diff --git a/Hippo.Web/Controllers/AdminController.cs b/Hippo.Web/Controllers/AdminController.cs index 14da82be..2a204671 100644 --- a/Hippo.Web/Controllers/AdminController.cs +++ b/Hippo.Web/Controllers/AdminController.cs @@ -105,7 +105,7 @@ public async Task RemoveClusterAdmin(int id) .Include(p => p.Role) .Include(p => p.User) .Where(p => - p.Id == id + p.UserId == id && p.Cluster.Name == Cluster && p.Role.Name == Role.Codes.ClusterAdmin) .SingleOrDefaultAsync(); diff --git a/Hippo.Web/Controllers/OrderController.cs b/Hippo.Web/Controllers/OrderController.cs index 7b1e13c4..4d28992c 100644 --- a/Hippo.Web/Controllers/OrderController.cs +++ b/Hippo.Web/Controllers/OrderController.cs @@ -72,10 +72,10 @@ public async Task AdminOrders() return BadRequest("You do not have permission to view this page."); } var currentUserAccount = await _dbContext.Accounts.SingleOrDefaultAsync(a => a.Cluster.Name == Cluster && a.OwnerId == currentUser.Id); - if (currentUserAccount == null) - { - return Ok(new OrderListModel[0]); - } + //if (currentUserAccount == null) + //{ + // return Ok(new OrderListModel[0]); + //} //Probably will want to filter out old ones that are completed and the expiration date has passed. var adminStatuses = new List { Order.Statuses.Submitted, Order.Statuses.Processing, Order.Statuses.Active, Order.Statuses.Closed, Order.Statuses.Completed }; @@ -289,7 +289,7 @@ public async Task UpdateBilling([FromBody] OrderPostModel model) //TODO: Validation //Updating an existing order without changing the status. - var existingOrder = await _dbContext.Orders.Include(a => a.PrincipalInvestigator).Include(a => a.Cluster).Include(a => a.Billings).FirstAsync(a => a.Id == model.Id); + var existingOrder = await _dbContext.Orders.Include(a => a.PrincipalInvestigator.Owner).Include(a => a.Cluster).Include(a => a.Billings).FirstAsync(a => a.Id == model.Id); if (existingOrder.PrincipalInvestigator.Owner.Id != currentUser.Id && !isClusterOrSystemAdmin) //Do we want admins to be able to make these chanegs? { return BadRequest("You do not have permission to update the billing information on this order."); @@ -499,7 +499,7 @@ public async Task CancelOrder(int id) //var permissions = await _userService.GetCurrentPermissionsAsync(); //var isClusterOrSystemAdmin = permissions.IsClusterOrSystemAdmin(Cluster); - var existingOrder = await _dbContext.Orders.Include(a => a.PrincipalInvestigator).Include(a => a.Cluster).FirstAsync(a => a.Id == id); + var existingOrder = await _dbContext.Orders.Include(a => a.PrincipalInvestigator.Owner).Include(a => a.Cluster).FirstAsync(a => a.Id == id); var isPi = existingOrder.PrincipalInvestigator.Owner.Id == currentUser.Id; if (!isPi) @@ -575,7 +575,7 @@ public async Task MakePayment(int id, decimal amount) amount = Math.Round(amount, 2); - var order = await _dbContext.Orders.Include(a => a.PrincipalInvestigator).Include(a => a.Payments).Include(a => a.Cluster).FirstAsync(a => a.Id == id && a.Cluster.Name == Cluster); + var order = await _dbContext.Orders.Include(a => a.PrincipalInvestigator.Owner).Include(a => a.Payments).Include(a => a.Cluster).FirstAsync(a => a.Id == id && a.Cluster.Name == Cluster); if (order == null) { return NotFound();