Example #1
0
        public async Task <IHttpActionResult> GetOrders(string customer, DateTime?dateFrom, DateTime?dateTo, int from, int to, string sortBy, SortDirection direction, string searchText = "")
        {
            var user = GetCurrentUser();

            if (user == null || (user.customer_code != customer && !user.isAdmin && !user.isBranchAdmin) ||
                !user.HasPermission(PermissionId.ViewOrderHistory))
            {
                return(Unauthorized());
            }
            if (user.customer_code != customer && user.isBranchAdmin && !user.isAdmin)
            {
                var allowedCustomers = UserApiController.GetAllowedCustomersForBranchAdmin(uow, user.customer_code);
                if (!allowedCustomers.Select(c => c.code.Trim()).Contains(customer))
                {
                    return(Unauthorized());
                }
            }
            if (sortBy == "statusText")
            {
                sortBy = "status";
            }
            var response =
                await apiClient.GetAsync(
                    $@"{Properties.Settings.Default.apiUrl}/api/getOrders?customer={customer}&dateFrom={dateFrom.ToIsoDate()}&dateTo={dateTo.ToIsoDate()}&from={from}&to={to}&sortBy={sortBy}&direction={direction}&searchText={searchText}");

            return(Ok(response.Content.ReadAsAsync <List <Order> >()));
        }
Example #2
0
        public async Task <IHttpActionResult> getPrice(string customer, string code)
        {
            var user = GetCurrentUser();

            if (user == null || (user.customer_code != customer && !user.isAdmin && user.isInternal != true && !user.isBranchAdmin) ||
                !user.HasPermission(PermissionId.ViewStockSearch)
                )
            {
                return(Unauthorized());
            }
            if (user.customer_code != customer && user.isBranchAdmin && !user.isAdmin)
            {
                var allowedCustomers = UserApiController.GetAllowedCustomersForBranchAdmin(uow, user.customer_code);
                if (!allowedCustomers.Select(c => c.code.Trim()).Contains(customer))
                {
                    return(Unauthorized());
                }
            }
            var response = await apiClient.GetAsync($"{Properties.Settings.Default.apiUrl}/api/getPrice?customer={customer}&product={code}");

            return(Ok(response.Content.ReadAsAsync <object>()));
            //return await response.Content.ReadAsAsync<object>();
        }
        public async Task <IHttpActionResult> getCustomerTotals(string customer, DateTime?dateFrom, DateTime?dateTo, string searchText)
        {
            var user = GetCurrentUser();

            if (user == null ||
                (user.customer_code != customer && !user.isBranchAdmin && !user.isAdmin) ||
                !user.HasPermission(PermissionId.ViewInvoiceHistory))
            {
                return(Unauthorized());
            }
            if (user.customer_code != customer && user.isBranchAdmin && !user.isAdmin)
            {
                var allowedCustomers = UserApiController.GetAllowedCustomersForBranchAdmin(uow, user.customer_code);
                if (!allowedCustomers.Select(c => c.code.Trim()).Contains(customer))
                {
                    return(Unauthorized());
                }
            }
            var response = await apiClient.GetAsync(
                $@"{Properties.Settings.Default.apiUrl}/api/getCustomerTotals?customer={customer}&dateFrom={dateFrom.ToIsoDate()}&dateTo={dateTo.ToIsoDate()}&searchText={searchText}");

            return(Ok(response.Content.ReadAsAsync <CustomerTotals>()));
        }
        public object Login(string username, string password)
        {
            var user = uow.UserRepository.Get(u => (u.username == username || u.email == username) && u.password == password, includeProperties: "Customer, Roles").FirstOrDefault();

            if (user == null)
            {
                return new HttpResponseMessage {
                           StatusCode = HttpStatusCode.BadRequest, Content = new StringContent("Invalid username or password")
                }
            }
            ;
            if (user.Customer == null && !string.IsNullOrEmpty(user.customer_code))             //fix for code with spaces
            {
                user.Customer = uow.CustomerRepository.GetByID(user.customer_code);
            }
            user.token     = JwtManager.CreateToken(user, Properties.Settings.Default.tokenExpiration);
            user.lastLogin = DateTime.Now;
            uow.Save();
            uow.UserRepository.InsertSession(user, GetClientIp(Request));
            user.Permissions = uow.UserRepository.GetPermissions(user);
            cache.Set($"permissions_{user.id}", user.Permissions, null);
            return(UserApiController.GetUIObject(user));
        }
Example #5
0
        public async Task <IHttpActionResult> GetOrder(string order_no, string customer_code)
        {
            var user = GetCurrentUser();

            if (user == null || !user.HasPermission(PermissionId.ViewOrderHistory))
            {
                return(Unauthorized());
            }
            if (!user.isAdmin && !user.isBranchAdmin)
            {
                customer_code = user.customer_code;
            }
            if (user.customer_code != customer_code && user.isBranchAdmin && !user.isAdmin)
            {
                var allowedCustomers = UserApiController.GetAllowedCustomersForBranchAdmin(uow, user.customer_code);
                if (!allowedCustomers.Select(c => c.code.Trim()).Contains(customer_code))
                {
                    customer_code = user.customer_code;
                }
            }
            var response = await apiClient.GetAsync($"{Properties.Settings.Default.apiUrl}/api/getOrderByCriteria?order_no={order_no}&customer_code={customer_code}");

            return(Ok(response.Content.ReadAsAsync <Order>()));
        }