using System.Linq; using System.Threading.Tasks; using Microsoft.EntityFrameworkCore; using Microsoft.Extensions.Logging; using EnumsNET; using AyaNova.Util; using AyaNova.Api.ControllerHelpers; using AyaNova.Models; using System; using Newtonsoft.Json.Linq; using System.Collections.Generic; using Newtonsoft.Json; namespace AyaNova.Biz { internal class UserBiz : BizObject, IJobObject, ISearchAbleObject, IReportAbleObject, IExportAbleObject, IImportAbleObject, INotifiableObject { internal UserBiz(AyContext dbcontext, long currentUserId, long userTranslationId, AuthorizationRoles userRoles) { ct = dbcontext; UserId = currentUserId; UserTranslationId = userTranslationId; CurrentUserRoles = userRoles; BizType = AyaType.User; } //This is where active tech license consumers are accounted for // internal static async Task ActiveTechUserCountAsync() // { // using (AyContext ct = ServiceProviderProvider.DBContext) // { // var ret = await ct.User.AsNoTracking().Where(z => z.Active == true && ( // z.UserType == UserType.Service || // z.UserType == UserType.ServiceContractor)).LongCountAsync(); // return ret; // } // } //This is where SUBSCRIPTION AND PERPETUAL active internal (non customer) license consumers are accounted for internal static async Task ActiveInternalUserCountAsync() { using (AyContext ct = ServiceProviderProvider.DBContext) { //all users who are not the superuser, active and not a customer or headoffice //NOTE: AllowLogin is not counted here like it is with a Customer login account, we don't care, active is all that matters for license //consumption var ret = await ct.User.AsNoTracking().Where(z => z.Id != 1 && z.Active == true && ( z.UserType != UserType.Customer && z.UserType != UserType.HeadOffice)).LongCountAsync(); return ret; } } //This is where SUBSCRIPTION active CUSTOMER CONTACT license consumers are accounted for //NOTE: AllowLogin is checked here in addition to Active because we only care about potential LOGIN users here as they consume rental / subscription server resources internal static async Task ActiveCustomerContactUserCountAsync() { using (AyContext ct = ServiceProviderProvider.DBContext) { //all users who are customer or head office, active and have a login name set var ret = await ct.User.AsNoTracking().Where(z => z.AllowLogin == true && z.Active == true && ( z.UserType == UserType.Customer || z.UserType == UserType.HeadOffice)).LongCountAsync(); return ret; } } //check for active status of user //used by notification processing and others internal static async Task UserIsActive(long userId) { using (AyContext ct = ServiceProviderProvider.DBContext) { return await ct.User.AsNoTracking().Where(z => z.Id == userId).Select(z => z.Active).FirstAsync(); } } //Called by license processor in case customer has downgraded the number of internal user licenses so that key install doesn't fail internal static async Task DeActivateExcessiveInternallUsers(long KeepThisManyActiveInternalUsers, ILogger _log) { //case 4578 several modifications to this from prior existing function before switching to license by any internal users not just tech var TotalActiveInternalUsers = await ActiveInternalUserCountAsync(); int CountOfUsersToSetInactive = (int)(TotalActiveInternalUsers - KeepThisManyActiveInternalUsers); if (CountOfUsersToSetInactive < 1) return; await NotifyEventHelper.AddOpsProblemEvent($"New license is a downgrade with fewer Users - deactivating {CountOfUsersToSetInactive} least recently logged in Users automatically so the license can be installed"); using (AyContext ct = ServiceProviderProvider.DBContext) { //Algorithm: For deactivation favor ones that have no login records and finally favor by oldest last login //theory is to catch the least likely to be currently active user so least affected var InsideUserCanLoginByLastLoginList = await ct.User.Where(z => z.Id != 1 && z.Active == true && ( z.UserType != UserType.Customer && z.UserType != UserType.HeadOffice)).OrderBy(z => z.LastLogin).ToListAsync(); //iterate users and set to inactive preferring the least likely to be affected users //first do the ones that have never logged in foreach (User u in InsideUserCanLoginByLastLoginList) { if (CountOfUsersToSetInactive > 0 && u.LastLogin == null) { u.Active = false; CountOfUsersToSetInactive--; var msg = $"User {u.Name} deactivated"; await NotifyEventHelper.AddOpsProblemEvent(msg); } } //Now do the ones that logged in least recently (the natural order so just do the ones that are not lastlogin null) foreach (User u in InsideUserCanLoginByLastLoginList) { //Now do the ones that logged in least recently (the natural order so just do the ones that are not lastlogin null) if (CountOfUsersToSetInactive > 0 && u.LastLogin != null) { u.Active = false; CountOfUsersToSetInactive--; var msg = $"User {u.Name} deactivated"; await NotifyEventHelper.AddOpsProblemEvent(msg); } } await ct.SaveChangesAsync(); } } // //Called by license processor when use downgrades to lesser amount of techs // internal static async Task DeActivateExcessiveTechs(long KeepThisManyActiveTechs, ILogger _log) // { // var TotalActiveTechs = await ActiveTechUserCountAsync(); // int CountOfTechsToSetInactive = (int)(TotalActiveTechs - KeepThisManyActiveTechs); // if (CountOfTechsToSetInactive < 1) return; // _log.LogInformation($"New license is a downgrade with fewer scheduleable resources, deactivating {CountOfTechsToSetInactive} scheduleable users automatically so the license can be installed"); // //bugbug: exactly wrong, deactivating the most recently logged in over some who never logged in, could be that null login is causing it? // using (AyContext ct = ServiceProviderProvider.DBContext) // { // //Algorithm: For deactivation favor subcontractors first over servicetechs, favor ones that have no login records and finally favor by oldest last login // //theory is to catch the least likely to be currently active techs // var NoLoginTechList = await ct.User.Where(z => z.Active == true && z.LastLogin == null && ( // z.UserType == UserType.Service || // z.UserType == UserType.ServiceContractor)).OrderByDescending(z => z.UserType).Take(CountOfTechsToSetInactive).ToListAsync(); // CountOfTechsToSetInactive -= NoLoginTechList.Count(); // foreach (User u in NoLoginTechList) // { // u.Active = false; // var msg = $"User {u.Name} with no prior login automatically set to inactive to free up downgraded license"; // await NotifyEventHelper.AddOpsProblemEvent(msg); // _log.LogInformation(msg); // } // await ct.SaveChangesAsync(); // var HasLoginTechList = await ct.User.Where(z => z.Active == true && z.LastLogin != null && ( // z.UserType == UserType.Service || // z.UserType == UserType.ServiceContractor)).OrderByDescending(z => z.UserType).ThenBy(z => z.LastLogin).Take(CountOfTechsToSetInactive).ToListAsync(); // foreach (User u in HasLoginTechList) // { // u.Active = false; // _log.LogInformation($"User {u.Name} who last logged in {u.LastLogin} automatically set to inactive to free up license"); // } // await ct.SaveChangesAsync(); // } // } internal static void