admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2022-02-11 18:42:53 +00:00
parent 16f9ac727c
commit 6f09698476
3 changed files with 36 additions and 38 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
server/AyaNova/biz/QuoteBiz.cs
View File

@@ -4172,19 +4172,19 @@ namespace AyaNova.Biz
return;
}
if (!isNew && UserIsRestrictedType && currentObj.CompletedByUserId != UserId)
if (!isNew && UserIsRestrictedType)
{
//restricted users are not allowed to edit any task unless they are the selected User
AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror");
return;
//Existing record so just make sure they haven't changed the not changeable fields from the db version
//* Tasks: view and edit existing tasks, set completion type and date only, no add or remove or changing other fields
//note that UI will prevent this, this rule is only backup for 3rd party api users
if (currentObj.Task != proposedObj.Task) AddError(ApiErrorCode.VALIDATION_NOT_CHANGEABLE, "Task");
if (currentObj.CompletedByUserId != UserId) AddError(ApiErrorCode.VALIDATION_INVALID_VALUE, "CompletedByUserId");
if (currentObj.Sequence != proposedObj.Sequence) AddError(ApiErrorCode.VALIDATION_NOT_CHANGEABLE, "Sequence");
// //Existing record so just make sure they haven't changed the not changeable fields from the db version
// //* Tasks: view and edit existing tasks, set completion type and date only, no add or remove or changing other fields
// //note that UI will prevent this, this rule is only backup for 3rd party api users
// if (currentObj.Task != proposedObj.Task) AddError(ApiErrorCode.VALIDATION_NOT_CHANGEABLE, "Task");
// if (currentObj.CompletedByUserId != UserId) AddError(ApiErrorCode.VALIDATION_INVALID_VALUE, "CompletedByUserId");
// if (currentObj.Sequence != proposedObj.Sequence) AddError(ApiErrorCode.VALIDATION_NOT_CHANGEABLE, "Sequence");
//they *are* permitted to change the date and status but only if they are the selected user:
//note that UI will prevent this, this rule is only backup for 3rd party api users
if (currentObj.CompletedDate != proposedObj.CompletedDate && currentObj.CompletedByUserId != UserId) AddError(ApiErrorCode.VALIDATION_NOT_CHANGEABLE, "CompletedDate");
if (currentObj.Status != proposedObj.Status && currentObj.CompletedByUserId != UserId) AddError(ApiErrorCode.VALIDATION_NOT_CHANGEABLE, "Status");
}