From f4248e592efd1e155c9c088dae41a42f9c73da00 Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Wed, 16 Jun 2021 18:40:38 +0000 Subject: [PATCH] --- ayanova/devdocs/todo.txt | 3 --- ayanova/src/store.js | 10 ++++---- .../src/views/home-notify-subscription.vue | 25 ++++++++++++++++--- 3 files changed, 26 insertions(+), 12 deletions(-) diff --git a/ayanova/devdocs/todo.txt b/ayanova/devdocs/todo.txt index 97763380..c8e23ccf 100644 --- a/ayanova/devdocs/todo.txt +++ b/ayanova/devdocs/todo.txt @@ -389,9 +389,6 @@ Sidetrack, case 3888 customer feature control in global settings required for cu see case, add to global object at server and also must return login availability and code that too now so it all works also customer centric notifications and features need to be filtered through this security at the server now too -TODO: customer access features need to be filtered OUT at the server if they don't have access - in case they attempt to circumvent UI somehow - Easiest thing is when code those forms also enable at the back end more security checks diff --git a/ayanova/src/store.js b/ayanova/src/store.js index 959dd5ce..3f9be77a 100644 --- a/ayanova/src/store.js +++ b/ayanova/src/store.js @@ -55,11 +55,11 @@ export default new Vuex.Store({ knownPassword: false, newNotificationCount: 0 }, - getters: { - isOutsideUser: state => { - return state.userType == 3 || state.userType == 4; - } - }, + // getters: { + // isOutsideUser: state => { + // return state.userType == 3 || state.userType == 4; + // } + // }, mutations: { setLastClientVersion(state, data) { state.lastClientVersion = data; diff --git a/ayanova/src/views/home-notify-subscription.vue b/ayanova/src/views/home-notify-subscription.vue index acc48977..9153aa11 100644 --- a/ayanova/src/views/home-notify-subscription.vue +++ b/ayanova/src/views/home-notify-subscription.vue @@ -764,10 +764,27 @@ async function populateSelectionLists(vm) { //ensure the pick lists required are pre-fetched await window.$gz.enums.fetchEnumList("NotifyEventType"); const tempEventTypes = window.$gz.enums.getSelectionList("NotifyEventType"); - if (window.$gz.store.getters.isOutsideUser) { - vm.selectLists.eventTypes = tempEventTypes.filter( - z => z.id == 6 || z.id == 7 || z.id == 21 || z.id == 30 || z.id == 31 - ); + if (window.$gz.store.state.isCustomerUser) { + vm.selectLists.eventTypes = tempEventTypes.filter(z => { + //return true if it's a type allowed by customer *and* they have customerRights to it + + switch (z.id) { + case 6: + return window.$gz.store.state.customerRights.notifyCSRAccepted; + case 7: + return window.$gz.store.state.customerRights.notifyCSRRejected; + case 21: + return window.$gz.store.state.customerRights.notifyCSRAccepted; + // case 30://was workorder completed, removed due to thinking it's covered elsewhere but not really for customer who shouldn't see any other status available + //this is still up in the air and may need to be re-enabled here and at server + // //return window.$gz.store.state.customerRights.notifyCSRAccepted; + // return false; + case 31: + return window.$gz.store.state.customerRights.notifyWOCreated; + default: + return false; + } + }); } else { vm.selectLists.eventTypes = tempEventTypes.filter( z => z.id != 6 && z.id != 7 && z.id != 21 && z.id != 31