2018-09-04 22:10:21 +00:00
parent 43db21cccd
commit 81fcc16486
2 changed files with 48 additions and 3 deletions
--- a/server/AyaNova/Controllers/UserController.cs
+++ b/server/AyaNova/Controllers/UserController.cs
@@ -353,10 +353,31 @@ namespace AyaNova.Api.Controllers
                await ct.SaveChangesAsync();

                //return success and link
-                return CreatedAtAction("GetUser", new { id = o.Id }, new ApiCreatedResponse(o));
+                //NOTE: this is a USER object so we don't want to return some key fields for security reasons
+                //So the easiest way to do that is to return an anonymous object created on the fly
+                // var returnObject = new
+                // {
+                //     Id = o.Id,
+                //     ConcurrencyToken = o.ConcurrencyToken,
+                //     OwnerId = o.OwnerId,
+                //     Active = o.Active,
+                //     Name = o.Name,
+                //     Roles = o.Roles,
+                //     LocaleId = o.LocaleId,
+                //     UserType = o.UserType,
+                //     EmployeeNumber = o.EmployeeNumber,
+                //     Notes = o.Notes,
+                //     ClientId = o.ClientId,
+                //     HeadOfficeId = o.HeadOfficeId,
+                //     SubVendorId = o.SubVendorId
+                // };
+
+
+                return CreatedAtAction("GetUser", new { id = o.Id }, new ApiCreatedResponse(UserBiz.CleanUserForReturn(o)));
            }
        }

+        


        /// <summary>
@@ -416,7 +437,7 @@ namespace AyaNova.Api.Controllers
        {
            return ct.User.Any(e => e.Id == id);
        }
-      
+

        //------------