diff --git a/AsbCloudInfrastructure/Repository/ProcessMapWellboreDevelopmentRepository.cs b/AsbCloudInfrastructure/Repository/ProcessMapWellboreDevelopmentRepository.cs
index 36bb7a0f..95b7a4d8 100644
--- a/AsbCloudInfrastructure/Repository/ProcessMapWellboreDevelopmentRepository.cs
+++ b/AsbCloudInfrastructure/Repository/ProcessMapWellboreDevelopmentRepository.cs
@@ -38,6 +38,7 @@ public class ProcessMapWellboreDevelopmentRepository :
var entities = await query
.OrderBy(p => p.DepthStart)
.ThenBy(p => p.Id)
+ .AsNoTracking()
.ToArrayAsync(cancellationToken);
return entities.Select(Convert);
diff --git a/AsbCloudInfrastructure/Services/ProcessMap/ProcessMapWellboreDevelopment/ProcessMapWellboreDevelopmentService.cs b/AsbCloudInfrastructure/Services/ProcessMap/ProcessMapWellboreDevelopment/ProcessMapWellboreDevelopmentService.cs
index 07f97ed1..6a2c3834 100644
--- a/AsbCloudInfrastructure/Services/ProcessMap/ProcessMapWellboreDevelopment/ProcessMapWellboreDevelopmentService.cs
+++ b/AsbCloudInfrastructure/Services/ProcessMap/ProcessMapWellboreDevelopment/ProcessMapWellboreDevelopmentService.cs
@@ -33,7 +33,7 @@ public class ProcessMapWellboreDevelopmentService : IProcessMapWellboreDevelopme
nameof(processMapWellboreDevelopment.IdWell));
if (processMapWellboreDevelopment.DepthStart > processMapWellboreDevelopment.DepthEnd)
- throw new ArgumentInvalidException("Значение стартовой глубины не может превышать значение конечной глубину",
+ throw new ArgumentInvalidException("Значение стартовой глубины должно быть не больше значения конечной глубины",
nameof(processMapWellboreDevelopment.DepthStart));
processMapWellboreDevelopment.LastUpdate = DateTimeOffset.UtcNow;
@@ -50,7 +50,7 @@ public class ProcessMapWellboreDevelopmentService : IProcessMapWellboreDevelopme
nameof(processMapWellboreDevelopment.IdWell));
if (processMapWellboreDevelopment.DepthStart > processMapWellboreDevelopment.DepthEnd)
- throw new ArgumentInvalidException("Значение стартовой глубины не может превышать значение конечной глубину",
+ throw new ArgumentInvalidException("Значение стартовой глубины должно быть не больше значения конечной глубины",
nameof(processMapWellboreDevelopment.DepthStart));
processMapWellboreDevelopment.LastUpdate = DateTimeOffset.UtcNow;
diff --git a/AsbCloudWebApi/Controllers/ProcessMapWellboreDevelopmentController.cs b/AsbCloudWebApi/Controllers/ProcessMapWellboreDevelopmentController.cs
index 5c9945b6..49748f14 100644
--- a/AsbCloudWebApi/Controllers/ProcessMapWellboreDevelopmentController.cs
+++ b/AsbCloudWebApi/Controllers/ProcessMapWellboreDevelopmentController.cs
@@ -7,6 +7,7 @@ using AsbCloudApp.Repositories;
using AsbCloudApp.Services;
using Microsoft.AspNetCore.Mvc;
using System;
+using Microsoft.AspNetCore.Authorization;
namespace AsbCloudWebApi.Controllers;
@@ -38,8 +39,11 @@ public class ProcessMapWellboreDevelopmentController : CrudWellRelatedController
///
public override async Task> InsertAsync(ProcessMapWellboreDevelopmentDto value, CancellationToken token)
{
- await AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(value.IdWell, token);
-
+ value.IdUser = User.GetUserId()
+ ?? throw new ForbidException("Неизвестный пользователь");
+
+ await AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(value.IdWell, value.IdUser, token);
+
return await processMapWellboreDevelopmentService.InsertAsync(value, token);
}
@@ -51,7 +55,10 @@ public class ProcessMapWellboreDevelopmentController : CrudWellRelatedController
///
public override async Task> UpdateAsync(ProcessMapWellboreDevelopmentDto value, CancellationToken token)
{
- await AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(value.IdWell, token);
+ value.IdUser = User.GetUserId()
+ ?? throw new ForbidException("Неизвестный пользователь");
+
+ await AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(value.IdWell, value.IdUser, token);
return await processMapWellboreDevelopmentService.UpdateAsync(value, token);
}
@@ -64,26 +71,26 @@ public class ProcessMapWellboreDevelopmentController : CrudWellRelatedController
///
///
[HttpGet("telemetry/{uid}")]
+ [AllowAnonymous]
[ProducesResponseType(typeof(IEnumerable), (int)System.Net.HttpStatusCode.OK)]
public async Task GetByUidAsync(string uid, DateTime updateFrom, CancellationToken cancellationToken)
{
- var dto = await processMapWellboreDevelopmentService.GetByTelemetryAsync(uid,
- updateFrom, cancellationToken);
+ var dto = await processMapWellboreDevelopmentService.GetByTelemetryAsync(uid, updateFrom,
+ cancellationToken);
return Ok(dto);
}
- private async Task AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(int idWell, CancellationToken cancellationToken)
+ private async Task AssertUserHasAccessToProcessMapWellboreDevelopmentAsync(int idUser, int idWell, CancellationToken cancellationToken)
{
- var idUser = User.GetUserId();
+ var well = await wellService.GetOrDefaultAsync(idWell, cancellationToken)
+ ?? throw new ForbidException($"Скважины с {idWell} не существует");
+
+ var idCompany = User.GetCompanyId();
+ if (idCompany is not null && await wellService.IsCompanyInvolvedInWellAsync(idCompany.Value, idWell, cancellationToken))
+ throw new ForbidException("Нет доступа к скважине");
- if (!idUser.HasValue)
- throw new ForbidException("Неизвестный пользователь");
-
- var well = await wellService.GetOrDefaultAsync(idWell, cancellationToken) ??
- throw new ForbidException($"Скважины с {idWell} не существует");
-
- if (well.IdState == 2 && !userRepository.HasPermission(idUser.Value, "ProcessMap.editCompletedWell"))
- throw new ForbidException("Недостаточно прав для редактирования проработки");
+ if (well.IdState == 2 && !userRepository.HasPermission(idUser, "ProcessMap.editCompletedWell"))
+ throw new ForbidException("Недостаточно прав для редактирования РТК завершённой скважины");
}
}
\ No newline at end of file