admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2020-06-01 13:43:30 +00:00
parent 12bb3da6cf
commit 281a4ad9c3
2 changed files with 7 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
server/AyaNova/Startup.cs
View File

@@ -466,16 +466,16 @@ namespace AyaNova
{
using (AyContext ct = ServiceProviderProvider.DBContext)
{
var DownloadUser = ct.User.AsNoTracking().SingleOrDefault(z => z.DlKey == token.ToString() && z.Active == true);
if (DownloadUser != null)
var u = ct.User.AsNoTracking().SingleOrDefault(z => z.DlKey == token.ToString() && z.Active == true);
if (u != null)
{
//this is necessary because they might have an expired JWT but this would just keep on working without a date check
//the default is the same timespan as the jwt so it's all good
var utcNow = new DateTimeOffset(DateTime.Now.ToUniversalTime(), TimeSpan.Zero);
if (DownloadUser.DlKeyExpire > utcNow.DateTime)
{
//TODO: extra role check required here
context.Request.HttpContext.Items["AY_PROFILER_ALLOWED"] = true;
if (u.DlKeyExpire > utcNow.DateTime)
{
if (AyaNova.Api.ControllerHelpers.Authorized.HasReadFullRole(u.Roles, AyaType.Metrics))
context.Request.HttpContext.Items["AY_PROFILER_ALLOWED"] = true;
}
}
}

2
server/AyaNova/biz/BizRoles.cs
View File

@@ -428,7 +428,7 @@ namespace AyaNova.Biz
//
roles.Add(AyaType.Metrics, new BizRoleSet()
{
Change = AuthorizationRoles.NoRole,
Change = AuthorizationRoles.OpsAdminFull,//this is to turn on extra metrics (profiler)
ReadFullRecord = AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited
});