public static string getFilterCond(string cond, string sessionKey) { AuthInfo auth = AuthModel.GetAuthInfo(sessionKey); CatBranchDT branchDT = new CatBranchDT(); if (auth != null) { CatSalestaffDT staffDT = new CatSalestaffDT(); string branchIds = string.Join(",", branchDT.GetBranchTree(auth.BranchId).ToArray()); DataTable dtStaff = staffDT.GetByCond("BranchID IN (" + branchIds + ")"); string staffIds = string.Join(",", dtStaff.ColToListString("ID").ToArray()); cond += cond == string.Empty ? "" : " AND "; if (auth.UserRightIds.Contains("1")) { cond += ""; } else if (auth.UserRightIds.Contains("2")) { cond += " SaleStaffID in (" + staffIds + ")"; } else if (auth.UserRightIds.Contains("3")) { cond += " SaleStaffID=" + auth.StaffId; } } return(cond); }
public HttpResponseMessage StaffInfo(string sessionKey) { CatSalestaffDT staffDT = new CatSalestaffDT(); DataTable dtSession = sessionDT.GetByCond("SessionID='" + sessionKey + "'", " ID DESC"); if (dtSession != null && dtSession.Rows.Count > 0) { // DataTable dtStaff = staffDT.GetByCond("UserID=" + dtSession.Rows[0][LoginSessionContract.Columns[(int)LoginSessionColumns.UserID]].ToString()); return(Request.CreateResponse <string>(HttpStatusCode.OK, JsonConvert.SerializeObject(AuthModel.GetAuthInfo(sessionKey)))); } return(Request.CreateResponse <string>(HttpStatusCode.OK, "{}")); }