server/AyaNova/biz/ReportBiz.cs

@@ -385,10 +385,16 @@ namespace AyaNova.Biz
             var log = AyaNova.Util.ApplicationLogging.CreateLogger("ReportBiz::RenderReport");
 
             //Customer User Report?
-            if(reportRequest.ReportId==-100){
+            bool RequestIsCustomerWorkOrderReport=false;
-                //get the user data and set the actual report id or return null if not found
+            if (reportRequest.ReportId == -100)
-
+            {
-                HERE NEXT
+                //get the user and workorder data and set the actual report id or return null if not found
+                var woTags = await ct.WorkOrder.AsNoTracking().Where(x => x.Id == reportRequest.SelectedRowIds[0]).Select(x => x.Tags).FirstOrDefaultAsync();
+                if(woTags==null) return null;
+                var cr = await UserBiz.CustomerUserEffectiveRightsAsync(UserId, woTags);
+                if(cr.ThisWOEffectiveWOReportId==null) return null;
+                reportRequest.ReportId=(long)cr.ThisWOEffectiveWOReportId;
+                RequestIsCustomerWorkOrderReport=true;
             }
 
             //get report, vet security, see what we need before init in case of issue
@@ -409,7 +415,7 @@ namespace AyaNova.Biz
             AuthorizationRoles effectiveRoles = CurrentUserRoles;
 
 
-            if (!AyaNova.Api.ControllerHelpers.Authorized.HasReadFullRole(effectiveRoles, report.AType))
+            if (!RequestIsCustomerWorkOrderReport && !AyaNova.Api.ControllerHelpers.Authorized.HasReadFullRole(effectiveRoles, report.AType))
             {
                 AddError(ApiErrorCode.NOT_AUTHORIZED, null, $"User not authorized for {report.AType} type object");
                 return null;