修改

CallCenterApi/CallCenterApi.DAL/T_Bus_Feedback.cs

@@ -412,6 +412,7 @@ namespace CallCenterApi.DAL
                 {
                     model.F_Situation = row["F_Situation"].ToString();
                 }
+              
             }
             return model;
         }
@@ -422,7 +423,7 @@ namespace CallCenterApi.DAL
         public DataSet GetList(string strWhere)
         {
             StringBuilder strSql = new StringBuilder();
-            strSql.Append("select F_Id,F_AssignedId,F_WorkOrderId,F_Result,F_CreateTime,F_CreateUser,F_CreateDeptId,F_IsFeedEnd,F_File,F_Type,F_State,F_IsAudit,F_AuditUser,F_AuditTime,F_IsDelete,F_DeleteUser,F_DeleteTime,F_DealUser,F_AuditReason ");
+            strSql.Append("select  * ");
             strSql.Append(" FROM T_Bus_Feedback ");
             if (strWhere.Trim() != "")
             {
@@ -442,7 +443,7 @@ namespace CallCenterApi.DAL
             {
                 strSql.Append(" top " + Top.ToString());
             }
-            strSql.Append(" F_Id,F_AssignedId,F_WorkOrderId,F_Result,F_CreateTime,F_CreateUser,F_CreateDeptId,F_IsFeedEnd,F_File,F_Type,F_State,F_IsAudit,F_AuditUser,F_AuditTime,F_IsDelete,F_DeleteUser,F_DeleteTime,F_DealUser,F_AuditReason ");
+            strSql.Append(" F_Id,F_AssignedId,F_WorkOrderId,F_Result,F_CreateTime,F_CreateUser,F_CreateDeptId,F_IsFeedEnd,F_File,F_Type,F_State,F_IsAudit,F_AuditUser,F_AuditTime,F_IsDelete,F_DeleteUser,F_DeleteTime,F_DealUser,F_AuditReason,F_IsProResult,F_ProSituation ");
             strSql.Append(" FROM T_Bus_Feedback ");
             if (strWhere.Trim() != "")
             {

CallCenterApi/CallCenterApi.DAL/T_Sys_Users.cs

@@ -296,7 +296,7 @@ namespace CallCenterApi.DAL
         {
             StringBuilder strSql = new StringBuilder();
             strSql.Append("select F_Id,F_OpenId,F_CreateTime,F_Type,F_Password,F_Name,F_Telphone,F_Sex,F_Province,F_City,F_County,F_Address ");
-            strSql.Append(" FROM T_Sys_Users ");
+            strSql.Append(" FROM T_Sys_Users WITH(NOLOCK)");
             if (strWhere.Trim() != "")
             {
                 strSql.Append(" where " + strWhere);

CallCenterApi/CallCenterApi.Interface/CallCenterApi.Interface/App_Start/SqlErrorAttribute.cs

