hargata
diff --git a/‎Controllers/APIController.cs‎
Lines changed: 17 additions & 17 deletions b/‎Controllers/APIController.cs‎
Lines changed: 17 additions & 17 deletions
diff --git a/‎Controllers/AdminController.cs‎
Lines changed: 6 additions & 0 deletions b/‎Controllers/AdminController.cs‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎Controllers/HomeController.cs‎
Lines changed: 6 additions & 0 deletions b/‎Controllers/HomeController.cs‎
Lines changed: 6 additions & 0 deletions
diff --git a/‎Controllers/MigrationController.cs‎
Lines changed: 5 additions & 11 deletions b/‎Controllers/MigrationController.cs‎
Lines changed: 5 additions & 11 deletions
diff --git a/‎Controllers/Vehicle/GasController.cs‎
Lines changed: 14 additions & 9 deletions b/‎Controllers/Vehicle/GasController.cs‎
Lines changed: 14 additions & 9 deletions
diff --git a/‎Controllers/Vehicle/ImportController.cs‎
Lines changed: 3 additions & 3 deletions b/‎Controllers/Vehicle/ImportController.cs‎
Lines changed: 3 additions & 3 deletions
@@ -175,7 +175,7 @@ public IActionResult VehicleInfo(int vehicleId)
             List<Vehicle> vehicles = new List<Vehicle>();
             if (vehicleId != default)
             {
-                if (_userLogic.UserCanEditVehicle(GetUserID(), vehicleId))
+                if (_userLogic.UserCanEditVehicle(GetUserID(), vehicleId, HouseholdPermission.View))
                 {
                     vehicles.Add(_dataAccess.GetVehicleById(vehicleId));
                 } else
@@ -351,7 +351,7 @@ public IActionResult DeletePlanRecord(int id)
                 return Json(OperationResponse.Failed("Invalid Record Id"));
             }
             //security check.
-            if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))
+            if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Delete))
             {
                 Response.StatusCode = 401;
                 return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));
@@ -419,7 +419,7 @@ public IActionResult UpdatePlanRecord(PlanRecordExportModel input)
                 if (existingRecord != null && existingRecord.Id == int.Parse(input.Id))
                 {
                     //check if user has access to the vehicleId
-                    if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))
+                    if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Edit))
                     {
                         Response.StatusCode = 401;
                         return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));
@@ -567,7 +567,7 @@ public IActionResult DeleteServiceRecord(int id)
                 return Json(OperationResponse.Failed("Invalid Record Id"));
             }
             //security check.
-            if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))
+            if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Delete))
             {
                 Response.StatusCode = 401;
                 return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));
@@ -616,7 +616,7 @@ public IActionResult UpdateServiceRecord(GenericRecordExportModel input)
                 if (existingRecord != null && existingRecord.Id == int.Parse(input.Id))
                 {
                     //check if user has access to the vehicleId
-                    if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))
+                    if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Edit))
                     {
                         Response.StatusCode = 401;
                         return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));
@@ -764,7 +764,7 @@ public IActionResult DeleteRepairRecord(int id)
                 return Json(OperationResponse.Failed("Invalid Record Id"));
             }
             //security check.
-            if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))
+            if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Delete))
             {
                 Response.StatusCode = 401;
                 return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));
@@ -813,7 +813,7 @@ public IActionResult UpdateRepairRecord(GenericRecordExportModel input)
                 if (existingRecord != null && existingRecord.Id == int.Parse(input.Id))
                 {
                     //check if user has access to the vehicleId
-                    if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))
+                    if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Edit))
                     {
                         Response.StatusCode = 401;
                         return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));
@@ -961,7 +961,7 @@ public IActionResult DeleteUpgradeRecord(int id)
                 return Json(OperationResponse.Failed("Invalid Record Id"));
             }
             //security check.
-            if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))
+            if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Delete))
             {
                 Response.StatusCode = 401;
                 return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));
@@ -1010,7 +1010,7 @@ public IActionResult UpdateUpgradeRecord(GenericRecordExportModel input)
                 if (existingRecord != null && existingRecord.Id == int.Parse(input.Id))
                 {
                     //check if user has access to the vehicleId
-                    if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))
+                    if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Edit))
                     {
                         Response.StatusCode = 401;
                         return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));
@@ -1180,7 +1180,7 @@ public IActionResult DeleteTaxRecord(int id)
                 return Json(OperationResponse.Failed("Invalid Record Id"));
             }
             //security check.