ResetSuperUserPassword() { using (AyContext ct = ServiceProviderProvider.DBContext) { User dbObject = ct.User.FirstOrDefault(z => z.Id == 1); dbObject.Password = Hasher.hash(dbObject.Salt, ServerBootConfig.AYANOVA_SET_SUPERUSER_PW); ct.SaveChanges(); NotifyEventHelper.AddOpsProblemEvent("AYANOVA_SET_SUPERUSER_PW setting was used at most recent server boot to reset SuperUser account password").Wait(); } } //For auth and access in client, also when opening wo and also when reporting wo internal static async Task CustomerUserEffectiveRightsAsync(long userId, List thisWorkOrderTags = null) { using (AyContext ct = ServiceProviderProvider.DBContext) { var UserInfo = await ct.User.AsNoTracking().Where(x => x.Id == userId).Select(x => new { x.UserType, x.HeadOfficeId, x.CustomerId, x.Tags }).FirstAsync(); if (UserInfo.UserType != UserType.Customer && UserInfo.UserType != UserType.HeadOffice) throw new System.NotSupportedException($"UserBiz::CustomerUserEffectiveRights - Requested for non Customer type user with ID {userId} who is UserType: {UserInfo.UserType}"); //In global settings there are potentially three separate sets of tags that need to be checked List ContactCustomerHOTagsCombined = new List();//used for most of the customer access features to determine if can even access that feature List CustomerWorkOrderReportByTagTags = new List();//CUSTOMER & WORKORDER TAGS COMBINED - used to determine correct report to use with customer wo report List CustomerWorkOrderWikiAttachmentTags = new List();//CONTACT & CUSTOMER & HO & WO TAGS COMBINED - used to determine wo header access like wiki attachments ContactCustomerHOTagsCombined.AddRange(UserInfo.Tags); CustomerWorkOrderWikiAttachmentTags.AddRange(UserInfo.Tags); bool EntityActive = false; //Contact is for a customer or for a head office not both so... if (UserInfo.CustomerId != null && UserInfo.CustomerId != 0) { var CustomerInfo = await ct.Customer.AsNoTracking().Where(x => x.Id == UserInfo.CustomerId).Select(x => new { x.HeadOfficeId, x.Tags, x.Active }).FirstAsync(); ContactCustomerHOTagsCombined.AddRange(CustomerInfo.Tags); CustomerWorkOrderReportByTagTags.AddRange(CustomerInfo.Tags); CustomerWorkOrderWikiAttachmentTags.AddRange(CustomerInfo.Tags); EntityActive = CustomerInfo.Active; //does the customer have a head office?? if (CustomerInfo.HeadOfficeId != null && CustomerInfo.HeadOfficeId != 0) ContactCustomerHOTagsCombined.AddRange(await ct.HeadOffice.AsNoTracking().Where(x => x.Id == CustomerInfo.HeadOfficeId).Select(x => x.Tags).FirstAsync()); } else if (UserInfo.HeadOfficeId != null && UserInfo.HeadOfficeId != 0) { var HOInfo = await ct.HeadOffice.AsNoTracking().Where(x => x.Id == UserInfo.HeadOfficeId).Select(x => new { x.Tags, x.Active }).FirstAsync(); ContactCustomerHOTagsCombined.AddRange(HOInfo.Tags); EntityActive = HOInfo.Active; } long EntityId = 0; if (UserInfo.UserType == UserType.Customer) EntityId = UserInfo.CustomerId ?? 0; if (UserInfo.UserType == UserType.HeadOffice) EntityId = UserInfo.HeadOfficeId ?? 0; bool WorkorderIsAllowed = CustomerUserEffectiveRightsAllowed(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowViewWO, ContactCustomerHOTagsCombined, AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowViewWOInTags); //Workorder access?? long? ThisWOEffectiveWorkOrderReportId = null; bool ThisWOCanWiki = false; bool ThisWOCanAttachments = false; if (WorkorderIsAllowed) { //default report (may be null and may be more detailed tagged version below) ThisWOEffectiveWorkOrderReportId = AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerDefaultWorkOrderReportId; //If a workorder id was provided add it's tags to the wo tag checking rights items if (thisWorkOrderTags != null && thisWorkOrderTags.Count > 0) { CustomerWorkOrderReportByTagTags.AddRange(thisWorkOrderTags); CustomerWorkOrderWikiAttachmentTags.AddRange(thisWorkOrderTags); } //WO REPORT //determine effective wo report if not default, there are 5 slots, any could be used or not so just iterate from bottom to top, last one wins in case of ties //this prioritizes the lowest numbered slot automatically, i.e. first choice //SLOT 5 if (AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerTagWorkOrderReport5Id != null && AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerWorkOrderReport5Tags.Count > 0) { if (CustomerWorkOrderReportByTagTags.Intersect(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerWorkOrderReport5Tags).Any()) ThisWOEffectiveWorkOrderReportId = AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerTagWorkOrderReport5Id; } //SLOT 4 if (AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerTagWorkOrderReport4Id != null && AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerWorkOrderReport4Tags.Count > 0) { if (CustomerWorkOrderReportByTagTags.Intersect(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerWorkOrderReport4Tags).Any()) ThisWOEffectiveWorkOrderReportId = AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerTagWorkOrderReport4Id; } //SLOT 3 if (AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerTagWorkOrderReport3Id != null && AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerWorkOrderReport3Tags.Count > 0) { if (CustomerWorkOrderReportByTagTags.Intersect(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerWorkOrderReport3Tags).Any()) ThisWOEffectiveWorkOrderReportId = AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerTagWorkOrderReport3Id; } //SLOT 2 if (AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerTagWorkOrderReport2Id != null && AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerWorkOrderReport2Tags.Count > 0) { if (CustomerWorkOrderReportByTagTags.Intersect(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerWorkOrderReport2Tags).Any()) ThisWOEffectiveWorkOrderReportId = AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerTagWorkOrderReport2Id; } //SLOT 1 if (AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerTagWorkOrderReport1Id != null && AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerWorkOrderReport1Tags.Count > 0) { if (CustomerWorkOrderReportByTagTags.Intersect(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerWorkOrderReport1Tags).Any()) ThisWOEffectiveWorkOrderReportId = AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerTagWorkOrderReport1Id; } //WO WIKI if (AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowWOWiki) { ThisWOCanWiki = true; //Tag override? if (AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowWOWikiInTags.Count > 0) ThisWOCanWiki = CustomerWorkOrderWikiAttachmentTags.Intersect(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowWOWikiInTags).Any(); } //WO ATTACHMENTS if (AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowWOAttachments) { ThisWOCanAttachments = true; //Tag override? if (AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowWOAttachmentsInTags.Count > 0) ThisWOCanAttachments = CustomerWorkOrderWikiAttachmentTags.Intersect(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowWOAttachmentsInTags).Any(); } } return new