@@ -0,0 +1,389 @@
+using System;
+using System.Collections.Generic;
+using System.Data;
+using System.Linq;
+using System.Text;
+using System.Web;
+using System.Web.Mvc;
+using CallCenter.Utility;
+using CallCenterApi.Common;
+using CallCenterApi.DB;
+using CallCenterApi.Interface.Controllers.Login;
+
+namespace CallCenterApi.Interface.App_Start
+{
+    public class SqlErrorAttribute : ActionFilterAttribute
+    {
+
+
+        //sql注入式攻击检查
+
+        public override void OnActionExecuting(ActionExecutingContext filterContext)
+        {
+            if (filterContext.HttpContext.Request.CurrentExecutionFilePath.Contains("CallOpt"))
+            {
+
+            }
+            else
+            {
+
+                if (filterContext.HttpContext.Request.CurrentExecutionFilePath.Contains("GetList"))
+                {
+                    int qw = 0;
+                }
+                //当前角色导航判断 
+                var token1 = filterContext.HttpContext.Request["token"];
+                if (token1 != null)
+                {
+                    var userDatastr = RedisHelper.StringGet(token1);
+                    if (userDatastr != null)
+                    {
+                        Dictionary<string, string> userData = new Dictionary<string, string>();
+                        userData = userDatastr.ToString().ToObject<Dictionary<string, string>>();
+                        var roleId = Utils.StrToInt(userData["F_RoleID"], 0);
+                        var F_UserID = Utils.StrToInt(userData["F_UserID"], 0);
+                        int qq = geturl(roleId.ToString(), F_UserID);
+                        if (qq > 0)
+                        {
+                            //报错无权限
+                            throw new Exception("操作失败：无权限！");
+
+                        }
+                    }
+                }
+                IList<string> tname = new List<string>();
+                if (filterContext.HttpContext.Request.Form.Keys.Count > 0)
+                {
+                    for (int q = 0; q < filterContext.HttpContext.Request.Form.Keys.Count; q++)
+                    {
+                        var tid = filterContext.HttpContext.Request.Form.Keys[q];
+                        if (!tname.Contains(tid))
+                        {
+                            tname.Add(tid);
+                        }
+                    }
+                }
+                if (filterContext.HttpContext.Request.QueryString.Count > 0)
+                {
+                    for (int q = 0; q < filterContext.HttpContext.Request.QueryString.Count; q++)
+                    {
+                        var tid = filterContext.HttpContext.Request.QueryString.AllKeys[q];
+                        if (!tname.Contains(tid))
+                        {
+                            tname.Add(tid);
+                        }
+
+                    }
+                }
+                var actionParameters = filterContext.ActionDescriptor.GetParameters();
+                var otherController = DependencyResolver.Current.GetService<AES256Controller>();
+                string urls = filterContext.ActionDescriptor.ActionName;
+                if (urls != null
+                    && (filterContext.HttpContext.Request.QueryString.Count > 0
+                    || filterContext.HttpContext.Request.Form.Keys.Count > 0))
+                {
+                    if (filterContext.HttpContext.Request.Form.Keys.Count > 0)
+                    {//post
+                     //遍历字典
+                     //foreach (KeyValuePair<string, object> kvp in filterContext.ActionParameters)
+                     //{
+                     //取值，赋值
+                     //var key = kvp.Key;
+
+                        ////var tt= filterContext.ActionParameters[key].GetType();
+                        ////var tt2 = filterContext.ActionParameters[key];
+                        ////var t1 = filterContext.ActionParameters.Keys.Count;
+                        ////var t2 = filterContext.ActionParameters.Values.Count;
+                        //object o = filterContext.ActionParameters;
+                        //PropertyDescriptorCollection PropertyList = System.ComponentModel.TypeDescriptor.GetProperties(o);
+                        //Type t = o.GetType();
+                        //PropertyInfo[] pList = t.GetProperties();
+                        //foreach (PropertyInfo item in pList)
+                        //{
+                        //    string name = item.Name;
+                        //object value = item.GetValue(o, null);
+
+                        //if (name == "Values")
+                        //{
+                        for (int w = 0; w < tname.Count; w++)
+                        {
+                            //时间去掉 tname[w]
+                            string v1 = tname[w].ToString();
+                            //&& v1 != "cont"
+                            //编辑器编辑内容排除
+                            if (v1 != "con" && v1 != "cont")
+                            {
+
+
+                                var v = filterContext.HttpContext.Request.Form[tname[w]];
+
+                                FilterSql(v);
+                            }
+
+                        }
+
+                        //   }
+
+                        //   }
+
+                        //}
+                    }
+                    else if (filterContext.HttpContext.Request.QueryString.Count > 0)
+                    {//get
+                        for (int w = 0; w < tname.Count; w++)
+                        {
+                            var v = filterContext.HttpContext.Request.QueryString[tname[w]];
+                            FilterSql(v);
+                        }
+
+                    }
+
+                }
+            }
+        }
+
+
+
+        public static void FilterSql(string s)
+        {
+            // if (string.IsNullOrEmpty(s)) return string.Empty;
+            s = s.Trim().ToLower();
+            string s1 = "";
+            int i = 0;
+            string message = "操作失败！！！异常提醒：符号";
+            if (s.Contains("=")) { i++; message += (s1 + "=,"); };
+            if (s.Contains("'")) { i++; message += (s1 + "',"); };
+            if (s.Contains(";")) { i++; message += (s1 + ";,"); };
+            if (s.Contains(" or ")) { i++; message += (s1 + " or ,"); };
+            if (s.Contains("select")) { i++; message += (s1 + "select,"); };
+            if (s.Contains("update")) { i++; message += (s1 + "update,"); };
+            if (s.Contains("insert")) { i++; message += (s1 + "insert,"); };
+            if (s.Contains("delete")) { i++; message += (s1 + "delete,"); };
+            if (s.Contains("declare")) { i++; message += (s1 + "declare,"); };