-            if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))
+            if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Delete))
             {
                 Response.StatusCode = 401;
                 return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));
@@ -1223,7 +1223,7 @@ public IActionResult UpdateTaxRecord(TaxRecordExportModel input)
                 if (existingRecord != null && existingRecord.Id == int.Parse(input.Id))
                 {
                     //check if user has access to the vehicleId
-                    if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))
+                    if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Edit))
                     {
                         Response.StatusCode = 401;
                         return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));
@@ -1373,7 +1373,7 @@ public IActionResult DeleteOdometerRecord(int id)
                 return Json(OperationResponse.Failed("Invalid Record Id"));
             }
             //security check.
-            if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))
+            if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Delete))
             {
                 Response.StatusCode = 401;
                 return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));
@@ -1416,7 +1416,7 @@ public IActionResult UpdateOdometerRecord(OdometerRecordExportModel input)
                 if (existingRecord != null && existingRecord.Id == int.Parse(input.Id))
                 {
                     //check if user has access to the vehicleId
-                    if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))
+                    if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Edit))
                     {
                         Response.StatusCode = 401;
                         return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));
@@ -1583,7 +1583,7 @@ public IActionResult DeleteGasRecord(int id)
                 return Json(OperationResponse.Failed("Invalid Record Id"));
             }
             //security check.
-            if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))
+            if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Delete))
             {
                 Response.StatusCode = 401;
                 return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));
@@ -1629,7 +1629,7 @@ public IActionResult UpdateGasRecord(GasRecordExportModel input)
                 if (existingRecord != null && existingRecord.Id == int.Parse(input.Id))
                 {
                     //check if user has access to the vehicleId
-                    if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))
+                    if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Edit))
                     {
                         Response.StatusCode = 401;
                         return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));
@@ -1823,7 +1823,7 @@ public IActionResult UpdateReminderRecord(ReminderExportModel input)
                 if (existingRecord != null && existingRecord.Id == int.Parse(input.Id))
                 {
                     //check if user has access to the vehicleId
-                    if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))
+                    if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Edit))
                     {
                         Response.StatusCode = 401;
                         return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));
@@ -1861,7 +1861,7 @@ public IActionResult DeleteReminderRecord(int id)
                 return Json(OperationResponse.Failed("Invalid Record Id"));
             }
             //security check.
-            if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))
+            if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Delete))
             {
                 Response.StatusCode = 401;
                 return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));
 
@@ -104,5 +104,11 @@ public IActionResult AddUserToHousehold(int parentUserId, string username)
             var result = _userLogic.AddUserToHousehold(parentUserId, username);
             return Json(result);
         }
+        [HttpPost]
+        public IActionResult ModifyUserHouseholdPermissions(int parentUserId, int childUserId, List<HouseholdPermission> permissions)
+        {
+            var result = _userLogic.UpdateUserHousehold(parentUserId, childUserId, permissions);
+            return Json(result);
+        }
     }
 }
@@ -302,6 +302,12 @@ public IActionResult RemoveUserFromHousehold(int userId)
             return Json(result);
         }
         [HttpPost]
+        public IActionResult ModifyUserHouseholdPermissions(int userId, List<HouseholdPermission> permissions)
+        {
+            var result = _userLogic.UpdateUserHousehold(GetUserID(), userId, permissions);
+            return Json(result);
+        }
+        [HttpPost]
         public IActionResult AddUserToHousehold(string username)
         {
             var result = _userLogic.AddUserToHousehold(GetUserID(), username);
 
@@ -55,7 +55,7 @@ private void InitializeTables(NpgsqlDataSource conn)
