private WorkflowComment _AssignValues(WorkflowComment request, DocConstantPermission permission, Session session) { if (permission != DocConstantPermission.ADD && (request == null || request.Id <= 0)) { throw new HttpError(HttpStatusCode.NotFound, $"No record"); } if (permission == DocConstantPermission.ADD && !DocPermissionFactory.HasPermissionTryAdd(currentUser, "WorkflowComment")) { throw new HttpError(HttpStatusCode.Forbidden, "You do not have ADD permission for this route."); } request.VisibleFields = request.VisibleFields ?? new List <string>(); WorkflowComment ret = null; request = _InitAssignValues <WorkflowComment>(request, permission, session); //In case init assign handles create for us, return it if (permission == DocConstantPermission.ADD && request.Id > 0) { return(request); } var cacheKey = GetApiCacheKey <WorkflowComment>(DocConstantModelName.WORKFLOWCOMMENT, nameof(WorkflowComment), request); //First, assign all the variables, do database lookups and conversions var pChildren = request.Children?.ToList(); var pParent = (request.Parent?.Id > 0) ? DocEntityWorkflowComment.GetWorkflowComment(request.Parent.Id) : null; var pText = request.Text; var pUser = (request.User?.Id > 0) ? DocEntityUser.GetUser(request.User.Id) : null; var pWorkflow = (request.Workflow?.Id > 0) ? DocEntityWorkflow.GetWorkflow(request.Workflow.Id) : null; DocEntityWorkflowComment entity = null; if (permission == DocConstantPermission.ADD) { var now = DateTime.UtcNow; entity = new DocEntityWorkflowComment(session) { Created = now, Updated = now }; } else { entity = DocEntityWorkflowComment.GetWorkflowComment(request.Id); if (null == entity) { throw new HttpError(HttpStatusCode.NotFound, $"No record"); } } //Special case for Archived var pArchived = true == request.Archived; if (DocPermissionFactory.IsRequestedHasPermission <bool>(currentUser, request, pArchived, permission, DocConstantModelName.WORKFLOWCOMMENT, nameof(request.Archived))) { if (DocPermissionFactory.IsRequested(request, pArchived, entity.Archived, nameof(request.Archived))) { if (DocResources.Metadata.IsInsertOnly(DocConstantModelName.WORKFLOWCOMMENT, nameof(request.Archived)) && DocConstantPermission.ADD != permission) { throw new HttpError(HttpStatusCode.Forbidden, $"{nameof(request.Archived)} cannot be modified once set."); } } if (DocTools.IsNullOrEmpty(pArchived) && DocResources.Metadata.IsRequired(DocConstantModelName.WORKFLOWCOMMENT, nameof(request.Archived))) { throw new HttpError(HttpStatusCode.BadRequest, $"{nameof(request.Archived)} requires a value."); } entity.Archived = pArchived; if (DocPermissionFactory.IsRequested <bool>(request, pArchived, nameof(request.Archived)) && !request.VisibleFields.Matches(nameof(request.Archived), ignoreSpaces: true)) { request.VisibleFields.Add(nameof(request.Archived)); } } if (DocPermissionFactory.IsRequestedHasPermission <DocEntityWorkflowComment>(currentUser, request, pParent, permission, DocConstantModelName.WORKFLOWCOMMENT, nameof(request.Parent))) { if (DocPermissionFactory.IsRequested(request, pParent, entity.Parent, nameof(request.Parent))) { if (DocResources.Metadata.IsInsertOnly(DocConstantModelName.WORKFLOWCOMMENT, nameof(request.Parent)) && DocConstantPermission.ADD != permission) { throw new HttpError(HttpStatusCode.Forbidden, $"{nameof(request.Parent)} cannot be modified once set."); } } if (DocTools.IsNullOrEmpty(pParent) && DocResources.Metadata.IsRequired(DocConstantModelName.WORKFLOWCOMMENT, nameof(request.Parent))) { throw new HttpError(HttpStatusCode.BadRequest, $"{nameof(request.Parent)} requires a value."); } entity.Parent = pParent; if (DocPermissionFactory.IsRequested <DocEntityWorkflowComment>(request, pParent, nameof(request.Parent)) && !request.VisibleFields.Matches(nameof(request.Parent), ignoreSpaces: true)) { request.VisibleFields.Add(nameof(request.Parent)); } } if (DocPermissionFactory.IsRequestedHasPermission <string>(currentUser, request, pText, permission, DocConstantModelName.WORKFLOWCOMMENT, nameof(request.Text))) { if (DocPermissionFactory.IsRequested(request, pText, entity.Text, nameof(request.Text))) { if (DocResources.Metadata.IsInsertOnly(DocConstantModelName.WORKFLOWCOMMENT, nameof(request.Text)) && DocConstantPermission.ADD != permission) { throw new HttpError(HttpStatusCode.Forbidden, $"{nameof(request.Text)} cannot be modified once set."); } } if (DocTools.IsNullOrEmpty(pText) && DocResources.Metadata.IsRequired(DocConstantModelName.WORKFLOWCOMMENT, nameof(request.Text))) { throw new HttpError(HttpStatusCode.BadRequest, $"{nameof(request.Text)} requires a value."); } entity.Text = pText; if (DocPermissionFactory.IsRequested <string>(request, pText, nameof(request.Text)) && !request.VisibleFields.Matches(nameof(request.Text), ignoreSpaces: true)) { request.VisibleFields.Add(nameof(request.Text)); } } if (DocPermissionFactory.IsRequestedHasPermission <DocEntityUser>(currentUser, request, pUser, permission, DocConstantModelName.WORKFLOWCOMMENT, nameof(request.User))) { if (DocPermissionFactory.IsRequested(request, pUser, entity.User, nameof(request.User))) { if (DocResources.Metadata.IsInsertOnly(DocConstantModelName.WORKFLOWCOMMENT, nameof(request.User)) && DocConstantPermission.ADD != permission) { throw new HttpError(HttpStatusCode.Forbidden, $"{nameof(request.User)} cannot be modified once set."); } } if (DocTools.IsNullOrEmpty(pUser) && DocResources.Metadata.IsRequired(DocConstantModelName.WORKFLOWCOMMENT, nameof(request.User))) { throw new HttpError(HttpStatusCode.BadRequest, $"{nameof(request.User)} requires a value."); } entity.User = pUser; if (DocPermissionFactory.IsRequested <DocEntityUser>(request, pUser, nameof(request.User)) && !request.VisibleFields.Matches(nameof(request.User), ignoreSpaces: true)) { request.VisibleFields.Add(nameof(request.User)); } } if (DocPermissionFactory.IsRequestedHasPermission <DocEntityWorkflow>(currentUser, request, pWorkflow, permission, DocConstantModelName.WORKFLOWCOMMENT, nameof(request.Workflow))) { if (DocPermissionFactory.IsRequested(request, pWorkflow, entity.Workflow, nameof(request.Workflow))) { if (DocResources.Metadata.IsInsertOnly(DocConstantModelName.WORKFLOWCOMMENT, nameof(request.Workflow)) && DocConstantPermission.ADD != permission) { throw new HttpError(HttpStatusCode.Forbidden, $"{nameof(request.Workflow)} cannot be modified once set."); } } if (DocTools.IsNullOrEmpty(pWorkflow) && DocResources.Metadata.IsRequired(DocConstantModelName.WORKFLOWCOMMENT, nameof(request.Workflow))) { throw new HttpError(HttpStatusCode.BadRequest, $"{nameof(request.Workflow)} requires a value."); } entity.Workflow = pWorkflow; if (DocPermissionFactory.IsRequested <DocEntityWorkflow>(request, pWorkflow, nameof(request.Workflow)) && !request.VisibleFields.Matches(nameof(request.Workflow), ignoreSpaces: true)) { request.VisibleFields.Add(nameof(request.Workflow)); } } if (request.Locked) { entity.Locked = request.Locked; } entity.SaveChanges(permission); if (DocPermissionFactory.IsRequestedHasPermission <List <Reference> >(currentUser, request, pChildren, permission, DocConstantModelName.WORKFLOWCOMMENT, nameof(request.Children))) { if (true == pChildren?.Any()) { var requestedChildren = pChildren.Select(p => p.Id).Distinct().ToList(); var existsChildren = Execute.SelectAll <DocEntityWorkflowComment>().Where(e => e.Id.In(requestedChildren)).Select(e => e.Id).ToList(); if (existsChildren.Count != requestedChildren.Count) { var nonExists = requestedChildren.Where(id => existsChildren.All(eId => eId != id)); throw new HttpError(HttpStatusCode.NotFound, $"Cannot patch collection Children with objects that do not exist. No matching Children(s) could be found for Ids: {nonExists.ToDelimitedString()}."); } var toAdd = requestedChildren.Where(id => entity.Children.All(e => e.Id != id)).ToList(); toAdd?.ForEach(id => { var target = DocEntityWorkflowComment.GetWorkflowComment(id); if (!DocPermissionFactory.HasPermission(entity, currentUser, DocConstantPermission.ADD, targetEntity: target, targetName: nameof(WorkflowComment), columnName: nameof(request.Children))) { throw new HttpError(HttpStatusCode.Forbidden, "You do not have permission to add {nameof(request.Children)} to {nameof(WorkflowComment)}"); } entity.Children.Add(target); }); var toRemove = entity.Children.Where(e => requestedChildren.All(id => e.Id != id)).Select(e => e.Id).ToList(); toRemove.ForEach(id => { var target = DocEntityWorkflowComment.GetWorkflowComment(id); if (!DocPermissionFactory.HasPermission(entity, currentUser, DocConstantPermission.REMOVE, targetEntity: target, targetName: nameof(WorkflowComment), columnName: nameof(request.Children))) { throw new HttpError(HttpStatusCode.Forbidden, "You do not have permission to remove {nameof(request.Children)} from {nameof(WorkflowComment)}"); } entity.Children.Remove(target); }); } else { var toRemove = entity.Children.Select(e => e.Id).ToList(); toRemove.ForEach(id => { var target = DocEntityWorkflowComment.GetWorkflowComment(id); if (!DocPermissionFactory.HasPermission(entity, currentUser, DocConstantPermission.REMOVE, targetEntity: target, targetName: nameof(WorkflowComment), columnName: nameof(request.Children))) { throw new HttpError(HttpStatusCode.Forbidden, "You do not have permission to remove {nameof(request.Children)} from {nameof(WorkflowComment)}"); } entity.Children.Remove(target); }); } if (DocPermissionFactory.IsRequested <List <Reference> >(request, pChildren, nameof(request.Children)) && !request.VisibleFields.Matches(nameof(request.Children), ignoreSpaces: true)) { request.VisibleFields.Add(nameof(request.Children)); } } DocPermissionFactory.SetVisibleFields <WorkflowComment>(currentUser, nameof(WorkflowComment), request.VisibleFields); ret = entity.ToDto(); var cacheExpires = DocResources.Metadata.GetCacheExpiration(DocConstantModelName.WORKFLOWCOMMENT); DocCacheClient.Set(key: cacheKey, value: ret, entityId: request.Id, entityType: DocConstantModelName.WORKFLOWCOMMENT, cacheExpires); return(ret); }
private WorkflowTask _AssignValues(WorkflowTask request, DocConstantPermission permission, Session session) { if (permission != DocConstantPermission.ADD && (request == null || request.Id <= 0)) { throw new HttpError(HttpStatusCode.NotFound, $"No record"); } if (permission == DocConstantPermission.ADD && !DocPermissionFactory.HasPermissionTryAdd(currentUser, "WorkflowTask")) { throw new HttpError(HttpStatusCode.Forbidden, "You do not have ADD permission for this route."); } request.VisibleFields = request.VisibleFields ?? new List <string>(); WorkflowTask ret = null; request = _InitAssignValues <WorkflowTask>(request, permission, session); //In case init assign handles create for us, return it if (permission == DocConstantPermission.ADD && request.Id > 0) { return(request); } var cacheKey = GetApiCacheKey <WorkflowTask>(DocConstantModelName.WORKFLOWTASK, nameof(WorkflowTask), request); //First, assign all the variables, do database lookups and conversions var pAssignee = (request.Assignee?.Id > 0) ? DocEntityUser.GetUser(request.Assignee.Id) : null; var pData = request.Data; var pDescription = request.Description; var pDueDate = request.DueDate; var pReporter = (request.Reporter?.Id > 0) ? DocEntityUser.GetUser(request.Reporter.Id) : null; DocEntityLookupTable pStatus = GetLookup(DocConstantLookupTable.WORKFLOWSTATUS, request.Status?.Name, request.Status?.Id); DocEntityLookupTable pType = GetLookup(DocConstantLookupTable.WORKFLOWTASKTYPE, request.Type?.Name, request.Type?.Id); var pWorkflow = (request.Workflow?.Id > 0) ? DocEntityWorkflow.GetWorkflow(request.Workflow.Id) : null; DocEntityWorkflowTask entity = null; if (permission == DocConstantPermission.ADD) { var now = DateTime.UtcNow; entity = new DocEntityWorkflowTask(session) { Created = now, Updated = now }; } else { entity = DocEntityWorkflowTask.GetWorkflowTask(request.Id); if (null == entity) { throw new HttpError(HttpStatusCode.NotFound, $"No record"); } } //Special case for Archived var pArchived = true == request.Archived; if (DocPermissionFactory.IsRequestedHasPermission <bool>(currentUser, request, pArchived, permission, DocConstantModelName.WORKFLOWTASK, nameof(request.Archived))) { if (DocPermissionFactory.IsRequested(request, pArchived, entity.Archived, nameof(request.Archived))) { if (DocResources.Metadata.IsInsertOnly(DocConstantModelName.WORKFLOWTASK, nameof(request.Archived)) && DocConstantPermission.ADD != permission) { throw new HttpError(HttpStatusCode.Forbidden, $"{nameof(request.Archived)} cannot be modified once set."); } } if (DocTools.IsNullOrEmpty(pArchived) && DocResources.Metadata.IsRequired(DocConstantModelName.WORKFLOWTASK, nameof(request.Archived))) { throw new HttpError(HttpStatusCode.BadRequest, $"{nameof(request.Archived)} requires a value."); } entity.Archived = pArchived; if (DocPermissionFactory.IsRequested <bool>(request, pArchived, nameof(request.Archived)) && !request.VisibleFields.Matches(nameof(request.Archived), ignoreSpaces: true)) { request.VisibleFields.Add(nameof(request.Archived)); } } if (DocPermissionFactory.IsRequestedHasPermission <DocEntityUser>(currentUser, request, pAssignee, permission, DocConstantModelName.WORKFLOWTASK, nameof(request.Assignee))) { if (DocPermissionFactory.IsRequested(request, pAssignee, entity.Assignee, nameof(request.Assignee))) { if (DocResources.Metadata.IsInsertOnly(DocConstantModelName.WORKFLOWTASK, nameof(request.Assignee)) && DocConstantPermission.ADD != permission) { throw new HttpError(HttpStatusCode.Forbidden, $"{nameof(request.Assignee)} cannot be modified once set."); } } if (DocTools.IsNullOrEmpty(pAssignee) && DocResources.Metadata.IsRequired(DocConstantModelName.WORKFLOWTASK, nameof(request.Assignee))) { throw new HttpError(HttpStatusCode.BadRequest, $"{nameof(request.Assignee)} requires a value."); } entity.Assignee = pAssignee; if (DocPermissionFactory.IsRequested <DocEntityUser>(request, pAssignee, nameof(request.Assignee)) && !request.VisibleFields.Matches(nameof(request.Assignee), ignoreSpaces: true)) { request.VisibleFields.Add(nameof(request.Assignee)); } } if (DocPermissionFactory.IsRequestedHasPermission <string>(currentUser, request, pData, permission, DocConstantModelName.WORKFLOWTASK, nameof(request.Data))) { if (DocPermissionFactory.IsRequested(request, pData, entity.Data, nameof(request.Data))) { if (DocResources.Metadata.IsInsertOnly(DocConstantModelName.WORKFLOWTASK, nameof(request.Data)) && DocConstantPermission.ADD != permission) { throw new HttpError(HttpStatusCode.Forbidden, $"{nameof(request.Data)} cannot be modified once set."); } } if (DocTools.IsNullOrEmpty(pData) && DocResources.Metadata.IsRequired(DocConstantModelName.WORKFLOWTASK, nameof(request.Data))) { throw new HttpError(HttpStatusCode.BadRequest, $"{nameof(request.Data)} requires a value."); } entity.Data = pData; if (DocPermissionFactory.IsRequested <string>(request, pData, nameof(request.Data)) && !request.VisibleFields.Matches(nameof(request.Data), ignoreSpaces: true)) { request.VisibleFields.Add(nameof(request.Data)); } } if (DocPermissionFactory.IsRequestedHasPermission <string>(currentUser, request, pDescription, permission, DocConstantModelName.WORKFLOWTASK, nameof(request.Description))) { if (DocPermissionFactory.IsRequested(request, pDescription, entity.Description, nameof(request.Description))) { if (DocResources.Metadata.IsInsertOnly(DocConstantModelName.WORKFLOWTASK, nameof(request.Description)) && DocConstantPermission.ADD != permission) { throw new HttpError(HttpStatusCode.Forbidden, $"{nameof(request.Description)} cannot be modified once set."); } } if (DocTools.IsNullOrEmpty(pDescription) && DocResources.Metadata.IsRequired(DocConstantModelName.WORKFLOWTASK, nameof(request.Description))) { throw new HttpError(HttpStatusCode.BadRequest, $"{nameof(request.Description)} requires a value."); } entity.Description = pDescription; if (DocPermissionFactory.IsRequested <string>(request, pDescription, nameof(request.Description)) && !request.VisibleFields.Matches(nameof(request.Description), ignoreSpaces: true)) { request.VisibleFields.Add(nameof(request.Description)); } } if (DocPermissionFactory.IsRequestedHasPermission <DateTime?>(currentUser, request, pDueDate, permission, DocConstantModelName.WORKFLOWTASK, nameof(request.DueDate))) { if (DocPermissionFactory.IsRequested(request, pDueDate, entity.DueDate, nameof(request.DueDate))) { if (DocResources.Metadata.IsInsertOnly(DocConstantModelName.WORKFLOWTASK, nameof(request.DueDate)) && DocConstantPermission.ADD != permission) { throw new HttpError(HttpStatusCode.Forbidden, $"{nameof(request.DueDate)} cannot be modified once set."); } } if (DocTools.IsNullOrEmpty(pDueDate) && DocResources.Metadata.IsRequired(DocConstantModelName.WORKFLOWTASK, nameof(request.DueDate))) { throw new HttpError(HttpStatusCode.BadRequest, $"{nameof(request.DueDate)} requires a value."); } entity.DueDate = pDueDate; if (DocPermissionFactory.IsRequested <DateTime?>(request, pDueDate, nameof(request.DueDate)) && !request.VisibleFields.Matches(nameof(request.DueDate), ignoreSpaces: true)) { request.VisibleFields.Add(nameof(request.DueDate)); } } if (DocPermissionFactory.IsRequestedHasPermission <DocEntityUser>(currentUser, request, pReporter, permission, DocConstantModelName.WORKFLOWTASK, nameof(request.Reporter))) { if (DocPermissionFactory.IsRequested(request, pReporter, entity.Reporter, nameof(request.Reporter))) { if (DocResources.Metadata.IsInsertOnly(DocConstantModelName.WORKFLOWTASK, nameof(request.Reporter)) && DocConstantPermission.ADD != permission) { throw new HttpError(HttpStatusCode.Forbidden, $"{nameof(request.Reporter)} cannot be modified once set."); } } if (DocTools.IsNullOrEmpty(pReporter) && DocResources.Metadata.IsRequired(DocConstantModelName.WORKFLOWTASK, nameof(request.Reporter))) { throw new HttpError(HttpStatusCode.BadRequest, $"{nameof(request.Reporter)} requires a value."); } entity.Reporter = pReporter; if (DocPermissionFactory.IsRequested <DocEntityUser>(request, pReporter, nameof(request.Reporter)) && !request.VisibleFields.Matches(nameof(request.Reporter), ignoreSpaces: