From 206f9ec423556f5b89c77bf9b59599d759bac237 Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Thu, 17 Dec 2020 21:14:54 +0000
Subject: [PATCH]

---
 server/AyaNova/biz/Review.cs | 14 ++++++++++++--
 1 file changed, 12 insertions(+), 2 deletions(-)

diff --git a/server/AyaNova/biz/Review.cs b/server/AyaNova/biz/Review.cs
index 5273e440..7d5507fa 100644
--- a/server/AyaNova/biz/Review.cs
+++ b/server/AyaNova/biz/Review.cs
@@ -216,14 +216,24 @@ namespace AyaNova.Biz
             - RULE Limited roles can only set completed date and enter completion notes not otherwise change or create or delete.
             - BIZ RULE  users with more than limited roles can assign other users to follow up. Limited roles can only set completed status not otherwise change or create or delete. 
             */
-           
+
             bool isNew = currentObj == null;
 
+            bool HasSupervisorRole =
+            CurrentUserRoles.HasFlag(AuthorizationRoles.BizAdminFull) ||
+            CurrentUserRoles.HasFlag(AuthorizationRoles.DispatchFull) ||
+            CurrentUserRoles.HasFlag(AuthorizationRoles.InventoryFull) ||
+            CurrentUserRoles.HasFlag(AuthorizationRoles.SalesFull) ||
+            CurrentUserRoles.HasFlag(AuthorizationRoles.AccountingFull);
+
+
             //Name required
             if (string.IsNullOrWhiteSpace(proposedObj.Name))
                 AddError(ApiErrorCode.VALIDATION_REQUIRED, "Name");
 
-
+            if(!HasSupervisorRole && proposedObj.Self){
+                 AddError(ApiErrorCode.NOT_AUTHORIZED, "UserId");
+            }
 
 
             //Any form customizations to validate?