public AllInOne Load([FromBody] List <ItemIdentifier> items, int appId) { // Security check var wraplog = Log.Call("Load", $"load many a#{appId}, items⋮{items.Count}"); // do early permission check - but at this time it may be that we don't have the types yet // because they may be group/id combinations, without type information which we'll look up afterwards var appForSecurityChecks = App.LightWithoutData(new DnnTenant(PortalSettings), appId, Log); items = new SaveHelpers.ContentGroupList(SxcInstance, Log).ConvertListIndexToId(items, appForSecurityChecks); // now look up the types, and repeat security check with type-names var permCheck = new MultiPermissionsTypes(SxcInstance, appId, items, Log); if (!permCheck.EnsureAll(GrantSets.WriteSomething, out var exception)) { throw exception; } // load items - similar var result = new AllInOne(); var entityApi = new EntityApi(appId, Log); var typeRead = entityApi.AppManager.Read.ContentTypes; var list = entityApi.GetEntitiesForEditing(appId, items); var jsonSerializer = new JsonSerializer(); result.Items = list.Select(e => new BundleWithHeader <JsonEntity> { Header = e.Header, Entity = jsonSerializer.ToJson(e.Entity ?? ConstructEmptyEntity(appId, e.Header, typeRead)) }).ToList(); // set published if some data already exists if (list.Any()) { result.IsPublished = list.First().Entity?.IsPublished ?? true; // Entity could be null (new), then true } // load content-types var types = UsedTypes(list, typeRead); result.ContentTypes = types.Select(ct => JsonSerializer.ToJson(ct, true)).ToList(); // load input-field configurations result.InputTypes = GetNecessaryInputTypes(types, typeRead); // also deliver features result.Features = SystemController.FeatureListWithPermissionCheck(appId, permCheck).ToList(); // done - return wraplog($"ready, sending items:{result.Items.Count}, " + $"types:{result.ContentTypes.Count}, " + $"inputs:{result.InputTypes.Count}, " + $"feats:{result.Features.Count}"); return(result); }
public Dictionary <Guid, int> Save([FromBody] AllInOne package, int appId, bool partOfPage) { Log.Add($"save started with a#{appId}, i⋮{package.Items.Count}, partOfPage:{partOfPage}"); var validator = new SaveDataValidator(package, Log); // perform some basic validation checks if (!validator.ContainsOnlyExpectedNodes(out var exp)) { throw exp; } // todo: unsure about this - thought I should check contentblockappid in group-header, because this is where it should be saved! //var contextAppId = appId; //var targetAppId = package.Items.First().Header.Group.ContentBlockAppId; //if (targetAppId != 0) //{ // Log.Add($"detected content-block app to use: {targetAppId}; in context of app {contextAppId}"); // appId = targetAppId; //} var appMan = new AppManager(appId, Log); var appRead = appMan.Read; var ser = new JsonSerializer(appRead.Package, Log); validator.PrepareForEntityChecks(appRead); // permission checks var permCheck = new SaveHelpers.Security(SxcInstance, Log).DoPreSaveSecurityCheck(appId, package.Items); var items = package.Items.Select(i => { var ent = ser.Deserialize(i.Entity, false, false); if (!validator.EntityIsOk(package.Items.IndexOf(i), ent, out exp)) { throw exp; } return(new BundleWithHeader <IEntity> { Header = i.Header, Entity = ent }); }) .ToList(); Log.Add("items to save generated, all data tests passed"); return(new SaveHelpers.DnnPublishing(SxcInstance, Log) .SaveWithinDnnPagePublishing(appId, items, partOfPage, forceSaveAsDraft => DoSave(appMan, items, forceSaveAsDraft), permCheck)); }
public SaveDataValidator(AllInOne package, Log parentLog) : base("Val.Save", parentLog, "start save validator", nameof(SaveDataValidator)) { Package = package; }
public AllInOne Load([FromBody] List <ItemIdentifier> items, int appId) { // Security check var wraplog = Log.Call("Load", $"load many a#{appId}, items⋮{items.Count}"); // do early permission check - but at this time it may be that we don't have the types yet // because they may be group/id combinations, without type information which we'll look up afterwards var appForSecurityChecks = App.LightWithoutData(new DnnTenant(PortalSettings), appId, Log); items = new SaveHelpers.ContentGroupList(SxcInstance, Log).ConvertListIndexToId(items, appForSecurityChecks); // now look up the types, and repeat security check with type-names var permCheck = new MultiPermissionsTypes(SxcInstance, appId, items, Log); if (!permCheck.EnsureAll(GrantSets.WriteSomething, out var exception)) { throw exception; } // load items - similar var result = new AllInOne(); var entityApi = new