public async Task <IHttpActionResult> GetOrders(string customer, DateTime?dateFrom, DateTime?dateTo, int from, int to, string sortBy, SortDirection direction, string searchText = "")
{
var user = GetCurrentUser();
if (user == null || (user.customer_code != customer && !user.isAdmin && !user.isBranchAdmin) ||
!user.HasPermission(PermissionId.ViewOrderHistory))
{
return(Unauthorized());
}
if (user.customer_code != customer && user.isBranchAdmin && !user.isAdmin)
{
var allowedCustomers = UserApiController.GetAllowedCustomersForBranchAdmin(uow, user.customer_code);
if (!allowedCustomers.Select(c => c.code.Trim()).Contains(customer))
{
return(Unauthorized());
}
}
if (sortBy == "statusText")
{
sortBy = "status";
}
var response =
await apiClient.GetAsync(
$@"{Properties.Settings.Default.apiUrl}/api/getOrders?customer={customer}&dateFrom={dateFrom.ToIsoDate()}&dateTo={dateTo.ToIsoDate()}&from={from}&to={to}&sortBy={sortBy}&direction={direction}&searchText={searchText}");
return(Ok(response.Content.ReadAsAsync <List <Order> >()));
}
public async Task <IHttpActionResult> getPrice(string customer, string code)
{
var user = GetCurrentUser();
if (user == null || (user.customer_code != customer && !user.isAdmin && user.isInternal != true && !user.isBranchAdmin) ||
!user.HasPermission(PermissionId.ViewStockSearch)
)
{
return(Unauthorized());
}
if (user.customer_code != customer && user.isBranchAdmin && !user.isAdmin)
{
var allowedCustomers = UserApiController.GetAllowedCustomersForBranchAdmin(uow, user.customer_code);
if (!allowedCustomers.Select(c => c.code.Trim()).Contains(customer))
{
return(Unauthorized());
}
}
var response = await apiClient.GetAsync($"{Properties.Settings.Default.apiUrl}/api/getPrice?customer={customer}&product={code}");
return(Ok(response.Content.ReadAsAsync <object>()));
//return await response.Content.ReadAsAsync<object>();
}
public async Task <IHttpActionResult> getCustomerTotals(string customer, DateTime?dateFrom, DateTime?dateTo, string searchText)
{
var user = GetCurrentUser();
if (user == null ||
(user.customer_code != customer && !user.isBranchAdmin && !user.isAdmin) ||
!user.HasPermission(PermissionId.ViewInvoiceHistory))
{
return(Unauthorized());
}
if (user.customer_code != customer && user.isBranchAdmin && !user.isAdmin)
{
var allowedCustomers = UserApiController.GetAllowedCustomersForBranchAdmin(uow, user.customer_code);
if (!allowedCustomers.Select(c => c.code.Trim()).Contains(customer))
{
return(Unauthorized());
}
}
var response = await apiClient.GetAsync(
$@"{Properties.Settings.Default.apiUrl}/api/getCustomerTotals?customer={customer}&dateFrom={dateFrom.ToIsoDate()}&dateTo={dateTo.ToIsoDate()}&searchText={searchText}");
return(Ok(response.Content.ReadAsAsync <CustomerTotals>()));
}
public async Task <IHttpActionResult> GetOrder(string order_no, string customer_code)
{
var user = GetCurrentUser();
if (user == null || !user.HasPermission(PermissionId.ViewOrderHistory))
{
return(Unauthorized());
}
if (!user.isAdmin && !user.isBranchAdmin)
{
customer_code = user.customer_code;
}
if (user.customer_code != customer_code && user.isBranchAdmin && !user.isAdmin)
{
var allowedCustomers = UserApiController.GetAllowedCustomersForBranchAdmin(uow, user.customer_code);
if (!allowedCustomers.Select(c => c.code.Trim()).Contains(customer_code))
{
customer_code = user.customer_code;
}
}
var response = await apiClient.GetAsync($"{Properties.Settings.Default.apiUrl}/api/getOrderByCriteria?order_no={order_no}&customer_code={customer_code}");
return(Ok(response.Content.ReadAsAsync <Order>()));
}