From bb32f26a3d2b7349cff7f6235db3d4ad0a6440ca Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Wed, 8 Sep 2021 20:22:25 +0000
Subject: [PATCH]

---
 server/AyaNova/Controllers/DataListController.cs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/server/AyaNova/Controllers/DataListController.cs b/server/AyaNova/Controllers/DataListController.cs
index 709a49c8..9cfb95e4 100644
--- a/server/AyaNova/Controllers/DataListController.cs
+++ b/server/AyaNova/Controllers/DataListController.cs
@@ -93,6 +93,7 @@ namespace AyaNova.Api.Controllers
                     return StatusCode(403, new ApiNotAuthorizedResponse());
 
                 //IF user is a customer type check if they are allowed to view this datalist
+                //and build the data list internal 'client' criteria
                 if (UType == UserType.Customer || UType == UserType.HeadOffice)
                     if (!await HandleCustomerTypeUserDataListRequest(UserId, tableRequest))
                         return StatusCode(403, new ApiNotAuthorizedResponse());
@@ -128,7 +129,7 @@ namespace AyaNova.Api.Controllers
             }
 
             //Build client criteria if user is of correct type
-            var UserInfo = await ct.User.AsNoTracking().Select(x => new { x.UserType, x.CustomerId, x.HeadOfficeId }).FirstOrDefaultAsync();
+            var UserInfo = await ct.User.AsNoTracking().Where(x => x.Id == currentUserId).Select(x => new { x.UserType, x.CustomerId, x.HeadOfficeId }).SingleOrDefaultAsync();
             switch (UserInfo.UserType)
             {
                 case UserType.Customer: