public IHttpActionResult Search(coreModel.SearchCriteria criteria)
{
//Scope bound ACL filtration
criteria = FilterOrderSearchCriteria(HttpContext.Current.User.Identity.Name, criteria);
var retVal = _searchService.Search(criteria);
return Ok(retVal.ToWebModel());
}
private static void SetPropertyValue(dataModel.OperationPropertyEntity retVal, coreModel.OperationProperty property)
{
switch (property.ValueType)
{
case coreModel.PropertyValueType.Boolean:
retVal.BooleanValue = Convert.ToBoolean(property.Value);
break;
case coreModel.PropertyValueType.DateTime:
retVal.DateTimeValue = Convert.ToDateTime(property.Value);
break;
case coreModel.PropertyValueType.Decimal:
retVal.DecimalValue = Convert.ToDecimal(property.Value);
break;
case coreModel.PropertyValueType.Integer:
retVal.IntegerValue = Convert.ToInt32(property.Value);
break;
case coreModel.PropertyValueType.LongText:
retVal.LongTextValue = Convert.ToString(property.Value);
break;
case coreModel.PropertyValueType.ShortText:
retVal.ShortTextValue = Convert.ToString(property.Value);
break;
}
}
private coreModel.SearchCriteria FilterOrderSearchCriteria(string userName, coreModel.SearchCriteria criteria)
{
if (!_securityService.UserHasAnyPermission(userName, null, OrderPredefinedPermissions.Read))
{
//Get defined user 'read' permission scopes
var readPermissionScopes = _securityService.GetUserPermissions(userName)
.Where(x => x.Id.StartsWith(OrderPredefinedPermissions.Read))
.SelectMany(x => x.AssignedScopes);
//Check user has a scopes
//Stores
criteria.StoreIds = readPermissionScopes.OfType<OrderStoreScope>()
.Select(x => x.Scope)
.Where(x => !String.IsNullOrEmpty(x))
.ToArray();
var responsibleScope = readPermissionScopes.OfType<OrderResponsibleScope>().FirstOrDefault();
//employee id
if (responsibleScope != null)
{
criteria.EmployeeId = userName;
}
}
return criteria;
}