+            if (s.Contains("exec")) { i++; message += (s1 + "exec,"); };
+            if (s.Contains("drop")) { i++; message += (s1 + "drop,"); };
+            if (s.Contains("create")) { i++; message += (s1 + "create,"); };
+            if (s.Contains("%")) { i++; message += (s1 + "%,"); };
+            if (s.Contains("--")) { i++; message += (s1 + "--,"); };
+            if (s.Contains("_")) { i++; message += (s1 + "_,"); };
+            if (s.Contains("convert")) { i++; message += (s1 + "convert,"); };
+            if (s.Contains("@version")) { i++; message += (s1 + "@version,"); };
+            if (i > 0)
+            {
+                throw new Exception(message);
+            }
+
+
+        }
+
+
+        /// <summary>
+        /// 导航权限判断
+        /// </summary>
+        /// <param name="url">当前进入导航</param>
+        ///  <param name="roleId">当前登陆人角色id </param>
+        ///  <param name="userId">当前登陆人id </param>
+        /// <returns></returns>
+        public static int geturl(string roleId, int userId)
+        {
+            int a = 0;
+            int b = 0;
+            //1:检测用户是否禁用
+            var u = new BLL.T_Sys_UserAccount().GetModel(userId);
+            //1-禁用 0-启用
+            if (u == null)
+            {
+                a = 1;
+            }
+            else if (u.F_DeleteFlag == 1)
+            {
+                a = 1;
+            }
+            #region MyRegion
+            // return ds;
+
+
+
+
+            //         string url1 = HttpContext.Current.Request.Url.AbsolutePath;
+            //         string url2 = HttpContext.Current.Request.Path;
+
+            //         DataSet dt = new DataSet();
+            //         Dictionary<String, String> para = new Dictionary<string, String>();
+
+
+            //         String sql = @"  select   f.F_OptUrl
+            //from dbo.T_Sys_RoleFunction rf 
+            //left join T_Sys_Function  f on   rf.F_FunctionId=f.F_FunctionId 
+            //where    F_RoleId=@RoleId  group by f.F_OptUrl ";
+            //         para.Add("@RoleId", roleId);
+            //         dt = DbHelperSQL.Query(sql, para);
+
+            //         if (dt.Tables.Count > 0)
+            //         {
+            //             for (int i = 0; i < dt.Tables.Count; i++)
+            //             {
+            //                 DataTable t = dt.Tables[i];
+            //                 string t1=t.Columns[i].ToString();
+
+
+
+
+            //                 //if (url==t.) { }
+            //             }
+            //         }
+            #endregion
+
+            return a;
+
+        }
+
+
+
+        //根据接口找Id 找到 则判断 导航权限
+        public static int getItemBYUrl(string url, int roleId)
+        {
+            int a = 0;
+            StringBuilder strSql = new StringBuilder();
+            strSql.Append(@" 	select F_RoleId
+from  dbo.T_Sys_RoleFunction f  left join  T_Sys_RoleUrl  t 
+on  t.F_FunctionId=f.F_FunctionId
+     ");
+            strSql.Append(" where     [F_UrlInfo] ='" + url + "'");
+            strSql.Append(" group by     F_RoleId");
+            var ds = DbHelperSQL.Query(strSql.ToString());
+            DataTable dt = new DataTable();
+
+            dt = ds.Tables[0];
+
+            if (dt.Rows.Count > 0)
+            {
+
+                for (int i = 0; i < dt.Rows.Count; i++)
+                {
+                    //列
+                    for (int j = 0; j < dt.Columns.Count; j++)
+                    {
+                        if (dt.Rows[i][j] != null && dt.Rows[i][j].ToString() != "")
+                        {
+                            if (roleId == Convert.ToInt32(dt.Rows[i][j]))
+                            {
+                                a++;
+                            }
+                        }
+                    }
+                }
+            }
+            else
+            {
+                a = 1;
+            }
+
+
+
+            return a;
+
+
+        }
+
+
+
+
+        /// <summary>
+        /// 检测接口方法权限
+        /// </summary>
+        /// <param name="FuntionId">导航id </param>
+        /// <param name="url">当前接口导航</param>
+        public static int getItemUrl(int FuntionId, string url, int roleId)
+        {
+            if (FuntionId == 19)
+            {
+                int qw = 1;
+            }
+            int a = 0;
+            int b = 0;
+            StringBuilder strSql = new StringBuilder();
+            strSql.Append(@" 	select [F_UrlInfo]  
+from T_Sys_RoleUrl  t  left join dbo.T_Sys_RoleFunction f 
+on  t.F_FunctionId=f.F_FunctionId
+     ");
+            strSql.Append(" where     f.F_FunctionId=" + FuntionId);
+            string str = " and      F_RoleId=" + roleId;
+            //strSql.Append(" group by f.F_OptUrl ,f.F_FunctionId");
+
+            var ds = DbHelperSQL.Query(strSql.ToString() + str);
+            var ds2 = DbHelperSQL.Query(strSql.ToString());
+            DataTable dt = new DataTable();
+            DataTable dt2 = new DataTable();
+            dt = ds.Tables[0];
+            dt2 = ds2.Tables[0];
+            if (dt.Rows.Count > 0)
+            {
+
+                for (int i = 0; i < dt.Rows.Count; i++)
+                {
+                    //列
+                    for (int j = 0; j < dt.Columns.Count; j++)
+                    {
+                        //用户所具有权限的页面
+                        string f1 = dt.Rows[i][j].ToString();
+                        if (f1 == url)
+                        {
+                            a++;
+                        }
+
+
+                    }
+                }
+            }
+            else
+            {
+
+                if (dt2.Rows.Count > 0)
+                {
+                    a = 0;
+                }
+                else
+                { //T_Sys_RoleUrl  没存数据
+                    a = 1;
+                }
+
+            }
+
+            //a>0 / b>0
+            //a=0 
+            //if (a==0) {
+            //    throw new Exception("操作失败，无权限");
+            //}
+            return a;
+
+        }
+
+
+        public static int PageFuoction(string Pagename)
+        {
+            int a = 0;
+            StringBuilder strSql = new StringBuilder();
+            strSql.Append(@"  select F_FunctionId from dbo.T_Sys_Function 
+     ");
+            strSql.Append(" where  F_OptUrl like '%" + Pagename + "%'");
+            //  strSql.Append(" group by f.F_OptUrl ,f.F_FunctionId");
+
+            var ds = DbHelperSQL.Query(strSql.ToString());
+            DataTable dt = new DataTable();
+            dt = ds.Tables[0];
+            if (dt.Rows.Count > 0)
+            {
+
+                a = Convert.ToInt32(dt.Rows[0][0]);
+
+            }
+
+
+            return a;
+        }
+
+
+    }
+
+}