CustomerRightsRecord( CustomerUserEffectiveRightsAllowed(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowCSR, ContactCustomerHOTagsCombined, AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowCSRInTags), CustomerUserEffectiveRightsAllowed(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowCreateUnit, ContactCustomerHOTagsCombined, AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowCreateUnitInTags), WorkorderIsAllowed, CustomerUserEffectiveRightsAllowed(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowWOWiki, ContactCustomerHOTagsCombined, AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowWOWikiInTags), CustomerUserEffectiveRightsAllowed(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowWOAttachments, ContactCustomerHOTagsCombined, AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowWOAttachmentsInTags), CustomerUserEffectiveRightsAllowed(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowUserSettings, ContactCustomerHOTagsCombined, AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowUserSettingsInTags), CustomerUserEffectiveRightsAllowed(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowNotifyServiceImminent, ContactCustomerHOTagsCombined, AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowNotifyServiceImminentInTags), CustomerUserEffectiveRightsAllowed(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowNotifyCSRAccepted, ContactCustomerHOTagsCombined, AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowNotifyCSRAcceptedInTags), CustomerUserEffectiveRightsAllowed(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowNotifyCSRRejected, ContactCustomerHOTagsCombined, AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowNotifyCSRRejectedInTags), CustomerUserEffectiveRightsAllowed(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowNotifyWOCreated, ContactCustomerHOTagsCombined, AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowNotifyWOCreatedInTags), CustomerUserEffectiveRightsAllowed(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowNotifyWOCompleted, ContactCustomerHOTagsCombined, AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowNotifyWOCompletedInTags), EntityId, EntityActive, ThisWOEffectiveWorkOrderReportId, ThisWOCanWiki, ThisWOCanAttachments ); } } private static bool CustomerUserEffectiveRightsAllowed(bool globalSettingsAllows, List contactCustomerHOTagsCombined, List inTags) { //Note: tag match rule as planned and documented is that it's a match if *any* single tag in intags are a match to any single tag in contact tags, //not the whole list, just any one of them which differs from how notifications are checked for example which need to *all* match //if outright banned then quickest short circuit here if (!globalSettingsAllows) return false; //No tags to verify means allowed if (inTags.Count == 0) return true; //if tags is empty and inclusive is empty then it's a match and can short circuit if (contactCustomerHOTagsCombined.Count == 0) return true; //if tags is empty and inclusive is not empty then no match is possible if (contactCustomerHOTagsCombined.Count == 0) return false; //any of the inclusive tags in tags? if (contactCustomerHOTagsCombined.Intersect(inTags).Any()) return true; return false;//this is because there are contactCustomerHOTagsCombined and in tags but there is no match } internal static UserBiz GetBiz(AyContext ct, Microsoft.AspNetCore.Http.HttpContext httpContext = null) { if (httpContext != null) return new UserBiz(ct, UserIdFromContext.Id(httpContext.Items), UserTranslationIdFromContext.Id(httpContext.Items), UserRolesFromContext.Roles(httpContext.Items)); else//when called internally for internal ops there will be no context so need to set default values for that return new UserBiz(ct, 1, ServerBootConfig.AYANOVA_DEFAULT_TRANSLATION_ID, AuthorizationRoles.BizAdmin); } //////////////////////////////////////////////////////////////////////////////////////////////// //EXISTS internal async Task ExistsAsync(long id) { return await ct.User.AnyAsync(z => z.Id == id); } //////////////////////////////////////////////////////////////////////////////////////////////// //CREATE internal async Task CreateAsync(User newObject) { //Also used for Contacts (customer type user or ho type user) //by users with no User right but with Customer rights so need to double check here if ( (newObject.IsOutsideCustomerContactTypeUser && !Authorized.HasCreateRole(CurrentUserRoles, AyaType.Customer)) || (!newObject.IsOutsideCustomerContactTypeUser && !Authorized.HasCreateRole(CurrentUserRoles, AyaType.User)) ) { AddError(ApiErrorCode.NOT_AUTHORIZED); return null; } //password and login are optional but in the sense that they can be left out in a PUT // but if left out here we need to generate a random value instead so they can't login but the code is happy //because a login name and password are required always if (string.IsNullOrWhiteSpace(newObject.Password)) newObject.Password = Hasher.GenerateSalt();//set it to some big random value if (string.IsNullOrWhiteSpace(newObject.Login)) newObject.Login = Hasher.GenerateSalt();//set it to some big random value //This is a new user so it will have been posted with a password in plaintext which needs to be salted and hashed newObject.Salt = Hasher.GenerateSalt(); newObject.Password = Hasher.hash(newObject.Salt, newObject.Password); newObject.Tags = TagBiz.NormalizeTags(newObject.Tags); newObject.CustomFields = JsonUtil.CompactJson(newObject.CustomFields); //Seeder sets user options in advance so no need to create them here in that case if (newObject.UserOptions == null) { newObject.UserOptions = new UserOptions(); newObject.UserOptions.TranslationId = ServerBootConfig.AYANOVA_DEFAULT_TRANSLATION_ID; } await ValidateAsync(newObject, null); if (HasErrors) return null; else { await ct.User.AddAsync(newObject); await ct.SaveChangesAsync(); await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, newObject.Id, BizType, AyaEvent.Created), ct); await SearchIndexAsync(newObject, true); await TagBiz.ProcessUpdateTagsInRepositoryAsync(ct, newObject.Tags, null); await HandlePotentialNotificationEvent(AyaEvent.Created, newObject); dtUser retUser = new dtUser(); CopyObject.Copy(newObject, retUser); return retUser; } } //////////////////////////////////////////////////////////////////////////////////////////////// /// GET //Get one internal async Task GetForPublicAsync(long Id, bool logTheGetEvent = true) { //This is simple so nothing more here, but often will be copying to a different output object or some other ops var dbFullUser = await ct.User.AsNoTracking().SingleOrDefaultAsync(z => z.Id == Id); if (dbFullUser != null) { //Log if (logTheGetEvent) await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, Id, BizType, AyaEvent.Retrieved), ct); dtUser retUser = new dtUser(); CopyObject.Copy(dbFullUser, retUser); return retUser; } else return null; } //Get one for internal use internal async Task GetAsync(long Id, bool logTheGetEvent = true) { //This is simple so nothing more here, but often will be copying to a different