diff --git a/server/AyaNova/Controllers/DataListController.cs b/server/AyaNova/Controllers/DataListController.cs index c3bd0ac1..457b575d 100644 --- a/server/AyaNova/Controllers/DataListController.cs +++ b/server/AyaNova/Controllers/DataListController.cs @@ -116,7 +116,6 @@ namespace AyaNova.Api.Controllers private async Task HandleCustomerTypeUserDataListRequest(long currentUserId, DataListTableRequest tableRequest) { - // //ClientCriteria format for this list is "OBJECTID,AYATYPE" // var crit = (clientCriteria ?? "").Split(',').Select(z => z.Trim()).ToArray(); // if (crit.Length < 3) @@ -131,6 +130,18 @@ namespace AyaNova.Api.Controllers // if (!long.TryParse(crit[0], out lId)) return false; // if (lId == 0) return false; + //Is this list allowed for a customer user and also enabled in global settings + switch (tableRequest.DataListKey) + { + case "CustomerServiceRequestDataList": + if (!AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowCSR) + return false; + break; + //todo: workorder list + default: + return false; + } + //Have valid type, have an id, is this User actually connected to the entity they are requesting data for var UserInfo = await ct.User.AsNoTracking().Select(x => new { x.UserType, x.CustomerId, x.HeadOfficeId }).FirstOrDefaultAsync(); switch (UserInfo.UserType) @@ -145,16 +156,7 @@ namespace AyaNova.Api.Controllers return false; } - switch (dataListKey) - { - case "CustomerServiceRequestDataList": - if (!AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerAllowCSR) - return false; - break; - //todo: workorder list - default: - return false; - } + return true; }