This commit is contained in:
@@ -94,7 +94,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
//IF user is a customer type check if they are allowed to view this datalist
|
||||
if (UType == UserType.Customer || UType == UserType.HeadOffice)
|
||||
if (!await CustomerTypeUserIsAllowedThisDataList(UserId, UserRoles, tableRequest.ClientCriteria, tableRequest.DataListKey))
|
||||
if (!await HandleCustomerTypeUserDataListRequest(UserId, tableRequest))
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
//hydrate the saved view and filter
|
||||
@@ -113,38 +113,36 @@ namespace AyaNova.Api.Controllers
|
||||
}
|
||||
}
|
||||
|
||||
private async Task<bool> CustomerTypeUserIsAllowedThisDataList(long currentUserId, AuthorizationRoles userRoles, string clientCriteria, string dataListKey)
|
||||
private async Task<bool> HandleCustomerTypeUserDataListRequest(long currentUserId, DataListTableRequest tableRequest)
|
||||
{
|
||||
//all customer data lists require client criteria
|
||||
if (string.IsNullOrWhiteSpace(clientCriteria))
|
||||
return false;
|
||||
|
||||
//ClientCriteria format for this list is "OBJECTID,AYATYPE"
|
||||
var crit = (clientCriteria ?? "").Split(',').Select(z => z.Trim()).ToArray();
|
||||
if (crit.Length < 3)
|
||||
return false;
|
||||
|
||||
int nType = 0;
|
||||
if (!int.TryParse(crit[1], out nType)) return false;
|
||||
AyaType forType = (AyaType)nType;
|
||||
if (forType != AyaType.Customer && forType != AyaType.HeadOffice) return false;
|
||||
// //ClientCriteria format for this list is "OBJECTID,AYATYPE"
|
||||
// var crit = (clientCriteria ?? "").Split(',').Select(z => z.Trim()).ToArray();
|
||||
// if (crit.Length < 3)
|
||||
// return false;
|
||||
|
||||
long lId = 0;
|
||||
if (!long.TryParse(crit[0], out lId)) return false;
|
||||
if (lId == 0) return false;
|
||||
// int nType = 0;
|
||||
// if (!int.TryParse(crit[1], out nType)) return false;
|
||||
// AyaType forType = (AyaType)nType;
|
||||
// if (forType != AyaType.Customer && forType != AyaType.HeadOffice) return false;
|
||||
|
||||
// long lId = 0;
|
||||
// if (!long.TryParse(crit[0], out lId)) return false;
|
||||
// if (lId == 0) return false;
|
||||
|
||||
//Have valid type, have an id, is this User actually connected to the entity they are requesting data for
|
||||
var User = await ct.User.AsNoTracking().Select(x => new { x.CustomerId, x.HeadOfficeId }).FirstOrDefaultAsync();
|
||||
switch (forType)
|
||||
var UserInfo = await ct.User.AsNoTracking().Select(x => new { x.UserType, x.CustomerId, x.HeadOfficeId }).FirstOrDefaultAsync();
|
||||
switch (UserInfo.UserType)
|
||||
{
|
||||
case AyaType.Customer:
|
||||
if (lId != User.CustomerId)
|
||||
return false;
|
||||
case UserType.Customer:
|
||||
tableRequest.ClientCriteria = $"{UserInfo.CustomerId},{(int)AyaType.Customer}";
|
||||
break;
|
||||
case AyaType.HeadOffice:
|
||||
if (lId != User.HeadOfficeId)
|
||||
return false;
|
||||
case UserType.HeadOffice:
|
||||
tableRequest.ClientCriteria = $"{UserInfo.HeadOfficeId},{(int)AyaType.HeadOffice}";
|
||||
break;
|
||||
default://other user types can fuck right off!
|
||||
return false;
|
||||
}
|
||||
|
||||
switch (dataListKey)
|
||||
|
||||
Reference in New Issue
Block a user