diff --git a/docs/8.0/ayanova/docs/svc-workorders.md b/docs/8.0/ayanova/docs/svc-workorders.md index 6be3bfa7..ac837a73 100644 --- a/docs/8.0/ayanova/docs/svc-workorders.md +++ b/docs/8.0/ayanova/docs/svc-workorders.md @@ -31,10 +31,15 @@ docs / sections required * Sub contractors / Technician - Restricted users and Work Orders - If a User is set to User type of Sub contractor or if they are a Service type user and are assigned the "Technician - Restricted" role then special limitations apply to them when using the work order form: + If a User is set to User type of Sub contractor or if they are a Service type user and are assigned the "Technician - Restricted" role then special limitations apply to them when using the work order form and related features: + + * Service -> Work order list menu area + * These restricted Esers are not shown the option of viewing the full work order list. They will access their work orders via their Home -> Schedule form. + + * Work order / work order item can not be created or deleted * Work order *Item* restrictions - * Theser Users will only be able to access the Work order Items for which they are Scheduled in the work order editing form. In other words if you do not want a Sub contractor or tech - restricted user to see parts of a work order do not add them to the Scheduled users collection on those work order items + * These restricted Users will only be able to access the Work order Items for which they are Scheduled in the work order editing form. In other words if you do not want a Sub contractor or tech - restricted user to see parts of a work order do not add them to the Scheduled users collection on those work order items * Reporting convenience field: IsCompleteRecord field is included with the report header data to indicate if any items were removed due to restricted user diff --git a/server/AyaNova/biz/WorkOrderBiz.cs b/server/AyaNova/biz/WorkOrderBiz.cs index 2cf8fbe5..cbe94dca 100644 --- a/server/AyaNova/biz/WorkOrderBiz.cs +++ b/server/AyaNova/biz/WorkOrderBiz.cs @@ -60,7 +60,29 @@ namespace AyaNova.Biz //////////////////////////////////////////////////////////////////////////////////////////////// // SUBRIGHTS / RESTRICTIONS FOR WORK ORDER // + + //Note: these restrictions and rights are in addition to the basic fundamental role access rights (layer 1) + //and are considered after role rights have already been consulted first (usually at the controller level) + internal UserType CurrentUserType { get; set; } + + internal bool UserCanCreateOrDeleteAWorkOrderOrItem//does not mean they can't edit, just not create or remove + { + get + { + switch (CurrentUserType) + { + case UserType.Customer: + case UserType.HeadOffice: + case UserType.ServiceContractor: + return false; + } + //Now check roles that have at least partial access to a work order + if (CurrentUserRoles.HasFlag(AuthorizationRoles.TechRestricted)) return false; + return true; + } + } + internal bool UserCanViewPartCosts { get @@ -805,6 +827,12 @@ namespace AyaNova.Biz //run validation and biz rules bool isNew = currentObj == null; + //Check restricted role preventing create + if (isNew && !UserCanCreateOrDeleteAWorkOrderOrItem) + { + AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror"); + return;//this is a completely disqualifying error + } //Check state if updatable right now if (!isNew) @@ -873,6 +901,12 @@ namespace AyaNova.Biz private void WorkOrderValidateCanDelete(WorkOrder dbObject) { + //Check restricted role preventing create + if (!UserCanCreateOrDeleteAWorkOrderOrItem) + { + AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror"); + return;//this is a completely disqualifying error + } //FOREIGN KEY CHECKS //these are examples copied from customer for when other objects are actually referencing them // if (await ct.User.AnyAsync(m => m.CustomerId == inObj.Id)) @@ -2248,23 +2282,14 @@ namespace AyaNova.Biz AddError(ApiErrorCode.VALIDATION_REQUIRED, "WorkOrderId"); - // // //TEST TEST TEST - // if (string.IsNullOrWhiteSpace(proposedObj.Notes)) - // { - // AddError(ApiErrorCode.VALIDATION_REQUIRED, "Notes"); - // } - // if (proposedObj.Notes.Contains("blah")) - // { - // ; - // } - // if (proposedObj.Notes != null && proposedObj.Notes.Contains("generalerror")) - // { - // AddError(ApiErrorCode.API_SERVER_ERROR, "generalerror", "Test general error"); - // } - // if (proposedObj.Notes != null && proposedObj.Notes.Contains("aytesterror")) - // { - // AddError(ApiErrorCode.VALIDATION_INVALID_VALUE, "Notes", "SAVE TEST ERROR"); - // } + + + //Check restricted role preventing create + if (isNew && !UserCanCreateOrDeleteAWorkOrderOrItem) + { + AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror"); + return;//this is a completely disqualifying error + } //Check state if updatable right now if (!isNew) @@ -2304,11 +2329,13 @@ namespace AyaNova.Biz AddError(ApiErrorCode.NOT_FOUND, "id"); return; } - // //TEST TEST TEST - // if (obj.Notes != null && obj.Notes.Contains("aytesterror")) - // { - // AddError(ApiErrorCode.VALIDATION_INVALID_VALUE, $"Notes", "DELETE TEST ERROR"); - // } + + //Check restricted role preventing create + if (!UserCanCreateOrDeleteAWorkOrderOrItem) + { + AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror"); + return;//this is a completely disqualifying error + } //re-check rights here necessary due to traversal delete from Principle object