                 "CREATE TABLE IF NOT EXISTS app.extrafields (id INT primary key, data jsonb not null)",
                 "CREATE TABLE IF NOT EXISTS app.inspectionrecords (id INT GENERATED BY DEFAULT AS IDENTITY primary key, vehicleId INT not null, data jsonb not null)",
                 "CREATE TABLE IF NOT EXISTS app.inspectionrecordtemplates (id INT GENERATED BY DEFAULT AS IDENTITY primary key, vehicleId INT not null, data jsonb not null)",
-                "CREATE TABLE IF NOT EXISTS app.userhouseholdrecords (parentUserId INT, childUserId INT, PRIMARY KEY(parentUserId, childUserId))"
+                "CREATE TABLE IF NOT EXISTS app.userhouseholdrecords (parentUserId INT, childUserId INT, data jsonb not null, PRIMARY KEY(parentUserId, childUserId))"
             };
             foreach(string cmd in cmds)
             {
@@ -457,20 +457,13 @@ public IActionResult Export()
                         table.Upsert(record);
                     };
                 }
-                cmd = $"SELECT parentUserId, childUserId FROM app.userhouseholdrecords";
+                cmd = $"SELECT data FROM app.userhouseholdrecords";
                 using (var ctext = pgDataSource.CreateCommand(cmd))
                 {
                     using (NpgsqlDataReader reader = ctext.ExecuteReader())
                         while (reader.Read())
                         {
-                            UserHousehold result = new UserHousehold()
-                            {
-                                Id = new HouseholdAccess
-                                {
-                                    ParentUserId = int.Parse(reader["parentUserId"].ToString()),
-                                    ChildUserId = int.Parse(reader["childUserId"].ToString())
-                                }
-                            };
+                            UserHousehold result = JsonSerializer.Deserialize<UserHousehold>(reader["data"] as string);
                             userhouseholdrecords.Add(result);
                         }
                 }
@@ -853,11 +846,12 @@ public IActionResult Import(string fileName)
                 ;
                 foreach (var record in userhouseholdrecords)
                 {
-                    string cmd = $"INSERT INTO app.userhouseholdrecords (parentUserId, childUserId) VALUES(@parentUserId, @childUserId)";
+                    string cmd = $"INSERT INTO app.userhouseholdrecords (parentUserId, childUserId, data) VALUES(@parentUserId, @childUserId, CAST(@data AS jsonb))";
                     using (var ctext = pgDataSource.CreateCommand(cmd))
                     {
                         ctext.Parameters.AddWithValue("parentUserId", record.Id.ParentUserId);
                         ctext.Parameters.AddWithValue("childUserId", record.Id.ChildUserId);
+                        ctext.Parameters.AddWithValue("data", JsonSerializer.Serialize(record));
                         ctext.ExecuteNonQuery();
                     }
                 }
 
@@ -36,9 +36,9 @@ public IActionResult GetGasRecordsByVehicleId(int vehicleId)
         public IActionResult SaveGasRecordToVehicleId(GasRecordInput gasRecord)
         {
             //security check.
-            if (!_userLogic.UserCanEditVehicle(GetUserID(), gasRecord.VehicleId))
+            if (!_userLogic.UserCanEditVehicle(GetUserID(), gasRecord.VehicleId, HouseholdPermission.Edit))
             {
-                return Json(false);
+                return Json(OperationResponse.Failed("Access Denied"));
             }
             gasRecord.Files = gasRecord.Files.Select(x => { return new UploadedFiles { Name = x.Name, Location = _fileHelper.MoveFileFromTemp(x.Location, "documents/") }; }).ToList();
             var convertedRecord = gasRecord.ToGasRecord();
@@ -58,7 +58,7 @@ public IActionResult SaveGasRecordToVehicleId(GasRecordInput gasRecord)
                     Files = StaticHelper.CreateAttachmentFromRecord(ImportMode.GasRecord, convertedRecord.Id, $"Gas Record - {gasRecord.Mileage.ToString()}")
                 });
             }
-            return Json(result);
+            return Json(OperationResponse.Conditional(result, string.Empty, StaticHelper.GenericErrorMessage));
         }
         [TypeFilter(typeof(CollaboratorFilter))]
         [HttpGet]
@@ -74,7 +74,7 @@ public IActionResult GetGasRecordForEditById(int gasRecordId)
         {
             var result = _gasRecordDataAccess.GetGasRecordById(gasRecordId);
             //security check.
-            if (!_userLogic.UserCanEditVehicle(GetUserID(), result.VehicleId))
+            if (!_userLogic.UserCanEditVehicle(GetUserID(), result.VehicleId, HouseholdPermission.View))
             {
                 return Redirect("/Error/Unauthorized");
             }
@@ -104,20 +104,20 @@ public IActionResult GetGasRecordForEditById(int gasRecordId)
             };
             return PartialView("Gas/_GasModal", viewModel);
         }
-        private bool DeleteGasRecordWithChecks(int gasRecordId)
+        private OperationResponse DeleteGasRecordWithChecks(int gasRecordId)
         {
             var existingRecord = _gasRecordDataAccess.GetGasRecordById(gasRecordId);
             //security check.
