public async Task <IHttpActionResult> GetOrders(string customer, DateTime?dateFrom, DateTime?dateTo, int from, int to, string sortBy, SortDirection direction, string searchText = "")
{
var user = GetCurrentUser();
if (user == null || (user.customer_code != customer && !user.isAdmin && !user.isBranchAdmin) ||
!user.HasPermission(PermissionId.ViewOrderHistory))
{
return(Unauthorized());
}
if (user.customer_code != customer && user.isBranchAdmin && !user.isAdmin)
{
var allowedCustomers = UserApiController.GetAllowedCustomersForBranchAdmin(uow, user.customer_code);
if (!allowedCustomers.Select(c => c.code.Trim()).Contains(customer))
{
return(Unauthorized());
}
}
if (sortBy == "statusText")
{
sortBy = "status";
}
var response =
await apiClient.GetAsync(
$@"{Properties.Settings.Default.apiUrl}/api/getOrders?customer={customer}&dateFrom={dateFrom.ToIsoDate()}&dateTo={dateTo.ToIsoDate()}&from={from}&to={to}&sortBy={sortBy}&direction={direction}&searchText={searchText}");
return(Ok(response.Content.ReadAsAsync <List <Order> >()));
}
public async Task <IHttpActionResult> getPrice(string customer, string code)
{
var user = GetCurrentUser();
if (user == null || (user.customer_code != customer && !user.isAdmin && user.isInternal != true && !user.isBranchAdmin) ||
!user.HasPermission(PermissionId.ViewStockSearch)
)
{
return(Unauthorized());
}
if (user.customer_code != customer && user.isBranchAdmin && !user.isAdmin)
{
var allowedCustomers = UserApiController.GetAllowedCustomersForBranchAdmin(uow, user.customer_code);
if (!allowedCustomers.Select(c => c.code.Trim()).Contains(customer))
{
return(Unauthorized());
}
}
var response = await apiClient.GetAsync($"{Properties.Settings.Default.apiUrl}/api/getPrice?customer={customer}&product={code}");
return(Ok(response.Content.ReadAsAsync <object>()));
//return await response.Content.ReadAsAsync<object>();
}
public async Task <IHttpActionResult> getCustomerTotals(string customer, DateTime?dateFrom, DateTime?dateTo, string searchText)
{
var user = GetCurrentUser();
if (user == null ||
(user.customer_code != customer && !user.isBranchAdmin && !user.isAdmin) ||
!user.HasPermission(PermissionId.ViewInvoiceHistory))
{
return(Unauthorized());
}
if (user.customer_code != customer && user.isBranchAdmin && !user.isAdmin)
{
var allowedCustomers = UserApiController.GetAllowedCustomersForBranchAdmin(uow, user.customer_code);
if (!allowedCustomers.Select(c => c.code.Trim()).Contains(customer))
{
return(Unauthorized());
}
}
var response = await apiClient.GetAsync(
$@"{Properties.Settings.Default.apiUrl}/api/getCustomerTotals?customer={customer}&dateFrom={dateFrom.ToIsoDate()}&dateTo={dateTo.ToIsoDate()}&searchText={searchText}");
return(Ok(response.Content.ReadAsAsync <CustomerTotals>()));
}
public object Login(string username, string password)
{
var user = uow.UserRepository.Get(u => (u.username == username || u.email == username) && u.password == password, includeProperties: "Customer, Roles").FirstOrDefault();
if (user == null)
{
return new HttpResponseMessage {
StatusCode = HttpStatusCode.BadRequest, Content = new StringContent("Invalid username or password")
}
}
;
if (user.Customer == null && !string.IsNullOrEmpty(user.customer_code)) //fix for code with spaces
{
user.Customer = uow.CustomerRepository.GetByID(user.customer_code);
}
user.token = JwtManager.CreateToken(user, Properties.Settings.Default.tokenExpiration);
user.lastLogin = DateTime.Now;
uow.Save();
uow.UserRepository.InsertSession(user, GetClientIp(Request));
user.Permissions = uow.UserRepository.GetPermissions(user);
cache.Set($"permissions_{user.id}", user.Permissions, null);
return(UserApiController.GetUIObject(user));
}
public async Task <IHttpActionResult> GetOrder(string order_no, string customer_code)
{
var user = GetCurrentUser();
if (user == null || !user.HasPermission(PermissionId.ViewOrderHistory))
{
return(Unauthorized());
}
if (!user.isAdmin && !user.isBranchAdmin)
{
customer_code = user.customer_code;
}
if (user.customer_code != customer_code && user.isBranchAdmin && !user.isAdmin)
{
var allowedCustomers = UserApiController.GetAllowedCustomersForBranchAdmin(uow, user.customer_code);
if (!allowedCustomers.Select(c => c.code.Trim()).Contains(customer_code))
{
customer_code = user.customer_code;
}
}
var response = await apiClient.GetAsync($"{Properties.Settings.Default.apiUrl}/api/getOrderByCriteria?order_no={order_no}&customer_code={customer_code}");
return(Ok(response.Content.ReadAsAsync <Order>()));
}
