server/AyaNova/Controllers/WorkOrderController.cs

@@ -98,6 +98,31 @@ namespace AyaNova.Api.Controllers
             return Ok(ApiOkResponse.Response(o));
         }
 
+         /// <summary>
+        /// Get WorkOrder for customer
+        /// </summary>
+        /// <param name="id"></param>
+        /// <returns>Customer WorkOrder</returns>
+        [HttpGet("customer/{id}")]
+        public async Task<IActionResult> GetCustomerWorkOrder([FromRoute] long id)
+        {
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
+            // if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
+            //     return StatusCode(403, new ApiNotAuthorizedResponse());
+
+            //does this user have the right to even fetch a customer view workorder??
+
+
+            if (!ModelState.IsValid)
+                return BadRequest(new ApiErrorResponse(ModelState));
+            var o = await biz.WorkOrderGetForCustomerAsync(id, true);
+            if (o == null) return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
+            return Ok(ApiOkResponse.Response(o));
+        }
+
+
 
         /// <summary>
         /// Update WorkOrder