-            if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))
+            if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Delete))
             {
-                return false;
+                return OperationResponse.Failed("Access Denied");
             }
             var result = _gasRecordDataAccess.DeleteGasRecordById(existingRecord.Id);
             if (result)
             {
                 StaticHelper.NotifyAsync(_config.GetWebHookUrl(), WebHookPayload.FromGasRecord(existingRecord, "gasrecord.delete", User.Identity.Name));
             }
-            return result;
+            return OperationResponse.Conditional(result, string.Empty, StaticHelper.GenericErrorMessage);
         }
         [HttpPost]
         public IActionResult DeleteGasRecordById(int gasRecordId)
@@ -163,6 +163,11 @@ public IActionResult SaveMultipleGasRecords(GasRecordEditModel editModel)
             foreach (int recordId in editModel.RecordIds)
             {
                 var existingRecord = _gasRecordDataAccess.GetGasRecordById(recordId);
+                //security check
+                if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Edit))
+                {
+                    return Json(OperationResponse.Failed("Access Denied"));
+                }
                 if (dateIsEdited)
                 {
                     existingRecord.Date = editModel.EditRecord.Date;
@@ -205,7 +210,7 @@ public IActionResult SaveMultipleGasRecords(GasRecordEditModel editModel)
                 }
                 result = _gasRecordDataAccess.SaveGasRecordToVehicle(existingRecord);
             }
-            return Json(result);
+            return Json(OperationResponse.Conditional(result, string.Empty, StaticHelper.GenericErrorMessage));
         }
     }
 }
@@ -186,7 +186,7 @@ public IActionResult GenerateCsvSample(ImportMode mode)
                 return Json(OperationResponse.Failed($"An error has occurred while generating CSV sample: {ex.Message}"));
             }
         }
-        [TypeFilter(typeof(CollaboratorFilter))]
+        [TypeFilter(typeof(CollaboratorFilter), Arguments = new object[] { false, true, HouseholdPermission.View })]
         [HttpGet]
         public IActionResult ExportFromVehicleToCsv(int vehicleId, ImportMode mode)
         {
@@ -408,9 +408,9 @@ public IActionResult ExportFromVehicleToCsv(int vehicleId, ImportMode mode)
                 }
                 return Json($"/{fileNameToExport}");
             }
-            return Json(false);
+            return Json(OperationResponse.Failed(StaticHelper.GenericErrorMessage));
         }
-        [TypeFilter(typeof(CollaboratorFilter))]
+        [TypeFilter(typeof(CollaboratorFilter), Arguments = new object[] { false, true, HouseholdPermission.Edit })]
         [HttpPost]
         public IActionResult ImportToVehicleIdFromCsv(int vehicleId, ImportMode mode, string fileName)
         {
Original file line number	Diff line number	Diff line change
`@@ -175,7 +175,7 @@ public IActionResult VehicleInfo(int vehicleId)`
`175`	`175`	`List<Vehicle> vehicles = new List<Vehicle>();`
`176`	`176`	`if (vehicleId != default)`
`177`	`177`	`{`
`178`		`- if (_userLogic.UserCanEditVehicle(GetUserID(), vehicleId))`
	`178`	`+ if (_userLogic.UserCanEditVehicle(GetUserID(), vehicleId, HouseholdPermission.View))`
`179`	`179`	`{`
`180`	`180`	`vehicles.Add(_dataAccess.GetVehicleById(vehicleId));`
`181`	`181`	`} else`
`@@ -351,7 +351,7 @@ public IActionResult DeletePlanRecord(int id)`
`351`	`351`	`return Json(OperationResponse.Failed("Invalid Record Id"));`
`352`	`352`	`}`
`353`	`353`	`//security check.`
`354`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))`
	`354`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Delete))`
`355`	`355`	`{`
`356`	`356`	`Response.StatusCode = 401;`
`357`	`357`	`return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));`
`@@ -419,7 +419,7 @@ public IActionResult UpdatePlanRecord(PlanRecordExportModel input)`
`419`	`419`	`if (existingRecord != null && existingRecord.Id == int.Parse(input.Id))`
`420`	`420`	`{`
`421`	`421`	`//check if user has access to the vehicleId`
