diff --git a/server/AyaNova/Controllers/AuthController.cs b/server/AyaNova/Controllers/AuthController.cs index 5454db4f..23388056 100644 --- a/server/AyaNova/Controllers/AuthController.cs +++ b/server/AyaNova/Controllers/AuthController.cs @@ -347,15 +347,11 @@ namespace AyaNova.Api.Controllers log.LogInformation($"User \"{u.Name}\" logged in from \"{HttpContext.Connection.RemoteIpAddress.ToString()}\" ok"); - //return appropriate data - + //return appropriate data for user type... if (u.UserType == UserType.Customer | u.UserType == UserType.HeadOffice) - { - //customer type has special rights restrictions for UI features so return them here so client UI can enable or disable - - - - return Ok(ApiOkResponse.Response(new + { + //customer type has special rights restrictions for UI features so return them here so client UI can enable or disable + return Ok(ApiOkResponse.Response(new { token = token, name = u.Name, @@ -363,10 +359,8 @@ namespace AyaNova.Api.Controllers roles = ((int)u.Roles).ToString(), dlt = DownloadToken, tfa = u.TwoFactorEnabled, - CustomerAllowCSR = AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerDefaultWorkOrderReportId, - + CustomerRights = UserBiz.CustomerUserEffectiveRights(u.Id) })); - } else { diff --git a/server/AyaNova/biz/UserBiz.cs b/server/AyaNova/biz/UserBiz.cs index 0054b39a..0487b22a 100644 --- a/server/AyaNova/biz/UserBiz.cs +++ b/server/AyaNova/biz/UserBiz.cs @@ -173,7 +173,7 @@ namespace AyaNova.Biz } - internal static bool CustomerUserEffectiveRightsAllowed(bool allowed, List contactTags, List inTags, List outTags) + private static bool CustomerUserEffectiveRightsAllowed(bool allowed, List contactTags, List inTags, List outTags) { //Note: tag match rule as planned and documented is that it's a match if *any* single tag in intags or outtags are a match to any single tag in contact tags, //not the whole list, just any one of them which differs from how notifications are checked for example which need to *all* match