diff --git a/server/AyaNova/biz/WorkOrderBiz.cs b/server/AyaNova/biz/WorkOrderBiz.cs index 002fa2d4..3d74d941 100644 --- a/server/AyaNova/biz/WorkOrderBiz.cs +++ b/server/AyaNova/biz/WorkOrderBiz.cs @@ -26,6 +26,24 @@ namespace AyaNova.Biz CurrentUserRoles = UserRoles; BizType = AyaType.WorkOrder; CurrentUserType = currentUserType; + + //Sub-role rights flags + UserIsTechRestricted = CurrentUserRoles.HasFlag(AuthorizationRoles.TechRestricted); + UserIsSubContractorFull = CurrentUserType == UserType.ServiceContractor && CurrentUserRoles.HasFlag(AuthorizationRoles.SubContractor); + UserIsSubContractorRestricted = CurrentUserType == UserType.ServiceContractor && CurrentUserRoles.HasFlag(AuthorizationRoles.SubContractorRestricted); + UserIsRestrictedType = UserIsTechRestricted || UserIsSubContractorFull || UserIsSubContractorRestricted; + UserCanViewPartCosts = CurrentUserRoles.HasFlag(AuthorizationRoles.InventoryRestricted) + || CurrentUserRoles.HasFlag(AuthorizationRoles.Inventory) + || CurrentUserRoles.HasFlag(AuthorizationRoles.BizAdmin) + || CurrentUserRoles.HasFlag(AuthorizationRoles.Accounting); + UserCanViewLaborOrTravelRateCosts = CurrentUserRoles.HasFlag(AuthorizationRoles.Service) + || CurrentUserRoles.HasFlag(AuthorizationRoles.ServiceRestricted) + || CurrentUserRoles.HasFlag(AuthorizationRoles.BizAdmin) + || CurrentUserRoles.HasFlag(AuthorizationRoles.Accounting); + UserCanViewLoanerCosts = CurrentUserRoles.HasFlag(AuthorizationRoles.Service) + || CurrentUserRoles.HasFlag(AuthorizationRoles.ServiceRestricted) + || CurrentUserRoles.HasFlag(AuthorizationRoles.BizAdmin) + || CurrentUserRoles.HasFlag(AuthorizationRoles.Accounting); } internal static WorkOrderBiz GetBiz(AyContext ct, Microsoft.AspNetCore.Http.HttpContext httpContext = null) @@ -65,150 +83,15 @@ namespace AyaNova.Biz //and are considered after role rights have already been consulted first (usually at the controller level) internal UserType CurrentUserType { get; set; } - - internal bool UserCanCreateOrDeleteAWorkOrderOrItem//does not mean they can't edit, just not create or remove - { - get - { - switch (CurrentUserType) - { - case UserType.Customer: - case UserType.HeadOffice: - case UserType.ServiceContractor: - return false; - } - //Now check roles that have at least partial access to a work order - if (CurrentUserRoles.HasFlag(AuthorizationRoles.TechRestricted)) return false; - return true; - } - } - - // internal bool UserIsRestrictedType - // { - // get - // { - // switch (CurrentUserType) - // { - // case UserType.Customer: - // case UserType.HeadOffice: - // case UserType.ServiceContractor: - // return true; - // } - // //Now check roles that have at least partial access to a work order - // if (CurrentUserRoles.HasFlag(AuthorizationRoles.TechRestricted)) return true; - // return false; - // } - // } - - internal bool UserIsTechRestricted - { - get - { - return (CurrentUserRoles.HasFlag(AuthorizationRoles.TechRestricted)); - } - } - - internal bool UserIsSubContractorFull - { - get - { - return (CurrentUserType == UserType.ServiceContractor && CurrentUserRoles.HasFlag(AuthorizationRoles.SubContractor)); - } - } + internal bool UserIsRestrictedType { get; set; } + internal bool UserIsTechRestricted { get; set; } + internal bool UserIsSubContractorFull { get; set; } + internal bool UserIsSubContractorRestricted { get; set; } + internal bool UserCanViewPartCosts { get; set; } + internal bool UserCanViewLaborOrTravelRateCosts { get; set; } + internal bool UserCanViewLoanerCosts { get; set; } - internal bool UserIsSubContractorRestricted //most limited type, can not view many objects even in their own scheduled work order item - { - get - { - return (CurrentUserType == UserType.ServiceContractor && CurrentUserRoles.HasFlag(AuthorizationRoles.SubContractorRestricted)); - } - } - - internal bool UserCanViewPartCosts - { - get - { - //the "for sure can not view part cost" user types - switch (CurrentUserType) - { - case UserType.Customer: - case