This commit is contained in:
@@ -1681,8 +1681,13 @@ namespace AyaNova.Biz
|
|||||||
//
|
//
|
||||||
private async Task StateValidateAsync(WorkOrderState proposedObj, WorkOrderState currentObj)
|
private async Task StateValidateAsync(WorkOrderState proposedObj, WorkOrderState currentObj)
|
||||||
{
|
{
|
||||||
// //skip validation if seeding
|
|
||||||
// if (ServerBootConfig.SEEDING) return;
|
//of all restricted users, only a restricted tech can change status
|
||||||
|
if (UserIsSubContractorFull || UserIsSubContractorRestricted)
|
||||||
|
{
|
||||||
|
AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
//run validation and biz rules
|
//run validation and biz rules
|
||||||
bool isNew = currentObj == null;
|
bool isNew = currentObj == null;
|
||||||
@@ -1697,22 +1702,6 @@ namespace AyaNova.Biz
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
// private void StateValidateCanDelete(WorkOrderState obj)
|
|
||||||
// {
|
|
||||||
// if (obj == null)
|
|
||||||
// {
|
|
||||||
// AddError(ApiErrorCode.NOT_FOUND, "id");
|
|
||||||
// return;
|
|
||||||
// }
|
|
||||||
|
|
||||||
// //re-check rights here necessary due to traversal delete from Principle object
|
|
||||||
// if (!Authorized.HasDeleteRole(CurrentUserRoles, AyaType.WorkOrderStatus))
|
|
||||||
// {
|
|
||||||
// AddError(ApiErrorCode.NOT_AUTHORIZED);
|
|
||||||
// return;
|
|
||||||
// }
|
|
||||||
// }
|
|
||||||
|
|
||||||
|
|
||||||
////////////////////////////////////////////////////////////////////////////////////////////////
|
////////////////////////////////////////////////////////////////////////////////////////////////
|
||||||
// NOTIFICATION PROCESSING
|
// NOTIFICATION PROCESSING
|
||||||
@@ -2010,6 +1999,16 @@ namespace AyaNova.Biz
|
|||||||
//
|
//
|
||||||
internal async Task<WorkOrderItem> ItemGetAsync(long id, bool logTheGetEvent = true)
|
internal async Task<WorkOrderItem> ItemGetAsync(long id, bool logTheGetEvent = true)
|
||||||
{
|
{
|
||||||
|
|
||||||
|
//Restricted users can not fetch a woitem directly
|
||||||
|
//arbitrary decision so don't have to put in all the cleanup code
|
||||||
|
//because from our own UI they wouldn't fetch this anyway and
|
||||||
|
//so this is only to cover api use by 3rd parties
|
||||||
|
if (UserIsRestrictedType)
|
||||||
|
{
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
//Note: there could be rules checking here in future, i.e. can only get own workorder or something
|
//Note: there could be rules checking here in future, i.e. can only get own workorder or something
|
||||||
//if so, then need to implement AddError and in route handle Null return with Error check just like PUT route does now
|
//if so, then need to implement AddError and in route handle Null return with Error check just like PUT route does now
|
||||||
|
|
||||||
@@ -2243,9 +2242,6 @@ namespace AyaNova.Biz
|
|||||||
if (proposedObj.WorkOrderId == 0)
|
if (proposedObj.WorkOrderId == 0)
|
||||||
AddError(ApiErrorCode.VALIDATION_REQUIRED, "WorkOrderId");
|
AddError(ApiErrorCode.VALIDATION_REQUIRED, "WorkOrderId");
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
//Check restricted role preventing create
|
//Check restricted role preventing create
|
||||||
if (isNew && UserIsRestrictedType)
|
if (isNew && UserIsRestrictedType)
|
||||||
{
|
{
|
||||||
@@ -3428,6 +3424,13 @@ namespace AyaNova.Biz
|
|||||||
//run validation and biz rules
|
//run validation and biz rules
|
||||||
bool isNew = currentObj == null;
|
bool isNew = currentObj == null;
|
||||||
|
|
||||||
|
if (UserIsRestrictedType)
|
||||||
|
{
|
||||||
|
//no edits allowed
|
||||||
|
AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (proposedObj.WorkOrderItemId == 0)
|
if (proposedObj.WorkOrderItemId == 0)
|
