This commit is contained in:
@@ -839,7 +839,7 @@ namespace AyaNova.Api.Controllers
|
||||
if (!serverState.IsOpen)
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.WorkOrderItemPart))
|
||||
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.WorkOrderItemPart) || biz.UserIsRestrictedType)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -862,7 +862,7 @@ namespace AyaNova.Api.Controllers
|
||||
if (!serverState.IsOpen)
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.WorkOrderItemPart))
|
||||
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.WorkOrderItemPart) || biz.UserIsSubContractorRestricted)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -886,7 +886,7 @@ namespace AyaNova.Api.Controllers
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.WorkOrderItemPart))
|
||||
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.WorkOrderItemPart) || biz.UserIsRestrictedType)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
var o = await biz.PartPutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token
|
||||
if (o == null)
|
||||
@@ -912,7 +912,7 @@ namespace AyaNova.Api.Controllers
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.WorkOrderItemPart))
|
||||
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.WorkOrderItemPart) || biz.UserIsRestrictedType)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
if (!await biz.PartDeleteAsync(WorkOrderItemPartId))
|
||||
return BadRequest(new ApiErrorResponse(biz.Errors));
|
||||
@@ -945,7 +945,7 @@ namespace AyaNova.Api.Controllers
|
||||
if (!serverState.IsOpen)
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.WorkOrderItemPartRequest))
|
||||
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.WorkOrderItemPartRequest) || biz.UserIsRestrictedType)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -968,7 +968,7 @@ namespace AyaNova.Api.Controllers
|
||||
if (!serverState.IsOpen)
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.WorkOrderItemPartRequest))
|
||||
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.WorkOrderItemPartRequest) || biz.UserIsSubContractorRestricted)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -992,7 +992,7 @@ namespace AyaNova.Api.Controllers
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.WorkOrderItemPartRequest))
|
||||
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.WorkOrderItemPartRequest) || biz.UserIsRestrictedType)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
var o = await biz.PartRequestPutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token
|
||||
if (o == null)
|
||||
@@ -1018,7 +1018,7 @@ namespace AyaNova.Api.Controllers
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.WorkOrderItemPartRequest))
|
||||
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.WorkOrderItemPartRequest) || biz.UserIsRestrictedType)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
if (!await biz.PartRequestDeleteAsync(WorkOrderItemPartRequestId))
|
||||
return BadRequest(new ApiErrorResponse(biz.Errors));
|
||||
@@ -1051,7 +1051,7 @@ namespace AyaNova.Api.Controllers
|
||||
if (!serverState.IsOpen)
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.WorkOrderItemScheduledUser))
|
||||
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.WorkOrderItemScheduledUser) || biz.UserIsRestrictedType)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -1098,7 +1098,7 @@ namespace AyaNova.Api.Controllers
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.WorkOrderItemScheduledUser))
|
||||
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.WorkOrderItemScheduledUser) || biz.UserIsRestrictedType)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
var o = await biz.ScheduledUserPutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token
|
||||
if (o == null)
|
||||
@@ -1124,7 +1124,7 @@ namespace AyaNova.Api.Controllers
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.WorkOrderItemScheduledUser))
|
||||
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.WorkOrderItemScheduledUser) || biz.UserIsRestrictedType)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
if (!await biz.ScheduledUserDeleteAsync(WorkOrderItemScheduledUserId))
|
||||
return BadRequest(new ApiErrorResponse(biz.Errors));
|
||||
@@ -1157,7 +1157,7 @@ namespace AyaNova.Api.Controllers
|
||||
if (!serverState.IsOpen)
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.WorkOrderItemTask))
|
||||
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.WorkOrderItemTask) || biz.UserIsRestrictedType)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -1230,7 +1230,7 @@ namespace AyaNova.Api.Controllers
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.WorkOrderItemTask))
|
||||
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.WorkOrderItemTask) || biz.UserIsRestrictedType)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
if (!await biz.TaskDeleteAsync(WorkOrderItemTaskId))
|
||||
return BadRequest(new ApiErrorResponse(biz.Errors));
|
||||
@@ -1369,7 +1369,7 @@ namespace AyaNova.Api.Controllers
|
||||
if (!serverState.IsOpen)
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.WorkOrderItemUnit))
|
||||
if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.WorkOrderItemUnit) || biz.UserIsRestrictedType)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -1392,7 +1392,7 @@ namespace AyaNova.Api.Controllers
|
||||
if (!serverState.IsOpen)
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.WorkOrderItemUnit))
|
||||
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.WorkOrderItemUnit) || biz.UserIsSubContractorRestricted)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -1416,7 +1416,7 @@ namespace AyaNova.Api.Controllers
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.WorkOrderItemUnit))
|
||||
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.WorkOrderItemUnit) || biz.UserIsRestrictedType)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
var o = await biz.UnitPutAsync(updatedObject);//In future may need to return entire object, for now just concurrency token
|
||||
if (o == null)
|
||||
@@ -1442,7 +1442,7 @@ namespace AyaNova.Api.Controllers
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
|
||||
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.WorkOrderItemUnit))
|
||||
if (!Authorized.HasDeleteRole(HttpContext.Items, AyaType.WorkOrderItemUnit) || biz.UserIsRestrictedType)
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
if (!await biz.UnitDeleteAsync(WorkOrderItemUnitId))
|
||||
return BadRequest(new ApiErrorResponse(biz.Errors));
|
||||
|
||||
@@ -4956,6 +4956,8 @@ namespace AyaNova.Biz
|
||||
internal async Task<WorkOrderItemScheduledUser> ScheduledUserGetAsync(long id, bool logTheGetEvent = true)
|
||||
{
|
||||
var ret = await ct.WorkOrderItemScheduledUser.AsNoTracking().SingleOrDefaultAsync(z => z.Id == id);
|
||||
if (UserIsRestrictedType && ret.UserId != UserId)//restricted users can only see their own
|
||||
return null;
|
||||
if (logTheGetEvent && ret != null)
|
||||
await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserId, id, ret.AyaType, AyaEvent.Retrieved), ct);
|
||||
return ret;
|
||||
|
||||
Reference in New Issue
Block a user