raven/server/AyaNova/Controllers/FormCustomController.cs

using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Routing;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.JsonPatch;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Logging;

using AyaNova.Models;
using AyaNova.Api.ControllerHelpers;
using AyaNova.Biz;


namespace AyaNova.Api.Controllers
{

    /// <summary>
    /// 
    /// </summary>
    [ApiVersion("8.0")]
    [Route("api/v{version:apiVersion}/[controller]")]
    [Produces("application/json")]
    [Authorize]
    public class FormCustomController : Controller
    {
        private readonly AyContext ct;
        private readonly ILogger<FormCustomController> log;
        private readonly ApiServerState serverState;


        /// <summary>
        /// ctor
        /// </summary>
        /// <param name="dbcontext"></param>
        /// <param name="logger"></param>
        /// <param name="apiServerState"></param>  
        public FormCustomController(AyContext dbcontext, ILogger<FormCustomController> logger, ApiServerState apiServerState)
        {
            ct = dbcontext;
            log = logger;
            serverState = apiServerState;
        }




        /// <summary>
        /// Get form customizations for Client form display
        /// Returns 304 not modified if concurrency token provided and unchanged
        /// 
        /// Required roles:
        /// Any 
        /// 
        /// </summary>
        /// <param name="formkey">The official form key used by AyaNova</param>
        /// <param name="concurrencyToken">A prior concurrency token used to check if there are any changes without using up bandwidth sending unnecessary data</param>
        /// <returns>A single FormCustom or nothing and a header 304 not modified</returns>
        [HttpGet("{formkey}")]      
        public async Task<IActionResult> GetFormCustom([FromRoute] string formkey, [FromQuery] uint? concurrencyToken)
        {
            if (serverState.IsClosed)
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));

            //Instantiate the business object handler
            FormCustomBiz biz = FormCustomBiz.GetBiz(ct, HttpContext);

            //Just have to be authenticated for this one
            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
                return StatusCode(403, new ApiNotAuthorizedResponse());

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));


            var o = await biz.GetAsync(formkey);
            if (o == null)
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));

            //If concurrency token specified then check if ours is newer
            if (concurrencyToken != null)
            {
                if (o.ConcurrencyToken == concurrencyToken)
                {
                    //returns a code 304 (NOT MODIFIED)
                    return StatusCode(304);
                }
            }

            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
        }




        /// <summary>
        /// Get available fields for form specified
        /// Used to build UI for customizing a form
        /// 
        /// Required roles:
        ///     BizAdminFull only has rights to customize forms
        /// 
        /// </summary>
        /// <param name="formkey"></param>
        /// <returns>A single FormCustom</returns>
        [HttpGet("AvailableFields/{formkey}")]
        public ActionResult GetAvailableFields([FromRoute] string formkey)
        {
            if (serverState.IsClosed)
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));

            if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.FormCustom))
                return StatusCode(403, new ApiNotAuthorizedResponse());

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));

            if (FormAvailableFields.IsValidFormKey(formkey))
            {
                return Ok(ApiOkResponse.Response(FormAvailableFields.FormFields(formkey), true));
            }
            else
            {
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
            }
        }

        /// <summary>
        /// Get available types allowed for Custom fields
        /// Used to build UI for customizing a form
        /// 
        /// Required roles:
        ///     BizAdminFull only has rights to customize forms
        /// 
        /// </summary>      
        /// <returns>A list of type string values valid for custom fields</returns>
        [HttpGet("AvailableCustomTypes")]
        public ActionResult GetAvailableCustomTypes()
        {
            if (serverState.IsClosed)
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));

            if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.FormCustom))
                return StatusCode(403, new ApiNotAuthorizedResponse());

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));
            return Ok(ApiOkResponse.Response(AyDataType.ValidCustomFieldTypes, true));
        }


        /// <summary>
        /// Get a list of all customizable form keys
        /// Used to build UI for customizing a form
        /// 
        /// Required roles:
        ///     BizAdminFull only has rights to customize forms
        /// 
        /// </summary>      
        /// <returns>A list of string formKey values valid for customization</returns>
        [HttpGet("AvailableCustomizableFormKeys")]
        public ActionResult GetAvailableCustomizableFormKeys()
        {
            if (serverState.IsClosed)
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));

            if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.FormCustom))
                return StatusCode(403, new ApiNotAuthorizedResponse());

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));
            return Ok(ApiOkResponse.Response(FormAvailableFields.AvailableFormKeys, true));
        }




        /// <summary>
        /// Put (update) FormCustom
        /// 
        /// Required roles: BizAdminFull
        /// 
        /// </summary>
        /// <param name="formkey"></param>
        /// <param name="inObj"></param>
        /// <returns></returns>
        [HttpPut("{formkey}")]
        public async Task<IActionResult> PutFormCustom([FromRoute] string formkey, [FromBody] FormCustom inObj)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));

            //Instantiate the business object handler       
            FormCustomBiz biz = FormCustomBiz.GetBiz(ct, HttpContext);

            var o = await biz.GetNoLogAsync(formkey);
            if (o == null)
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));

            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
                return StatusCode(403, new ApiNotAuthorizedResponse());

            try
            {
                if (!biz.Put(o, inObj))
                    return BadRequest(new ApiErrorResponse(biz.Errors));
            }
            catch (DbUpdateConcurrencyException)
            {
                if (!await biz.ExistsAsync(formkey))
                    return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
                else
                    return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
            }
            return Ok(ApiOkResponse.Response(new { ConcurrencyToken = o.ConcurrencyToken }, true));
        }


        /// <summary>
        /// Post FormCustom
        /// 
        /// Required roles: BizAdminFull
        /// </summary>
        /// <param name="inObj"></param>
        /// <returns></returns>
        [HttpPost]
        public async Task<IActionResult> PostFormCustom([FromBody] FormCustom inObj)
        {
            if (!serverState.IsOpen)
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));

            //Instantiate the business object handler
            FormCustomBiz biz = FormCustomBiz.GetBiz(ct, HttpContext);

            //check rights
            if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
                return StatusCode(403, new ApiNotAuthorizedResponse());

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));

            //Create and validate
            FormCustom o = await biz.CreateAsync(inObj);
            if (o == null)
                return BadRequest(new ApiErrorResponse(biz.Errors));
            else
                return CreatedAtAction("GetFormCustom", new { formkey = o.FormKey }, new ApiCreatedResponse(o));

        }



        //------------


    }//eoc
}//eons