||||||
{
|
{
|
||||||
AddError(ApiErrorCode.VALIDATION_REQUIRED, "WorkOrderItemId");
|
AddError(ApiErrorCode.VALIDATION_REQUIRED, "WorkOrderItemId");
|
||||||
@@ -3475,6 +3478,13 @@ namespace AyaNova.Biz
|
|||||||
|
|
||||||
private void LoanValidateCanDelete(WorkOrderItemLoan obj)
|
private void LoanValidateCanDelete(WorkOrderItemLoan obj)
|
||||||
{
|
{
|
||||||
|
if (UserIsRestrictedType)
|
||||||
|
{
|
||||||
|
//no edits allowed
|
||||||
|
AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (obj == null)
|
if (obj == null)
|
||||||
{
|
{
|
||||||
AddError(ApiErrorCode.NOT_FOUND, "id");
|
AddError(ApiErrorCode.NOT_FOUND, "id");
|
||||||
@@ -3572,7 +3582,7 @@ namespace AyaNova.Biz
|
|||||||
//
|
//
|
||||||
internal async Task<WorkOrderItemOutsideService> OutsideServiceGetAsync(long id, bool logTheGetEvent = true)
|
internal async Task<WorkOrderItemOutsideService> OutsideServiceGetAsync(long id, bool logTheGetEvent = true)
|
||||||
{
|
{
|
||||||
if (UserIsSubContractorRestricted) //no access allowed at all
|
if (UserIsSubContractorRestricted || UserIsSubContractorFull) //no access allowed at all
|
||||||
return null;
|
return null;
|
||||||
var ret = await ct.WorkOrderItemOutsideService.AsNoTracking().SingleOrDefaultAsync(z => z.Id == id);
|
var ret = await ct.WorkOrderItemOutsideService.AsNoTracking().SingleOrDefaultAsync(z => z.Id == id);
|
||||||
if (logTheGetEvent && ret != null)
|
if (logTheGetEvent && ret != null)
|
||||||
@@ -3747,6 +3757,13 @@ namespace AyaNova.Biz
|
|||||||
//run validation and biz rules
|
//run validation and biz rules
|
||||||
bool isNew = currentObj == null;
|
bool isNew = currentObj == null;
|
||||||
|
|
||||||
|
if (UserIsRestrictedType)
|
||||||
|
{
|
||||||
|
//no edits allowed
|
||||||
|
AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (proposedObj.WorkOrderItemId == 0)
|
if (proposedObj.WorkOrderItemId == 0)
|
||||||
{
|
{
|
||||||
AddError(ApiErrorCode.VALIDATION_REQUIRED, "WorkOrderItemId");
|
AddError(ApiErrorCode.VALIDATION_REQUIRED, "WorkOrderItemId");
|
||||||
@@ -3791,6 +3808,13 @@ namespace AyaNova.Biz
|
|||||||
|
|
||||||
private void OutsideServiceValidateCanDelete(WorkOrderItemOutsideService obj)
|
private void OutsideServiceValidateCanDelete(WorkOrderItemOutsideService obj)
|
||||||
{
|
{
|
||||||
|
if (UserIsRestrictedType)
|
||||||
|
{
|
||||||
|
//no edits allowed
|
||||||
|
AddError(ApiErrorCode.NOT_AUTHORIZED, "generalerror");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (obj == null)
|
if (obj == null)
|
||||||
{
|
{
|
||||||
AddError(ApiErrorCode.NOT_FOUND, "id");
|
AddError(ApiErrorCode.NOT_FOUND, "id");
|
||||||
@@ -6195,12 +6219,6 @@ namespace AyaNova.Biz
|
|||||||
|
|
||||||
private void UnitValidateCanDelete(WorkOrderItemUnit obj)
|
private void UnitValidateCanDelete(WorkOrderItemUnit obj)
|
||||||
{
|
{
|
||||||
if (obj == null)
|
|
||||||
{
|
|
||||||
AddError(ApiErrorCode.NOT_FOUND, "id");
|
|
||||||
return;
|
|
||||||
}
|
|
||||||
|
|
||||||
if (UserIsRestrictedType)
|
if (UserIsRestrictedType)
|
||||||
{
|
{
|
||||||
//Units: no edits allowed
|
//Units: no edits allowed
|
||||||
@@ -6208,6 +6226,12 @@ namespace AyaNova.Biz
|
|||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (obj == null)
|
||||||
|
{
|
||||||
|
AddError(ApiErrorCode.NOT_FOUND, "id");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
//re-check rights here necessary due to traversal delete from Principle object
|
//re-check rights here necessary due to traversal delete from Principle object
|
||||||
if (!Authorized.HasDeleteRole(CurrentUserRoles, AyaType.WorkOrderItemUnit))
|
if (!Authorized.HasDeleteRole(CurrentUserRoles, AyaType.WorkOrderItemUnit))
|
||||||
{
|
{
|
||||||
|
|||||||
Reference in New Issue
Block a user