

            if (!ModelState.IsValid)
--- a/server/AyaNova/Controllers/LicenseController.cs
+++ b/server/AyaNova/Controllers/LicenseController.cs
@@ -183,6 +183,52 @@ namespace AyaNova.Api.Controllers
            return Ok(ApiOkResponse.Response(ret, true));
        }

+
+
+
+        /// <summary>
+        /// Permanently erase all data and all attachments
+        /// 
+        /// Posting to this route causes AyaNova completely erase all data in it's database and erase all attachment files
+        /// returning the database to an empty state
+        ///
+        /// The only items retained are the Manager account and the license key
+        ///  
+        /// (Only *the* Manager account can use this route)
+        /// </summary>
+        /// <param name="acceptCode">Must be "I understand"</param>
+        /// <returns>HTTP 204 No Content result code on success or fail code with explanation</returns>
+        [HttpPost("PermanentlyEraseAllData")]
+        public async Task<IActionResult> RemoveAllData([FromBody] string acceptCode)
+        {
+            if (serverState.IsClosed)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+                
+            long UserId = UserIdFromContext.Id(HttpContext.Items);
+
+            //Manager only and must have accept code
+            if (UserId != 1 || string.IsNullOrWhiteSpace(acceptCode) || acceptCode.ToLowerInvariant() != "i understand")
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+
+
+
+            //empty the db
+            await AyaNova.Util.DbUtil.EmptyBizDataFromDatabaseForSeedingOrImportingAsync(log);
+
+            //Log
+            await EventLogProcessor.LogEventToDatabaseAsync(new Event(1, 0, AyaType.License, AyaEvent.EraseAllData), ct);
+
+            return NoContent();
+        }
+
+
+
+
+
+
        //------------------------------------------------------

        public class dtoTrialRequestData
--- a/server/AyaNova/biz/AyaEvent.cs
+++ b/server/AyaNova/biz/AyaEvent.cs
@@ -23,7 +23,8 @@ namespace AyaNova.Biz
        LicenseTrialRequest=8,
        ServerStateChange=9,
        SeedDatabase=10,
-        AttachmentModified=11
+        AttachmentModified=11,
+        EraseAllData=12

        //NEW ITEMS REQUIRE translation KEYS and update CLIENT ay-history.vue code in eventypes list and translation fetcher

--- a/server/AyaNova/biz/UserBiz.cs
+++ b/server/AyaNova/biz/UserBiz.cs
@@ -629,15 +629,16 @@ namespace AyaNova.Biz
                        i.Notes = j["Notes"].Value<string>();

                        //TAGS
-                        var MemberOfGroupId = new Guid(j["MemberOfGroup"].Value<string>());
-                        if (MemberOfGroupId != Guid.Empty)
-                        {
-                            string sTag = string.Empty;
-                            if (tagLists["ScheduleableUserGroup"].TryGetValue(MemberOfGroupId, out sTag))
-                            {
-                                i.Tags.Add(sTag);
-                            }
-                        }
+                        //member of group is actually security group not sched user group so this was wrong anyway but moot now
+                        // var MemberOfGroupId = new Guid(j["MemberOfGroup"].Value<string>());
+                        // if (MemberOfGroupId != Guid.Empty)
+                        // {
+                        //     string sTag = string.Empty;
+                        //     if (tagLists["ScheduleableUserGroup"].TryGetValue(MemberOfGroupId, out sTag))
+                        //     {
+                        //         i.Tags.Add(sTag);
+                        //     }
+                        // }

                        var RegionID = new Guid(j["RegionID"].Value<string>());
                        if (RegionID != Guid.Empty)
--- a/server/AyaNova/util/DbUtil.cs
+++ b/server/AyaNova/util/DbUtil.cs
@@ -289,7 +289,7 @@ namespace AyaNova.Util
                await EraseTableAsync("awidget", conn);
                await EraseTableAsync("aevent", conn);
                await EraseTableAsync("adatalistview", conn);
-              //  await EraseTableAsync("adatalisttemplate", conn);
+                await EraseTableAsync("apicklisttemplate", conn);
                await EraseTableAsync("aformcustom", conn);
                await EraseTableAsync("asearchkey", conn);
                await EraseTableAsync("asearchdictionary", conn);