This commit is contained in:
@@ -8,6 +8,7 @@ using AyaNova.Api.ControllerHelpers;
|
||||
using AyaNova.Biz;
|
||||
using AyaNova.PickList;
|
||||
using System.Threading.Tasks;
|
||||
using System.Linq;
|
||||
|
||||
namespace AyaNova.Api.Controllers
|
||||
{
|
||||
@@ -73,10 +74,26 @@ namespace AyaNova.Api.Controllers
|
||||
if (!Authorized.HasAnyRole(HttpContext.Items, PickList.AllowedRoles))
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
|
||||
//Instantiate the business object handler
|
||||
PickListBiz biz = PickListBiz.GetBiz(ct, HttpContext);
|
||||
|
||||
|
||||
//handle HeadOffice only restricted variants
|
||||
if (pickListParams.ListVariant == "ho")
|
||||
{
|
||||
//add a variant for the current user's head office id in place of ho
|
||||
var UserId = UserIdFromContext.Id(HttpContext.Items);
|
||||
var UType = UserTypeFromContext.Type(HttpContext.Items);
|
||||
if (UType != UserType.HeadOffice)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
var HoId = await ct.User.AsNoTracking().Where(x => x.Id == UserId).Select(x => x.HeadOfficeId).SingleOrDefaultAsync();
|
||||
if (HoId == null || HoId == 0)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
pickListParams.ListVariant = $"{HoId},{(int)AyaType.HeadOffice}";
|
||||
|
||||
}
|
||||
|
||||
var o = await biz.GetPickListAsync(PickList, pickListParams.Query, pickListParams.Inactive, pickListParams.PreselectedIds.ToArray(), pickListParams.ListVariant, log);
|
||||
if (o == null)
|
||||
return BadRequest(new ApiErrorResponse(biz.Errors));
|
||||
@@ -84,6 +101,8 @@ namespace AyaNova.Api.Controllers
|
||||
return Ok(ApiOkResponse.Response(o));
|
||||
}
|
||||
|
||||
|
||||
|
||||
/// <summary>
|
||||
/// Get a single item's name display in PickList templated format
|
||||
/// </summary>
|
||||
|
||||
Reference in New Issue
Block a user