EntityApi(appId, Log); var typeRead = entityApi.AppManager.Read.ContentTypes; var list = entityApi.GetEntitiesForEditing(appId, items); var jsonSerializer = new JsonSerializer(); result.Items = list.Select(e => new BundleWithHeader <JsonEntity> { Header = e.Header, Entity = GetSerializeAndMdAssignJsonEntity(appId, e, jsonSerializer, typeRead) }).ToList(); // set published if some data already exists if (list.Any()) { result.IsPublished = list.First().Entity?.IsPublished ?? true; // Entity could be null (new), then true // only set draft-should-branch if this draft already has a published item if (!result.IsPublished) { result.DraftShouldBranch = list.First().Entity?.GetPublished() != null; } } // since we're retrieving data - make sure we're allowed to // this is to ensure that if public forms only have create permissions, they can't access existing data // important, this code is shared/duplicated in the EntitiesController.GetManyForEditing if (list.Any(set => set.Entity != null)) { if (!permCheck.EnsureAll(GrantSets.ReadSomething, out exception)) { throw exception; } } // load content-types var types = UsedTypes(list, typeRead); result.ContentTypes = types .Select(ct => JsonSerializer.ToJson(ct, true)) .ToList(); // Fix not-supported input-type names; map to correct name result.ContentTypes .ForEach(jt => jt.Attributes .ForEach(at => at.InputType = InputTypes.MapInputTypeV10(at.InputType))); // load input-field configurations result.InputTypes = GetNecessaryInputTypes(result.ContentTypes /*types*/, typeRead); // also include UI features result.Features = SystemController.FeatureListWithPermissionCheck(appId, permCheck).ToList(); // done - return wraplog($"ready, sending items:{result.Items.Count}, " + $"types:{result.ContentTypes.Count}, " + $"inputs:{result.InputTypes.Count}, " + $"feats:{result.Features.Count}"); return(result); }
public Dictionary <Guid, int> Save([FromBody] AllInOne package, int appId, bool partOfPage) { Log.Add($"save started with a#{appId}, i⋮{package.Items.Count}, partOfPage:{partOfPage}"); var validator = new SaveDataValidator(package, Log); // perform some basic validation checks if (!validator.ContainsOnlyExpectedNodes(out var exp)) { throw exp; } // todo: unsure about this - thought I should check contentblockappid in group-header, because this is where it should be saved! //var contextAppId = appId; //var targetAppId = package.Items.First().Header.Group.ContentBlockAppId; //if (targetAppId != 0) //{ // Log.Add($"detected content-block app to use: {targetAppId}; in context of app {contextAppId}"); // appId = targetAppId; //} var appMan = new AppManager(appId, Log); var appRead = appMan.Read; var ser = new JsonSerializer(appRead.Package, Log) { // Since we're importing directly into this app, we would prefer local content-types PreferLocalAppTypes = true }; validator.PrepareForEntityChecks(appRead); #region check if it's an update, and do more security checks then - shared with EntitiesController.Save // basic permission checks var permCheck = new SaveHelpers.Security(SxcInstance, Log) .DoPreSaveSecurityCheck(appId, package.Items); var foundItems = package.Items.Where(i => i.EntityId != 0 && i.EntityGuid != Guid.Empty) .Select(i => i.EntityGuid != Guid.Empty ? appRead.Entities.Get(i.EntityGuid) // prefer guid access if available : appRead.Entities.Get(i.EntityId) // otherwise id ); if (foundItems.Any(i => i != null) && !permCheck.EnsureAll(GrantSets.UpdateSomething, out var exception)) { throw exception; } #endregion var items = package.Items.Select(i => { var ent = ser.Deserialize(i.Entity, false, false) as Entity; var index = package.Items.IndexOf(i); // index is helpful in case of errors if (!validator.EntityIsOk(index, ent, out exp)) { throw exp; } if (!validator.IfUpdateValidateAndCorrectIds(index, ent, out exp)) { throw exp; } ent.IsPublished = package.IsPublished; ent.PlaceDraftInBranch = package.DraftShouldBranch; // only do this if we're adding to a group if (i.Header.Group != null) { // the entityId is reset by the validator if it turns out to be an update if (ent.EntityId > 0 && i.Header.Group.Add) { i.Header.Group.Add = false; } i.Header.Group.ReallyAddBecauseAlreadyVerified = i.Header.Group.Add; } return(new BundleWithHeader <IEntity> { Header = i.Header, Entity = ent }); }) .ToList(); Log.Add("items to save generated, all data tests passed"); return(new SaveHelpers.DnnPublishing(SxcInstance, Log) .SaveWithinDnnPagePublishing(appId, items, partOfPage, forceSaveAsDraft => DoSave(appMan, items, forceSaveAsDraft), permCheck)); }