UserType.HeadOffice: - case UserType.ServiceContractor: - return false; - } - //Now check roles - return (CurrentUserRoles.HasFlag(AuthorizationRoles.InventoryRestricted) - || CurrentUserRoles.HasFlag(AuthorizationRoles.Inventory) - || CurrentUserRoles.HasFlag(AuthorizationRoles.BizAdmin) - || CurrentUserRoles.HasFlag(AuthorizationRoles.Accounting)); - } - } - - internal bool UserCanViewLaborOrTravelRateCosts - { - get - { - //the "for sure can not view labor/travel cost" user types - switch (CurrentUserType) - { - case UserType.Customer: - case UserType.HeadOffice: - case UserType.ServiceContractor: - return false; - } - //Now check roles - return (CurrentUserRoles.HasFlag(AuthorizationRoles.Service) - || CurrentUserRoles.HasFlag(AuthorizationRoles.ServiceRestricted) - || CurrentUserRoles.HasFlag(AuthorizationRoles.BizAdmin) - || CurrentUserRoles.HasFlag(AuthorizationRoles.Accounting)); - } - } - - internal bool UserCanViewLoanerCosts - { - get - { - //the "for sure can not view loaner cost" user types - switch (CurrentUserType) - { - case UserType.Customer: - case UserType.HeadOffice: - case UserType.ServiceContractor: - return false; - } - //Now check roles (same as rates as accessed via svc area) - return (CurrentUserRoles.HasFlag(AuthorizationRoles.Service) - || CurrentUserRoles.HasFlag(AuthorizationRoles.ServiceRestricted) - || CurrentUserRoles.HasFlag(AuthorizationRoles.BizAdmin) - || CurrentUserRoles.HasFlag(AuthorizationRoles.Accounting)); - } - } - - //For restricted users that are not allowed to view woitems unless they are scheduled on them - //(Tech - Restricted role, Sub-contractor user type) - //not that this is a further limitation (level 2) beyond basic role security (level 1) so this would apply - //to users that are already allowed to view some aspect of a workorder - //and in addition there could be further limitations (level 3) - // internal bool UserCanViewSelfScheduledItemsOnly - // { - // get - // { - // if (CurrentUserType == UserType.ServiceContractor) return true;//any subcontractor can only see their own woitems at most with further restrictions possible - // //Now check roles (same as rates as accessed via svc area) - // return (CurrentUserRoles.HasFlag(AuthorizationRoles.TechRestricted)); - // } - // } - - // internal bool IsTechRestricted - // { - // get - // { - // return CurrentUserType == UserType.Service - // && !CurrentUserRoles.HasFlag(AuthorizationRoles.Tech) - // && CurrentUserRoles.HasFlag(AuthorizationRoles.SubContractorRestricted); - // } - // } //////////////////////////////////////////////////////////////////////////////////////////////// @@ -444,7 +327,6 @@ namespace AyaNova.Biz wi.OutsideServices.RemoveAll(x => true); } - //tasks are allowed to be viewed and update the task completion types } } @@ -910,7 +792,7 @@ namespace AyaNova.Biz bool isNew = currentObj == null; //Check restricted role preventing create - if (isNew && !UserCanCreateOrDeleteAWorkOrderOrItem) + if (isNew && UserIsRestrictedType) { AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror"); return;//this is a completely disqualifying error @@ -984,7 +866,7 @@ namespace AyaNova.Biz private void WorkOrderValidateCanDelete(WorkOrder dbObject) { //Check restricted role preventing create - if (!UserCanCreateOrDeleteAWorkOrderOrItem) + if (UserIsRestrictedType) { AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror"); return;//this is a completely disqualifying error @@ -2367,7 +2249,7 @@ namespace AyaNova.Biz //Check restricted role preventing create - if (isNew && !UserCanCreateOrDeleteAWorkOrderOrItem) + if (isNew && UserIsRestrictedType) { AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror"); return;//this is a completely disqualifying error @@ -2413,7 +2295,7 @@ namespace AyaNova.Biz } //Check restricted role preventing create - if (!UserCanCreateOrDeleteAWorkOrderOrItem) + if (UserIsRestrictedType) { AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror"); return;//this is a completely disqualifying error