From 220f18541865b95f46d7b100c3a4e113ddbd2056 Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Wed, 8 Sep 2021 23:33:01 +0000
Subject: [PATCH]

---
 .../{customer-csr-list.md => customer-csr.md} |  0
 .../AyaNova/Controllers/PickListController.cs | 19 +++++++++++++++++++
 server/AyaNova/biz/PickListBiz.cs             |  2 +-
 server/AyaNova/biz/UserBiz.cs                 |  7 ++++++-
 server/AyaNova/models/GlobalBizSettings.cs    |  2 +-
 5 files changed, 27 insertions(+), 3 deletions(-)
 rename docs/8.0/ayanova/docs/{customer-csr-list.md => customer-csr.md} (100%)

diff --git a/docs/8.0/ayanova/docs/customer-csr-list.md b/docs/8.0/ayanova/docs/customer-csr.md
similarity index 100%
rename from docs/8.0/ayanova/docs/customer-csr-list.md
rename to docs/8.0/ayanova/docs/customer-csr.md
diff --git a/server/AyaNova/Controllers/PickListController.cs b/server/AyaNova/Controllers/PickListController.cs
index 153fc4ff..663bf551 100644
--- a/server/AyaNova/Controllers/PickListController.cs
+++ b/server/AyaNova/Controllers/PickListController.cs
@@ -8,6 +8,7 @@ using AyaNova.Api.ControllerHelpers;
 using AyaNova.Biz;
 using AyaNova.PickList;
 using System.Threading.Tasks;
+using System.Linq;
 
 namespace AyaNova.Api.Controllers
 {
@@ -73,10 +74,26 @@ namespace AyaNova.Api.Controllers
             if (!Authorized.HasAnyRole(HttpContext.Items, PickList.AllowedRoles))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
 
+
             //Instantiate the business object handler
             PickListBiz biz = PickListBiz.GetBiz(ct, HttpContext);
 
 
+            //handle HeadOffice only restricted variants
+            if (pickListParams.ListVariant == "ho")
+            {
+                //add a variant for the current user's head office id in place of ho
+                var UserId = UserIdFromContext.Id(HttpContext.Items);
+                var UType = UserTypeFromContext.Type(HttpContext.Items);
+                if (UType != UserType.HeadOffice)
+                    return StatusCode(403, new ApiNotAuthorizedResponse());
+                var HoId = await ct.User.AsNoTracking().Where(x => x.Id == UserId).Select(x => x.HeadOfficeId).SingleOrDefaultAsync();
+                if (HoId == null || HoId == 0)
+                    return StatusCode(403, new ApiNotAuthorizedResponse());
+                pickListParams.ListVariant = $"{HoId},{(int)AyaType.HeadOffice}";
+
+            }
+
             var o = await biz.GetPickListAsync(PickList, pickListParams.Query, pickListParams.Inactive, pickListParams.PreselectedIds.ToArray(), pickListParams.ListVariant, log);
             if (o == null)
                 return BadRequest(new ApiErrorResponse(biz.Errors));
@@ -84,6 +101,8 @@ namespace AyaNova.Api.Controllers
                 return Ok(ApiOkResponse.Response(o));
         }
 
+       
+
         /// <summary>
         /// Get a single item's name display in PickList templated format
         /// </summary>
diff --git a/server/AyaNova/biz/PickListBiz.cs b/server/AyaNova/biz/PickListBiz.cs
index 55e3c4db..028335b8 100644
--- a/server/AyaNova/biz/PickListBiz.cs
+++ b/server/AyaNova/biz/PickListBiz.cs
@@ -15,7 +15,7 @@ namespace AyaNova.Biz
 
     internal class PickListBiz : BizObject
     {
-
+        
         internal PickListBiz(AyContext dbcontext, long currentUserId, long userTranslationId, AuthorizationRoles UserRoles)
         {
             ct = dbcontext;
diff --git a/server/AyaNova/biz/UserBiz.cs b/server/AyaNova/biz/UserBiz.cs
index 51a30cdd..be1c99b0 100644
--- a/server/AyaNova/biz/UserBiz.cs
+++ b/server/AyaNova/biz/UserBiz.cs
@@ -132,6 +132,10 @@ namespace AyaNova.Biz
                     if (UserInfo.HeadOfficeId != null && UserInfo.HeadOfficeId != 0)
                     AllTags.AddRange(await ct.HeadOffice.AsNoTracking().Where(x => x.Id == UserInfo.HeadOfficeId).Select(x => x.Tags).FirstAsync());
 
+                long EntityId=0;
+                if(UserInfo.UserType==UserType.Customer) EntityId=UserInfo.CustomerId??0;
+                 if(UserInfo.UserType==UserType.HeadOffice) EntityId=UserInfo.HeadOfficeId??0;
+
 
                 return new CustomerRightsRecord(
                     CustomerUserEffectiveRightsAllowed(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowCSR,
@@ -177,7 +181,8 @@ namespace AyaNova.Biz
                     CustomerUserEffectiveRightsAllowed(AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowNotifyWOCompleted,
                                                        AllTags,
                                                        AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowNotifyWOCompletedInTags,
-                                                       AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowNotifyWOCompletedOutTags)
+                                                       AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowNotifyWOCompletedOutTags),
+                    EntityId
                     );
 
             }
diff --git a/server/AyaNova/models/GlobalBizSettings.cs b/server/AyaNova/models/GlobalBizSettings.cs
index 0bb20836..ffa185a6 100644
--- a/server/AyaNova/models/GlobalBizSettings.cs
+++ b/server/AyaNova/models/GlobalBizSettings.cs
@@ -98,7 +98,7 @@ namespace AyaNova.Models
     }
 
     //Used internally and at client end as extended rights atop roles system in relation only to Contact (customer type users)
-    public record CustomerRightsRecord(bool CSR, bool WO, bool WOWIKI, bool UserSettings, bool NotifyServiceImminent, bool NotifyCSRAccepted, bool NotifyCSRRejected, bool NotifyWOCreated, bool NotifyWOCompleted);
+    public record CustomerRightsRecord(bool CSR, bool WO, bool WOWIKI, bool UserSettings, bool NotifyServiceImminent, bool NotifyCSRAccepted, bool NotifyCSRRejected, bool NotifyWOCreated, bool NotifyWOCompleted, long EntityId);
 }
 /*
 CREATE TABLE [dbo].[AGLOBAL](