2020-04-28 18:58:38 +00:00
parent 8d4af9bc4e
commit f5f2c6c2a4
5 changed files with 62 additions and 14 deletions
--- a/server/AyaNova/Controllers/EventLogController.cs
+++ b/server/AyaNova/Controllers/EventLogController.cs
@@ -107,14 +107,14 @@ namespace AyaNova.Api.Controllers
        /// <param name="apiVersion">Automatically filled from route path, no need to specify in body</param>
        /// <returns></returns>
        [ApiExplorerSettings(IgnoreApi = true)]
-        [HttpPost]
+        [HttpPost("v7")]
        public async Task<IActionResult> PostV7Modify([FromBody] V7Event inObj, ApiVersion apiVersion)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));

-            //Only biz admin full users can do this
-            if (!Authorized.HasAnyRole(HttpContext.Items, AuthorizationRoles.BizAdminFull))
+           //NOTE: only bizadmin full and opsadminfull have this right so it's perfect for this task
+            if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.License))           
                return StatusCode(403, new ApiNotAuthorizedResponse());

            if (!ModelState.IsValid)
--- a/server/AyaNova/Controllers/LicenseController.cs
+++ b/server/AyaNova/Controllers/LicenseController.cs
@@ -183,6 +183,52 @@ namespace AyaNova.Api.Controllers
            return Ok(ApiOkResponse.Response(ret, true));
        }

+
+
+
+        /// <summary>
+        /// Permanently erase all data and all attachments
+        /// 
+        /// Posting to this route causes AyaNova completely erase all data in it's database and erase all attachment files
+        /// returning the database to an empty state
+        ///
+        /// The only items retained are the Manager account and the license key
+        ///  
+        /// (Only *the* Manager account can use this route)
+        /// </summary>
+        /// <param name="acceptCode">Must be "I understand"</param>
+        /// <returns>HTTP 204 No Content result code on success or fail code with explanation</returns>
+        [HttpPost("PermanentlyEraseAllData")]
+        public async Task<IActionResult> RemoveAllData([FromBody] string acceptCode)
+        {
+            if (serverState.IsClosed)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+                
+            long UserId = UserIdFromContext.Id(HttpContext.Items);
+
+            //Manager only and must have accept code
+            if (UserId != 1 || string.IsNullOrWhiteSpace(acceptCode) || acceptCode.ToLowerInvariant() != "i understand")
+                return StatusCode(403, new ApiNotAuthorizedResponse());
+
+
+
+            //empty the db
+            await AyaNova.Util.DbUtil.EmptyBizDataFromDatabaseForSeedingOrImportingAsync(log);
+
+            //Log
+            await EventLogProcessor.LogEventToDatabaseAsync(new Event(1, 0, AyaType.License, AyaEvent.EraseAllData), ct);
+
+            return NoContent();
+        }
+
+
+
+
+
+
        //------------------------------------------------------

        public class dtoTrialRequestData