CallCenterApi/CallCenterApi.Interface/CallCenterApi.Interface/Controllers/Login/AES256Controller.cs

@@ -0,0 +1,137 @@
+using System;
+using System.Collections.Generic;
+using System.Linq;
+using System.Security.Cryptography;
+using System.Text;
+using System.Web;
+using System.Web.Mvc;
+using CallCenterApi.Interface.Controllers.Base;
+
+namespace CallCenterApi.Interface.Controllers.Login
+{
+    public class AES256Controller : BaseController
+    {
+        // GET: AES256
+        public ActionResult Index()
+        {
+            return View();
+
+        }
+
+        private static string Key
+        {
+            //get { return @")O[NB]6,YF}+efcaj{+oESb9d8>Z'e9M"; }
+            get { return @")O[9d]6,YF}+efcaj{+8>Z'e9M"; }
+        }
+
+        #region 注释掉
+        /*private static string IV
+        {
+            get { return @"L+\~f4,Ir)b$=pkf"; }
+        }
+
+        
+        /// <summary>
+        /// AES加密
+        /// </summary>
+        /// <param name="plainStr">明文字符串</param>
+        /// <returns>密文</returns>
+        public static string AESEncrypt(string plainStr)
+        {
+            byte[] bKey = Encoding.UTF8.GetBytes(Key);
+            byte[] bIV = Encoding.UTF8.GetBytes(IV);
+            byte[] byteArray = Encoding.UTF8.GetBytes(plainStr);
+
+            string encrypt = null;
+            Rijndael aes = Rijndael.Create();
+            using (MemoryStream mStream = new MemoryStream())
+            {
+                using (CryptoStream cStream = new CryptoStream(mStream, aes.CreateEncryptor(bKey, bIV), CryptoStreamMode.Write))
+                {
+                    cStream.Write(byteArray, 0, byteArray.Length);
+                    cStream.FlushFinalBlock();
+                    encrypt = Convert.ToBase64String(mStream.ToArray());
+                }
+            }
+            aes.Clear();
+            return encrypt;
+        }
+
+        public static string AESDecrypt(string encryptStr)
+        {
+            byte[] bKey = Encoding.UTF8.GetBytes(Key);
+            byte[] bIV = Encoding.UTF8.GetBytes(IV);
+            byte[] byteArray = Convert.FromBase64String(encryptStr);
+
+            string decrypt = null;
+            Rijndael aes = Rijndael.Create();
+            // 开辟一块内存流
+            using (MemoryStream mStream = new MemoryStream())
+            {
+                // 把内存流对象包装成加密流对象
+                using (CryptoStream cStream = new CryptoStream(mStream, aes.CreateDecryptor(bKey, bIV), CryptoStreamMode.Write))
+                {
+                    // 明文数据写入加密流
+                    cStream.Write(byteArray, 0, byteArray.Length);
+                    cStream.FlushFinalBlock();
+                    decrypt = Encoding.UTF8.GetString(mStream.ToArray());
+                }
+            }
+            aes.Clear();
+            return decrypt;
+        }
+
+        public ActionResult Encryption(string str)
+        {
+            var text = AESEncrypt(str);
+            return Json(text, JsonRequestBehavior.AllowGet);
+        }
+
+        public ActionResult Decode(string str)
+        {
+            var text = AESDecrypt(str);
+            return Json(text, JsonRequestBehavior.AllowGet);
+        }*/
+        #endregion
+
+
+        /// <summary>
+        /// AES加密
+        /// </summary>
+        /// <param name="encryptStr">明文</param>
+        /// <param name="key">32位密钥</param>
+        /// <returns></returns>
+        public string Encrypt(string encryptStr, string ltime)
+        {
+            byte[] keyArray = UTF8Encoding.UTF8.GetBytes(Key + ltime);
+            byte[] toEncryptArray = UTF8Encoding.UTF8.GetBytes(encryptStr);
+            RijndaelManaged rDel = new RijndaelManaged();
+            rDel.Key = keyArray;
+            rDel.Mode = CipherMode.ECB;
+            rDel.Padding = PaddingMode.PKCS7;
+            ICryptoTransform cTransform = rDel.CreateEncryptor();
+            byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
+            return Convert.ToBase64String(resultArray, 0, resultArray.Length);
+        }
+
+        /// <summary>
+        /// AES解密
+        /// </summary>
+        /// <param name="decryptStr">密文</param>
+        /// <param name="key">密钥</param>
+        /// <returns></returns>
+        public string Decrypt(string decryptStr, string ltime)
+        {
+            byte[] keyArray = UTF8Encoding.UTF8.GetBytes(Key + ltime);
+            byte[] toEncryptArray = Convert.FromBase64String(decryptStr);
+            RijndaelManaged rDel = new RijndaelManaged();
+            rDel.Key = keyArray;
+            rDel.Mode = CipherMode.ECB;
+            rDel.Padding = PaddingMode.PKCS7;
+            ICryptoTransform cTransform = rDel.CreateDecryptor();
+            byte[] resultArray = cTransform.TransformFinalBlock(toEncryptArray, 0, toEncryptArray.Length);
+            return UTF8Encoding.UTF8.GetString(resultArray);
+        }
+
+    }
+}

