User page now properly recognizes admins and now sales users have limited order access

64f087b4 · Cam Hayes · bb24c447 · 64f087b4 · 64f087b4 · 64f087b4
Commit 64f087b4 authored Nov 20, 2025 by Cam Hayes
5 changed files
--- a/kgOrdersClient/View.Main.pas
+++ b/kgOrdersClient/View.Main.pas
@@ -94,7 +94,8 @@ begin
  lblUsername.Caption := ' ' + userName.ToLower + ' ';
  FChildForm := nil;
  change := false;
-  if (not (JS.toBoolean(AuthService.TokenPayload.Properties['user_admin'])))  then
+  console.log(JS.toBoolean(AuthService.TokenPayload.Properties['user_access_type']));
+  if (not (JS.toString(AuthService.TokenPayload.Properties['user_access_type']) = 'ADMIN'))  then
    lblUsers.enabled := false;

  ShowForm(TFViewOrders);

--- a/kgOrdersClient/View.Orders.pas
+++ b/kgOrdersClient/View.Orders.pas
@@ -848,7 +848,9 @@ begin
  searchOptions :=  '&pagenumber=' + IntToStr(PageNumber) +
                    '&pagesize=' + IntToStr(PageSize) +
                    '&orderby=' + OrderBy +
-                    '&direction=' + direction;
+                    '&direction=' + direction +
+                    '&accessRights=' + JS.toString(AuthService.TokenPayload.Properties['user_access_type']) +
+                    '&userID=' +  JS.toString(AuthService.TokenPayload.Properties['user_id']);

                    //Status 1
                    if ( (filterType1 <> '') and (filterType1 <> 'NONE') ) then

--- a/kgOrdersServer/Source/Auth.ServiceImpl.pas
+++ b/kgOrdersServer/Source/Auth.ServiceImpl.pas
@@ -144,7 +144,6 @@ begin
    JWT.Claims.SetClaimOfType<string>('user_email', userEmail);
    JWT.Claims.SetClaimOfType<string>('user_qb_id', userQBID);
    JWT.Claims.SetClaimOfType<string>('user_access_type', userAccessType);
-    JWT.Claims.SetClaimOfType<string>('user_admin', LowerCase(BoolToStr(SameText(userAccessType, 'ADMIN'), True)));

    Result := TJOSE.SHA256CompactToken(serverConfig.jwtTokenSecret, JWT);
  finally

--- a/kgOrdersServer/Source/Lookup.ServiceImpl.pas
+++ b/kgOrdersServer/Source/Lookup.ServiceImpl.pas
@@ -1030,6 +1030,7 @@ var
  OrderID, CompanyID, JobName, orderType: string;
  status1, status2: TStatusSearchInfo;
  ForPDF: Boolean;
+  accessRights, userID: string;
 begin
  result := TSQLQuery.Create;
  params := TStringList.Create;
@@ -1052,6 +1053,8 @@ begin
  OrderID := params.Values['orderID'];
  companyID := params.Values['companyID'];
  jobName := params.Values['jobName'];
+  accessRights := params.Values['accessRights'];
+  userID := params.Values['userID'];

  status1 := createStatusSearchInfo(params, '1');
  status2 := createStatusSearchInfo(params, '2');
@@ -1087,6 +1090,12 @@ begin
  if jobName <> '' then
    whereSQL := whereSQL + ' AND o.JOB_NAME LIKE ' + QuotedStr('%' + jobName + '%');

+  if  accessRights = 'SALES' then
+  begin
+    whereSQL := whereSQL + ' AND c.REP_USER_ID = ' + userID;
+  end;
+
+
  orderBySQL := ' ORDER BY ' + OrderBy;

  SQL := SQL + ' o.PRICE, qb.QB_REF_NUM, ' +

--- a/kgOrdersServer/bin/kgOrdersServer.ini
+++ b/kgOrdersServer/bin/kgOrdersServer.ini
@@ -2,7 +2,7 @@
 MemoLogLevel=4
 FileLogLevel=4
 webClientVersion=1.0.0
-LogFileNum=126
+LogFileNum=129

 [Database]
 --Server=192.168.116.138