`422`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))`
	`422`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Edit))`
`423`	`423`	`{`
`424`	`424`	`Response.StatusCode = 401;`
`425`	`425`	`return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));`
`@@ -567,7 +567,7 @@ public IActionResult DeleteServiceRecord(int id)`
`567`	`567`	`return Json(OperationResponse.Failed("Invalid Record Id"));`
`568`	`568`	`}`
`569`	`569`	`//security check.`
`570`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))`
	`570`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Delete))`
`571`	`571`	`{`
`572`	`572`	`Response.StatusCode = 401;`
`573`	`573`	`return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));`
`@@ -616,7 +616,7 @@ public IActionResult UpdateServiceRecord(GenericRecordExportModel input)`
`616`	`616`	`if (existingRecord != null && existingRecord.Id == int.Parse(input.Id))`
`617`	`617`	`{`
`618`	`618`	`//check if user has access to the vehicleId`
`619`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))`
	`619`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Edit))`
`620`	`620`	`{`
`621`	`621`	`Response.StatusCode = 401;`
`622`	`622`	`return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));`
`@@ -764,7 +764,7 @@ public IActionResult DeleteRepairRecord(int id)`
`764`	`764`	`return Json(OperationResponse.Failed("Invalid Record Id"));`
`765`	`765`	`}`
`766`	`766`	`//security check.`
`767`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))`
	`767`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Delete))`
`768`	`768`	`{`
`769`	`769`	`Response.StatusCode = 401;`
`770`	`770`	`return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));`
`@@ -813,7 +813,7 @@ public IActionResult UpdateRepairRecord(GenericRecordExportModel input)`
`813`	`813`	`if (existingRecord != null && existingRecord.Id == int.Parse(input.Id))`
`814`	`814`	`{`
`815`	`815`	`//check if user has access to the vehicleId`
`816`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))`
	`816`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Edit))`
`817`	`817`	`{`
`818`	`818`	`Response.StatusCode = 401;`
`819`	`819`	`return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));`
`@@ -961,7 +961,7 @@ public IActionResult DeleteUpgradeRecord(int id)`
`961`	`961`	`return Json(OperationResponse.Failed("Invalid Record Id"));`
`962`	`962`	`}`
`963`	`963`	`//security check.`
`964`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))`
	`964`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Delete))`
`965`	`965`	`{`
`966`	`966`	`Response.StatusCode = 401;`
`967`	`967`	`return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));`
`@@ -1010,7 +1010,7 @@ public IActionResult UpdateUpgradeRecord(GenericRecordExportModel input)`
`1010`	`1010`	`if (existingRecord != null && existingRecord.Id == int.Parse(input.Id))`
`1011`	`1011`	`{`
`1012`	`1012`	`//check if user has access to the vehicleId`
`1013`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))`
	`1013`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Edit))`
`1014`	`1014`	`{`
`1015`	`1015`	`Response.StatusCode = 401;`
`1016`	`1016`	`return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));`
`@@ -1180,7 +1180,7 @@ public IActionResult DeleteTaxRecord(int id)`
`1180`	`1180`	`return Json(OperationResponse.Failed("Invalid Record Id"));`
`1181`	`1181`	`}`
`1182`	`1182`	`//security check.`
`1183`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))`
	`1183`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Delete))`
`1184`	`1184`	`{`
`1185`	`1185`	`Response.StatusCode = 401;`
`1186`	`1186`	`return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));`
`@@ -1223,7 +1223,7 @@ public IActionResult UpdateTaxRecord(TaxRecordExportModel input)`
`1223`	`1223`	`if (existingRecord != null && existingRecord.Id == int.Parse(input.Id))`
`1224`	`1224`	`{`
`1225`	`1225`	`//check if user has access to the vehicleId`
`1226`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))`
	`1226`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Edit))`
`1227`	`1227`	`{`
`1228`	`1228`	`Response.StatusCode = 401;`
