admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
8fe776a3ac48e0b30241b2de9ecb4880360cd50d
raven/server/AyaNova/Controllers/UserController.cs
John Cardinal 8fe776a3ac
2019-05-16 22:28:28 +00:00

419 lines
13 KiB
C#
Raw Blame History

using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Routing;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.JsonPatch;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Logging;
using AyaNova.Models;
using AyaNova.Api.ControllerHelpers;
using AyaNova.Biz;
namespace AyaNova.Api.Controllers
{
/// <summary>
/// User
/// </summary>
[ApiVersion("8.0")]
[Route("api/v{version:apiVersion}/[controller]")]
[Produces("application/json")]
[Authorize]
public class UserController : Controller
{
private readonly AyContext ct;
private readonly ILogger<UserController> log;
private readonly ApiServerState serverState;
/// <summary>
/// ctor
/// </summary>
/// <param name="dbcontext"></param>
/// <param name="logger"></param>
/// <param name="apiServerState"></param>
public UserController(AyContext dbcontext, ILogger<UserController> logger, ApiServerState apiServerState)
{
ct = dbcontext;
log = logger;
serverState = apiServerState;
}
/// <summary>
/// Get User
///
/// Required roles:
/// BizAdminFull, BizAdminLimited
/// </summary>
/// <param name="id"></param>
/// <returns>A single User</returns>
[HttpGet("{id}")]
public async Task<IActionResult> GetUser([FromRoute] long id)
{
if (serverState.IsClosed)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
var o = await biz.GetAsync(id);
if (o == null)
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
}
/// <summary>
/// Get filter and sort options
///
/// Required roles:
/// BizAdminFull, InventoryFull, BizAdminLimited, InventoryLimited, TechFull, TechLimited, Accounting
///
/// </summary>
/// <returns>Filter options</returns>
[HttpGet("FilterOptions")]
public ActionResult FilterOptions()
{
if (serverState.IsClosed)
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
return Ok(new
{
data = UserBiz.FilterOptions(biz.UserLocaleId)
});
}
/// <summary>
/// Get paged list of Users
///
/// Required roles:
/// BizAdminFull, BizAdminLimited
///
/// </summary>
/// <returns>Paged collection of Users with paging data</returns>
[HttpGet("ListUsers", Name = nameof(ListUsers))]//We MUST have a "Name" defined or we can't get the link for the pagination, non paged urls don't need a name
public async Task<IActionResult> ListUsers([FromQuery] PagingOptions pagingOptions)
{
if (serverState.IsClosed)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
ApiPagedResponse<System.Object> pr = await biz.GetManyAsync(Url, nameof(ListUsers), pagingOptions);
return Ok(new ApiOkWithPagingResponse<System.Object>(pr));
}
/// <summary>
/// Get User pick list
///
/// Required roles: Any
///
/// </summary>
/// <param name="pagingOptions">Paging, filtering and sorting options</param>
/// <returns>Paged id/name collection with paging data</returns>
[HttpGet("PickList", Name = nameof(UserPickList))]
public ActionResult UserPickList([FromQuery] PagingOptions pagingOptions)
{
if (serverState.IsClosed)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
ApiPagedResponse<NameIdItem> pr = biz.GetPickList(Url, nameof(UserPickList), pagingOptions);
return Ok(new ApiOkWithPagingResponse<NameIdItem>(pr));
}
/// <summary>
/// Put (update) User
///
/// Required roles:
/// BizAdminFull
///
/// </summary>
/// <param name="id"></param>
/// <param name="inObj"></param>
/// <returns></returns>
[HttpPut("{id}")]
public async Task<IActionResult> PutUser([FromRoute] long id, [FromBody] User inObj)
{
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
var o = await ct.User.SingleOrDefaultAsync(m => m.Id == id);
if (o == null)
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
try
{
if (!biz.Put(o, inObj))
return BadRequest(new ApiErrorResponse(biz.Errors));
}
catch (DbUpdateConcurrencyException)
{
if (!UserExists(id))
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
else
{
//exists but was changed by another user
//I considered returning new and old record, but where would it end?
//Better to let the client decide what to do than to send extra data that is not required
return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
}
}
return Ok(ApiOkResponse.Response(new { ConcurrencyToken = o.ConcurrencyToken }, true));
}
/// <summary>
/// Patch (update) User
///
/// Required roles:
/// BizAdminFull
///
/// </summary>
/// <param name="id"></param>
/// <param name="concurrencyToken"></param>
/// <param name="objectPatch"></param>
/// <returns></returns>
[HttpPatch("{id}/{concurrencyToken}")]
public async Task<IActionResult> PatchUser([FromRoute] long id, [FromRoute] uint concurrencyToken, [FromBody]JsonPatchDocument<User> objectPatch)
{
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
var o = await ct.User.SingleOrDefaultAsync(m => m.Id == id);
if (o == null)
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
try
{
//patch and validate
if (!biz.Patch(o, objectPatch, concurrencyToken))
{
return BadRequest(new ApiErrorResponse(biz.Errors));
}
}
catch (DbUpdateConcurrencyException)
{
if (!UserExists(id))
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
else
{
return StatusCode(409, new ApiErrorResponse(ApiErrorCode.CONCURRENCY_CONFLICT));
}
}
return Ok(ApiOkResponse.Response(new { ConcurrencyToken = o.ConcurrencyToken }, true));
}
/// <summary>
/// Post User
///
/// Required roles:
/// BizAdminFull
///
/// </summary>
/// <param name="inObj"></param>
/// <returns></returns>
[HttpPost]
public async Task<IActionResult> PostUser([FromBody] User inObj)
{
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
//Create and validate
User o = await biz.CreateAsync(inObj);
if (o == null)
{
//error return
return BadRequest(new ApiErrorResponse(biz.Errors));
}
else
{
//return success and link
//NOTE: this is a USER object so we don't want to return some key fields for security reasons
//which is why the object is "cleaned" before return
return CreatedAtAction("GetUser", new { id = o.Id }, new ApiCreatedResponse(UserBiz.CleanUserForReturn(o)));
}
}
/// <summary>
/// Delete User
///
/// Required roles:
/// BizAdminFull
///
/// </summary>
/// <param name="id"></param>
/// <returns>Ok</returns>
[HttpDelete("{id}")]
public async Task<IActionResult> DeleteUser([FromRoute] long id)
{
if (!serverState.IsOpen)
{
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
}
if (!ModelState.IsValid)
{
return BadRequest(new ApiErrorResponse(ModelState));
}
//Instantiate the business object handler
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
var dbObj = await ct.User.SingleOrDefaultAsync(m => m.Id == id);
if (dbObj == null)
{
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, biz.BizType, dbObj.OwnerId))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
if (!biz.Delete(dbObj))
{
return BadRequest(new ApiErrorResponse(biz.Errors));
}
return NoContent();
}
private bool UserExists(long id)
{
return ct.User.Any(e => e.Id == id);
}
//------------
}//eoc
}//eons
Reference in New Issue View Git Blame Copy Permalink