Фиксы по разрешения на редактирование инструкций

1. Добавлено новое разрешение на удаление инструкций 2. Добавлена миграция 3. Поправлены атрибуты у контроллеров
2023-09-25 13:35:45 +05:00 · 2023-09-25 13:35:45 +05:00 · 8dbbe7190d
commit 8dbbe7190d
parent 9821336045
6 changed files with 8599 additions and 45 deletions
--- a/AsbCloudDb/Migrations/20230925081405_Add_New_Permission_For_Manuals.Designer.cs
+++ b/AsbCloudDb/Migrations/20230925081405_Add_New_Permission_For_Manuals.Designer.cs
--- a/AsbCloudDb/Migrations/20230925081405_Add_New_Permission_For_Manuals.cs
+++ b/AsbCloudDb/Migrations/20230925081405_Add_New_Permission_For_Manuals.cs
@ -0,0 +1,35 @@
 using Microsoft.EntityFrameworkCore.Migrations;
 #nullable disable
 namespace AsbCloudDb.Migrations
 {
    public partial class Add_New_Permission_For_Manuals : Migration
    {
        protected override void Up(MigrationBuilder migrationBuilder)
        {
            migrationBuilder.InsertData(
                table: "t_permission",
                columns: new[] { "id", "description", "name" },
                values: new object[] { 527, "Разрешение на удаление инструкций", "Manual.delete" });
            migrationBuilder.InsertData(
                table: "t_relation_user_role_permission",
                columns: new[] { "id_permission", "id_user_role" },
                values: new object[] { 527, 1 });
        }
        protected override void Down(MigrationBuilder migrationBuilder)
        {
            migrationBuilder.DeleteData(
                table: "t_relation_user_role_permission",
                keyColumns: new[] { "id_permission", "id_user_role" },
                keyValues: new object[] { 527, 1 });
            migrationBuilder.DeleteData(
                table: "t_permission",
                keyColumn: "id",
                keyValue: 527);
        }
    }
 }
--- a/AsbCloudDb/Migrations/AsbCloudDbContextModelSnapshot.cs
+++ b/AsbCloudDb/Migrations/AsbCloudDbContextModelSnapshot.cs
@ -2274,6 +2274,12 @@ namespace AsbCloudDb.Migrations
                            Id = 526,
                            Description = "Разрешение на редактирование операций у завершенной скважины",
                            Name = "WellOperation.editCompletedWell"
                        },
                        new
                        {
                            Id = 527,
                            Description = "Разрешение на удаление инструкций",
                            Name = "Manual.delete"
                        });
                });
@ -3836,6 +3842,11 @@ namespace AsbCloudDb.Migrations
                        {
                            IdUserRole = 1,
                            IdPermission = 526
                        },
                        new
                        {
                            IdUserRole = 1,
                            IdPermission = 527
                        });
                });
--- a/AsbCloudDb/Model/DefaultData/EntityFillerPermission.cs
+++ b/AsbCloudDb/Model/DefaultData/EntityFillerPermission.cs
@ -161,7 +161,9 @@
            new() { Id = 524, Name = "Manual.get", Description = "Разрешить получение инструкций"},
            new (){ Id = 525, Name = "ProcessMap.editCompletedWell", Description = "Разрешение на редактирование РТК у завершенной скважины"},
-            new (){ Id = 526, Name = "WellOperation.editCompletedWell", Description = "Разрешение на редактирование операций у завершенной скважины"}
+            new (){ Id = 526, Name = "WellOperation.editCompletedWell", Description = "Разрешение на редактирование операций у завершенной скважины"},
            new() { Id = 527, Name = "Manual.delete", Description = "Разрешение на удаление инструкций"}
        };
    }
 }
--- a/AsbCloudWebApi/Controllers/ManualController.cs
+++ b/AsbCloudWebApi/Controllers/ManualController.cs
@ -2,7 +2,6 @@ using System.ComponentModel.DataAnnotations;
 using System.Threading;
 using System.Threading.Tasks;
 using AsbCloudApp.Exceptions;
 using AsbCloudApp.Repositories;
 using AsbCloudApp.Services;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
@ -16,13 +15,10 @@ namespace AsbCloudWebApi.Controllers;
 public class ManualController : ControllerBase
 {
 	private readonly IManualCatalogService manualCatalogService;
 	private readonly IUserRepository userRepository;
-	public ManualController(IManualCatalogService manualCatalogService,
+	public ManualController(IManualCatalogService manualCatalogService)
 		IUserRepository userRepository)
 	{
 		this.manualCatalogService = manualCatalogService;
 		this.userRepository = userRepository;
 	}
 	/// <summary>
@ -46,8 +42,6 @@ public class ManualController : ControllerBase
 		if(!idUser.HasValue)
 			throw new ForbidException("Не удается вас опознать");
 		AssertUserHasAccessToManual("Manual.edit");
 		using var fileStream = file.OpenReadStream();