`1229`	`1229`	`return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));`
`@@ -1373,7 +1373,7 @@ public IActionResult DeleteOdometerRecord(int id)`
`1373`	`1373`	`return Json(OperationResponse.Failed("Invalid Record Id"));`
`1374`	`1374`	`}`
`1375`	`1375`	`//security check.`
`1376`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))`
	`1376`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Delete))`
`1377`	`1377`	`{`
`1378`	`1378`	`Response.StatusCode = 401;`
`1379`	`1379`	`return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));`
`@@ -1416,7 +1416,7 @@ public IActionResult UpdateOdometerRecord(OdometerRecordExportModel input)`
`1416`	`1416`	`if (existingRecord != null && existingRecord.Id == int.Parse(input.Id))`
`1417`	`1417`	`{`
`1418`	`1418`	`//check if user has access to the vehicleId`
`1419`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))`
	`1419`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Edit))`
`1420`	`1420`	`{`
`1421`	`1421`	`Response.StatusCode = 401;`
`1422`	`1422`	`return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));`
`@@ -1583,7 +1583,7 @@ public IActionResult DeleteGasRecord(int id)`
`1583`	`1583`	`return Json(OperationResponse.Failed("Invalid Record Id"));`
`1584`	`1584`	`}`
`1585`	`1585`	`//security check.`
`1586`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))`
	`1586`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Delete))`
`1587`	`1587`	`{`
`1588`	`1588`	`Response.StatusCode = 401;`
`1589`	`1589`	`return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));`
`@@ -1629,7 +1629,7 @@ public IActionResult UpdateGasRecord(GasRecordExportModel input)`
`1629`	`1629`	`if (existingRecord != null && existingRecord.Id == int.Parse(input.Id))`
`1630`	`1630`	`{`
`1631`	`1631`	`//check if user has access to the vehicleId`
`1632`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))`
	`1632`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Edit))`
`1633`	`1633`	`{`
`1634`	`1634`	`Response.StatusCode = 401;`
`1635`	`1635`	`return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));`
`@@ -1823,7 +1823,7 @@ public IActionResult UpdateReminderRecord(ReminderExportModel input)`
`1823`	`1823`	`if (existingRecord != null && existingRecord.Id == int.Parse(input.Id))`
`1824`	`1824`	`{`
`1825`	`1825`	`//check if user has access to the vehicleId`
`1826`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))`
	`1826`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Edit))`
`1827`	`1827`	`{`
`1828`	`1828`	`Response.StatusCode = 401;`
`1829`	`1829`	`return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));`
`@@ -1861,7 +1861,7 @@ public IActionResult DeleteReminderRecord(int id)`
`1861`	`1861`	`return Json(OperationResponse.Failed("Invalid Record Id"));`
`1862`	`1862`	`}`
`1863`	`1863`	`//security check.`
`1864`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))`
	`1864`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Delete))`
`1865`	`1865`	`{`
`1866`	`1866`	`Response.StatusCode = 401;`
`1867`	`1867`	`return Json(OperationResponse.Failed("Access Denied, you don't have access to this vehicle."));`
Original file line number	Diff line number	Diff line change
`@@ -104,5 +104,11 @@ public IActionResult AddUserToHousehold(int parentUserId, string username)`
`104`	`104`	`var result = _userLogic.AddUserToHousehold(parentUserId, username);`
`105`	`105`	`return Json(result);`
`106`	`106`	`}`
	`107`	`+ [HttpPost]`
	`108`	`+ public IActionResult ModifyUserHouseholdPermissions(int parentUserId, int childUserId, List<HouseholdPermission> permissions)`
	`109`	`+ {`
	`110`	`+ var result = _userLogic.UpdateUserHousehold(parentUserId, childUserId, permissions);`
	`111`	`+ return Json(result);`
	`112`	`+ }`
`107`	`113`	`}`
`108`	`114`	`}`
Original file line number	Diff line number	Diff line change
`@@ -302,6 +302,12 @@ public IActionResult RemoveUserFromHousehold(int userId)`
`302`	`302`	`return Json(result);`
`303`	`303`	`}`
`304`	`304`	`[HttpPost]`
	`305`	`+ public IActionResult ModifyUserHouseholdPermissions(int userId, List<HouseholdPermission> permissions)`
	`306`	`+ {`
	`307`	`+ var result = _userLogic.UpdateUserHousehold(GetUserID(), userId, permissions);`
