diff --git a/server/AyaNova/biz/BizObject.cs b/server/AyaNova/biz/BizObject.cs
index 8bf0b5f5..3c989cd5 100644
--- a/server/AyaNova/biz/BizObject.cs
+++ b/server/AyaNova/biz/BizObject.cs
@@ -43,10 +43,10 @@ namespace AyaNova.Biz
public void ClearErrors() => _errors.Clear();
- public void AddvalidationError(ValidationError validationError)
- {
- _errors.Add(validationError);
- }
+ // public void AddvalidationError(ValidationError validationError)
+ // {
+ // _errors.Add(validationError);
+ // }
public bool PropertyHasErrors(string propertyName)
{
@@ -56,9 +56,9 @@ namespace AyaNova.Biz
}
- public void AddError(ApiErrorCode errorCode, string propertyName = null, string errorMessage = null)
+ public void AddError(ApiErrorCode errorCode, string propertyName = "generalerror", string errorMessage = null)
{
-
+ //if Target is generalerror that means show in UI in general error box of form
_errors.Add(new ValidationError() { Code = errorCode, Message = errorMessage, Target = propertyName });
}
@@ -73,14 +73,14 @@ namespace AyaNova.Biz
if (!HasErrors) return string.Empty;
StringBuilder sb = new StringBuilder();
- // sb.AppendLine("LT:Errors - ");
+ // sb.AppendLine("LT:Errors - ");
foreach (ValidationError e in _errors)
{
var msg = $"LT:{ApiErrorCodeStockMessage.GetTranslationCodeForApiErrorCode(e.Code)}";
- if(!string.IsNullOrWhiteSpace(e.Message))
- msg+=$", {e.Message}";
- if(!string.IsNullOrWhiteSpace(e.Target) && e.Target!="errorbox")
- msg+=$", field: {e.Target}";
+ if (!string.IsNullOrWhiteSpace(e.Message))
+ msg += $", {e.Message}";
+ if (!string.IsNullOrWhiteSpace(e.Target) && e.Target != "generalerror")
+ msg += $", field: {e.Target}";
sb.AppendLine(msg);
}
return sb.ToString();
diff --git a/server/AyaNova/biz/CustomerBiz.cs b/server/AyaNova/biz/CustomerBiz.cs
index 6361f139..03bc85d5 100644
--- a/server/AyaNova/biz/CustomerBiz.cs
+++ b/server/AyaNova/biz/CustomerBiz.cs
@@ -308,7 +308,7 @@ namespace AyaNova.Biz
// {
// //Note: errorbox will ensure it appears in the general errror box and not field specific
// //the translation key is to indicate what the linked object is that is causing the error
- // AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "errorbox", "LT:Contact");
+ // AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", "LT:Contact");
// }
//return await Task.CompletedTask;
diff --git a/server/AyaNova/biz/HeadOfficeBiz.cs b/server/AyaNova/biz/HeadOfficeBiz.cs
index 6a432ce2..6dd77a36 100644
--- a/server/AyaNova/biz/HeadOfficeBiz.cs
+++ b/server/AyaNova/biz/HeadOfficeBiz.cs
@@ -272,7 +272,7 @@ namespace AyaNova.Biz
{
//Note: errorbox will ensure it appears in the general errror box and not field specific
//the translation key is to indicate what the linked object is that is causing the error
- AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "errorbox", "LT:Customer");
+ AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", "LT:Customer");
}
}
diff --git a/server/AyaNova/biz/IBizObject.cs b/server/AyaNova/biz/IBizObject.cs
index 36946fe7..1e6c9c07 100644
--- a/server/AyaNova/biz/IBizObject.cs
+++ b/server/AyaNova/biz/IBizObject.cs
@@ -35,11 +35,11 @@ namespace AyaNova.Biz
///
void AddError(ApiErrorCode errorCode, string propertyName = null, string errorMessage = null);
- ///
- ///
- ///
- ///
- void AddvalidationError(ValidationError validationError);
+ // ///
+ // ///
+ // ///
+ // ///
+ // void AddvalidationError(ValidationError validationError);
diff --git a/server/AyaNova/biz/ReportBiz.cs b/server/AyaNova/biz/ReportBiz.cs
index 79acd3cc..28bb4fd8 100644
--- a/server/AyaNova/biz/ReportBiz.cs
+++ b/server/AyaNova/biz/ReportBiz.cs
@@ -307,7 +307,7 @@ namespace AyaNova.Biz
{
//Note: errorbox will ensure it appears in the general errror box and not field specific
//the translation key is to indicate what the linked object is that is causing the error
- AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "errorbox", "LT:NotifySubscription");
+ AddError(ApiErrorCode.VALIDATION_REFERENTIAL_INTEGRITY, "generalerror", "LT:NotifySubscription");
}
}
diff --git a/server/AyaNova/biz/Review.cs b/server/AyaNova/biz/Review.cs
index 7d5507fa..80e1c570 100644
--- a/server/AyaNova/biz/Review.cs
+++ b/server/AyaNova/biz/Review.cs
@@ -214,11 +214,11 @@ namespace AyaNova.Biz
- RULE Roles: BizAdminFull, DispatchFull, InventoryFull, Accounting, SalesFull can create and assign to anyone else.
