diff --git a/server/AyaNova/biz/BizRoles.cs b/server/AyaNova/biz/BizRoles.cs index 3ed044cb..6aac4c89 100644 --- a/server/AyaNova/biz/BizRoles.cs +++ b/server/AyaNova/biz/BizRoles.cs @@ -312,14 +312,14 @@ namespace AyaNova.Biz // roles.Add(AyaType.ServiceRate, new BizRoleSet() { - Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Accounting, - ReadFullRecord = AuthorizationRoles.Service + Change = AuthorizationRoles.Service + | AuthorizationRoles.BizAdmin + | AuthorizationRoles.Accounting, + ReadFullRecord = AuthorizationRoles.Service//these people can see costs so very limited | AuthorizationRoles.Sales | AuthorizationRoles.Tech | AuthorizationRoles.BizAdminRestricted - | AuthorizationRoles.ServiceRestricted - | AuthorizationRoles.SalesRestricted - | AuthorizationRoles.TechRestricted, + | AuthorizationRoles.ServiceRestricted, Select = AuthorizationRoles.All }); @@ -329,14 +329,14 @@ namespace AyaNova.Biz // roles.Add(AyaType.TravelRate, new BizRoleSet() { - Change = AuthorizationRoles.BizAdmin | AuthorizationRoles.Accounting, - ReadFullRecord = AuthorizationRoles.Service + Change = AuthorizationRoles.Service + | AuthorizationRoles.BizAdmin + | AuthorizationRoles.Accounting, + ReadFullRecord = AuthorizationRoles.Service//these people can see costs so very limited | AuthorizationRoles.Sales | AuthorizationRoles.Tech | AuthorizationRoles.BizAdminRestricted - | AuthorizationRoles.ServiceRestricted - | AuthorizationRoles.SalesRestricted - | AuthorizationRoles.TechRestricted, + | AuthorizationRoles.ServiceRestricted, Select = AuthorizationRoles.All }); diff --git a/server/AyaNova/biz/WorkOrderBiz.cs b/server/AyaNova/biz/WorkOrderBiz.cs index b218f4df..cebbc4a3 100644 --- a/server/AyaNova/biz/WorkOrderBiz.cs +++ b/server/AyaNova/biz/WorkOrderBiz.cs @@ -25,6 +25,7 @@ namespace AyaNova.Biz UserTranslationId = userTranslationId; CurrentUserRoles = UserRoles; BizType = AyaType.WorkOrder; + CurrentUserType = currentUserType; } internal static WorkOrderBiz GetBiz(AyContext ct, Microsoft.AspNetCore.Http.HttpContext httpContext = null) @@ -56,6 +57,61 @@ namespace AyaNova.Biz #region WorkOrder level + //////////////////////////////////////////////////////////////////////////////////////////////// + // SUBRIGHTS / RESTRICTIONS FOR WORK ORDER + // + internal UserType CurrentUserType { get; set; } + internal bool UserCanViewPartCosts + { + get + { + //the "for sure can not view part cost" user types + switch (CurrentUserType) + { + case UserType.Customer: + case UserType.HeadOffice: + case UserType.ServiceContractor: + return false; + } + //Now check roles + return (CurrentUserRoles.HasFlag(AuthorizationRoles.InventoryRestricted) + || CurrentUserRoles.HasFlag(AuthorizationRoles.Inventory) + || CurrentUserRoles.HasFlag(AuthorizationRoles.BizAdmin) + || CurrentUserRoles.HasFlag(AuthorizationRoles.Accounting)); + } + } + + internal bool UserCanViewLaborOrTravelRateCosts + { + get + { + //the "for sure can not view labor cost" user types + switch (CurrentUserType) + { + case UserType.Customer: + case UserType.HeadOffice: + case UserType.ServiceContractor: + return false; + } + //Now check roles + return (CurrentUserRoles.HasFlag(AuthorizationRoles.Service) + || CurrentUserRoles.HasFlag(AuthorizationRoles.ServiceRestricted) + || CurrentUserRoles.HasFlag(AuthorizationRoles.BizAdmin) + || CurrentUserRoles.HasFlag(AuthorizationRoles.Accounting)); + } + } + + // internal bool IsTechRestricted + // { + // get + // { + // return CurrentUserType == UserType.Service + // && !CurrentUserRoles.HasFlag(AuthorizationRoles.Tech) + // && CurrentUserRoles.HasFlag(AuthorizationRoles.SubContractorRestricted); + // } + // } + + //////////////////////////////////////////////////////////////////////////////////////////////// //EXISTS internal async Task WorkOrderExistsAsync(long id) @@ -63,6 +119,8 @@ namespace AyaNova.Biz return await ct.WorkOrder.AnyAsync(z => z.Id == id); } + + //////////////////////////////////////////////////////////////////////////////////////////////// //CREATE // @@ -2863,6 +2921,13 @@ namespace AyaNova.Biz } o.LineTotalViz = o.NetViz + o.TaxAViz + o.TaxBViz; + + //RESTRICTIONS ON COST VISIBILITY? + if (!UserCanViewLaborOrTravelRateCosts) + { + o.CostViz = 0; + } + } // //////////////////////////////////////////////////////////////////////////////////////////////// @@ -4246,6 +4311,12 @@ namespace AyaNova.Biz } } o.LineTotalViz = o.NetViz + o.TaxAViz + o.TaxBViz; + + + //RESTRICTED COST FIELD?? + if (!UserCanViewPartCosts) + o.Cost = 0;//cost already used in calcs and will not be updated on any update operation so this ensures the cost isn't sent over the wire + } //////////////////////////////////////////////////////////////////////////////////////////////// @@ -4270,6 +4341,10 @@ namespace AyaNova.Biz if (newObj.PartId == oldObj.PartId) { SnapshotPricing = false; + //maintain old cost as it can come from the client as zero when it shouldn't be or someone using the api and setting it directly + //but we will only allow the price *we* set at the server initially + newObj.Cost = oldObj.Cost; + } } @@ -5728,6 +5803,12 @@ namespace AyaNova.Biz } } o.LineTotalViz = o.NetViz + o.TaxAViz + o.TaxBViz; + + //RESTRICTIONS ON COST VISIBILITY? + if (!UserCanViewLaborOrTravelRateCosts) + { + o.CostViz = 0; + } } diff --git a/server/AyaNova/models/WorkOrder.cs b/server/AyaNova/models/WorkOrder.cs index 57f2a717..c16693d1 100644 --- a/server/AyaNova/models/WorkOrder.cs +++ b/server/AyaNova/models/WorkOrder.cs @@ -89,6 +89,8 @@ namespace AyaNova.Models public bool IsLockedAtServer { get; set; } = false;//signal to client that it came from the server in a locked state [NotMapped] public string AlertViz { get; set; } = null; + [NotMapped] + public bool HasPartCosts { get; set; } = false;//signal to client that part costs were not populated (due to user rights / role / type) [NotMapped, JsonIgnore]