admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b9c2ce990635c1a446a9c058628fc21ae99f4065
raven/server/AyaNova/Controllers/DataListController.cs
John Cardinal 939065476a
2021-11-16 18:23:25 +00:00

192 lines
8.2 KiB
C#
Raw Blame History

using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Routing;
using Microsoft.Extensions.Logging;
using Microsoft.AspNetCore.Authorization;
using AyaNova.Models;
using AyaNova.Api.ControllerHelpers;
using AyaNova.Biz;
using AyaNova.DataList;
using System.Threading.Tasks;
using System.Linq;
using EnumsNET;
using Microsoft.EntityFrameworkCore;
namespace AyaNova.Api.Controllers
{
[ApiController]
[ApiVersion("8.0")]
[Route("api/v{version:apiVersion}/data-list")]
[Produces("application/json")]
[Authorize]
public class DataListController : ControllerBase
{
private readonly AyContext ct;
private readonly ILogger<DataListController> log;
private readonly ApiServerState serverState;
/// <summary>
/// ctor
/// </summary>
/// <param name="dbcontext"></param>
/// <param name="logger"></param>
/// <param name="apiServerState"></param>
public DataListController(AyContext dbcontext, ILogger<DataListController> logger, ApiServerState apiServerState)
{
ct = dbcontext;
log = logger;
serverState = apiServerState;
}
/// <summary>
/// Get list of data for selection / viewing
///
/// Authorization varies list by list, will return 403 - Not Authorized if user has insufficient role
///
/// </summary>
/// <param name="tableRequest">List key, Paging, filtering and sorting options</param>
/// <returns>Collection with paging data</returns>
// [HttpPost("List", Name = nameof(List))]
[HttpPost]
public async Task<IActionResult> List([FromBody] DataListTableRequest tableRequest)
{
var UserId = UserIdFromContext.Id(HttpContext.Items);
if (!serverState.IsOpen && UserId != 1)//bypass for superuser to view list of Users to fix license issues
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
if (tableRequest.Limit == null || tableRequest.Limit < 1)
{
tableRequest.Limit = DataListTableProcessingOptions.DefaultLimit;
}
if (tableRequest.Offset == null)
{
tableRequest.Offset = 0;
}
var UserRoles = UserRolesFromContext.Roles(HttpContext.Items);
var UType = UserTypeFromContext.Type(HttpContext.Items);
try
{
DataListColumnViewBiz viewbiz = DataListColumnViewBiz.GetBiz(ct, HttpContext);
var SavedView = await viewbiz.GetAsync(UserId, tableRequest.DataListKey, true);
DataListSavedFilter SavedFilter = null;
if (tableRequest.FilterId != 0)
{
DataListSavedFilterBiz filterbiz = DataListSavedFilterBiz.GetBiz(ct, HttpContext);
SavedFilter = await filterbiz.GetAsync(tableRequest.FilterId);
}
var DataList = DataListFactory.GetAyaDataList(tableRequest.DataListKey, UserTranslationIdFromContext.Id(HttpContext.Items));
if (DataList == null)
return BadRequest(new ApiErrorResponse(ApiErrorCode.NOT_FOUND, "DataListKey", $"DataList \"{tableRequest.DataListKey}\" specified does not exist"));
//check rights
if (!UserRoles.HasAnyFlags(DataList.AllowedRoles))
return StatusCode(403, new ApiNotAuthorizedResponse());
//IF user is a customer type check if they are allowed to view this datalist
//and build the data list internal 'client' criteria
if (UType == UserType.Customer || UType == UserType.HeadOffice)
if (!await HandleCustomerTypeUserDataListRequest(UserId, tableRequest))
return StatusCode(403, new ApiNotAuthorizedResponse());
//hydrate the saved view and filter
DataListTableProcessingOptions dataListTableOptions = new DataListTableProcessingOptions(tableRequest, DataList, SavedView, SavedFilter, UserId, UserRoles);
DataListReturnData r = await DataListFetcher.GetResponseAsync(ct, dataListTableOptions, DataList, UserRoles, log, UserId);
return Ok(r);
}
catch (System.UnauthorizedAccessException)
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
catch (System.ArgumentOutOfRangeException e)
{
return BadRequest(new ApiErrorResponse(ApiErrorCode.NOT_FOUND, null, e.Message));
}
}
private async Task<bool> HandleCustomerTypeUserDataListRequest(long currentUserId, DataListTableRequest tableRequest)
{
//Is this list allowed for a customer user and also enabled in global settings
switch (tableRequest.DataListKey)
{
case "CustomerServiceRequestDataList":
if (!AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowCSR)
return false;
break;
case "CustomerWorkOrderDataList":
if (!AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowViewWO)
return false;
break;
default:
return false;
}
//Build client criteria if user is of correct type
var UserInfo = await ct.User.AsNoTracking().Where(x => x.Id == currentUserId).Select(x => new { x.UserType, x.CustomerId, x.HeadOfficeId }).SingleOrDefaultAsync();
switch (UserInfo.UserType)
{
case UserType.Customer:
if (UserInfo.CustomerId == null || UserInfo.CustomerId == 0) return false;
tableRequest.ClientCriteria = $"{UserInfo.CustomerId},{(int)AyaType.Customer}";
break;
case UserType.HeadOffice:
if (UserInfo.HeadOfficeId == null || UserInfo.HeadOfficeId == 0) return false;
tableRequest.ClientCriteria = $"{UserInfo.HeadOfficeId},{(int)AyaType.HeadOffice}";
break;
default://other user type
return false;
}
return true;
}
/// <summary>
/// List of all DataList keys available
/// </summary>
/// <returns>List of strings</returns>
[HttpGet("listkeys")]
public ActionResult GetDataListKeys()
{
//NOTE: not used by AyaNova Client, convenience method for developers api usage
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
return Ok(ApiOkResponse.Response(DataListFactory.GetListOfAllDataListKeyNames()));
}
/// <summary>
/// List of all fields for data list key specified
/// </summary>
/// <returns>List of DataListFieldDefinition</returns>
[HttpGet("listfields")]
public ActionResult GetDataListFields([FromQuery] string DataListKey)
{
if (!serverState.IsOpen && UserIdFromContext.Id(HttpContext.Items) != 1)//bypass for superuser to fix fundamental problems
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
var DataList = DataListFactory.GetAyaDataList(DataListKey, UserTranslationIdFromContext.Id(HttpContext.Items));
//was the name not found as a list?
if (DataList == null)
{
return BadRequest(new ApiErrorResponse(ApiErrorCode.NOT_FOUND, null, $"DataList \"{DataListKey}\" specified does not exist"));
}
var ExternalOnly = DataList.FieldDefinitions.Where(z => z.IsMeta == false);
return Ok(ApiOkResponse.Response(ExternalOnly));
}
}//eoc
}//ens
Reference in New Issue View Git Blame Copy Permalink