From 56a68b40b48e7b999a9798001fe0eb31e750966e Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Tue, 4 Sep 2018 22:24:55 +0000
Subject: [PATCH]

---
 server/AyaNova/Controllers/UserController.cs | 26 +++-----------------
 server/AyaNova/biz/UserBiz.cs                | 11 +++++++--
 2 files changed, 13 insertions(+), 24 deletions(-)

diff --git a/server/AyaNova/Controllers/UserController.cs b/server/AyaNova/Controllers/UserController.cs
index 697c5c8c..e84104a7 100644
--- a/server/AyaNova/Controllers/UserController.cs
+++ b/server/AyaNova/Controllers/UserController.cs
@@ -120,8 +120,8 @@ namespace AyaNova.Api.Controllers
             //Instantiate the business object handler
             UserBiz biz = new UserBiz(ct, UserIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items));
 
-            ApiPagedResponse<User> pr = await biz.GetManyAsync(Url, nameof(ListUsers), pagingOptions);
-            return Ok(new ApiOkWithPagingResponse<User>(pr));
+            ApiPagedResponse<System.Object> pr = await biz.GetManyAsync(Url, nameof(ListUsers), pagingOptions);
+            return Ok(new ApiOkWithPagingResponse<System.Object>(pr));
         }
 
 
@@ -354,30 +354,12 @@ namespace AyaNova.Api.Controllers
 
                 //return success and link
                 //NOTE: this is a USER object so we don't want to return some key fields for security reasons
-                //So the easiest way to do that is to return an anonymous object created on the fly
-                // var returnObject = new
-                // {
-                //     Id = o.Id,
-                //     ConcurrencyToken = o.ConcurrencyToken,
-                //     OwnerId = o.OwnerId,
-                //     Active = o.Active,
-                //     Name = o.Name,
-                //     Roles = o.Roles,
-                //     LocaleId = o.LocaleId,
-                //     UserType = o.UserType,
-                //     EmployeeNumber = o.EmployeeNumber,
-                //     Notes = o.Notes,
-                //     ClientId = o.ClientId,
-                //     HeadOfficeId = o.HeadOfficeId,
-                //     SubVendorId = o.SubVendorId
-                // };
-
-
+                //which is why the object is "cleaned" before return
                 return CreatedAtAction("GetUser", new { id = o.Id }, new ApiCreatedResponse(UserBiz.CleanUserForReturn(o)));
             }
         }
 
-        
+
 
 
         /// <summary>
diff --git a/server/AyaNova/biz/UserBiz.cs b/server/AyaNova/biz/UserBiz.cs
index 8e05c71f..bbe7a38e 100644
--- a/server/AyaNova/biz/UserBiz.cs
+++ b/server/AyaNova/biz/UserBiz.cs
@@ -69,7 +69,7 @@ namespace AyaNova.Biz
         }
 
         //get many (paged)
-        internal async Task<ApiPagedResponse<User>> GetManyAsync(IUrlHelper Url, string routeName, PagingOptions pagingOptions)
+        internal async Task<ApiPagedResponse<System.Object>> GetManyAsync(IUrlHelper Url, string routeName, PagingOptions pagingOptions)
         {
 
             pagingOptions.Offset = pagingOptions.Offset ?? PagingOptions.DefaultOffset;
@@ -84,7 +84,14 @@ namespace AyaNova.Biz
             var totalRecordCount = await ct.User.CountAsync();
             var pageLinks = new PaginationLinkBuilder(Url, routeName, null, pagingOptions, totalRecordCount).PagingLinksObject();
 
-            ApiPagedResponse<User> pr = new ApiPagedResponse<User>(items, pageLinks);
+            var cleanedItems = new System.Object[] { };
+            foreach (User item in items)
+            {
+                cleanedItems.Append(CleanUserForReturn(item));
+            }
+
+
+            ApiPagedResponse<System.Object> pr = new ApiPagedResponse<System.Object>(cleanedItems, pageLinks);
             return pr;
         }