true)) { request.VisibleFields.Add(nameof(request.Reporter)); } } if (DocPermissionFactory.IsRequestedHasPermission <DocEntityLookupTable>(currentUser, request, pStatus, permission, DocConstantModelName.WORKFLOWTASK, nameof(request.Status))) { if (DocPermissionFactory.IsRequested(request, pStatus, entity.Status, nameof(request.Status))) { if (DocResources.Metadata.IsInsertOnly(DocConstantModelName.WORKFLOWTASK, nameof(request.Status)) && DocConstantPermission.ADD != permission) { throw new HttpError(HttpStatusCode.Forbidden, $"{nameof(request.Status)} cannot be modified once set."); } } if (DocTools.IsNullOrEmpty(pStatus) && DocResources.Metadata.IsRequired(DocConstantModelName.WORKFLOWTASK, nameof(request.Status))) { throw new HttpError(HttpStatusCode.BadRequest, $"{nameof(request.Status)} requires a value."); } entity.Status = pStatus; if (DocPermissionFactory.IsRequested <DocEntityLookupTable>(request, pStatus, nameof(request.Status)) && !request.VisibleFields.Matches(nameof(request.Status), ignoreSpaces: true)) { request.VisibleFields.Add(nameof(request.Status)); } } if (DocPermissionFactory.IsRequestedHasPermission <DocEntityLookupTable>(currentUser, request, pType, permission, DocConstantModelName.WORKFLOWTASK, nameof(request.Type))) { if (DocPermissionFactory.IsRequested(request, pType, entity.Type, nameof(request.Type))) { if (DocResources.Metadata.IsInsertOnly(DocConstantModelName.WORKFLOWTASK, nameof(request.Type)) && DocConstantPermission.ADD != permission) { throw new HttpError(HttpStatusCode.Forbidden, $"{nameof(request.Type)} cannot be modified once set."); } } if (DocTools.IsNullOrEmpty(pType) && DocResources.Metadata.IsRequired(DocConstantModelName.WORKFLOWTASK, nameof(request.Type))) { throw new HttpError(HttpStatusCode.BadRequest, $"{nameof(request.Type)} requires a value."); } entity.Type = pType; if (DocPermissionFactory.IsRequested <DocEntityLookupTable>(request, pType, nameof(request.Type)) && !request.VisibleFields.Matches(nameof(request.Type), ignoreSpaces: true)) { request.VisibleFields.Add(nameof(request.Type)); } } if (DocPermissionFactory.IsRequestedHasPermission <DocEntityWorkflow>(currentUser, request, pWorkflow, permission, DocConstantModelName.WORKFLOWTASK, nameof(request.Workflow))) { if (DocPermissionFactory.IsRequested(request, pWorkflow, entity.Workflow, nameof(request.Workflow))) { if (DocResources.Metadata.IsInsertOnly(DocConstantModelName.WORKFLOWTASK, nameof(request.Workflow)) && DocConstantPermission.ADD != permission) { throw new HttpError(HttpStatusCode.Forbidden, $"{nameof(request.Workflow)} cannot be modified once set."); } } if (DocTools.IsNullOrEmpty(pWorkflow) && DocResources.Metadata.IsRequired(DocConstantModelName.WORKFLOWTASK, nameof(request.Workflow))) { throw new HttpError(HttpStatusCode.BadRequest, $"{nameof(request.Workflow)} requires a value."); } entity.Workflow = pWorkflow; if (DocPermissionFactory.IsRequested <DocEntityWorkflow>(request, pWorkflow, nameof(request.Workflow)) && !request.VisibleFields.Matches(nameof(request.Workflow), ignoreSpaces: true)) { request.VisibleFields.Add(nameof(request.Workflow)); } } if (request.Locked) { entity.Locked = request.Locked; } entity.SaveChanges(permission); DocPermissionFactory.SetVisibleFields <WorkflowTask>(currentUser, nameof(WorkflowTask), request.VisibleFields); ret = entity.ToDto(); var cacheExpires = DocResources.Metadata.GetCacheExpiration(DocConstantModelName.WORKFLOWTASK); DocCacheClient.Set(key: cacheKey, value: ret, entityId: request.Id, entityType: DocConstantModelName.WORKFLOWTASK, cacheExpires); return(ret); }