using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Routing; using Microsoft.Extensions.Logging; using Microsoft.AspNetCore.Authorization; using AyaNova.Models; using AyaNova.Api.ControllerHelpers; using AyaNova.Biz; using AyaNova.DataList; using System.Threading.Tasks; using System.Linq; using EnumsNET; using Microsoft.EntityFrameworkCore; namespace AyaNova.Api.Controllers { [ApiController] [ApiVersion("8.0")] [Route("api/v{version:apiVersion}/data-list")] [Produces("application/json")] [Authorize] public class DataListController : ControllerBase { private readonly AyContext ct; private readonly ILogger log; private readonly ApiServerState serverState; ///

/// ctor ///

/// /// /// public DataListController(AyContext dbcontext, ILogger logger, ApiServerState apiServerState) { ct = dbcontext; log = logger; serverState = apiServerState; } ///

/// Get list of data for selection / viewing /// /// Authorization varies list by list, will return 403 - Not Authorized if user has insufficient role /// ///

/// List key, Paging, filtering and sorting options /// Collection with paging data // [HttpPost("List", Name = nameof(List))] [HttpPost] public async Task List([FromBody] DataListTableRequest tableRequest) { if (!serverState.IsOpen) return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); if (!ModelState.IsValid) return BadRequest(new ApiErrorResponse(ModelState)); if (tableRequest.Limit == null || tableRequest.Limit < 1) { tableRequest.Limit = DataListTableProcessingOptions.DefaultLimit; } if (tableRequest.Offset == null) { tableRequest.Offset = 0; } var UserRoles = UserRolesFromContext.Roles(HttpContext.Items); var UserId = UserIdFromContext.Id(HttpContext.Items); var UType = UserTypeFromContext.Type(HttpContext.Items); try { DataListColumnViewBiz viewbiz = DataListColumnViewBiz.GetBiz(ct, HttpContext); var SavedView = await viewbiz.GetAsync(UserId, tableRequest.DataListKey, true); DataListSavedFilter SavedFilter = null; if (tableRequest.FilterId != 0) { DataListSavedFilterBiz filterbiz = DataListSavedFilterBiz.GetBiz(ct, HttpContext); SavedFilter = await filterbiz.GetAsync(tableRequest.FilterId); } var DataList = DataListFactory.GetAyaDataList(tableRequest.DataListKey); if (DataList == null) return BadRequest(new ApiErrorResponse(ApiErrorCode.NOT_FOUND, "DataListKey", $"DataList \"{tableRequest.DataListKey}\" specified does not exist")); //check rights if (!UserRoles.HasAnyFlags(DataList.AllowedRoles)) return StatusCode(403, new ApiNotAuthorizedResponse()); //IF user is a customer type check if they are allowed to view this datalist if (UType == UserType.Customer || UType == UserType.HeadOffice) if (!await HandleCustomerTypeUserDataListRequest(UserId, tableRequest)) return StatusCode(403, new ApiNotAuthorizedResponse()); //hydrate the saved view and filter DataListTableProcessingOptions dataListTableOptions = new DataListTableProcessingOptions(tableRequest, DataList, SavedView, SavedFilter, UserId, UserRoles); DataListReturnData r = await DataListFetcher.GetResponseAsync(ct, dataListTableOptions, DataList, UserRoles, log, UserId); return Ok(r); } catch (System.UnauthorizedAccessException) { return StatusCode(403, new ApiNotAuthorizedResponse()); } catch (System.ArgumentOutOfRangeException e) { return BadRequest(new ApiErrorResponse(ApiErrorCode.NOT_FOUND, null, e.Message)); } } private async Task HandleCustomerTypeUserDataListRequest(long currentUserId, DataListTableRequest tableRequest) { //Is this list allowed for a customer user and also enabled in global settings switch (tableRequest.DataListKey) { case "CustomerServiceRequestDataList": if (!AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowCSR) return false; break; //todo: workorder list default: return false; } //Build client criteria if user is of correct type var UserInfo = await ct.User.AsNoTracking().Select(x => new { x.UserType, x.CustomerId, x.HeadOfficeId }).FirstOrDefaultAsync(); switch (UserInfo.UserType) { case UserType.Customer: if (UserInfo.CustomerId == null || UserInfo.CustomerId == 0) return false; tableRequest.ClientCriteria = $"{UserInfo.CustomerId},{(int)AyaType.Customer}"; break; case UserType.HeadOffice: if (UserInfo.HeadOfficeId == null || UserInfo.HeadOfficeId == 0) return false; tableRequest.ClientCriteria = $"{UserInfo.HeadOfficeId},{(int)AyaType.HeadOffice}"; break; default://other user types can fuck right off! return false; } return true; } ///

/// List of all DataList keys available ///

/// List of strings [HttpGet("listkeys")] public ActionResult GetDataListKeys() { //NOTE: not used by AyaNova Client, convenience method for developers api usage if (!serverState.IsOpen) return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); return Ok(ApiOkResponse.Response(DataListFactory.GetListOfAllDataListKeyNames())); } ///

/// List of all fields for data list key specified ///

/// List of DataListFieldDefinition [HttpGet("listfields")] public ActionResult GetDataListFields([FromQuery] string DataListKey) { if (!serverState.IsOpen) return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); var DataList = DataListFactory.GetAyaDataList(DataListKey); //was the name not found as a list? if (DataList == null) { return BadRequest(new ApiErrorResponse(ApiErrorCode.NOT_FOUND, null, $"DataList \"{DataListKey}\" specified does not exist")); } var ExternalOnly = DataList.FieldDefinitions.Where(z => z.IsMeta == false); return Ok(ApiOkResponse.Response(ExternalOnly)); } }//eoc }//ens