public AllInOne Load([FromBody] List <ItemIdentifier> items, int appId)
{
// Security check
var wraplog = Log.Call("Load", $"load many a#{appId}, items⋮{items.Count}");
// do early permission check - but at this time it may be that we don't have the types yet
// because they may be group/id combinations, without type information which we'll look up afterwards
var appForSecurityChecks = App.LightWithoutData(new DnnTenant(PortalSettings), appId, Log);
items = new SaveHelpers.ContentGroupList(SxcInstance, Log).ConvertListIndexToId(items, appForSecurityChecks);
// now look up the types, and repeat security check with type-names
var permCheck = new MultiPermissionsTypes(SxcInstance, appId, items, Log);
if (!permCheck.EnsureAll(GrantSets.WriteSomething, out var exception))
{
throw exception;
}
// load items - similar
var result = new AllInOne();
var entityApi = new EntityApi(appId, Log);
var typeRead = entityApi.AppManager.Read.ContentTypes;
var list = entityApi.GetEntitiesForEditing(appId, items);
var jsonSerializer = new JsonSerializer();
result.Items = list.Select(e => new BundleWithHeader <JsonEntity>
{
Header = e.Header,
Entity = jsonSerializer.ToJson(e.Entity ?? ConstructEmptyEntity(appId, e.Header, typeRead))
}).ToList();
// set published if some data already exists
if (list.Any())
{
result.IsPublished = list.First().Entity?.IsPublished ?? true; // Entity could be null (new), then true
}
// load content-types
var types = UsedTypes(list, typeRead);
result.ContentTypes = types.Select(ct => JsonSerializer.ToJson(ct, true)).ToList();
// load input-field configurations
result.InputTypes = GetNecessaryInputTypes(types, typeRead);
// also deliver features
result.Features = SystemController.FeatureListWithPermissionCheck(appId, permCheck).ToList();
// done - return
wraplog($"ready, sending items:{result.Items.Count}, " +
$"types:{result.ContentTypes.Count}, " +
$"inputs:{result.InputTypes.Count}, " +
$"feats:{result.Features.Count}");
return(result);
}
public Dictionary <Guid, int> Save([FromBody] AllInOne package, int appId, bool partOfPage)
{
Log.Add($"save started with a#{appId}, i⋮{package.Items.Count}, partOfPage:{partOfPage}");
var validator = new SaveDataValidator(package, Log);
// perform some basic validation checks
if (!validator.ContainsOnlyExpectedNodes(out var exp))
{
throw exp;
}
// todo: unsure about this - thought I should check contentblockappid in group-header, because this is where it should be saved!
//var contextAppId = appId;
//var targetAppId = package.Items.First().Header.Group.ContentBlockAppId;
//if (targetAppId != 0)
//{
// Log.Add($"detected content-block app to use: {targetAppId}; in context of app {contextAppId}");
// appId = targetAppId;
//}
var appMan = new AppManager(appId, Log);
var appRead = appMan.Read;
var ser = new JsonSerializer(appRead.Package, Log);
validator.PrepareForEntityChecks(appRead);
// permission checks
var permCheck = new SaveHelpers.Security(SxcInstance, Log).DoPreSaveSecurityCheck(appId, package.Items);
var items = package.Items.Select(i =>
{
var ent = ser.Deserialize(i.Entity, false, false);
if (!validator.EntityIsOk(package.Items.IndexOf(i), ent, out exp))
{
throw exp;
}
return(new BundleWithHeader <IEntity>
{
Header = i.Header,
Entity = ent
});
})
.ToList();
Log.Add("items to save generated, all data tests passed");
return(new SaveHelpers.DnnPublishing(SxcInstance, Log)
.SaveWithinDnnPagePublishing(appId, items, partOfPage,
forceSaveAsDraft => DoSave(appMan, items, forceSaveAsDraft),
permCheck));
}
public SaveDataValidator(AllInOne package, Log parentLog)
: base("Val.Save", parentLog, "start save validator", nameof(SaveDataValidator))
{
Package = package;
}
public AllInOne Load([FromBody] List <ItemIdentifier> items, int appId)
{
// Security check
var wraplog = Log.Call("Load", $"load many a#{appId}, items⋮{items.Count}");
// do early permission check - but at this time it may be that we don't have the types yet
// because they may be group/id combinations, without type information which we'll look up afterwards
var appForSecurityChecks = App.LightWithoutData(new DnnTenant(PortalSettings), appId, Log);
items = new SaveHelpers.ContentGroupList(SxcInstance, Log).ConvertListIndexToId(items, appForSecurityChecks);
// now look up the types, and repeat security check with type-names
var permCheck = new MultiPermissionsTypes(SxcInstance, appId, items, Log);
if (!permCheck.EnsureAll(GrantSets.WriteSomething, out var exception))
{
throw exception;
}
// load items - similar
var result = new AllInOne();
var entityApi = new EntityApi(appId, Log);
var typeRead = entityApi.AppManager.Read.ContentTypes;
var list = entityApi.GetEntitiesForEditing(appId, items);
var jsonSerializer = new JsonSerializer();
result.Items = list.Select(e => new BundleWithHeader <JsonEntity>
{
Header = e.Header,
Entity = GetSerializeAndMdAssignJsonEntity(appId, e, jsonSerializer, typeRead)
}).ToList();
// set published if some data already exists
if (list.Any())
{
result.IsPublished = list.First().Entity?.IsPublished ?? true; // Entity could be null (new), then true
// only set draft-should-branch if this draft already has a published item
if (!result.IsPublished)
{
result.DraftShouldBranch = list.First().Entity?.GetPublished() != null;
}
}
// since we're retrieving data - make sure we're allowed to
// this is to ensure that if public forms only have create permissions, they can't access existing data
// important, this code is shared/duplicated in the EntitiesController.GetManyForEditing
if (list.Any(set => set.Entity != null))
{
if (!permCheck.EnsureAll(GrantSets.ReadSomething, out exception))
{
throw exception;
}
}
// load content-types
var types = UsedTypes(list, typeRead);
result.ContentTypes = types
.Select(ct => JsonSerializer.ToJson(ct, true))
.ToList();
// Fix not-supported input-type names; map to correct name
result.ContentTypes
.ForEach(jt => jt.Attributes
.ForEach(at => at.InputType = InputTypes.MapInputTypeV10(at.InputType)));
// load input-field configurations
result.InputTypes = GetNecessaryInputTypes(result.ContentTypes /*types*/, typeRead);
// also include UI features
result.Features = SystemController.FeatureListWithPermissionCheck(appId, permCheck).ToList();
// done - return
wraplog($"ready, sending items:{result.Items.Count}, " +
$"types:{result.ContentTypes.Count}, " +
$"inputs:{result.InputTypes.Count}, " +
$"feats:{result.Features.Count}");
return(result);
}
public Dictionary <Guid, int> Save([FromBody] AllInOne package, int appId, bool partOfPage)
{
Log.Add($"save started with a#{appId}, i⋮{package.Items.Count}, partOfPage:{partOfPage}");
var validator = new SaveDataValidator(package, Log);
// perform some basic validation checks
if (!validator.ContainsOnlyExpectedNodes(out var exp))
{
throw exp;
}
// todo: unsure about this - thought I should check contentblockappid in group-header, because this is where it should be saved!
//var contextAppId = appId;
//var targetAppId = package.Items.First().Header.Group.ContentBlockAppId;
//if (targetAppId != 0)
//{
// Log.Add($"detected content-block app to use: {targetAppId}; in context of app {contextAppId}");
// appId = targetAppId;
//}
var appMan = new AppManager(appId, Log);
var appRead = appMan.Read;
var ser = new JsonSerializer(appRead.Package, Log)
{
// Since we're importing directly into this app, we would prefer local content-types
PreferLocalAppTypes = true
};
validator.PrepareForEntityChecks(appRead);
#region check if it's an update, and do more security checks then - shared with EntitiesController.Save
// basic permission checks
var permCheck = new SaveHelpers.Security(SxcInstance, Log)
.DoPreSaveSecurityCheck(appId, package.Items);
var foundItems = package.Items.Where(i => i.EntityId != 0 && i.EntityGuid != Guid.Empty)
.Select(i => i.EntityGuid != Guid.Empty
? appRead.Entities.Get(i.EntityGuid) // prefer guid access if available
: appRead.Entities.Get(i.EntityId) // otherwise id
);
if (foundItems.Any(i => i != null) && !permCheck.EnsureAll(GrantSets.UpdateSomething, out var exception))
{
throw exception;
}
#endregion
var items = package.Items.Select(i =>
{
var ent = ser.Deserialize(i.Entity, false, false) as Entity;
var index = package.Items.IndexOf(i); // index is helpful in case of errors
if (!validator.EntityIsOk(index, ent, out exp))
{
throw exp;
}
if (!validator.IfUpdateValidateAndCorrectIds(index, ent, out exp))
{
throw exp;
}
ent.IsPublished = package.IsPublished;
ent.PlaceDraftInBranch = package.DraftShouldBranch;
// only do this if we're adding to a group
if (i.Header.Group != null)
{
// the entityId is reset by the validator if it turns out to be an update
if (ent.EntityId > 0 && i.Header.Group.Add)
{
i.Header.Group.Add = false;
}
i.Header.Group.ReallyAddBecauseAlreadyVerified = i.Header.Group.Add;
}
return(new BundleWithHeader <IEntity>
{
Header = i.Header,
Entity = ent
});
})
.ToList();
Log.Add("items to save generated, all data tests passed");
return(new SaveHelpers.DnnPublishing(SxcInstance, Log)
.SaveWithinDnnPagePublishing(appId, items, partOfPage,
forceSaveAsDraft => DoSave(appMan, items, forceSaveAsDraft),
permCheck));
}
