server/AyaNova/Controllers/AuthController.cs

@@ -347,15 +347,40 @@ namespace AyaNova.Api.Controllers
             log.LogInformation($"User \"{u.Name}\" logged in from \"{HttpContext.Connection.RemoteIpAddress.ToString()}\" ok");
 
 
+            //return appropriate data
+            
+            if (u.UserType == UserType.Customer | u.UserType == UserType.HeadOffice)
+            {   
+               //customer type has special rights restrictions for UI features so return them here so client UI can enable or disable
+           
+            
+           
             return Ok(ApiOkResponse.Response(new
+                {
+                    token = token,
+                    name = u.Name,
+                    usertype = u.UserType,
+                    roles = ((int)u.Roles).ToString(),
+                    dlt = DownloadToken,
+                    tfa = u.TwoFactorEnabled,
+                    CustomerAllowCSR = AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerDefaultWorkOrderReportId,
+
+                }));
+
+            }
+            else
             {
-                token = token,
-                name = u.Name,
-                usertype = u.UserType,
-                roles = ((int)u.Roles).ToString(),
-                dlt = DownloadToken,
-                tfa = u.TwoFactorEnabled
-            }));
+                //Non customer user
+                return Ok(ApiOkResponse.Response(new
+                {
+                    token = token,
+                    name = u.Name,
+                    usertype = u.UserType,
+                    roles = ((int)u.Roles).ToString(),
+                    dlt = DownloadToken,
+                    tfa = u.TwoFactorEnabled
+                }));
+            }
 
             //------------------------ /STANDARD BLOCK -------------------------
         }
@@ -664,7 +689,7 @@ namespace AyaNova.Api.Controllers
                     return StatusCode(403, new ApiNotAuthorizedResponse());
             }
 
-          
+
             var u = await ct.User.FirstOrDefaultAsync(z => z.Id == id);
             if (u == null)//should never happen but ?
                 return StatusCode(403, new ApiNotAuthorizedResponse());
@@ -673,7 +698,7 @@ namespace AyaNova.Api.Controllers
             u.TempToken = null;
             u.TwoFactorEnabled = false;
             await ct.SaveChangesAsync();
-           return NoContent();
+            return NoContent();
         }
         //------------------------------------------------------
 

server/AyaNova/biz/UserBiz.cs

@@ -107,6 +107,20 @@ namespace AyaNova.Biz
             }
         }
 
+        internal static async Task<CustomerRightsRecord> CustomerUserEffectiveRights(long userId)
+        {
+            using (AyContext ct = ServiceProviderProvider.DBContext)
+            {
+                var UserInfo = await ct.User.AsNoTracking().Where(x => x.Id == userId).Select(x => new { x.UserType, x.HeadOfficeId, x.CustomerId, x.Tags }).FirstAsync();
+                if (UserInfo.UserType != UserType.Customer && UserInfo.UserType != UserType.HeadOffice)
+                {
+                    throw new System.NotSupportedException(
+                        $"UserBiz::CustomerUserEffectiveRights - Requested for non Customer type user with ID {userId} who is UserType: {UserInfo.UserType}");
+                }
+
+            }
+        }
+
 
         internal static UserBiz GetBiz(AyContext ct, Microsoft.AspNetCore.Http.HttpContext httpContext = null)
         {
@@ -495,7 +509,7 @@ namespace AyaNova.Biz
             }
 
             var ResetCode = Hasher.GetRandomAlphanumericString(32);
-           
+
             dbObject.PasswordResetCode = ResetCode;
             dbObject.PasswordResetCodeExpire = DateTime.UtcNow.AddHours(48);//This is not enough time to issue a reset code on a friday at 5pm and use it Monday before noon, but it is more understandable and clear
             await ct.SaveChangesAsync();
@@ -716,21 +730,22 @@ namespace AyaNova.Biz
 
 
             //SUPERUSER ACCOUNT CAN"T BE MODIFIED IN SOME WAYS
-            if(!isNew && proposedObj.Id==1){
+            if (!isNew && proposedObj.Id == 1)
+            {
                 //prevent certain changes to superuser account like roles etc
 
-                if(proposedObj.Roles!=currentObj.Roles)
+                if (proposedObj.Roles != currentObj.Roles)
                     AddError(ApiErrorCode.NOT_AUTHORIZED, "Roles");
-                
-                if(proposedObj.Active!=currentObj.Active)
+
+                if (proposedObj.Active != currentObj.Active)
                     AddError(ApiErrorCode.NOT_AUTHORIZED, "Active");
 
-                if(proposedObj.Name!=currentObj.Name)
+                if (proposedObj.Name != currentObj.Name)
                     AddError(ApiErrorCode.NOT_AUTHORIZED, "Name");
 
-                if(proposedObj.UserType!=currentObj.UserType)
+                if (proposedObj.UserType != currentObj.UserType)
                     AddError(ApiErrorCode.NOT_AUTHORIZED, "UserType");
-                
+
             }
 
             //TODO: Validation rules that require future other objects that aren't present yet:

server/AyaNova/models/GlobalBizSettings.cs

@@ -88,6 +88,9 @@ namespace AyaNova.Models
 
         }
     }
+
+	//Used internally and at client end as extended rights atop roles system in relation only to Contact (customer type users)
+    public record CustomerRightsRecord(bool CSR, bool WO, bool WOWIKI, bool UserSettings, bool NotifyServiceImminent, bool NotifyCSRAccepted, bool NotifyCSRRejected, bool NotifyWOCreated);
 }
 /*
 CREATE TABLE [dbo].[AGLOBAL](