forked from ddrilling/AsbCloudServer
Merge pull request 'Рефакторинг контроллеров РТК' (#124) from feature/process_map_permissions into dev
Reviewed-on: http://test.digitaldrilling.ru:8080/DDrilling/AsbCloudServer/pulls/124
This commit is contained in:
commit
a6c7ddc94b
@ -12,6 +12,7 @@ using System.IO;
|
||||
using System.Linq;
|
||||
using System.Threading;
|
||||
using System.Threading.Tasks;
|
||||
using AsbCloudApp.Exceptions;
|
||||
using Microsoft.AspNetCore.Http;
|
||||
|
||||
namespace AsbCloudWebApi.Controllers
|
||||
@ -141,13 +142,13 @@ namespace AsbCloudWebApi.Controllers
|
||||
/// <param name="value"></param>
|
||||
/// <param name="token"></param>
|
||||
/// <returns></returns>
|
||||
[HttpPost]
|
||||
public override async Task<ActionResult<int>> InsertAsync([FromBody] ProcessMapPlanDto value, CancellationToken token)
|
||||
{
|
||||
if (!await CanUserEditProcessMapAsync(value.IdWell, token))
|
||||
return Forbid();
|
||||
value.IdUser = User.GetUserId()
|
||||
?? throw new ForbidException("Неизвестный пользователь");
|
||||
|
||||
await AssertUserHasAccessToProcessMapAsync(value.IdWell, token);
|
||||
|
||||
value.IdUser = User.GetUserId() ?? -1;
|
||||
var result = await base.InsertAsync(value, token);
|
||||
await NotifyUsersBySignalR(value.IdWell, token);
|
||||
return result;
|
||||
@ -159,18 +160,25 @@ namespace AsbCloudWebApi.Controllers
|
||||
/// <param name="value">запись</param>
|
||||
/// <param name="token"></param>
|
||||
/// <returns>1 - успешно отредактировано, 0 - нет</returns>
|
||||
[HttpPut]
|
||||
public override async Task<ActionResult<int>> UpdateAsync([FromBody] ProcessMapPlanDto value, CancellationToken token)
|
||||
{
|
||||
if (!await CanUserEditProcessMapAsync(value.IdWell, token))
|
||||
return Forbid();
|
||||
value.IdUser = User.GetUserId()
|
||||
?? throw new ForbidException("Неизвестный пользователь");
|
||||
|
||||
await AssertUserHasAccessToProcessMapAsync(value.IdWell, token);
|
||||
|
||||
value.IdUser = User.GetUserId() ?? -1;
|
||||
var result = await base.UpdateAsync(value, token);
|
||||
await NotifyUsersBySignalR(value.IdWell, token);
|
||||
return result;
|
||||
}
|
||||
|
||||
public override async Task<ActionResult<int>> DeleteAsync(int id, CancellationToken token)
|
||||
{
|
||||
await AssertUserHasAccessToProcessMapAsync(id, token);
|
||||
|
||||
return await base.DeleteAsync(id, token);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Возвращает шаблон файла импорта плановой РТК
|
||||
/// </summary>
|
||||
@ -199,13 +207,12 @@ namespace AsbCloudWebApi.Controllers
|
||||
[Required] IFormFile file,
|
||||
CancellationToken cancellationToken)
|
||||
{
|
||||
int? idUser = User.GetUserId();
|
||||
var idUser = User.GetUserId();
|
||||
|
||||
if (idUser is null)
|
||||
return Forbid();
|
||||
if (!idUser.HasValue)
|
||||
throw new ForbidException("Неизвестный пользователь");
|
||||
|
||||
if (!await CanUserEditProcessMapAsync(idWell, cancellationToken))
|
||||
return Forbid();
|
||||
await AssertUserHasAccessToProcessMapAsync(idWell, cancellationToken);
|
||||
|
||||
if (Path.GetExtension(file.FileName).ToLower() != ".xlsx")
|
||||
return this.ValidationBadRequest(nameof(file), "Требуется xlsx файл.");
|
||||
@ -239,11 +246,6 @@ namespace AsbCloudWebApi.Controllers
|
||||
[ProducesResponseType(StatusCodes.Status204NoContent)]
|
||||
public async Task<IActionResult> ExportAsync(int idWell, CancellationToken cancellationToken)
|
||||
{
|
||||
int? idUser = User.GetUserId();
|
||||
|
||||
if (idUser is null)
|
||||
return Forbid();
|
||||
|
||||
var well = await wellService.GetOrDefaultAsync(idWell, cancellationToken);
|
||||
|
||||
if (well is null)
|
||||
@ -254,23 +256,22 @@ namespace AsbCloudWebApi.Controllers
|
||||
return File(stream, "application/octet-stream", fileName);
|
||||
}
|
||||
|
||||
private async Task<bool> CanUserEditProcessMapAsync(int idWell, CancellationToken token)
|
||||
private async Task AssertUserHasAccessToProcessMapAsync(int idWell, CancellationToken cancellationToken)
|
||||
{
|
||||
var idUser = User.GetUserId();
|
||||
|
||||
if (!idUser.HasValue)
|
||||
return false;
|
||||
|
||||
var idCompany = User.GetCompanyId();
|
||||
if (!idCompany.HasValue || !await wellService.IsCompanyInvolvedInWellAsync(idCompany.Value, idWell, token))