	`308`	`+ return Json(result);`
	`309`	`+ }`
	`310`	`+ [HttpPost]`
`305`	`311`	`public IActionResult AddUserToHousehold(string username)`
`306`	`312`	`{`
`307`	`313`	`var result = _userLogic.AddUserToHousehold(GetUserID(), username);`
Original file line number	Diff line number	Diff line change
`@@ -55,7 +55,7 @@ private void InitializeTables(NpgsqlDataSource conn)`
`55`	`55`	`"CREATE TABLE IF NOT EXISTS app.extrafields (id INT primary key, data jsonb not null)",`
`56`	`56`	`"CREATE TABLE IF NOT EXISTS app.inspectionrecords (id INT GENERATED BY DEFAULT AS IDENTITY primary key, vehicleId INT not null, data jsonb not null)",`
`57`	`57`	`"CREATE TABLE IF NOT EXISTS app.inspectionrecordtemplates (id INT GENERATED BY DEFAULT AS IDENTITY primary key, vehicleId INT not null, data jsonb not null)",`
`58`		`- "CREATE TABLE IF NOT EXISTS app.userhouseholdrecords (parentUserId INT, childUserId INT, PRIMARY KEY(parentUserId, childUserId))"`
	`58`	`+ "CREATE TABLE IF NOT EXISTS app.userhouseholdrecords (parentUserId INT, childUserId INT, data jsonb not null, PRIMARY KEY(parentUserId, childUserId))"`
`59`	`59`	`};`
`60`	`60`	`foreach(string cmd in cmds)`
`61`	`61`	`{`
`@@ -457,20 +457,13 @@ public IActionResult Export()`
`457`	`457`	`table.Upsert(record);`
`458`	`458`	`};`
`459`	`459`	`}`
`460`		`- cmd = $"SELECT parentUserId, childUserId FROM app.userhouseholdrecords";`
	`460`	`+ cmd = $"SELECT data FROM app.userhouseholdrecords";`
`461`	`461`	`using (var ctext = pgDataSource.CreateCommand(cmd))`
`462`	`462`	`{`
`463`	`463`	`using (NpgsqlDataReader reader = ctext.ExecuteReader())`
`464`	`464`	`while (reader.Read())`
`465`	`465`	`{`
`466`		`- UserHousehold result = new UserHousehold()`
`467`		`- {`
`468`		`- Id = new HouseholdAccess`
`469`		`- {`
`470`		`- ParentUserId = int.Parse(reader["parentUserId"].ToString()),`
`471`		`- ChildUserId = int.Parse(reader["childUserId"].ToString())`
`472`		`- }`
`473`		`- };`
	`466`	`+ UserHousehold result = JsonSerializer.Deserialize<UserHousehold>(reader["data"] as string);`
`474`	`467`	`userhouseholdrecords.Add(result);`
`475`	`468`	`}`
`476`	`469`	`}`
`@@ -853,11 +846,12 @@ public IActionResult Import(string fileName)`
`853`	`846`	`;`
`854`	`847`	`foreach (var record in userhouseholdrecords)`
`855`	`848`	`{`
`856`		`- string cmd = $"INSERT INTO app.userhouseholdrecords (parentUserId, childUserId) VALUES(@parentUserId, @childUserId)";`
	`849`	`+ string cmd = $"INSERT INTO app.userhouseholdrecords (parentUserId, childUserId, data) VALUES(@parentUserId, @childUserId, CAST(@data AS jsonb))";`
`857`	`850`	`using (var ctext = pgDataSource.CreateCommand(cmd))`
`858`	`851`	`{`
`859`	`852`	`ctext.Parameters.AddWithValue("parentUserId", record.Id.ParentUserId);`
`860`	`853`	`ctext.Parameters.AddWithValue("childUserId", record.Id.ChildUserId);`
	`854`	`+ ctext.Parameters.AddWithValue("data", JsonSerializer.Serialize(record));`
`861`	`855`	`ctext.ExecuteNonQuery();`
`862`	`856`	`}`
`863`	`857`	`}`
Original file line number	Diff line number	Diff line change
`@@ -36,9 +36,9 @@ public IActionResult GetGasRecordsByVehicleId(int vehicleId)`
`36`	`36`	`public IActionResult SaveGasRecordToVehicleId(GasRecordInput gasRecord)`
`37`	`37`	`{`
`38`	`38`	`//security check.`
`39`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), gasRecord.VehicleId))`
	`39`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), gasRecord.VehicleId, HouseholdPermission.Edit))`
`40`	`40`	`{`
`41`		`- return Json(false);`
	`41`	`+ return Json(OperationResponse.Failed("Access Denied"));`
`42`	`42`	`}`
`43`	`43`	`gasRecord.Files = gasRecord.Files.Select(x => { return new UploadedFiles { Name = x.Name, Location = _fileHelper.MoveFileFromTemp(x.Location, "documents/") }; }).ToList();`
`44`	`44`	`var convertedRecord = gasRecord.ToGasRecord();`
`@@ -58,7 +58,7 @@ public IActionResult SaveGasRecordToVehicleId(GasRecordInput gasRecord)`
`58`	`58`	`Files = StaticHelper.CreateAttachmentFromRecord(ImportMode.GasRecord, convertedRecord.Id, $"Gas Record - {gasRecord.Mileage.ToString()}")`
`59`	`59`	`});`
`60`	`60`	`}`
`61`		`- return Json(result);`
