This commit is contained in:
@@ -60,7 +60,29 @@ namespace AyaNova.Biz
|
||||
////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
// SUBRIGHTS / RESTRICTIONS FOR WORK ORDER
|
||||
//
|
||||
|
||||
//Note: these restrictions and rights are in addition to the basic fundamental role access rights (layer 1)
|
||||
//and are considered after role rights have already been consulted first (usually at the controller level)
|
||||
|
||||
internal UserType CurrentUserType { get; set; }
|
||||
|
||||
internal bool UserCanCreateOrDeleteAWorkOrderOrItem//does not mean they can't edit, just not create or remove
|
||||
{
|
||||
get
|
||||
{
|
||||
switch (CurrentUserType)
|
||||
{
|
||||
case UserType.Customer:
|
||||
case UserType.HeadOffice:
|
||||
case UserType.ServiceContractor:
|
||||
return false;
|
||||
}
|
||||
//Now check roles that have at least partial access to a work order
|
||||
if (CurrentUserRoles.HasFlag(AuthorizationRoles.TechRestricted)) return false;
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
internal bool UserCanViewPartCosts
|
||||
{
|
||||
get
|
||||
@@ -805,6 +827,12 @@ namespace AyaNova.Biz
|
||||
//run validation and biz rules
|
||||
bool isNew = currentObj == null;
|
||||
|
||||
//Check restricted role preventing create
|
||||
if (isNew && !UserCanCreateOrDeleteAWorkOrderOrItem)
|
||||
{
|
||||
AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror");
|
||||
return;//this is a completely disqualifying error
|
||||
}
|
||||
|
||||
//Check state if updatable right now
|
||||
if (!isNew)
|
||||
@@ -873,6 +901,12 @@ namespace AyaNova.Biz
|
||||
|
||||
private void WorkOrderValidateCanDelete(WorkOrder dbObject)
|
||||
{
|
||||
//Check restricted role preventing create
|
||||
if (!UserCanCreateOrDeleteAWorkOrderOrItem)
|
||||
{
|
||||
AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror");
|
||||
return;//this is a completely disqualifying error
|
||||
}
|
||||
//FOREIGN KEY CHECKS
|
||||
//these are examples copied from customer for when other objects are actually referencing them
|
||||
// if (await ct.User.AnyAsync(m => m.CustomerId == inObj.Id))
|
||||
@@ -2248,23 +2282,14 @@ namespace AyaNova.Biz
|
||||
AddError(ApiErrorCode.VALIDATION_REQUIRED, "WorkOrderId");
|
||||
|
||||
|
||||
// // //TEST TEST TEST
|
||||
// if (string.IsNullOrWhiteSpace(proposedObj.Notes))
|
||||
// {
|
||||
// AddError(ApiErrorCode.VALIDATION_REQUIRED, "Notes");
|
||||
// }
|
||||
// if (proposedObj.Notes.Contains("blah"))
|
||||
// {
|
||||
// ;
|
||||
// }
|
||||
// if (proposedObj.Notes != null && proposedObj.Notes.Contains("generalerror"))
|
||||
// {
|
||||
// AddError(ApiErrorCode.API_SERVER_ERROR, "generalerror", "Test general error");
|
||||
// }
|
||||
// if (proposedObj.Notes != null && proposedObj.Notes.Contains("aytesterror"))
|
||||
// {
|
||||
// AddError(ApiErrorCode.VALIDATION_INVALID_VALUE, "Notes", "SAVE TEST ERROR");
|
||||
// }
|
||||
|
||||
|
||||
//Check restricted role preventing create
|
||||
if (isNew && !UserCanCreateOrDeleteAWorkOrderOrItem)
|
||||
{
|
||||
AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror");
|
||||
return;//this is a completely disqualifying error
|
||||
}
|
||||
|
||||
//Check state if updatable right now
|
||||
if (!isNew)
|
||||
@@ -2304,11 +2329,13 @@ namespace AyaNova.Biz
|
||||
AddError(ApiErrorCode.NOT_FOUND, "id");
|
||||
return;
|
||||
}
|
||||
// //TEST TEST TEST
|
||||
// if (obj.Notes != null && obj.Notes.Contains("aytesterror"))
|
||||
// {
|
||||
// AddError(ApiErrorCode.VALIDATION_INVALID_VALUE, $"Notes", "DELETE TEST ERROR");
|
||||
// }
|
||||
|
||||
//Check restricted role preventing create
|
||||
if (!UserCanCreateOrDeleteAWorkOrderOrItem)
|
||||
{
|
||||
AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror");
|
||||
return;//this is a completely disqualifying error
|
||||
}
|
||||
|
||||
|
||||
//re-check rights here necessary due to traversal delete from Principle object
|
||||
|
||||
Reference in New Issue
Block a user