public IHttpActionResult GetTargetsInitialData(int scorecardId, bool canEdit)
{
if (!User.IsInRole(NDMSSecurityConstants.AdminRole))
{
var isUserKPIOwnerofScorecard = userManager.IsUserKPIOwnerOfScorecard(Username, scorecardId);
var isUserKPIOwnerOfParentScorecard = userManager.IsUserKPIOwnerOfParentScorecard(Username, scorecardId);
if (canEdit)
{
if (!isUserKPIOwnerOfParentScorecard)
{
return(Unauthorized());
}
}
else
{
var canUserViewTargets = isUserKPIOwnerofScorecard || isUserKPIOwnerOfParentScorecard;
if (!canUserViewTargets)
{
return(Unauthorized());
}
}
}
ApiResponse <TargetTemplateData> response = new ApiResponse <TargetTemplateData>();
response.Data = targetManager.GetTargetsInitialData(scorecardId);
return(Ok(response));
}
public IHttpActionResult Get(int id)
{
if (!User.IsInRole(NDMSSecurityConstants.AdminRole))
{
var canEditScorecard = userManager.IsUserKPIOwnerOfParentScorecard(Username, id);
if (!canEditScorecard)
{
return(Unauthorized());
}
}
ApiResponse <ScorecardItem> response = new ApiResponse <ScorecardItem>();
response.Data = scorecardAdminMgr.GetScorecard(id);
if (response.Data == null)
{
return(NotFound());
}
return(Ok(response));
}