public async Task<IActionResult> Post(IFormFile file) { if (file is null) { return UnprocessableEntity("A non-empty request body is required"); } var attachment = new NewAttachmentModel(_fileUploadConfig.AllowedExtensions) { Filename = file.FileName, ContentType = file.ContentType }; if (TryValidateModel(attachment) == false) { return ValidationProblem(); } byte[] attachmentFile; using (var ms = new MemoryStream()) { file.CopyTo(ms); attachmentFile = ms.ToArray(); } int currUser = _sessionService.GetUserId(HttpContext); int attachmentId = await _attachmentsService.CreateAsync(attachment, attachmentFile, currUser); return Created("/api/attachment/", attachmentId); }
public void NewAttachmentModel_InvalidContentType() { // Arrange var sut = new NewAttachmentModel(new List <string> { ".pdf" }) { Filename = "Abc.pdf", ContentType = "application/html" }; var context = new ValidationContext(sut, null, null); // Act var results = new List <ValidationResult>(); var isModelStateValid = Validator.TryValidateObject(sut, context, results, true); // Assert Assert.False(isModelStateValid); Assert.Single(results); foreach (var item in results) { Assert.Equal($"Allowed extensions: .pdf", item.ErrorMessage); Assert.Single(item.MemberNames); Assert.Contains("ContentType", item.MemberNames); } }
private static SqlParamsModel GetParams_CreateAsync(NewAttachmentModel attachmentModel, byte[] attachmentFile, int currUser) { var sqlModel = new SqlParamsModel { Sql = "pkg_attachments.p_create_new_attachment", Parameters = new OracleDynamicParameters() }; sqlModel.Parameters.Add("pi_filename", attachmentModel.Filename, dbType: OracleMappingType.Varchar2, ParameterDirection.Input); sqlModel.Parameters.Add("pi_content_type", attachmentModel.ContentType, dbType: OracleMappingType.Varchar2, ParameterDirection.Input); sqlModel.Parameters.Add("pi_attachment_file", attachmentFile, dbType: OracleMappingType.Blob, ParameterDirection.Input); sqlModel.Parameters.Add("pi_create_by", currUser, dbType: OracleMappingType.Int32, ParameterDirection.Input); sqlModel.Parameters.Add("po_attachment_id", dbType: OracleMappingType.Int32, direction: ParameterDirection.Output); return(sqlModel); }
public async Task <int> CreateAsync(NewAttachmentModel attachmentModel, byte[] attachmentFile, int currUser) { var sqlModel = new SqlParamsModel { Sql = "pkg_attachments.p_create_new_attachment", Parameters = new OracleDynamicParameters() }; sqlModel.Parameters.Add("pi_filename", attachmentModel.Filename, dbType: OracleMappingType.Varchar2, ParameterDirection.Input); sqlModel.Parameters.Add("pi_content_type", attachmentModel.ContentType, dbType: OracleMappingType.Varchar2, ParameterDirection.Input); sqlModel.Parameters.Add("pi_attachment_file", attachmentFile, dbType: OracleMappingType.Blob, ParameterDirection.Input); sqlModel.Parameters.Add("pi_create_by", currUser, dbType: OracleMappingType.Int32, ParameterDirection.Input); sqlModel.Parameters.Add("po_attachment_id", dbType: OracleMappingType.Int32, direction: ParameterDirection.Output); await _dataAccess.ExecuteAsync(sqlModel); return(sqlModel.Parameters.Get <int>("po_attachment_id")); }