public async Task <IHttpActionResult> GetOrders(string customer, DateTime?dateFrom, DateTime?dateTo, int from, int to, string sortBy, SortDirection direction, string searchText = "") { var user = GetCurrentUser(); if (user == null || (user.customer_code != customer && !user.isAdmin && !user.isBranchAdmin) || !user.HasPermission(PermissionId.ViewOrderHistory)) { return(Unauthorized()); } if (user.customer_code != customer && user.isBranchAdmin && !user.isAdmin) { var allowedCustomers = UserApiController.GetAllowedCustomersForBranchAdmin(uow, user.customer_code); if (!allowedCustomers.Select(c => c.code.Trim()).Contains(customer)) { return(Unauthorized()); } } if (sortBy == "statusText") { sortBy = "status"; } var response = await apiClient.GetAsync( $@"{Properties.Settings.Default.apiUrl}/api/getOrders?customer={customer}&dateFrom={dateFrom.ToIsoDate()}&dateTo={dateTo.ToIsoDate()}&from={from}&to={to}&sortBy={sortBy}&direction={direction}&searchText={searchText}"); return(Ok(response.Content.ReadAsAsync <List <Order> >())); }
public async Task <IHttpActionResult> getPrice(string customer, string code) { var user = GetCurrentUser(); if (user == null || (user.customer_code != customer && !user.isAdmin && user.isInternal != true && !user.isBranchAdmin) || !user.HasPermission(PermissionId.ViewStockSearch) ) { return(Unauthorized()); } if (user.customer_code != customer && user.isBranchAdmin && !user.isAdmin) { var allowedCustomers = UserApiController.GetAllowedCustomersForBranchAdmin(uow, user.customer_code); if (!allowedCustomers.Select(c => c.code.Trim()).Contains(customer)) { return(Unauthorized()); } } var response = await apiClient.GetAsync($"{Properties.Settings.Default.apiUrl}/api/getPrice?customer={customer}&product={code}"); return(Ok(response.Content.ReadAsAsync <object>())); //return await response.Content.ReadAsAsync<object>(); }
public async Task <IHttpActionResult> getCustomerTotals(string customer, DateTime?dateFrom, DateTime?dateTo, string searchText) { var user = GetCurrentUser(); if (user == null || (user.customer_code != customer && !user.isBranchAdmin && !user.isAdmin) || !user.HasPermission(PermissionId.ViewInvoiceHistory)) { return(Unauthorized()); } if (user.customer_code != customer && user.isBranchAdmin && !user.isAdmin) { var allowedCustomers = UserApiController.GetAllowedCustomersForBranchAdmin(uow, user.customer_code); if (!allowedCustomers.Select(c => c.code.Trim()).Contains(customer)) { return(Unauthorized()); } } var response = await apiClient.GetAsync( $@"{Properties.Settings.Default.apiUrl}/api/getCustomerTotals?customer={customer}&dateFrom={dateFrom.ToIsoDate()}&dateTo={dateTo.ToIsoDate()}&searchText={searchText}"); return(Ok(response.Content.ReadAsAsync <CustomerTotals>())); }
public object Login(string username, string password) { var user = uow.UserRepository.Get(u => (u.username == username || u.email == username) && u.password == password, includeProperties: "Customer, Roles").FirstOrDefault(); if (user == null) { return new HttpResponseMessage { StatusCode = HttpStatusCode.BadRequest, Content = new StringContent("Invalid username or password") } } ; if (user.Customer == null && !string.IsNullOrEmpty(user.customer_code)) //fix for code with spaces { user.Customer = uow.CustomerRepository.GetByID(user.customer_code); } user.token = JwtManager.CreateToken(user, Properties.Settings.Default.tokenExpiration); user.lastLogin = DateTime.Now; uow.Save(); uow.UserRepository.InsertSession(user, GetClientIp(Request)); user.Permissions = uow.UserRepository.GetPermissions(user); cache.Set($"permissions_{user.id}", user.Permissions, null); return(UserApiController.GetUIObject(user)); }
public async Task <IHttpActionResult> GetOrder(string order_no, string customer_code) { var user = GetCurrentUser(); if (user == null || !user.HasPermission(PermissionId.ViewOrderHistory)) { return(Unauthorized()); } if (!user.isAdmin && !user.isBranchAdmin) { customer_code = user.customer_code; } if (user.customer_code != customer_code && user.isBranchAdmin && !user.isAdmin) { var allowedCustomers = UserApiController.GetAllowedCustomersForBranchAdmin(uow, user.customer_code); if (!allowedCustomers.Select(c => c.code.Trim()).Contains(customer_code)) { customer_code = user.customer_code; } } var response = await apiClient.GetAsync($"{Properties.Settings.Default.apiUrl}/api/getOrderByCriteria?order_no={order_no}&customer_code={customer_code}"); return(Ok(response.Content.ReadAsAsync <Order>())); }