TD-4884 Prevent supervisors from viewing/reviewing self assessments in a category that doesn't match their own

sherif-olaboye · sherif-olaboye · commit d7849197b9bf · 2024-11-12T12:10:32.000Z
diff --git a/DigitalLearningSolutions.Data/DataServices/SupervisorDataService.cs b/DigitalLearningSolutions.Data/DataServices/SupervisorDataService.cs
@@ -590,7 +590,7 @@ FROM   CandidateAssessmentSupervisors AS cas INNER JOIN
                              NRPSubGroups AS sg ON sa.NRPSubGroupID = sg.ID LEFT OUTER JOIN
                              NRPRoles AS r ON sa.NRPRoleID = r.ID
                              LEFT OUTER JOIN SelfAssessmentSupervisorRoles AS sasr ON cas.SelfAssessmentSupervisorRoleID = sasr.ID
-                WHERE (ca.ID = @candidateAssessmentId) AND (cas.Removed IS NULL) AND (sd.SupervisorAdminID = @adminId) AND (sa.CategoryID = @adminIdCategoryId)",
+                WHERE (ca.ID = @candidateAssessmentId) AND (cas.Removed IS NULL) AND (sd.SupervisorAdminID = @adminId) AND (ISNULL(@adminIdCategoryID, 0) = 0 OR sa.CategoryID = @adminIdCategoryId)",
                 new { candidateAssessmentId, adminId, adminIdCategoryId }
                 ).FirstOrDefault();
         }

Original file line number	Diff line number	Diff line change
`@@ -590,7 +590,7 @@ FROM CandidateAssessmentSupervisors AS cas INNER JOIN`
`590`	`590`	`NRPSubGroups AS sg ON sa.NRPSubGroupID = sg.ID LEFT OUTER JOIN`
`591`	`591`	`NRPRoles AS r ON sa.NRPRoleID = r.ID`
`592`	`592`	`LEFT OUTER JOIN SelfAssessmentSupervisorRoles AS sasr ON cas.SelfAssessmentSupervisorRoleID = sasr.ID`
`593`		`- WHERE (ca.ID = @candidateAssessmentId) AND (cas.Removed IS NULL) AND (sd.SupervisorAdminID = @adminId) AND (sa.CategoryID = @adminIdCategoryId)",`
	`593`	`+ WHERE (ca.ID = @candidateAssessmentId) AND (cas.Removed IS NULL) AND (sd.SupervisorAdminID = @adminId) AND (ISNULL(@adminIdCategoryID, 0) = 0 OR sa.CategoryID = @adminIdCategoryId)",`
`594`	`594`	`new { candidateAssessmentId, adminId, adminIdCategoryId }`
`595`	`595`	`).FirstOrDefault();`
`596`	`596`	`}`