From 095732da1b0dbebf2e3c5a18e781fc79b128ffa6 Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Fri, 24 Jul 2020 22:24:33 +0000
Subject: [PATCH]

---
 server/AyaNova/Controllers/BackupController.cs | 2 +-
 server/AyaNova/biz/BizRoles.cs                 | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/AyaNova/Controllers/BackupController.cs b/server/AyaNova/Controllers/BackupController.cs
index a537c5a7..657b6e2b 100644
--- a/server/AyaNova/Controllers/BackupController.cs
+++ b/server/AyaNova/Controllers/BackupController.cs
@@ -122,7 +122,7 @@ namespace AyaNova.Api.Controllers
                 return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
             }
 
-            if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.Backup))//not technically modify but treating as such as a backup is very sensitive data
+            if (!Authorized.HasModifyRole(DownloadUser.Roles, AyaType.Backup))//not technically modify but treating as such as a backup is very sensitive data
             {
                 await Task.Delay(nFailedAuthDelay);//DOS protection
                 return StatusCode(403, new ApiNotAuthorizedResponse());
diff --git a/server/AyaNova/biz/BizRoles.cs b/server/AyaNova/biz/BizRoles.cs
index 320ec8db..8aca88aa 100644
--- a/server/AyaNova/biz/BizRoles.cs
+++ b/server/AyaNova/biz/BizRoles.cs
@@ -337,7 +337,7 @@ namespace AyaNova.Biz
 
             ////////////////////////////////////////////////////////////
             //GLOBAL OPS SETTINGS
-            // (control the backup)
+            // 
             roles.Add(AyaType.GlobalOps, new BizRoleSet()
             {
                 Change = AuthorizationRoles.OpsAdminFull,