From c37bddbfe1f91c63f65ffb5a4eee2aeb17f0b40f Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Wed, 8 Sep 2021 20:13:25 +0000
Subject: [PATCH]

---
 .../AyaNova/Controllers/DataListController.cs | 21 +++----------------
 1 file changed, 3 insertions(+), 18 deletions(-)

diff --git a/server/AyaNova/Controllers/DataListController.cs b/server/AyaNova/Controllers/DataListController.cs
index 457b575d..709a49c8 100644
--- a/server/AyaNova/Controllers/DataListController.cs
+++ b/server/AyaNova/Controllers/DataListController.cs
@@ -115,21 +115,6 @@ namespace AyaNova.Api.Controllers
 
         private async Task<bool> HandleCustomerTypeUserDataListRequest(long currentUserId, DataListTableRequest tableRequest)
         {
-
-            // //ClientCriteria format for this list is "OBJECTID,AYATYPE" 
-            // var crit = (clientCriteria ?? "").Split(',').Select(z => z.Trim()).ToArray();
-            // if (crit.Length < 3)
-            //     return false;
-
-            // int nType = 0;
-            // if (!int.TryParse(crit[1], out nType)) return false;
-            // AyaType forType = (AyaType)nType;
-            // if (forType != AyaType.Customer && forType != AyaType.HeadOffice) return false;
-
-            // long lId = 0;
-            // if (!long.TryParse(crit[0], out lId)) return false;
-            // if (lId == 0) return false;
-
             //Is this list allowed for a customer user and also enabled in global settings
             switch (tableRequest.DataListKey)
             {
@@ -142,21 +127,21 @@ namespace AyaNova.Api.Controllers
                     return false;
             }
 
-            //Have valid type, have an id, is this User actually connected to the entity they are requesting data for
+            //Build client criteria if user is of correct type
             var UserInfo = await ct.User.AsNoTracking().Select(x => new { x.UserType, x.CustomerId, x.HeadOfficeId }).FirstOrDefaultAsync();
             switch (UserInfo.UserType)
             {
                 case UserType.Customer:
+                    if (UserInfo.CustomerId == null || UserInfo.CustomerId == 0) return false;
                     tableRequest.ClientCriteria = $"{UserInfo.CustomerId},{(int)AyaType.Customer}";
                     break;
                 case UserType.HeadOffice:
+                    if (UserInfo.HeadOfficeId == null || UserInfo.HeadOfficeId == 0) return false;
                     tableRequest.ClientCriteria = $"{UserInfo.HeadOfficeId},{(int)AyaType.HeadOffice}";
                     break;
                 default://other user types can fuck right off!
                     return false;
             }
-
-
             return true;
         }