From dfe7d990ad229335da3d253802a8ed9f2f49cd81 Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Tue, 15 Jun 2021 23:36:22 +0000
Subject: [PATCH]

---
 server/AyaNova/Controllers/AuthController.cs | 16 +++++-----------
 server/AyaNova/biz/UserBiz.cs                |  2 +-
 2 files changed, 6 insertions(+), 12 deletions(-)

diff --git a/server/AyaNova/Controllers/AuthController.cs b/server/AyaNova/Controllers/AuthController.cs
index 5454db4f..23388056 100644
--- a/server/AyaNova/Controllers/AuthController.cs
+++ b/server/AyaNova/Controllers/AuthController.cs
@@ -347,15 +347,11 @@ namespace AyaNova.Api.Controllers
             log.LogInformation($"User \"{u.Name}\" logged in from \"{HttpContext.Connection.RemoteIpAddress.ToString()}\" ok");
 
 
-            //return appropriate data
-            
+            //return appropriate data for user type...
             if (u.UserType == UserType.Customer | u.UserType == UserType.HeadOffice)
-            {   
-               //customer type has special rights restrictions for UI features so return them here so client UI can enable or disable
-           
-            
-           
-            return Ok(ApiOkResponse.Response(new
+            {
+                //customer type has special rights restrictions for UI features so return them here so client UI can enable or disable
+                return Ok(ApiOkResponse.Response(new
                 {
                     token = token,
                     name = u.Name,
@@ -363,10 +359,8 @@ namespace AyaNova.Api.Controllers
                     roles = ((int)u.Roles).ToString(),
                     dlt = DownloadToken,
                     tfa = u.TwoFactorEnabled,
-                    CustomerAllowCSR = AyaNova.Util.ServerGlobalBizSettings.Cache.CustomerDefaultWorkOrderReportId,
-
+                    CustomerRights = UserBiz.CustomerUserEffectiveRights(u.Id)
                 }));
-
             }
             else
             {
diff --git a/server/AyaNova/biz/UserBiz.cs b/server/AyaNova/biz/UserBiz.cs
index 0054b39a..0487b22a 100644
--- a/server/AyaNova/biz/UserBiz.cs
+++ b/server/AyaNova/biz/UserBiz.cs
@@ -173,7 +173,7 @@ namespace AyaNova.Biz
         }
 
 
-        internal static bool CustomerUserEffectiveRightsAllowed(bool allowed, List<string> contactTags, List<string> inTags, List<string> outTags)
+        private static bool CustomerUserEffectiveRightsAllowed(bool allowed, List<string> contactTags, List<string> inTags, List<string> outTags)
         {
             //Note: tag match rule as planned and documented is that it's a match if *any* single tag in intags or outtags are a match to any single tag in contact tags, 
             //not the whole list, just any one of them which differs from how notifications are checked for example which need to *all* match