- RULE Any other inside role can create for themselves only. (outside roles have no rights to this object so no need to check)
- RULE Limited roles can only set completed date and enter completion notes not otherwise change or create or delete.
- - BIZ RULE users with more than limited roles can assign other users to follow up. Limited roles can only set completed status not otherwise change or create or delete.
+ - BIZ RULE users with more than limited roles can assign other users
*/
bool isNew = currentObj == null;
-
+ bool SelfAssigned = proposedObj.AssignedByUserId == UserId && proposedObj.UserId == UserId;
bool HasSupervisorRole =
CurrentUserRoles.HasFlag(AuthorizationRoles.BizAdminFull) ||
CurrentUserRoles.HasFlag(AuthorizationRoles.DispatchFull) ||
@@ -226,16 +226,55 @@ namespace AyaNova.Biz
CurrentUserRoles.HasFlag(AuthorizationRoles.SalesFull) ||
CurrentUserRoles.HasFlag(AuthorizationRoles.AccountingFull);
+ //Checks for non supervisors
+ if (!HasSupervisorRole)
+ {
+ //Non supervisor can't create a Review and assign to other User
+ if (isNew && !SelfAssigned)
+ {
+ AddError(ApiErrorCode.NOT_AUTHORIZED, "UserId");
+ return;//no need to check any further this is disqualifying completely
+ }
+
+ //Non supervisory roles can only change / set certain fields for non self reviews
+ if (!isNew && !SelfAssigned)
+ {
+ if (
+ (currentObj.Name != proposedObj.Name) ||
+ (currentObj.Notes != proposedObj.Notes) ||
+ (currentObj.Wiki != proposedObj.Wiki) ||
+ (currentObj.Tags != proposedObj.Tags) ||
+ (currentObj.DueDate != proposedObj.DueDate) ||
+ (currentObj.UserId != proposedObj.UserId) ||
+ (currentObj.AssignedByUserId != proposedObj.AssignedByUserId) ||
+ (currentObj.Notes != proposedObj.Notes) ||
+ (currentObj.Notes != proposedObj.Notes))
+ {
+ AddError(ApiErrorCode.VALIDATION_NOT_CHANGEABLE, "generalerror");
+ return;
+ }
+ }
+ }
+
+ //Can't change assigned object id and type after initial save
+ if (!isNew)
+ {
+ if (proposedObj.ObjectId != currentObj.ObjectId)
+ {
+ AddError(ApiErrorCode.VALIDATION_NOT_CHANGEABLE, "ObjectId");
+ return;
+ }
+ if (proposedObj.ObjectType != currentObj.ObjectType)
+ {
+ AddError(ApiErrorCode.VALIDATION_NOT_CHANGEABLE, "ObjectType");
+ return;
+ }
+ }
//Name required
if (string.IsNullOrWhiteSpace(proposedObj.Name))
AddError(ApiErrorCode.VALIDATION_REQUIRED, "Name");
- if(!HasSupervisorRole && proposedObj.Self){
- AddError(ApiErrorCode.NOT_AUTHORIZED, "UserId");
- }
-
-
//Any form customizations to validate?
var FormCustomization = await ct.FormCustom.AsNoTracking().SingleOrDefaultAsync(x => x.FormKey == AyaType.Review.ToString());
if (FormCustomization != null)
@@ -253,8 +292,15 @@ namespace AyaNova.Biz
private void ValidateCanDelete(Review inObj)
{
- //whatever needs to be check to delete this object
- //TODO: There are specific rules for this beyond regular roles see case 3511
+ bool SelfAssigned = inObj.AssignedByUserId == UserId && inObj.UserId == UserId;
+ bool HasSupervisorRole =
+ CurrentUserRoles.HasFlag(AuthorizationRoles.BizAdminFull) ||
+ CurrentUserRoles.HasFlag(AuthorizationRoles.DispatchFull) ||
+ CurrentUserRoles.HasFlag(AuthorizationRoles.InventoryFull) ||
+ CurrentUserRoles.HasFlag(AuthorizationRoles.SalesFull) ||
+ CurrentUserRoles.HasFlag(AuthorizationRoles.AccountingFull);
+ if (!SelfAssigned && !HasSupervisorRole)
+ AddError(ApiErrorCode.NOT_AUTHORIZED);
}
diff --git a/server/AyaNova/models/Review.cs b/server/AyaNova/models/Review.cs
index dd204c4f..8cbfccad 100644
--- a/server/AyaNova/models/Review.cs
+++ b/server/AyaNova/models/Review.cs
@@ -47,16 +47,6 @@ namespace AyaNova.Models
}
- [NotMapped]
- public bool Self
- {
- get
- {
- return (UserId == AssignedByUserId);
- }
- }
-
-
public Review()
{
Tags = new List();