CallCenterApi/CallCenterApi.Interface/CallCenterApi.Interface/Controllers/Login/LoginController.cs

@@ -13,9 +13,11 @@ using CallCenterApi.Model;
 using CallCenterApi.Interface.Models.Input;
 using CallCenterApi.DB;
 using System.Web.Caching;
+using CallCenterApi.Interface.App_Start;
 
 namespace CallCenterApi.Interface.Controllers
 {
+    [SqlError]
     public class LoginController : BaseController
     {
         private BLL.T_Sys_RoleFunction roleFunctionBLL = new BLL.T_Sys_RoleFunction();

CallCenterApi/CallCenterApi.Interface/CallCenterApi.Interface/Controllers/information/InternalMessagesController.cs

@@ -323,7 +323,7 @@ namespace CallCenterApi.Interface.Controllers.information
                 //model.SMS_DeleteTime = SMS_DeleteTime;
                 model.SMS_IsDelete = 0;
                 model.SMS_Order = 0;
-                model.SMS_IsTop = 0;
+                model.SMS_IsTop = smstop;
                 model.SMS_Type = smstype;
                 int n = bll.Add(model);
                 if (n > 0)

CallCenterApi/CallCenterApi.Interface/CallCenterApi.Interface/Controllers/weixin/WechatDockingController.cs

