From 1382d6c7ce9501a0b85bf220fc0afc76d40e18a0 Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Thu, 6 Sep 2018 15:39:37 +0000
Subject: [PATCH]

---
 server/AyaNova/biz/TagBiz.cs         |  3 +++
 server/AyaNova/biz/UserOptionsBiz.cs | 14 ++++----------
 server/AyaNova/biz/WidgetBiz.cs      |  3 +++
 3 files changed, 10 insertions(+), 10 deletions(-)

diff --git a/server/AyaNova/biz/TagBiz.cs b/server/AyaNova/biz/TagBiz.cs
index e430a3e9..eef6e317 100644
--- a/server/AyaNova/biz/TagBiz.cs
+++ b/server/AyaNova/biz/TagBiz.cs
@@ -169,6 +169,9 @@ namespace AyaNova.Biz
         //patch
         internal bool Patch(Tag dbObj, JsonPatchDocument<Tag> objectPatch, uint concurrencyToken)
         {
+            //Validate Patch is allowed
+            if (!ValidateJsonPatch<Tag>.Validate(this, objectPatch)) return false;
+
             //Do the patching
             objectPatch.ApplyTo(dbObj);
             ct.Entry(dbObj).OriginalValues["ConcurrencyToken"] = concurrencyToken;
diff --git a/server/AyaNova/biz/UserOptionsBiz.cs b/server/AyaNova/biz/UserOptionsBiz.cs
index 8b2e00fb..f909eca8 100644
--- a/server/AyaNova/biz/UserOptionsBiz.cs
+++ b/server/AyaNova/biz/UserOptionsBiz.cs
@@ -64,22 +64,16 @@ namespace AyaNova.Biz
         //patch
         internal bool Patch(UserOptions dbObj, JsonPatchDocument<UserOptions> objectPatch, uint concurrencyToken)
         {
-            //check for in-valid patches
-           if(objectPatch.Operations.Any(m=>m.path=="Id"))
-           {
-               AddError(ValidationErrorType.InvalidOperation,"Id");
-               return false;
-           }
-             
+            //Validate Patch is allowed
+            if (!ValidateJsonPatch<UserOptions>.Validate(this, objectPatch)) return false;
+                    
             //Do the patching
-            objectPatch.ApplyTo(dbObj);
-          
+            objectPatch.ApplyTo(dbObj);        
         
             ct.Entry(dbObj).OriginalValues["ConcurrencyToken"] = concurrencyToken;
             Validate(dbObj);
             if (HasErrors)
                 return false;
-
             return true;
         }
 
diff --git a/server/AyaNova/biz/WidgetBiz.cs b/server/AyaNova/biz/WidgetBiz.cs
index 68600af7..2d4176b9 100644
--- a/server/AyaNova/biz/WidgetBiz.cs
+++ b/server/AyaNova/biz/WidgetBiz.cs
@@ -154,6 +154,9 @@ namespace AyaNova.Biz
         //patch
         internal bool Patch(Widget dbObj, JsonPatchDocument<Widget> objectPatch, uint concurrencyToken)
         {
+            //Validate Patch is allowed
+            if (!ValidateJsonPatch<Widget>.Validate(this, objectPatch)) return false;
+
             //Do the patching
             objectPatch.ApplyTo(dbObj);
             ct.Entry(dbObj).OriginalValues["ConcurrencyToken"] = concurrencyToken;