output object or some other ops var dbObject = await ct.User.AsNoTracking().SingleOrDefaultAsync(z => z.Id == Id); if (dbObject != null) { //Log if (logTheGetEvent) await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, Id, BizType, AyaEvent.Retrieved), ct); return dbObject; } else return null; } //////////////////////////////////////////////////////////////////////////////////////////////// //UPDATE // internal async Task PutAsync(User putObject) { var dbObject = await GetAsync(putObject.Id, false); if (dbObject == null) { AddError(ApiErrorCode.NOT_FOUND, "id"); return null; } if (dbObject.Concurrency != putObject.Concurrency) { AddError(ApiErrorCode.CONCURRENCY_CONFLICT); return null; } //Also used for Contacts (customer type user or ho type user) //by users with no User right but with Customer rights so need to double check here if ( (dbObject.IsOutsideCustomerContactTypeUser && !Authorized.HasModifyRole(CurrentUserRoles, AyaType.Customer)) || (!dbObject.IsOutsideCustomerContactTypeUser && !Authorized.HasModifyRole(CurrentUserRoles, AyaType.User)) ) { AddError(ApiErrorCode.NOT_AUTHORIZED); return null; } putObject.Tags = TagBiz.NormalizeTags(putObject.Tags); putObject.CustomFields = JsonUtil.CompactJson(putObject.CustomFields); //Fields not sent with the put object //(it's only location is in the db and since this putObject is replacing the dbObject we need to set it again here) putObject.Salt = dbObject.Salt; putObject.CurrentAuthToken = dbObject.CurrentAuthToken; putObject.DlKey = dbObject.DlKey; putObject.DlKeyExpire = dbObject.DlKeyExpire; putObject.PasswordResetCode = dbObject.PasswordResetCode; putObject.PasswordResetCodeExpire = dbObject.PasswordResetCodeExpire; //NOTE: It's valid to call this without intending to change login or password (null values) //Is the user updating the password? if (!string.IsNullOrWhiteSpace(putObject.Password)) { //YES password is being updated: putObject.Password = Hasher.hash(putObject.Salt, putObject.Password); } else { //No, use the snapshot password value putObject.Password = dbObject.Password; } //Updating login? if (string.IsNullOrWhiteSpace(putObject.Login)) { //No, use the original value putObject.Login = dbObject.Login; } //DE-ACTIVATING USER? if (putObject.Active == false && dbObject.Active == true) { //yes, deactivating, so revoke their auth token putObject.CurrentAuthToken = Hasher.GenerateSalt();//new random token that will definitely not work } await ValidateAsync(putObject, dbObject); if (HasErrors) return null; ct.Replace(dbObject, putObject); try { await ct.SaveChangesAsync(); } catch (DbUpdateConcurrencyException) { if (!await ExistsAsync(putObject.Id)) AddError(ApiErrorCode.NOT_FOUND); else AddError(ApiErrorCode.CONCURRENCY_CONFLICT); return null; } await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, dbObject.Id, BizType, AyaEvent.Modified), ct); await SearchIndexAsync(putObject, false); await TagBiz.ProcessUpdateTagsInRepositoryAsync(ct, putObject.Tags, dbObject.Tags); await HandlePotentialNotificationEvent(AyaEvent.Modified, putObject, dbObject); return putObject; } ///////////////////////////////////////////// //PASSWORD // internal async Task ChangePasswordAsync(long userId, string newPassword) { User dbObject = await ct.User.FirstOrDefaultAsync(z => z.Id == userId); dbObject.Password = Hasher.hash(dbObject.Salt, newPassword); //remove reseet code and date so it can't be used again dbObject.PasswordResetCode = null; dbObject.DlKeyExpire = null; await ct.SaveChangesAsync(); //Log modification and save context await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, dbObject.Id, BizType, AyaEvent.Modified), ct); return true; } ///////////////////////////////////////////// // GENERATE AND EMAIL Password reset code // internal async Task SendPasswordResetCode(long userId) { User dbObject = await ct.User.Include(o => o.UserOptions).FirstOrDefaultAsync(z => z.Id == userId); if (dbObject == null) { AddError(ApiErrorCode.NOT_FOUND); return 0; } //Also used for Contacts (customer type user or ho type user) //by users with no User right but with Customer rights so need to double check here if ( (dbObject.IsOutsideCustomerContactTypeUser && !Authorized.HasModifyRole(CurrentUserRoles, AyaType.Customer)) || (!dbObject.IsOutsideCustomerContactTypeUser && !Authorized.HasModifyRole(CurrentUserRoles, AyaType.User)) ) { AddError(ApiErrorCode.NOT_AUTHORIZED); return 0; } if (string.IsNullOrWhiteSpace(dbObject.UserOptions.EmailAddress)) { AddError(ApiErrorCode.VALIDATION_REQUIRED, "EmailAddress"); return 0; } var ServerUrl = ServerGlobalOpsSettingsCache.Notify.AyaNovaServerURL; if (string.IsNullOrWhiteSpace(ServerUrl)) { await NotifyEventHelper.AddOpsProblemEvent("User::SendPasswordResetCode - The OPS Notification setting is empty for AyaNova Server URL. This prevents Notification system from linking events to openable objects."); AddError(ApiErrorCode.VALIDATION_REQUIRED, "ServerUrl", "Error: no server url configured in notification settings. Can't direct user to server for login. Set server URL and try again."); return 0; } var ResetCode = Hasher.GetRandomAlphanumericString(32); dbObject.PasswordResetCode = ResetCode; dbObject.PasswordResetCodeExpire = DateTime.UtcNow.AddHours(48);//This is not enough time to issue a reset code on a friday at 5pm and use it Monday before noon, but it is more understandable and clear await ct.SaveChangesAsync(); //send message ServerUrl = ServerUrl.Trim().TrimEnd('/'); //Translations List TransKeysRequired = new List(); TransKeysRequired.Add("PasswordResetMessageBody"); TransKeysRequired.Add("PasswordResetMessageTitle"); long EffectiveTranslationId = dbObject.UserOptions.TranslationId; if (EffectiveTranslationId == 0) EffectiveTranslationId = ServerBootConfig.AYANOVA_DEFAULT_TRANSLATION_ID; var TransDict = await TranslationBiz.GetSubsetStaticAsync(TransKeysRequired, EffectiveTranslationId); var Title = TransDict["PasswordResetMessageTitle"]; var MessageBody = TransDict["PasswordResetMessageBody"]; var loginName = Uri.EscapeDataString(dbObject.Login); //Hello {user_name},\n\nYour online account for service is available to you after you set your password.\nYou can use the following link for the next 48 hours to set your password.\n\nSet your password: {action_link}\n\nIf you did not request an account or password reset, please ignore this email.