This commit is contained in:
@@ -83,6 +83,32 @@ namespace AyaNova.Biz
|
||||
}
|
||||
}
|
||||
|
||||
internal bool UserIsRestrictedType
|
||||
{
|
||||
get
|
||||
{
|
||||
switch (CurrentUserType)
|
||||
{
|
||||
case UserType.Customer:
|
||||
case UserType.HeadOffice:
|
||||
case UserType.ServiceContractor:
|
||||
return true;
|
||||
}
|
||||
//Now check roles that have at least partial access to a work order
|
||||
if (CurrentUserRoles.HasFlag(AuthorizationRoles.TechRestricted)) return true;
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
internal bool UserIsSubContractorRestricted //most limited type, can not view many objects even in their own scheduled work order item
|
||||
{
|
||||
get
|
||||
{
|
||||
return (CurrentUserType == UserType.ServiceContractor && CurrentUserRoles.HasFlag(AuthorizationRoles.SubContractorRestricted));
|
||||
}
|
||||
}
|
||||
|
||||
internal bool UserCanViewPartCosts
|
||||
{
|
||||
get
|
||||
@@ -367,6 +393,25 @@ namespace AyaNova.Biz
|
||||
}
|
||||
}
|
||||
|
||||
//subcontractor restricted can not even view most children of their own scheduled woitem
|
||||
//a further restriction from above. This ensures they are not sent that data even over the wire let alone in the UI
|
||||
if (UserIsSubContractorRestricted)
|
||||
{
|
||||
foreach (WorkOrderItem wi in ret.Items)
|
||||
{
|
||||
wi.ScheduledUsers.RemoveAll(x => x.UserId != UserId);
|
||||
wi.Labors.RemoveAll(x => x.UserId != UserId);
|
||||
wi.Travels.RemoveAll(x => x.UserId != UserId);
|
||||
wi.Units.RemoveAll(x => true);
|
||||
wi.Parts.RemoveAll(x => true);
|
||||
wi.PartRequests.RemoveAll(x => true);
|
||||
wi.Expenses.RemoveAll(x => true);
|
||||
wi.Loans.RemoveAll(x => true);
|
||||
wi.OutsideServices.RemoveAll(x => true);
|
||||
//tasks are allowed to be viewed and update the task completion types
|
||||
}
|
||||
}
|
||||
|
||||
if (populateDisplayFields)
|
||||
await WorkOrderPopulateVizFields(ret, false);
|
||||
|
||||
|
||||
Reference in New Issue
Block a user