admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2021-07-14 18:23:18 +00:00
parent a5b1baa3d8
commit 2943b45c57
2 changed files with 21 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
server/AyaNova/Controllers/WorkOrderController.cs
View File

@@ -623,7 +623,7 @@ namespace AyaNova.Api.Controllers
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.WorkOrderItemLoan))
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.WorkOrderItemLoan) || biz.UserIsRestrictedType)
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
@@ -646,7 +646,7 @@ namespace AyaNova.Api.Controllers
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.WorkOrderItemLoan))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.WorkOrderItemLoan) || biz.UserIsSubContractorRestricted)
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
@@ -670,7 +670,7 @@ namespace AyaNova.Api.Controllers
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.WorkOrderItemLoan))
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.WorkOrderItemLoan) || biz.UserIsRestrictedType)
return StatusCode(403, new ApiNotAuthorizedResponse());
var o = await biz.LoanPutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token
if (o == null)
@@ -696,7 +696,7 @@ namespace AyaNova.Api.Controllers
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.WorkOrderItemLoan))
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.WorkOrderItemLoan) || biz.UserIsRestrictedType)
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!await biz.LoanDeleteAsync(WorkOrderItemLoanId))
return BadRequest(new ApiErrorResponse(biz.Errors));
@@ -732,7 +732,7 @@ namespace AyaNova.Api.Controllers
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.WorkOrderItemOutsideService))
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.WorkOrderItemOutsideService) || biz.UserIsRestrictedType)
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
@@ -755,7 +755,7 @@ namespace AyaNova.Api.Controllers
if (!serverState.IsOpen)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.WorkOrderItemOutsideService))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.WorkOrderItemOutsideService) || biz.UserIsSubContractorFull || biz.UserIsSubContractorRestricted)
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
@@ -779,7 +779,7 @@ namespace AyaNova.Api.Controllers
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.WorkOrderItemOutsideService))
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.WorkOrderItemOutsideService) || biz.UserIsRestrictedType)
return StatusCode(403, new ApiNotAuthorizedResponse());
var o = await biz.OutsideServicePutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token
if (o == null)
@@ -805,7 +805,7 @@ namespace AyaNova.Api.Controllers
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.WorkOrderItemOutsideService))
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.WorkOrderItemOutsideService) || biz.UserIsRestrictedType)
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!await biz.OutsideServiceDeleteAsync(WorkOrderItemOutsideServiceId))
return BadRequest(new ApiErrorResponse(biz.Errors));