server/AyaNova/Controllers/MemoController.cs

@@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Routing;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.Extensions.Logging;
+using Microsoft.EntityFrameworkCore;
 using AyaNova.Models;
 using AyaNova.Api.ControllerHelpers;
 using AyaNova.Biz;
@@ -92,6 +93,8 @@ namespace AyaNova.Api.Controllers
         [HttpGet("{id}")]
         public async Task<IActionResult> GetMemo([FromRoute] long id)
         {
+            //NOTE: In this case always getting own memo only
+            //also it's always just for read only purposes so it should include from user name
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
             MemoBiz biz = MemoBiz.GetBiz(ct, HttpContext);
@@ -101,7 +104,25 @@ namespace AyaNova.Api.Controllers
                 return BadRequest(new ApiErrorResponse(ModelState));
             var o = await biz.GetAsync(id);
             if (o == null) return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
-            return Ok(ApiOkResponse.Response(o));
+            var fromUser = await ct.User.AsNoTracking().SingleOrDefaultAsync(z => z.Id == o.FromId);
+            var from = "??";
+            if (fromUser != null) from = fromUser.Name;
+            var ret = new
+            {
+                Id = o.Id,
+                Name = o.Name,
+                Notes = o.Notes,
+                Wiki = o.Wiki,
+                CustomFields = o.CustomFields,
+                Tags = o.Tags,
+                Viewed = o.Viewed,
+                Replied = o.Replied,
+                FromId = o.FromId,
+                ToId = o.ToId,
+                Sent = o.Sent,
+                FromName = from
+            };
+            return Ok(ApiOkResponse.Response(ret));
         }
 
         //NO UPDATING MEMOS

server/AyaNova/biz/AyaFormFieldDefinitions.cs

@@ -344,6 +344,7 @@ namespace AyaNova.Biz
                     l.Add(new AyaFormFieldDefinition { TKey = "MemoSubject", FieldKey = "MemoSubject", Hideable = false });
                     l.Add(new AyaFormFieldDefinition { TKey = "MemoMessage", FieldKey = "MemoMessage", Hideable = false });
                     l.Add(new AyaFormFieldDefinition { TKey = "MemoToID", FieldKey = "MemoToID", Hideable = false });
+                    l.Add(new AyaFormFieldDefinition { TKey = "MemoFromID", FieldKey = "MemoFromID", Hideable = false });
 
                     l.Add(new AyaFormFieldDefinition { TKey = "Tags", FieldKey = "Tags" });
                     l.Add(new AyaFormFieldDefinition { TKey = "Wiki", FieldKey = "Wiki" });

server/AyaNova/biz/MemoBiz.cs

@@ -98,7 +98,7 @@ namespace AyaNova.Biz
         //      
         internal async Task<Memo> GetAsync(long id, bool logTheGetEvent = true)
         {
-            var ret = await ct.Memo.SingleOrDefaultAsync(m => m.Id == id);
+            var ret = await ct.Memo.SingleOrDefaultAsync(m => m.Id == id && m.ToId==UserId);//## SECURITY, if need general purpose then make new method
             if (logTheGetEvent && ret != null)
                 await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, id, BizType, AyaEvent.Retrieved), ct);
             return ret;

server/AyaNova/util/Seeder.cs

@@ -713,8 +713,8 @@ namespace AyaNova.Util
                     for (int x = 0; x < 10; x++)
                     {
                         Memo memo = new Memo();
-                        memo.Name = Fake.Rant.Review();
-                        memo.Notes = Fake.Lorem.Paragraph();
+                        memo.Name = Fake.Rant.Review("AyaNova");
+                        memo.Notes = Fake.Lorem.Paragraphs();
                         memo.ToId = 1;
                         memo.FromId = Fake.Random.Long(2, 15);
                         memo.Tags = RandomTags();