 		var id = await manualCatalogService.SaveFileAsync(idDirectory, idUser.Value, file.FileName, fileStream, cancellationToken);
@ -68,8 +62,6 @@ public class ManualController : ControllerBase
 	[ProducesResponseType(StatusCodes.Status403Forbidden)]
 	public async Task<IActionResult> GetFileAsync(int id, CancellationToken cancellationToken)
 	{
 		AssertUserHasAccessToManual("Manual.get");
 		var file = await manualCatalogService.GetFileAsync(id, cancellationToken);
 		if (!file.HasValue)
@ -90,16 +82,6 @@ public class ManualController : ControllerBase
 	[ProducesResponseType(StatusCodes.Status403Forbidden)]
 	public async Task<IActionResult> DeleteFileAsync(int id, CancellationToken cancellationToken)
 	{
 		AssertUserHasAccessToManual("Manual.edit");
 		return Ok(await manualCatalogService.DeleteFileAsync(id, cancellationToken));
 	}
 	private void AssertUserHasAccessToManual(string permissionName)
 	{
 		var idUser = User.GetUserId();
 		if (!idUser.HasValue || !userRepository.HasPermission(idUser.Value, permissionName))
 			throw new ForbidException("У вас недостаточно прав");
 	}
 }
--- a/AsbCloudWebApi/Controllers/ManualDirectoryController.cs
+++ b/AsbCloudWebApi/Controllers/ManualDirectoryController.cs
@ -2,7 +2,6 @@ using System.Collections.Generic;
 using System.Threading;
 using System.Threading.Tasks;
 using AsbCloudApp.Data.Manuals;
 using AsbCloudApp.Exceptions;
 using AsbCloudApp.Repositories;
 using AsbCloudApp.Services;
 using Microsoft.AspNetCore.Authorization;
@ -17,15 +16,12 @@ public class ManualDirectoryController : ControllerBase
 {
 	private readonly IManualDirectoryRepository manualDirectoryRepository;
 	private readonly IManualCatalogService manualCatalogService;
 	private readonly IUserRepository userRepository;
 	public ManualDirectoryController(IManualDirectoryRepository manualDirectoryRepository,
-		IManualCatalogService manualCatalogService,
+		IManualCatalogService manualCatalogService)
 		IUserRepository userRepository)
 	{
 		this.manualDirectoryRepository = manualDirectoryRepository;
 		this.manualCatalogService = manualCatalogService;
 		this.userRepository = userRepository;
 	}
 	/// <summary>
@ -36,14 +32,12 @@ public class ManualDirectoryController : ControllerBase
 	/// <param name="cancellationToken"></param>
 	/// <returns></returns>
 	[HttpPost]
-	[Permission]
+	[Permission("Manual.edit")]
 	[ProducesResponseType(typeof(int), StatusCodes.Status200OK)]
 	[ProducesResponseType(StatusCodes.Status400BadRequest)]
 	[ProducesResponseType(StatusCodes.Status403Forbidden)]
 	public async Task<IActionResult> AddDirectoryAsync(string name, int? idParent, CancellationToken cancellationToken)
 	{
 		AssertUserHasAccessToManualDirectory("Manual.edit");
 		return Ok(await manualCatalogService.AddDirectoryAsync(name, idParent, cancellationToken));
 	}
@ -55,13 +49,11 @@ public class ManualDirectoryController : ControllerBase
 	/// <param name="cancellationToken"></param>
 	/// <returns></returns>
 	[HttpPut]
-	[Permission]
+	[Permission("Manual.edit")]
 	[ProducesResponseType(StatusCodes.Status400BadRequest)]
 	[ProducesResponseType(StatusCodes.Status403Forbidden)]
 	public async Task<IActionResult> UpdateDirectoryAsync(int id, string name, CancellationToken cancellationToken)
 	{
 		AssertUserHasAccessToManualDirectory("Manual.edit");
 		await manualCatalogService.UpdateDirectoryAsync(id, name, cancellationToken);
 		return Ok();
@ -74,13 +66,11 @@ public class ManualDirectoryController : ControllerBase
 	/// <param name="cancellationToken"></param>
 	/// <returns></returns>
 	[HttpDelete]
-	[Permission]
+	[Permission("Manual.delete")]
 	[ProducesResponseType(typeof(int), StatusCodes.Status200OK)]
 	[ProducesResponseType(StatusCodes.Status403Forbidden)]
 	public async Task<IActionResult> DeleteDirectoryAsync(int id, CancellationToken cancellationToken)
 	{
 		AssertUserHasAccessToManualDirectory("Manual.edit");
 		return Ok(await manualCatalogService.DeleteDirectoryAsync(id, cancellationToken));
 	}
@ -90,21 +80,11 @@ public class ManualDirectoryController : ControllerBase
 	/// <param name="cancellationToken"></param>
 	/// <returns></returns>
 	[HttpGet]
-	[Permission]
+	[Permission("Manual.get")]
 	[ProducesResponseType(typeof(IEnumerable<ManualDirectoryDto>), StatusCodes.Status200OK)]
 	[ProducesResponseType(StatusCodes.Status403Forbidden)]
 	public async Task<IActionResult> GetAsync(CancellationToken cancellationToken)
 	{
 		AssertUserHasAccessToManualDirectory("Manual.get");
 		return Ok(await manualDirectoryRepository.GetTreeAsync(cancellationToken));
 	}
 	private void AssertUserHasAccessToManualDirectory(string permissionName)
 	{
 		var idUser = User.GetUserId();
 		if (!idUser.HasValue || !userRepository.HasPermission(idUser.Value, permissionName))
 			throw new ForbidException("У вас недостаточно прав");
 	}
 }