public IHttpActionResult GetTargetsInitialData(int scorecardId, bool canEdit) { if (!User.IsInRole(NDMSSecurityConstants.AdminRole)) { var isUserKPIOwnerofScorecard = userManager.IsUserKPIOwnerOfScorecard(Username, scorecardId); var isUserKPIOwnerOfParentScorecard = userManager.IsUserKPIOwnerOfParentScorecard(Username, scorecardId); if (canEdit) { if (!isUserKPIOwnerOfParentScorecard) { return(Unauthorized()); } } else { var canUserViewTargets = isUserKPIOwnerofScorecard || isUserKPIOwnerOfParentScorecard; if (!canUserViewTargets) { return(Unauthorized()); } } } ApiResponse <TargetTemplateData> response = new ApiResponse <TargetTemplateData>(); response.Data = targetManager.GetTargetsInitialData(scorecardId); return(Ok(response)); }
public IHttpActionResult Get(int id) { if (!User.IsInRole(NDMSSecurityConstants.AdminRole)) { var canEditScorecard = userManager.IsUserKPIOwnerOfParentScorecard(Username, id); if (!canEditScorecard) { return(Unauthorized()); } } ApiResponse <ScorecardItem> response = new ApiResponse <ScorecardItem>(); response.Data = scorecardAdminMgr.GetScorecard(id); if (response.Data == null) { return(NotFound()); } return(Ok(response)); }