2021-07-13 20:42:58 +00:00
parent f810df79dd
commit 9c28bd0709
2 changed files with 58 additions and 14 deletions
--- a/server/AyaNova/biz/WorkOrderBiz.cs
+++ b/server/AyaNova/biz/WorkOrderBiz.cs
@@ -121,6 +121,21 @@ namespace AyaNova.Biz
            }
        }

+        //For restricted users that are not allowed to view woitems unless they are scheduled on them
+        //(Tech - Restricted role, Sub-contractor user type)
+        //not that this is a further limitation (level 2) beyond basic role security (level 1) so this would apply 
+        //to users that are already allowed to view some aspect of a workorder
+        //and in addition there could be further limitations (level 3)
+        internal bool UserCanViewSelfScheduledItemsOnly
+        {
+            get
+            {
+                if (CurrentUserType == UserType.ServiceContractor) return true;//any subcontractor can only see their own woitems at most with further restrictions possible
+                //Now check roles (same as rates as accessed via svc area)
+                return (CurrentUserRoles.HasFlag(AuthorizationRoles.ServiceRestricted));
+            }
+        }
+
        //   internal bool IsTechRestricted
        // {
        //     get
@@ -305,6 +320,28 @@ namespace AyaNova.Biz
                var stat = await GetCurrentWorkOrderStatusFromRelatedAsync(BizType, ret.Id);
                ret.IsLockedAtServer = stat.Locked;

+                //if restricted user then remove any Work order items they are not scheduled on
+                if (UserCanViewSelfScheduledItemsOnly)
+                {
+                    List<WorkOrderItem> removeItems = new List<WorkOrderItem>();
+                    //gather list of items to remove by checking if they are scheduled on them or not
+                    foreach (WorkOrderItem wi in ret.Items)
+                    {
+                        var userIsSelfScheduledOnThisItem = false;
+                        foreach (WorkOrderItemScheduledUser su in wi.ScheduledUsers)
+                        {
+                            if (su.UserId == UserId)
+                            {
+                                userIsSelfScheduledOnThisItem = true;
+                                break;
+                            }
+                        }
+                        if (!userIsSelfScheduledOnThisItem) removeItems.Add(wi);
+                    }
+                    foreach (var removeitem in removeItems)                    
+                        ret.Items.Remove(removeitem);
+                }
+
                if (populateDisplayFields)
                    await WorkOrderPopulateVizFields(ret, false);

@@ -1078,10 +1115,10 @@ namespace AyaNova.Biz
        // 
        private async Task WorkOrderPopulateVizFields(WorkOrder o, bool headerOnly)
        {
-            o.HasLoanItemCosts=UserCanViewLoanerCosts;
-            o.HasPartCosts=UserCanViewPartCosts;
-            o.HasTravelAndLaborRateCosts=UserCanViewLaborOrTravelRateCosts;
-            
+            o.HasLoanItemCosts = UserCanViewLoanerCosts;
+            o.HasPartCosts = UserCanViewPartCosts;
+            o.HasTravelAndLaborRateCosts = UserCanViewLaborOrTravelRateCosts;
+
            if (!headerOnly)
            {
                foreach (var v in o.States)