ayanova/devdocs/todo.txt

@@ -389,9 +389,6 @@ Sidetrack, case 3888 customer feature control in global settings required for cu
 	see case, add to global object at server and also must return login availability and code that too now so it all works
 	also customer centric notifications and features need to be filtered through this security at the server now too
 
-TODO: customer access features need to be filtered OUT at the server if they don't have access
-	in case they attempt to circumvent UI somehow
-	Easiest thing is when code those forms also enable at the back end more security checks
 
 
 

ayanova/src/store.js

@@ -55,11 +55,11 @@ export default new Vuex.Store({
     knownPassword: false,
     newNotificationCount: 0
   },
-  getters: {
-    isOutsideUser: state => {
-      return state.userType == 3 || state.userType == 4;
-    }
-  },
+  // getters: {
+  //   isOutsideUser: state => {
+  //     return state.userType == 3 || state.userType == 4;
+  //   }
+  // },
   mutations: {
     setLastClientVersion(state, data) {
       state.lastClientVersion = data;

ayanova/src/views/home-notify-subscription.vue

@@ -764,10 +764,27 @@ async function populateSelectionLists(vm) {
   //ensure the pick lists required are pre-fetched
   await window.$gz.enums.fetchEnumList("NotifyEventType");
   const tempEventTypes = window.$gz.enums.getSelectionList("NotifyEventType");
-  if (window.$gz.store.getters.isOutsideUser) {
-    vm.selectLists.eventTypes = tempEventTypes.filter(
-      z => z.id == 6 || z.id == 7 || z.id == 21 || z.id == 30 || z.id == 31
-    );
+  if (window.$gz.store.state.isCustomerUser) {
+    vm.selectLists.eventTypes = tempEventTypes.filter(z => {
+      //return true if it's a type allowed by customer *and* they have customerRights to it
+
+      switch (z.id) {
+        case 6:
+          return window.$gz.store.state.customerRights.notifyCSRAccepted;
+        case 7:
+          return window.$gz.store.state.customerRights.notifyCSRRejected;
+        case 21:
+          return window.$gz.store.state.customerRights.notifyCSRAccepted;
+        // case 30://was workorder completed, removed due to thinking it's covered elsewhere but not really for customer who shouldn't see any other status available
+        //this is still up in the air and may need to be re-enabled here and at server
+        // //return window.$gz.store.state.customerRights.notifyCSRAccepted;
+        // return false;
+        case 31:
+          return window.$gz.store.state.customerRights.notifyWOCreated;
+        default:
+          return false;
+      }
+    });
   } else {
     vm.selectLists.eventTypes = tempEventTypes.filter(
       z => z.id != 6 && z.id != 7 && z.id != 21 && z.id != 31