201 lines
8.2 KiB
C#
201 lines
8.2 KiB
C#
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Routing;
|
|
using Microsoft.Extensions.Logging;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using AyaNova.Models;
|
|
using AyaNova.Api.ControllerHelpers;
|
|
using AyaNova.Biz;
|
|
using AyaNova.DataList;
|
|
using System.Threading.Tasks;
|
|
using System.Linq;
|
|
using EnumsNET;
|
|
using Microsoft.EntityFrameworkCore;
|
|
|
|
namespace AyaNova.Api.Controllers
|
|
{
|
|
|
|
[ApiController]
|
|
[ApiVersion("8.0")]
|
|
[Route("api/v{version:apiVersion}/data-list")]
|
|
[Produces("application/json")]
|
|
[Authorize]
|
|
public class DataListController : ControllerBase
|
|
{
|
|
private readonly AyContext ct;
|
|
private readonly ILogger<DataListController> log;
|
|
private readonly ApiServerState serverState;
|
|
|
|
|
|
|
|
/// <summary>
|
|
/// ctor
|
|
/// </summary>
|
|
/// <param name="dbcontext"></param>
|
|
/// <param name="logger"></param>
|
|
/// <param name="apiServerState"></param>
|
|
public DataListController(AyContext dbcontext, ILogger<DataListController> logger, ApiServerState apiServerState)
|
|
{
|
|
ct = dbcontext;
|
|
log = logger;
|
|
serverState = apiServerState;
|
|
}
|
|
|
|
|
|
/// <summary>
|
|
/// Get list of data for selection / viewing
|
|
///
|
|
/// Authorization varies list by list, will return 403 - Not Authorized if user has insufficient role
|
|
///
|
|
/// </summary>
|
|
/// <param name="tableRequest">List key, Paging, filtering and sorting options</param>
|
|
/// <returns>Collection with paging data</returns>
|
|
// [HttpPost("List", Name = nameof(List))]
|
|
[HttpPost]
|
|
public async Task<IActionResult> List([FromBody] DataListTableRequest tableRequest)
|
|
{
|
|
if (!serverState.IsOpen)
|
|
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
|
if (!ModelState.IsValid)
|
|
return BadRequest(new ApiErrorResponse(ModelState));
|
|
|
|
if (tableRequest.Limit == null || tableRequest.Limit < 1)
|
|
{
|
|
tableRequest.Limit = DataListTableProcessingOptions.DefaultLimit;
|
|
}
|
|
if (tableRequest.Offset == null)
|
|
{
|
|
tableRequest.Offset = 0;
|
|
}
|
|
|
|
|
|
var UserRoles = UserRolesFromContext.Roles(HttpContext.Items);
|
|
var UserId = UserIdFromContext.Id(HttpContext.Items);
|
|
var UType = UserTypeFromContext.Type(HttpContext.Items);
|
|
|
|
try
|
|
{
|
|
|
|
DataListColumnViewBiz viewbiz = DataListColumnViewBiz.GetBiz(ct, HttpContext);
|
|
var SavedView = await viewbiz.GetAsync(UserId, tableRequest.DataListKey, true);
|
|
|
|
DataListSavedFilter SavedFilter = null;
|
|
if (tableRequest.FilterId != 0)
|
|
{
|
|
DataListSavedFilterBiz filterbiz = DataListSavedFilterBiz.GetBiz(ct, HttpContext);
|
|
SavedFilter = await filterbiz.GetAsync(tableRequest.FilterId);
|
|
}
|
|
var DataList = DataListFactory.GetAyaDataList(tableRequest.DataListKey);
|
|
if (DataList == null)
|
|
return BadRequest(new ApiErrorResponse(ApiErrorCode.NOT_FOUND, "DataListKey", $"DataList \"{tableRequest.DataListKey}\" specified does not exist"));
|
|
|
|
//check rights
|
|
if (!UserRoles.HasAnyFlags(DataList.AllowedRoles))
|
|
return StatusCode(403, new ApiNotAuthorizedResponse());
|
|
|
|
//IF user is a customer type check if they are allowed to view this datalist at all under global settings
|
|
if (UType == UserType.Customer || UType == UserType.HeadOffice)
|
|
{
|
|
switch (tableRequest.DataListKey)
|
|
{
|
|
case "CustomerServiceRequestDataList":