@@ -2,10 +2,16 @@
 using CallCenter.Utility.log;
 using CallCenterApi.DB;
 using CallCenterApi.Interface.Controllers.Base;
+using Newtonsoft.Json;
+using Newtonsoft.Json.Linq;
 using System;
 using System.Collections.Generic;
 using System.Data;
+using System.IO;
 using System.Linq;
+using System.Net;
+using System.Security.Cryptography;
+using System.Text;
 using System.Transactions;
 using System.Web;
 using System.Web.Mvc;
@@ -298,7 +304,7 @@ namespace CallCenterApi.Interface.Controllers.weixin
 
                 #region 筛选工单
                 var sql = " and (F_IsEnabled=0 or F_IsDelete=0) ";
-                sql += " and F_WorkOrderId in (select distinct F_WorkOrderId from T_Bus_UserWorkOrder where F_UserId='" + wxuser.F_Id + "') ";
+                sql += " and F_WorkOrderId in (select distinct F_WorkOrderId from T_Bus_UserWorkOrder WITH(NOLOCK) where F_UserId='" + wxuser.F_Id + "') ";
                 if (!string.IsNullOrWhiteSpace(workorderid))
                 {
                     sql += " and F_WorkOrderId like '%" + workorderid + "%' ";
@@ -518,12 +524,13 @@ namespace CallCenterApi.Interface.Controllers.weixin
             return Process();
         }
 
+      
         /// <summary>
         /// 添加工单
         /// </summary>
         /// <returns></returns>
         [HttpPost]
-        public ActionResult AddWxOrders(string uuid, string port_password, string openid, string timesamp, string cusname, string cusphone, string title, string content, string sourceaddress, string files, int sourcearea = 0, int keys = 0, int type = 0, int isprotect = 0)
+        public ActionResult AddWxOrders(string uuid, string port_password, string openid, string timesamp, string cusname, string cusphone, string title, string content, string sourceaddress, string files, int sourcearea = 0, int keys = 0, int type = 0, int isprotect = 0,int source=0)
         {
             using (TransactionScope trans = new TransactionScope())
             {
@@ -573,9 +580,12 @@ namespace CallCenterApi.Interface.Controllers.weixin
                     ajresult.message = "用户无效";
                     return Process();
                 }
-
+                if (source > 0)
+                    source = 72;
+                else
+                    source = 5;
                 workorder.WorkOrderController wo = new workorder.WorkOrderController();
-                string workorderid = wo.AddWorkOrderBySource(5, cusname, "", cusphone, "", "", "", "", cusphone, title,content, sourcearea, sourceaddress, keys.ToString(), "", type, 0, 0, isprotect, 0, files);
+                string workorderid = wo.AddWorkOrderBySource(source, cusname, "", cusphone, "", "", "", "", cusphone, title,content, sourcearea, sourceaddress, keys.ToString(), "", type, 0, 0, isprotect, 0, files);
 
                 int mapid = AddMap(uuid, port_password, "receive", "AddWxOrders", openid, workorderid);
 

CallCenterApi/CallCenterApi.Interface/CallCenterApi.Interface/Models/Common/ButtonGroup.cs

@@ -176,7 +176,7 @@ namespace CallCenterApi.Interface.Models.Common
         /// <param name="code"></param>
         /// <param name="iszb"></param>
         /// <returns></returns>
-        public static List<button> GetButtons(string isobservation, string state, string code, string iszb, string iszbdw = "", string ispd = "")
+        public static List<button> GetButtons( string state, string code, string iszb, string iszbdw = "", string ispd = "", string isobservation="",string IsResult="")
         {
             List<button> buttons = new List<button>();
             buttons.Add(query());
@@ -290,14 +290,16 @@ namespace CallCenterApi.Interface.Models.Common
                     }
                     break;
                 case "9":
-                    if ((code == "ZXLD" || code == "ZXLDGLY" || code == "GLY") && iszb == "1" && isobservation == "1")
+                    if ((code == "ZXLD" || code == "ZXLDGLY" || code == "GLY") && iszb == "1")
                     {
-                        buttons.Add(back()); buttons.Add(RemoveOrders());
+                        buttons.Add(back()); 
                     }
                     if ((code == "ZXLD" || code == "ZXLDGLY" || code == "GLY")  && isobservation == "1")
                     {
                          buttons.Add(RemoveOrders());
                     }
+                   
+                    
                     break;
             }
             //buttons.Add(export());