	`61`	`+ return Json(OperationResponse.Conditional(result, string.Empty, StaticHelper.GenericErrorMessage));`
`62`	`62`	`}`
`63`	`63`	`[TypeFilter(typeof(CollaboratorFilter))]`
`64`	`64`	`[HttpGet]`
`@@ -74,7 +74,7 @@ public IActionResult GetGasRecordForEditById(int gasRecordId)`
`74`	`74`	`{`
`75`	`75`	`var result = _gasRecordDataAccess.GetGasRecordById(gasRecordId);`
`76`	`76`	`//security check.`
`77`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), result.VehicleId))`
	`77`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), result.VehicleId, HouseholdPermission.View))`
`78`	`78`	`{`
`79`	`79`	`return Redirect("/Error/Unauthorized");`
`80`	`80`	`}`
`@@ -104,20 +104,20 @@ public IActionResult GetGasRecordForEditById(int gasRecordId)`
`104`	`104`	`};`
`105`	`105`	`return PartialView("Gas/_GasModal", viewModel);`
`106`	`106`	`}`
`107`		`- private bool DeleteGasRecordWithChecks(int gasRecordId)`
	`107`	`+ private OperationResponse DeleteGasRecordWithChecks(int gasRecordId)`
`108`	`108`	`{`
`109`	`109`	`var existingRecord = _gasRecordDataAccess.GetGasRecordById(gasRecordId);`
`110`	`110`	`//security check.`
`111`		`- if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId))`
	`111`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Delete))`
`112`	`112`	`{`
`113`		`- return false;`
	`113`	`+ return OperationResponse.Failed("Access Denied");`
`114`	`114`	`}`
`115`	`115`	`var result = _gasRecordDataAccess.DeleteGasRecordById(existingRecord.Id);`
`116`	`116`	`if (result)`
`117`	`117`	`{`
`118`	`118`	`StaticHelper.NotifyAsync(_config.GetWebHookUrl(), WebHookPayload.FromGasRecord(existingRecord, "gasrecord.delete", User.Identity.Name));`
`119`	`119`	`}`
`120`		`- return result;`
	`120`	`+ return OperationResponse.Conditional(result, string.Empty, StaticHelper.GenericErrorMessage);`
`121`	`121`	`}`
`122`	`122`	`[HttpPost]`
`123`	`123`	`public IActionResult DeleteGasRecordById(int gasRecordId)`
`@@ -163,6 +163,11 @@ public IActionResult SaveMultipleGasRecords(GasRecordEditModel editModel)`
`163`	`163`	`foreach (int recordId in editModel.RecordIds)`
`164`	`164`	`{`
`165`	`165`	`var existingRecord = _gasRecordDataAccess.GetGasRecordById(recordId);`
	`166`	`+ //security check`
	`167`	`+ if (!_userLogic.UserCanEditVehicle(GetUserID(), existingRecord.VehicleId, HouseholdPermission.Edit))`
	`168`	`+ {`
	`169`	`+ return Json(OperationResponse.Failed("Access Denied"));`
	`170`	`+ }`
`166`	`171`	`if (dateIsEdited)`
`167`	`172`	`{`
`168`	`173`	`existingRecord.Date = editModel.EditRecord.Date;`
`@@ -205,7 +210,7 @@ public IActionResult SaveMultipleGasRecords(GasRecordEditModel editModel)`
`205`	`210`	`}`
`206`	`211`	`result = _gasRecordDataAccess.SaveGasRecordToVehicle(existingRecord);`
`207`	`212`	`}`
`208`		`- return Json(result);`
	`213`	`+ return Json(OperationResponse.Conditional(result, string.Empty, StaticHelper.GenericErrorMessage));`
`209`	`214`	`}`
`210`	`215`	`}`
`211`	`216`	`}`
Original file line number	Diff line number	Diff line change
`@@ -186,7 +186,7 @@ public IActionResult GenerateCsvSample(ImportMode mode)`
`186`	`186`	`return Json(OperationResponse.Failed($"An error has occurred while generating CSV sample: {ex.Message}"));`
`187`	`187`	`}`
`188`	`188`	`}`
`189`		`- [TypeFilter(typeof(CollaboratorFilter))]`
	`189`	`+ [TypeFilter(typeof(CollaboratorFilter), Arguments = new object[] { false, true, HouseholdPermission.View })]`
`190`	`190`	`[HttpGet]`
`191`	`191`	`public IActionResult ExportFromVehicleToCsv(int vehicleId, ImportMode mode)`
`192`	`192`	`{`
`@@ -408,9 +408,9 @@ public IActionResult ExportFromVehicleToCsv(int vehicleId, ImportMode mode)`
`408`	`408`	`}`
`409`	`409`	`return Json($"/{fileNameToExport}");`
`410`	`410`	`}`
`411`		`- return Json(false);`
	`411`	`+ return Json(OperationResponse.Failed(StaticHelper.GenericErrorMessage));`
`412`	`412`	`}`
`413`		`- [TypeFilter(typeof(CollaboratorFilter))]`
	`413`	`+ [TypeFilter(typeof(CollaboratorFilter), Arguments = new object[] { false, true, HouseholdPermission.Edit })]`
`414`	`414`	`[HttpPost]`
`415`	`415`	`public IActionResult ImportToVehicleIdFromCsv(int vehicleId, ImportMode mode, string fileName)`
`416`	`416`	`{`