|
|
if (!AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowCSR)
|
|
return StatusCode(403, new ApiNotAuthorizedResponse());
|
|
|
|
//TODO: user must match headoffice or customer id extra data or else it's not allowed
|
|
break;
|
|
//todo: workorder list
|
|
default://pretty much anything is not allowed
|
|
return StatusCode(403, new ApiNotAuthorizedResponse());
|
|
}
|
|
|
|
}
|
|
|
|
|
|
//hydrate the saved view and filter
|
|
DataListTableProcessingOptions dataListTableOptions = new DataListTableProcessingOptions(tableRequest, DataList, SavedView, SavedFilter, UserId, UserRoles);
|
|
DataListReturnData r = await DataListFetcher.GetResponseAsync(ct, dataListTableOptions, DataList, UserRoles, log, UserId);
|
|
return Ok(r);
|
|
}
|
|
catch (System.UnauthorizedAccessException)
|
|
{
|
|
return StatusCode(403, new ApiNotAuthorizedResponse());
|
|
}
|
|
catch (System.ArgumentOutOfRangeException e)
|
|
{
|
|
return BadRequest(new ApiErrorResponse(ApiErrorCode.NOT_FOUND, null, e.Message));
|
|
|
|
}
|
|
}
|
|
|
|
private async Task<bool> CustomerTypeUserIsAllowedThisDataList(long currentUserId, AuthorizationRoles userRoles, string clientCriteria, string dataListKey)
|
|
{
|
|
|
|
//ClientCriteria format for this list is "OBJECTID,AYATYPE"
|
|
var crit = (clientCriteria ?? "").Split(',').Select(z => z.Trim()).ToArray();
|
|
if (crit.Length > 1)
|
|
{
|
|
|
|
int nType = 0;
|
|
if (!int.TryParse(crit[1], out nType)) return false;
|
|
AyaType forType = (AyaType)nType;
|
|
if (forType != AyaType.Customer && forType != AyaType.HeadOffice) return false;
|
|
|
|
long lId = 0;
|
|
if (!long.TryParse(crit[0], out lId)) return false;
|
|
if (lId == 0) return false;
|
|
|
|
//Have valid type, have an id, is this User actually connected to the entity they are requesting data for
|
|
var User = await ct.User.AsNoTracking().Select(x => new { x.CustomerId, x.HeadOfficeId }).FirstOrDefaultAsync();
|
|
switch (forType)
|
|
{
|
|
case AyaType.Customer:
|
|
if (lId != User.CustomerId)
|
|
return false;
|
|
break;
|
|
case AyaType.HeadOffice:
|
|
if (lId != User.HeadOfficeId)
|
|
return false;
|
|
break;
|
|
}
|
|
}
|
|
return true;
|
|
}
|
|
|
|
/// <summary>
|
|
/// List of all DataList keys available
|
|
/// </summary>
|
|
/// <returns>List of strings</returns>
|
|
[HttpGet("listkeys")]
|
|
public ActionResult GetDataListKeys()
|
|
{
|
|
//NOTE: not used by AyaNova Client, convenience method for developers api usage
|
|
if (!serverState.IsOpen)
|
|
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
|
|
|
return Ok(ApiOkResponse.Response(DataListFactory.GetListOfAllDataListKeyNames()));
|
|
}
|
|
|
|
|
|
/// <summary>
|
|
/// List of all fields for data list key specified
|
|
/// </summary>
|
|
/// <returns>List of DataListFieldDefinition</returns>
|
|
[HttpGet("listfields")]
|
|
public ActionResult GetDataListFields([FromQuery] string DataListKey)
|
|
{
|
|
if (!serverState.IsOpen)
|
|
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
|
|
|
var DataList = DataListFactory.GetAyaDataList(DataListKey);
|
|
//was the name not found as a list?
|
|
if (DataList == null)
|
|
{
|
|
return BadRequest(new ApiErrorResponse(ApiErrorCode.NOT_FOUND, null, $"DataList \"{DataListKey}\" specified does not exist"));
|
|
}
|
|
|
|
var ExternalOnly = DataList.FieldDefinitions.Where(z => z.IsMeta == false);
|
|
return Ok(ApiOkResponse.Response(ExternalOnly));
|
|
}
|
|
|
|
}//eoc
|
|
}//ens |