\n\nThanks,\n{registered_to}" MessageBody = MessageBody.Replace("{user_name}", dbObject.Name).Replace("{action_link}", $"{ServerUrl}/home-reset?rc={ResetCode}&tr={EffectiveTranslationId}&lg={loginName}").Replace("{registered_to}", AyaNova.Core.License.ActiveKey.RegisteredTo); IMailer m = AyaNova.Util.ServiceProviderProvider.Mailer; await m.SendEmailAsync(dbObject.UserOptions.EmailAddress, Title, MessageBody, ServerGlobalOpsSettingsCache.Notify); //Log modification and save context await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, dbObject.Id, BizType, AyaEvent.Modified, "SendPasswordResetCode"), ct); return dbObject.Concurrency; } //////////////////////////////////////////////////////////////////////////////////////////////// //SEARCH // private async Task SearchIndexAsync(User obj, bool isNew) { var SearchParams = new Search.SearchIndexProcessObjectParameters(UserTranslationId, obj.Id, BizType); DigestSearchText(obj, SearchParams); if (isNew) await Search.ProcessNewObjectKeywordsAsync(SearchParams); else await Search.ProcessUpdatedObjectKeywordsAsync(SearchParams); } public async Task GetSearchResultSummary(long id, AyaType specificType) { var obj = await GetAsync(id, false); var SearchParams = new Search.SearchIndexProcessObjectParameters(); DigestSearchText(obj, SearchParams); return SearchParams; } public void DigestSearchText(User obj, Search.SearchIndexProcessObjectParameters searchParams) { if (obj != null) searchParams.AddText(obj.Notes) .AddText(obj.Name) .AddText(obj.Wiki) .AddText(obj.Tags) .AddText(obj.EmployeeNumber) .AddCustomFields(obj.CustomFields); } //////////////////////////////////////////////////////////////////////////////////////////////// //DELETE // internal async Task DeleteAsync(long id, Microsoft.EntityFrameworkCore.Storage.IDbContextTransaction parentTransaction = null) { //this may be part of a larger delete operation involving other objects (e.g. Customer delete and remove contacts) //if so then there will be a parent transaction otherwise we make our own Microsoft.EntityFrameworkCore.Storage.IDbContextTransaction transaction = null; if (parentTransaction == null) transaction = await ct.Database.BeginTransactionAsync(); User dbObject = await ct.User.SingleOrDefaultAsync(z => z.Id == id); if (dbObject == null) { AddError(ApiErrorCode.NOT_FOUND); return false; } //Also used for Contacts (customer type user or ho type user) //by users with no User right but with Customer rights so need to double check here if ( (dbObject.IsOutsideCustomerContactTypeUser && !Authorized.HasDeleteRole(CurrentUserRoles, AyaType.Customer)) || (!dbObject.IsOutsideCustomerContactTypeUser && !Authorized.HasDeleteRole(CurrentUserRoles, AyaType.User)) ) { AddError(ApiErrorCode.NOT_AUTHORIZED); return false; } await ValidateCanDelete(dbObject); if (HasErrors) return false; //Delete sibling objects //USEROPTIONS await ct.Database.ExecuteSqlInterpolatedAsync($"delete from auseroptions where userid = {dbObject.Id}"); //NOTIFY SUBSCRIPTIONS //Note: will cascade delete notifyevent, and notification automatically await ct.Database.ExecuteSqlInterpolatedAsync($"delete from anotifysubscription where userid = {dbObject.Id}"); //personal datalist options await ct.Database.ExecuteSqlInterpolatedAsync($"delete from adatalistsavedfilter where public = {false} and userid = {dbObject.Id}"); await ct.Database.ExecuteSqlInterpolatedAsync($"delete from adatalistcolumnview where userid = {dbObject.Id}"); //Dashboard view await ct.Database.ExecuteSqlInterpolatedAsync($"delete from adashboardview where userid = {dbObject.Id}"); //Remove the object ct.User.Remove(dbObject); try { await ct.SaveChangesAsync(); } catch (Microsoft.EntityFrameworkCore.DbUpdateException) { //SPECIAL EXCEPTION //seeded data isn't always attributed to the user who would normally have created data so //this could fail due to referential integrity as they wouldn't be in the event log check above //easiest workaround to avoid having to check a whole host of items is to just check if this fails due to ref.integrity and return sane message AddError(ApiErrorCode.INVALID_OPERATION, "generalerror", await Translate("ErrorDBForeignKeyViolation")); return false; } await EventLogProcessor.DeleteObjectLogAsync(UserId, BizType, dbObject.Id, dbObject.Name, ct); await Search.ProcessDeletedObjectKeywordsAsync(dbObject.Id, BizType, ct); await TagBiz.ProcessDeleteTagsInRepositoryAsync(ct, dbObject.Tags); await FileUtil.DeleteAttachmentsForObjectAsync(BizType, dbObject.Id, ct); //all good do the commit if it's ours if (parentTransaction == null) await transaction.CommitAsync(); await HandlePotentialNotificationEvent(AyaEvent.Deleted, dbObject); return true; } //////////////////////////////////////////////////////////////////////////////////////////////// //VALIDATION // //Can save or update? private async Task ValidateAsync(User proposedObj, User currentObj) { //skip validation if seeding if (ServerBootConfig.SEEDING) return; //run validation and biz rules bool isNew = currentObj == null; //UserType change has Inside / Outside role implications //a user attempting to change a UserType between inside or outside status must have the correct rights //to *BOTH* Customer and User since it's affecting both types if (!isNew && (currentObj.IsOutsideCustomerContactTypeUser != proposedObj.IsOutsideCustomerContactTypeUser)) { //only can change if have both rights if ( !Authorized.HasModifyRole(CurrentUserRoles, AyaType.User) || !Authorized.HasModifyRole(CurrentUserRoles, AyaType.Customer) ) { AddError(ApiErrorCode.NOT_AUTHORIZED, "UserType"); } } #if (SUBSCRIPTION_BUILD) //Check the SUBSCRIPTION license allows this //INTERNAL USERS //ACTIVE internal users consume a license in subscription mode if (!proposedObj.IsOutsideCustomerContactTypeUser && proposedObj.Active) { //Yes, it might be affected depending on things long CurrentActiveInternalUserCount = await UserBiz.ActiveInternalUserCountAsync(); long LicensedInternalUserCount = AyaNova.Core.License.ActiveKey.ActiveInternalUsersCount; if (isNew) { //This operation is about to consume one more license, check that we are not at the limit already await AddErrorIfAtLicenseLimitAnyBuildType(CurrentActiveInternalUserCount, LicensedInternalUserCount); } else { //did anything that might affect licensing change? if (currentObj.IsOutsideCustomerContactTypeUser || (!currentObj.Active))//currently not a inside user or if it is it's not active { //going from non inside to inside and/or to active //Yes, this is about to consume one more license, check that we are not at the limit already await AddErrorIfAtLicenseLimitAnyBuildType(CurrentActiveInternalUserCount, LicensedInternalUserCount); } } } //CUSTOMERS //ACTIVE AND ALLOWLOGIN customer users consume a customer login license in subscription mode if (proposedObj.IsOutsideCustomerContactTypeUser && proposedObj.Active && proposedObj.AllowLogin) { //Yes, it might be affected depending on things long CurrentActiveCustomerContactUserCount = await UserBiz.ActiveCustomerContactUserCountAsync(); long LicensedCustomerContactCount = AyaNova.Core.License.ActiveKey.ActiveCustomerContactUsersCount; if (isNew) { //This operation is about to consume one more license, check that we are not at the limit already await AddErrorIfAtLicenseLimitAnyBuildType(CurrentActiveCustomerContactUserCount, LicensedCustomerContactCount); } else { //did anything that might affect licensing change? if (!currentObj.IsOutsideCustomerContactTypeUser || (!currentObj.Active)|| (!currentObj.AllowLogin))//currently not a customer contact user or if it is it's not active or wasn't set to allow login { //going from non customer contact to customer contact and or active and or login (may not happen but better safe than sorry down the road some day) //Yes, this