From 281a4ad9c34ea7ec5b62c5608d7894e0bc0d2696 Mon Sep 17 00:00:00 2001 From: John Cardinal Date: Mon, 1 Jun 2020 13:43:30 +0000 Subject: [PATCH] --- server/AyaNova/Startup.cs | 12 ++++++------ server/AyaNova/biz/BizRoles.cs | 2 +- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/server/AyaNova/Startup.cs b/server/AyaNova/Startup.cs index 5eccdf7e..4f7ce322 100644 --- a/server/AyaNova/Startup.cs +++ b/server/AyaNova/Startup.cs @@ -466,16 +466,16 @@ namespace AyaNova { using (AyContext ct = ServiceProviderProvider.DBContext) { - var DownloadUser = ct.User.AsNoTracking().SingleOrDefault(z => z.DlKey == token.ToString() && z.Active == true); - if (DownloadUser != null) + var u = ct.User.AsNoTracking().SingleOrDefault(z => z.DlKey == token.ToString() && z.Active == true); + if (u != null) { //this is necessary because they might have an expired JWT but this would just keep on working without a date check //the default is the same timespan as the jwt so it's all good var utcNow = new DateTimeOffset(DateTime.Now.ToUniversalTime(), TimeSpan.Zero); - if (DownloadUser.DlKeyExpire > utcNow.DateTime) - { - //TODO: extra role check required here - context.Request.HttpContext.Items["AY_PROFILER_ALLOWED"] = true; + if (u.DlKeyExpire > utcNow.DateTime) + { + if (AyaNova.Api.ControllerHelpers.Authorized.HasReadFullRole(u.Roles, AyaType.Metrics)) + context.Request.HttpContext.Items["AY_PROFILER_ALLOWED"] = true; } } } diff --git a/server/AyaNova/biz/BizRoles.cs b/server/AyaNova/biz/BizRoles.cs index 63c8e85a..47129988 100644 --- a/server/AyaNova/biz/BizRoles.cs +++ b/server/AyaNova/biz/BizRoles.cs @@ -428,7 +428,7 @@ namespace AyaNova.Biz // roles.Add(AyaType.Metrics, new BizRoleSet() { - Change = AuthorizationRoles.NoRole, + Change = AuthorizationRoles.OpsAdminFull,//this is to turn on extra metrics (profiler) ReadFullRecord = AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited });