diff --git a/AsbCloudWebApi/Controllers/ProcessMapController.cs b/AsbCloudWebApi/Controllers/ProcessMapController.cs
index 9b749340..d90131d7 100644
--- a/AsbCloudWebApi/Controllers/ProcessMapController.cs
+++ b/AsbCloudWebApi/Controllers/ProcessMapController.cs
@@ -12,6 +12,7 @@ using System.IO;
using System.Linq;
using System.Threading;
using System.Threading.Tasks;
+using AsbCloudApp.Exceptions;
using Microsoft.AspNetCore.Http;
namespace AsbCloudWebApi.Controllers
@@ -141,13 +142,13 @@ namespace AsbCloudWebApi.Controllers
///
///
///
- [HttpPost]
public override async Task> InsertAsync([FromBody] ProcessMapPlanDto value, CancellationToken token)
{
- if (!await CanUserEditProcessMapAsync(value.IdWell, token))
- return Forbid();
+ value.IdUser = User.GetUserId()
+ ?? throw new ForbidException("Неизвестный пользователь");
+
+ await AssertUserHasAccessToProcessMapAsync(value.IdWell, token);
- value.IdUser = User.GetUserId() ?? -1;
var result = await base.InsertAsync(value, token);
await NotifyUsersBySignalR(value.IdWell, token);
return result;
@@ -159,18 +160,25 @@ namespace AsbCloudWebApi.Controllers
/// запись
///
/// 1 - успешно отредактировано, 0 - нет
- [HttpPut]
public override async Task> UpdateAsync([FromBody] ProcessMapPlanDto value, CancellationToken token)
{
- if (!await CanUserEditProcessMapAsync(value.IdWell, token))
- return Forbid();
-
- value.IdUser = User.GetUserId() ?? -1;
+ value.IdUser = User.GetUserId()
+ ?? throw new ForbidException("Неизвестный пользователь");
+
+ await AssertUserHasAccessToProcessMapAsync(value.IdWell, token);
+
var result = await base.UpdateAsync(value, token);
await NotifyUsersBySignalR(value.IdWell, token);
return result;
}
+ public override async Task> DeleteAsync(int id, CancellationToken token)
+ {
+ await AssertUserHasAccessToProcessMapAsync(id, token);
+
+ return await base.DeleteAsync(id, token);
+ }
+
///
/// Возвращает шаблон файла импорта плановой РТК
///
@@ -199,13 +207,12 @@ namespace AsbCloudWebApi.Controllers
[Required] IFormFile file,
CancellationToken cancellationToken)
{
- int? idUser = User.GetUserId();
+ var idUser = User.GetUserId();
- if (idUser is null)
- return Forbid();
-
- if (!await CanUserEditProcessMapAsync(idWell, cancellationToken))
- return Forbid();
+ if (!idUser.HasValue)
+ throw new ForbidException("Неизвестный пользователь");
+
+ await AssertUserHasAccessToProcessMapAsync(idWell, cancellationToken);
if (Path.GetExtension(file.FileName).ToLower() != ".xlsx")
return this.ValidationBadRequest(nameof(file), "Требуется xlsx файл.");
@@ -239,11 +246,6 @@ namespace AsbCloudWebApi.Controllers
[ProducesResponseType(StatusCodes.Status204NoContent)]
public async Task ExportAsync(int idWell, CancellationToken cancellationToken)
{
- int? idUser = User.GetUserId();
-
- if (idUser is null)
- return Forbid();
-
var well = await wellService.GetOrDefaultAsync(idWell, cancellationToken);
if (well is null)
@@ -254,23 +256,22 @@ namespace AsbCloudWebApi.Controllers
return File(stream, "application/octet-stream", fileName);
}
- private async Task CanUserEditProcessMapAsync(int idWell, CancellationToken token)
+ private async Task AssertUserHasAccessToProcessMapAsync(int idWell, CancellationToken cancellationToken)
{
var idUser = User.GetUserId();
-
- if (!idUser.HasValue)
- return false;
-
var idCompany = User.GetCompanyId();
- if (!idCompany.HasValue || !await wellService.IsCompanyInvolvedInWellAsync(idCompany.Value, idWell, token))
- return false;
-
- var well = await wellService.GetOrDefaultAsync(idWell, token);
- if (well is null)
- return false;
-
- return well.IdState != 2 || userRepository.HasPermission(idUser.Value, "ProcessMap.editCompletedWell");
+ if (!idCompany.HasValue || !idUser.HasValue)
+ throw new ForbidException("Неизвестный пользователь");
+
+ var well = await wellService.GetOrDefaultAsync(idWell, cancellationToken)
+ ?? throw new ForbidException($"Скважины с {idWell} не существует");
+
+ if (!await wellService.IsCompanyInvolvedInWellAsync(idCompany.Value, idWell, cancellationToken))
+ throw new ForbidException("Нет доступа к скважине");
+
+ if (well.IdState == 2 && !userRepository.HasPermission(idUser.Value, "ProcessMap.editCompletedWell"))
+ throw new ForbidException("Недостаточно прав для редактирования РТК завершённой скважины");
}
private async Task NotifyUsersBySignalR(int idWell, CancellationToken token)
diff --git a/AsbCloudWebApi/Controllers/ProcessMapWellboreDevelopmentController.cs b/AsbCloudWebApi/Controllers/ProcessMapWellboreDevelopmentController.cs
index 07df4cbe..5ba60684 100644
--- a/AsbCloudWebApi/Controllers/ProcessMapWellboreDevelopmentController.cs
+++ b/AsbCloudWebApi/Controllers/ProcessMapWellboreDevelopmentController.cs
@@ -36,18 +36,17 @@ public class ProcessMapWellboreDevelopmentController : CrudWellRelatedController
///
///
///
- ///
public override async Task> InsertAsync(ProcessMapWellboreDevelopmentDto value, CancellationToken token)
{
value.IdUser = User.GetUserId()
?? throw new ForbidException("Неизвестный пользователь");
- await AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(value.IdWell, value.IdUser, token);
+ await AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(value.IdWell, token);
return await processMapWellboreDevelopmentService.InsertAsync(value, token);
}
- ///
+ ///
/// Обновить запись проработки
///
///
@@ -58,12 +57,19 @@ public class ProcessMapWellboreDevelopmentController : CrudWellRelatedController
value.IdUser = User.GetUserId()
?? throw new ForbidException("Неизвестный пользователь");
- await AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(value.IdWell, value.IdUser, token);
+ await AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(value.IdWell, token);
return await processMapWellboreDevelopmentService.UpdateAsync(value, token);
}
-
- ///
+
+ public override async Task> DeleteAsync(int id, CancellationToken token)
+ {
+ await AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(id, token);
+
+ return await base.DeleteAsync(id, token);
+ }
+
+ ///
/// Возвращает проработки по uid телеметрии
///
/// Уникальный ключ телеметрии
@@ -81,16 +87,21 @@ public class ProcessMapWellboreDevelopmentController : CrudWellRelatedController
return Ok(dto);
}
- private async Task AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(int idUser, int idWell, CancellationToken cancellationToken)
- {
- var well = await wellService.GetOrDefaultAsync(idWell, cancellationToken)
+ private async Task AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(int idWell, CancellationToken cancellationToken)
+ {
+ var idUser = User.GetUserId();
+ var idCompany = User.GetCompanyId();
+
+ if (!idCompany.HasValue || !idUser.HasValue)
+ throw new ForbidException("Неизвестный пользователь");
+
+ var well = await wellService.GetOrDefaultAsync(idWell, cancellationToken)
?? throw new ForbidException($"Скважины с {idWell} не существует");
-
- var idCompany = User.GetCompanyId();
- if (!idCompany.HasValue || !await wellService.IsCompanyInvolvedInWellAsync(idCompany.Value, idWell, cancellationToken))
+
+ if (!await wellService.IsCompanyInvolvedInWellAsync(idCompany.Value, idWell, cancellationToken))
throw new ForbidException("Нет доступа к скважине");
- if (well.IdState == 2 && !userRepository.HasPermission(idUser, "ProcessMap.editCompletedWell"))
+ if (well.IdState == 2 && !userRepository.HasPermission(idUser.Value, "ProcessMap.editCompletedWell"))
throw new ForbidException("Недостаточно прав для редактирования РТК завершённой скважины");
}
}
\ No newline at end of file