|
||||
return false;
|
||||
|
||||
var well = await wellService.GetOrDefaultAsync(idWell, token);
|
||||
if (!idCompany.HasValue || !idUser.HasValue)
|
||||
throw new ForbidException("Неизвестный пользователь");
|
||||
|
||||
if (well is null)
|
||||
return false;
|
||||
var well = await wellService.GetOrDefaultAsync(idWell, cancellationToken)
|
||||
?? throw new ForbidException($"Скважины с {idWell} не существует");
|
||||
|
||||
return well.IdState != 2 || userRepository.HasPermission(idUser.Value, "ProcessMap.editCompletedWell");
|
||||
if (!await wellService.IsCompanyInvolvedInWellAsync(idCompany.Value, idWell, cancellationToken))
|
||||
throw new ForbidException("Нет доступа к скважине");
|
||||
|
||||
if (well.IdState == 2 && !userRepository.HasPermission(idUser.Value, "ProcessMap.editCompletedWell"))
|
||||
throw new ForbidException("Недостаточно прав для редактирования РТК завершённой скважины");
|
||||
}
|
||||
|
||||
private async Task NotifyUsersBySignalR(int idWell, CancellationToken token)
|
||||
|
@ -36,13 +36,12 @@ public class ProcessMapWellboreDevelopmentController : CrudWellRelatedController
|
||||
/// <param name="value"></param>
|
||||
/// <param name="token"></param>
|
||||
/// <returns></returns>
|
||||
/// <exception cref="ForbidException"></exception>
|
||||
public override async Task<ActionResult<int>> InsertAsync(ProcessMapWellboreDevelopmentDto value, CancellationToken token)
|
||||
{
|
||||
value.IdUser = User.GetUserId()
|
||||
?? throw new ForbidException("Неизвестный пользователь");
|
||||
|
||||
await AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(value.IdWell, value.IdUser, token);
|
||||
await AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(value.IdWell, token);
|
||||
|
||||
return await processMapWellboreDevelopmentService.InsertAsync(value, token);
|
||||
}
|
||||
@ -58,11 +57,18 @@ public class ProcessMapWellboreDevelopmentController : CrudWellRelatedController
|
||||
value.IdUser = User.GetUserId()
|
||||
?? throw new ForbidException("Неизвестный пользователь");
|
||||
|
||||
await AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(value.IdWell, value.IdUser, token);
|
||||
await AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(value.IdWell, token);
|
||||
|
||||
return await processMapWellboreDevelopmentService.UpdateAsync(value, token);
|
||||
}
|
||||
|
||||
public override async Task<ActionResult<int>> DeleteAsync(int id, CancellationToken token)
|
||||
{
|
||||
await AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(id, token);
|
||||
|
||||
return await base.DeleteAsync(id, token);
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Возвращает проработки по uid телеметрии
|
||||
/// </summary>
|
||||
@ -81,16 +87,21 @@ public class ProcessMapWellboreDevelopmentController : CrudWellRelatedController
|
||||
return Ok(dto);
|
||||
}
|
||||
|
||||
private async Task AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(int idUser, int idWell, CancellationToken cancellationToken)
|
||||
private async Task AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(int idWell, CancellationToken cancellationToken)
|
||||
{
|
||||
var idUser = User.GetUserId();
|
||||
var idCompany = User.GetCompanyId();
|
||||
|
||||
if (!idCompany.HasValue || !idUser.HasValue)
|
||||
throw new ForbidException("Неизвестный пользователь");
|
||||
|
||||
var well = await wellService.GetOrDefaultAsync(idWell, cancellationToken)
|
||||
?? throw new ForbidException($"Скважины с {idWell} не существует");
|
||||
|
||||
var idCompany = User.GetCompanyId();
|
||||
if (!idCompany.HasValue || !await wellService.IsCompanyInvolvedInWellAsync(idCompany.Value, idWell, cancellationToken))
|
||||
if (!await wellService.IsCompanyInvolvedInWellAsync(idCompany.Value, idWell, cancellationToken))
|
||||
throw new ForbidException("Нет доступа к скважине");
|
||||
|
||||
if (well.IdState == 2 && !userRepository.HasPermission(idUser, "ProcessMap.editCompletedWell"))
|
||||
if (well.IdState == 2 && !userRepository.HasPermission(idUser.Value, "ProcessMap.editCompletedWell"))
|
||||
throw new ForbidException("Недостаточно прав для редактирования РТК завершённой скважины");
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user