public async Task<IActionResult> Post(IFormFile file)
{
if (file is null)
{
return UnprocessableEntity("A non-empty request body is required");
}
var attachment = new NewAttachmentModel(_fileUploadConfig.AllowedExtensions)
{
Filename = file.FileName,
ContentType = file.ContentType
};
if (TryValidateModel(attachment) == false)
{
return ValidationProblem();
}
byte[] attachmentFile;
using (var ms = new MemoryStream())
{
file.CopyTo(ms);
attachmentFile = ms.ToArray();
}
int currUser = _sessionService.GetUserId(HttpContext);
int attachmentId = await _attachmentsService.CreateAsync(attachment, attachmentFile, currUser);
return Created("/api/attachment/", attachmentId);
}
public void NewAttachmentModel_InvalidContentType()
{
// Arrange
var sut = new NewAttachmentModel(new List <string> {
".pdf"
})
{
Filename = "Abc.pdf",
ContentType = "application/html"
};
var context = new ValidationContext(sut, null, null);
// Act
var results = new List <ValidationResult>();
var isModelStateValid = Validator.TryValidateObject(sut, context, results, true);
// Assert
Assert.False(isModelStateValid);
Assert.Single(results);
foreach (var item in results)
{
Assert.Equal($"Allowed extensions: .pdf", item.ErrorMessage);
Assert.Single(item.MemberNames);
Assert.Contains("ContentType", item.MemberNames);
}
}
private static SqlParamsModel GetParams_CreateAsync(NewAttachmentModel attachmentModel, byte[] attachmentFile, int currUser)
{
var sqlModel = new SqlParamsModel
{
Sql = "pkg_attachments.p_create_new_attachment",
Parameters = new OracleDynamicParameters()
};
sqlModel.Parameters.Add("pi_filename", attachmentModel.Filename, dbType: OracleMappingType.Varchar2, ParameterDirection.Input);
sqlModel.Parameters.Add("pi_content_type", attachmentModel.ContentType, dbType: OracleMappingType.Varchar2, ParameterDirection.Input);
sqlModel.Parameters.Add("pi_attachment_file", attachmentFile, dbType: OracleMappingType.Blob, ParameterDirection.Input);
sqlModel.Parameters.Add("pi_create_by", currUser, dbType: OracleMappingType.Int32, ParameterDirection.Input);
sqlModel.Parameters.Add("po_attachment_id", dbType: OracleMappingType.Int32, direction: ParameterDirection.Output);
return(sqlModel);
}
public async Task <int> CreateAsync(NewAttachmentModel attachmentModel, byte[] attachmentFile, int currUser)
{
var sqlModel = new SqlParamsModel
{
Sql = "pkg_attachments.p_create_new_attachment",
Parameters = new OracleDynamicParameters()
};
sqlModel.Parameters.Add("pi_filename", attachmentModel.Filename, dbType: OracleMappingType.Varchar2, ParameterDirection.Input);
sqlModel.Parameters.Add("pi_content_type", attachmentModel.ContentType, dbType: OracleMappingType.Varchar2, ParameterDirection.Input);
sqlModel.Parameters.Add("pi_attachment_file", attachmentFile, dbType: OracleMappingType.Blob, ParameterDirection.Input);
sqlModel.Parameters.Add("pi_create_by", currUser, dbType: OracleMappingType.Int32, ParameterDirection.Input);
sqlModel.Parameters.Add("po_attachment_id", dbType: OracleMappingType.Int32, direction: ParameterDirection.Output);
await _dataAccess.ExecuteAsync(sqlModel);
return(sqlModel.Parameters.Get <int>("po_attachment_id"));
}