is about to consume one more license, check that we are not at the limit already await AddErrorIfAtLicenseLimitAnyBuildType(CurrentActiveCustomerContactUserCount, LicensedCustomerContactCount); } } } #else //Check the PERPETUAL license allows this // //TECHS ONLY // if (proposedObj.IsTech && proposedObj.Active) // { // //Yes, it might be affected depending on things // long CurrentActiveTechCount = await UserBiz.ActiveTechUserCountAsync(); // long LicensedTechCount = AyaNova.Core.License.ActiveKey.ActiveTechsCount; // if (isNew) // { // //This operation is about to consume one more license, check that we are not at the limit already // await AddErrorIfAtLicenseLimitAnyBuildType(CurrentActiveTechCount, LicensedTechCount); // } // else // { // //did anything that might affect licensing change? // if (!currentObj.IsTech || (!currentObj.Active))//currently not a tech or if it is it's not active // { // //going from non tech to tech and active // //Yes, this is about to consume one more license, check that we are not at the limit already // await AddErrorIfAtLicenseLimitAnyBuildType(CurrentActiveTechCount, LicensedTechCount); // } // } // } //INTERNAL USERS //ACTIVE internal users consume a license if (!proposedObj.IsOutsideCustomerContactTypeUser && proposedObj.Active) { //Yes, it might be affected depending on things long CurrentActiveInternalUserCount = await UserBiz.ActiveInternalUserCountAsync(); long LicensedInternalUserCount = AyaNova.Core.License.ActiveKey.ActiveInternalUsersCount; if (isNew) { //This operation is about to consume one more license, check that we are not at the limit already await AddErrorIfAtLicenseLimitAnyBuildType(CurrentActiveInternalUserCount, LicensedInternalUserCount); } else { //did anything that might affect licensing change? if (currentObj.IsOutsideCustomerContactTypeUser || (!currentObj.Active))//currently not a inside user or if it is it's not active { //going from non inside to inside and/or to active //Yes, this is about to consume one more license, check that we are not at the limit already await AddErrorIfAtLicenseLimitAnyBuildType(CurrentActiveInternalUserCount, LicensedInternalUserCount); } } } #endif //Name required if (string.IsNullOrWhiteSpace(proposedObj.Name)) AddError(ApiErrorCode.VALIDATION_REQUIRED, "Name"); //case 4322 this is a problem with customer contacts and not really required anyway // //If name is otherwise OK, check that name is unique // if (!PropertyHasErrors("Name")) // { // //Use Any command is efficient way to check existance, it doesn't return the record, just a true or false // if (await ct.User.AnyAsync(z => z.Name == proposedObj.Name && z.Id != proposedObj.Id)) // { // AddError(ApiErrorCode.VALIDATION_NOT_UNIQUE, "Name"); // } // } //LOGIN must be unique if (await ct.User.AnyAsync(z => z.Login == proposedObj.Login && z.Id != proposedObj.Id)) { AddError(ApiErrorCode.VALIDATION_NOT_UNIQUE, "Login"); } //SUPERUSER ACCOUNT CAN"T BE MODIFIED IN SOME WAYS if (!isNew && proposedObj.Id == 1) { //prevent certain changes to superuser account like roles etc if (proposedObj.Roles != currentObj.Roles) AddError(ApiErrorCode.NOT_AUTHORIZED, "Roles"); if (proposedObj.Active != currentObj.Active) AddError(ApiErrorCode.NOT_AUTHORIZED, "Active"); if (proposedObj.AllowLogin != currentObj.AllowLogin) AddError(ApiErrorCode.NOT_AUTHORIZED, "AllowLogin"); if (proposedObj.Name != currentObj.Name) AddError(ApiErrorCode.NOT_AUTHORIZED, "Name"); if (proposedObj.UserType != currentObj.UserType) AddError(ApiErrorCode.NOT_AUTHORIZED, "UserType"); } if (!proposedObj.UserType.IsValid()) { AddError(ApiErrorCode.VALIDATION_INVALID_VALUE, "UserType"); } //Validate customer type user if (proposedObj.UserType == UserType.Customer) { if (proposedObj.CustomerId == null || proposedObj.CustomerId == 0) { AddError(ApiErrorCode.VALIDATION_REQUIRED, "CustomerId"); } else { //verify chosen customer exists if (!await ct.Customer.AnyAsync(z => z.Id == proposedObj.CustomerId)) AddError(ApiErrorCode.NOT_FOUND, "CustomerId"); } } //Validate headoffice type user if (proposedObj.UserType == UserType.HeadOffice) { if (proposedObj.HeadOfficeId == null || proposedObj.HeadOfficeId == 0) { AddError(ApiErrorCode.VALIDATION_REQUIRED, "HeadOfficeId"); } else { //verify chosen HO exists if (!await ct.HeadOffice.AnyAsync(z => z.Id == proposedObj.HeadOfficeId)) AddError(ApiErrorCode.NOT_FOUND, "HeadOfficeId"); } } //Validate subcontractor type user if (proposedObj.UserType == UserType.ServiceContractor) { if (proposedObj.VendorId == null || proposedObj.VendorId == 0) { AddError(ApiErrorCode.VALIDATION_REQUIRED, "VendorId"); } else { //verify that VENDOR VendorId exists if (!await ct.Vendor.AnyAsync(z => z.Id == proposedObj.VendorId)) AddError(ApiErrorCode.NOT_FOUND, "VendorId"); } } if (!proposedObj.Roles.IsValid()) { AddError(ApiErrorCode.VALIDATION_INVALID_VALUE, "Roles"); } //Any form customizations to validate? //contact is type if customer user var formKey = AyaType.User.ToString(); if (proposedObj.UserType == UserType.Customer || proposedObj.UserType == UserType.HeadOffice) formKey = "Contact"; var FormCustomization = await ct.FormCustom.SingleOrDefaultAsync(z => z.FormKey == formKey); if (FormCustomization != null) { //Yeppers, do the validation, there are two, the custom fields and the regular fields that might be set to required //validate users choices for required non custom fields RequiredFieldsValidator.Validate(this, FormCustomization, proposedObj); //validate custom fields CustomFieldsValidator.Validate(this, FormCustomization, proposedObj.CustomFields); } return; } private async Task AddErrorIfAtLicenseLimitAnyBuildType(long CurrentActiveCount, long LicensedUserCount) { if (CurrentActiveCount >= LicensedUserCount) { AddError(ApiErrorCode.INVALID_OPERATION, "generalerror", await Translate("ErrorSecurityUserCapacity"));//THIS IS A GENERIC ERROR GOOD FOR ANY BUILD TYPE } } //Can delete? private async Task ValidateCanDelete(User inObj) { //FOREIGN KEY CHECKS if (await ct.Memo.AnyAsync(m => m.ToId == inObj.Id || m.FromId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", await Translate("Memo")); // if (await ct.Reminder.AnyAsync(m => m.UserId == inObj.Id)) // AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", await Translate("Reminder"));//CASCADE DELETES if (await ct.Review.AnyAsync(m => m.AssignedByUserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", await Translate("Review")); if (await ct.CustomerNote.AnyAsync(m => m.UserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", await Translate("CustomerNote")); if (await ct.Project.AnyAsync(m => m.ProjectOverseerId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", await Translate("Project")); if (await ct.PurchaseOrderItem.AnyAsync(m => m.PartRequestedById == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", await Translate("PurchaseOrderItem")); if (await ct.WorkOrderState.AnyAsync(m => m.UserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", await Translate("WorkOrderStatus")); if (await ct.WorkOrderItemExpense.AnyAsync(m => m.UserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", await Translate("WorkOrderItemExpense")); if (await ct.WorkOrderItemLabor.AnyAsync(m => m.UserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", await Translate("WorkOrderItemLabor")); if (await ct.WorkOrderItemPartRequest.AnyAsync(m => m.RequestedByUserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", await Translate("WorkOrderItemPartRequest")); if (await ct.WorkOrderItemScheduledUser.AnyAsync(m => m.UserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", await Translate("WorkOrderItemScheduledUser")); if (await ct.WorkOrderItemTask.AnyAsync(m => m.CompletedByUserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", await Translate("WorkOrderItemTask")); if (await ct.WorkOrderItemTravel.AnyAsync(m => m.UserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", await Translate("WorkOrderItemTravel")); var quotetext = await Translate("Quote"); var pmtext = await Translate("PM"); if (await ct.Quote.AnyAsync(m => m.PreparedById == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", quotetext); if (await ct.QuoteState.AnyAsync(m => m.UserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", await Translate("QuoteQuoteStatusType")); if (await ct.QuoteItemExpense.AnyAsync(m => m.UserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", quotetext + " - " + await Translate("WorkOrderItemExpense")); if (await ct.QuoteItemLabor.AnyAsync(m => m.UserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", quotetext + " - " + await Translate("WorkOrderItemLabor")); if (await ct.QuoteItemScheduledUser.AnyAsync(m => m.UserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", quotetext + " - " + await Translate("WorkOrderItemScheduledUser")); if (await ct.QuoteItemTask.AnyAsync(m => m.CompletedByUserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", quotetext + " - " + await Translate("WorkOrderItemTask")); if (await ct.QuoteItemTravel.AnyAsync(m => m.UserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", quotetext + " - " + await Translate("WorkOrderItemTravel")); if (await ct.PMItemExpense.AnyAsync(m => m.UserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", pmtext + " - " + await Translate("WorkOrderItemExpense")); if (await ct.PMItemLabor.AnyAsync(m => m.UserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", pmtext + " - " + await Translate("WorkOrderItemLabor")); if (await ct.PMItemScheduledUser.AnyAsync(m => m.UserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", pmtext + " - " + await Translate("WorkOrderItemScheduledUser")); if (await ct.PMItemTask.AnyAsync(m => m.CompletedByUserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", pmtext + " - " + await Translate("WorkOrderItemTask")); if (await ct.PMItemTravel.AnyAsync(m => m.UserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", pmtext + " - " + await Translate("WorkOrderItemTravel")); if (await ct.CustomerServiceRequest.AnyAsync(m => m.RequestedByUserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", await Translate("CustomerServiceRequest")); if (await ct.FileAttachment.AnyAsync(m => m.AttachedByUserId == inObj.Id)) AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", await Translate("FileAttachment")); } //////////////////////////////////////////////////////////////////////////////////////////////// // Utilities // internal static async Task ValidateDownloadTokenAndReturnUserAsync(string dlToken, AyContext ct) { if (string.IsNullOrWhiteSpace(dlToken)) return null; //get user by key, if not found then reject var DownloadUser = await ct.User.AsNoTracking().SingleOrDefaultAsync(z => z.DlKey == dlToken && z.Active == true); if (DownloadUser == null) return null; //this is necessary because they might have an expired JWT but this would just keep on working without a date check //the default is the same timespan as the jwt so it's all good var utcNow = new DateTimeOffset(DateTime.Now.ToUniversalTime(), TimeSpan.Zero); if (DownloadUser.DlKeyExpire < utcNow.DateTime) return null; return DownloadUser; } //Used to offer default login in pre-login ping for login form internal static async Task SuperIsDefaultCredsAsync(AyContext ct) { var su = await ct.User.AsNoTracking().Where(z => z.Id == 1).Select(z => new { z.Salt, z.Login, z.Password }).SingleOrDefaultAsync(); if (su == null) return false;//not expected but best not to crash out on this one if (su.Login == "superuser" && Hasher.hash(su.Salt, "l3tm3in") == su.Password) return true; return false; } //////////////////////////////////////////////////////////////////////////////////////////////// //REPORTING // public async Task GetReportData(DataListSelectedRequest dataListSelectedRequest, Guid jobId) { var idList = dataListSelectedRequest.SelectedRowIds; JArray ReportData = new JArray(); while (idList.Any()) { var batch = idList.Take(IReportAbleObject.REPORT_DATA_BATCH_SIZE); idList = idList.Skip(IReportAbleObject.REPORT_DATA_BATCH_SIZE).ToArray(); //query for this batch, comes back in db natural order unfortunately var batchResults = await ct.User.AsNoTracking().Include(z => z.UserOptions).Where(z => batch.Contains(z.Id)).ToArrayAsync(); //order the results back into original var orderedList = from id in batch join z in batchResults on id equals z.Id select z; batchResults = null; foreach (var w in orderedList) { if (!ReportRenderManager.KeepGoing(jobId)) return null; await PopulateVizFields(w, UserTypesEnumList); var jo = JObject.FromObject(w); if (!JsonUtil.JTokenIsNullOrEmpty(jo["CustomFields"])) jo["CustomFields"] = JObject.Parse((string)jo["CustomFields"]); jo.Remove("Login"); jo.Remove("Password"); jo["UserOptions"] = JObject.FromObject(w.UserOptions); ReportData.Add(jo); } orderedList = null; } vc.Clear(); return ReportData; } private VizCache vc = new VizCache(); //populate viz fields from provided object private async Task PopulateVizFields(User o, List userTypesEnumList) { if (userTypesEnumList == null) userTypesEnumList = await AyaNova.Api.Controllers.EnumListController.GetEnumList( StringUtil.TrimTypeName(typeof(UserType).ToString()), UserTranslationId, CurrentUserRoles); if (o.CustomerId != null) { if (!vc.Has("customer", o.CustomerId)) vc.Add(await ct.Customer.AsNoTracking().Where(x => x.Id == o.CustomerId).Select(x => x.Name).FirstOrDefaultAsync(), "customer", o.CustomerId); o.CustomerViz = vc.Get("customer", o.CustomerId); } if (o.HeadOfficeId != null) { if (!vc.Has("headoffice", o.HeadOfficeId)) { vc.Add(await ct.HeadOffice.AsNoTracking().Where(x => x.Id == o.HeadOfficeId).Select(x => x.Name).FirstOrDefaultAsync(), "headoffice", o.HeadOfficeId); } o.HeadOfficeViz = vc.Get("headoffice", o.HeadOfficeId); } if (o.VendorId != null) { if (!vc.Has("vendorname", o.VendorId)) vc.Add(await ct.Vendor.AsNoTracking().Where(x => x.Id == o.VendorId).Select(x => x.Name).FirstOrDefaultAsync(), "vendorname", o.VendorId); o.VendorViz = vc.Get("vendorname", o.VendorId); } o.UserTypeViz = userTypesEnumList.Where(x => x.Id == (long)o.UserType).Select(x => x.Name).First(); } List UserTypesEnumList = null; //////////////////////////////////////////////////////////////////////////////////////////////// // IMPORT EXPORT // public async Task GetExportData(DataListSelectedRequest dataListSelectedRequest, Guid jobId) { //for now just re-use the report data code //this may turn out to be the pattern for most biz object types but keeping it seperate allows for custom usage from time to time return await GetReportData(dataListSelectedRequest, jobId); } public async Task> ImportData(AyImportData importData) { List ImportResult = new List(); string ImportTag = $"imported-{FileUtil.GetSafeDateFileName()}"; var jsset = JsonSerializer.CreateDefault(new JsonSerializerSettings { ContractResolver = new AyaNova.Util.JsonUtil.ShouldSerializeContractResolver(new string[] { "Concurrency", "Id", "CustomFields" }) }); foreach (JObject j in importData.Data) { var w = j.ToObject(jsset); if (j["CustomFields"] != null) w.CustomFields = j["CustomFields"].ToString(); w.Tags.Add(ImportTag);//so user can find them all and revert later if necessary var res = await CreateAsync(w); if (res == null) { ImportResult.Add($"* {w.Name} - {this.GetErrorsAsString()}"); this.ClearErrors(); } else { ImportResult.Add($"{w.Name} - ok"); } } return ImportResult; } //////////////////////////////////////////////////////////////////////////////////////////////// // JOB / OPERATIONS // public async Task HandleJobAsync(OpsJob job) { switch (job.JobType) { case JobType.BatchCoreObjectOperation: await ProcessBatchJobAsync(job); break; default: throw new System.ArgumentOutOfRangeException($"User.HandleJob-> Invalid job type{job.JobType.ToString()}"); } } private async Task ProcessBatchJobAsync(OpsJob job) { await JobsBiz.UpdateJobStatusAsync(job.GId, JobStatus.Running); await JobsBiz.LogJobAsync(job.GId, $"LT:StartJob {job.SubType}"); List idList = new List(); long FailedObjectCount = 0; JObject jobData = JObject.Parse(job.JobInfo); if (jobData.ContainsKey("idList")) idList = ((JArray)jobData["idList"]).ToObject>(); else idList = await ct.User.AsNoTracking().Select(z => z.Id).ToListAsync(); bool SaveIt = false; //--------------------------------- //case 4192 TimeSpan ProgressAndCancelCheckSpan = new TimeSpan(0, 0, ServerBootConfig.JOB_PROGRESS_UPDATE_AND_CANCEL_CHECK_SECONDS); DateTime LastProgressCheck = DateTime.UtcNow.Subtract(new TimeSpan(1, 1, 1, 1, 1)); var TotalRecords = idList.LongCount(); long CurrentRecord = -1; //--------------------------------- foreach (long id in idList) { try { //-------------------------------- //case 4192 //Update progress / cancel requested? CurrentRecord++; if (DateUtil.IsAfterDuration(LastProgressCheck, ProgressAndCancelCheckSpan)) { await JobsBiz.UpdateJobProgressAsync(job.GId, $"{CurrentRecord}/{TotalRecords}"); if (await JobsBiz.GetJobStatusAsync(job.GId) == JobStatus.CancelRequested) break; LastProgressCheck = DateTime.UtcNow; } //--------------------------------- SaveIt = false; ClearErrors(); //a little different than normal here because the built in getasync doesn't return //a full User object normally User o = null; switch (job.SubType) { case JobSubType.TagAddAny: case JobSubType.TagAdd: case JobSubType.TagRemoveAny: case JobSubType.TagRemove: case JobSubType.TagReplaceAny: case JobSubType.TagReplace: o = await GetAsync(id, false); SaveIt = TagBiz.ProcessBatchTagOperation(o.Tags, (string)jobData["tag"], jobData.ContainsKey("toTag") ? (string)jobData["toTag"] : null, job.SubType); break; case JobSubType.Delete: if (!await DeleteAsync(id)) { await JobsBiz.LogJobAsync(job.GId, $"LT:Errors {GetErrorsAsString()} id {id}"); FailedObjectCount++; } break; case JobSubType.DirectSMTP: o = await ct.User.AsNoTracking().Include(o => o.UserOptions).FirstOrDefaultAsync(z => z.Id == id); if (o != null && o.Active && !string.IsNullOrWhiteSpace(o.UserOptions.EmailAddress)) { IMailer m = AyaNova.Util.ServiceProviderProvider.Mailer; try { await m.SendEmailAsync(o.UserOptions.EmailAddress, (string)jobData["subject"], (string)jobData["message"], ServerGlobalOpsSettingsCache.Notify, null, null, null); await Task.Delay(AyaNova.Util.ServerBootConfig.JOB_OBJECT_EMAIL_LOOP_DELAY);//a small delay to not overwhelm the mail server } catch (Exception ex) { FailedObjectCount++; await NotifyEventHelper.AddOpsProblemEvent("SMTP direct message failed", ex); } } break; default: throw new System.ArgumentOutOfRangeException($"ProcessBatchJobAsync -> Invalid job Subtype{job.SubType}"); } if (SaveIt) { o = await PutAsync(o); if (o == null) { await JobsBiz.LogJobAsync(job.GId, $"LT:Errors {GetErrorsAsString()} id {id}"); FailedObjectCount++; } } //delay so we're not tying up all the resources in a tight loop await Task.Delay(AyaNova.Util.ServerBootConfig.JOB_OBJECT_HANDLE_BATCH_JOB_LOOP_DELAY); } catch (Exception ex) { await JobsBiz.LogJobAsync(job.GId, $"LT:Errors id({id})"); await JobsBiz.LogJobAsync(job.GId, ExceptionUtil.ExtractAllExceptionMessages(ex)); } } //--------------------------------- //case 4192 await JobsBiz.UpdateJobProgressAsync(job.GId, $"{++CurrentRecord}/{TotalRecords}"); //--------------------------------- await JobsBiz.LogJobAsync(job.GId, $"LT:BatchJob {job.SubType} {idList.Count}{(FailedObjectCount > 0 ? " - LT:Failed " + FailedObjectCount : "")}"); await JobsBiz.UpdateJobStatusAsync(job.GId, JobStatus.Completed); } //////////////////////////////////////////////////////////////////////////////////////////////// // NOTIFICATION PROCESSING // public async Task HandlePotentialNotificationEvent(AyaEvent ayaEvent, ICoreBizObjectModel proposedObj, ICoreBizObjectModel currentObj = null) { ILogger log = AyaNova.Util.ApplicationLogging.CreateLogger(); if (ServerBootConfig.SEEDING || ServerBootConfig.MIGRATING) return; log.LogDebug($"HandlePotentialNotificationEvent processing: [AyaType:{this.BizType}, AyaEvent:{ayaEvent}]"); bool isNew = currentObj == null; //STANDARD EVENTS FOR ALL OBJECTS await NotifyEventHelper.ProcessStandardObjectEvents(ayaEvent, proposedObj, ct); //SPECIFIC EVENTS FOR THIS OBJECT if (ayaEvent == AyaEvent.Modified) { //USER MODIFIED ROLES CHANGED MIGHT AFFECT ALLOWED SUBS //This one's a little different, if user has had roles changed, then pre-existing subs may not be allowed anymore //Remove any notification subscriptions user doesn't have rights to: if (((User)currentObj).Roles != ((User)proposedObj).Roles) { var DeleteList = new List(); var NewRoles = ((User)proposedObj).Roles; //iterate subs and remove any user shouldn't have var userSubs = await ct.NotifySubscription.Where(z => z.UserId == proposedObj.Id).ToListAsync(); foreach (var sub in userSubs) { if (sub.AyaType != AyaType.NoType) { //check if user has rights to it or not still //must have read rights to be valid if (!AyaNova.Api.ControllerHelpers.Authorized.HasAnyRole(NewRoles, sub.AyaType)) { //no rights whatsoever, so delete it DeleteList.Add(sub.Id); } } } if (DeleteList.Count > 0) { var NSB = NotifySubscriptionBiz.GetBiz(ct); foreach (var l in DeleteList) { await NSB.DeleteAsync(l); } } } } }//end of process notifications ///////////////////////////////////////////////////////////////////// }//eoc }//eons