This commit is contained in:
@@ -466,16 +466,16 @@ namespace AyaNova
|
||||
{
|
||||
using (AyContext ct = ServiceProviderProvider.DBContext)
|
||||
{
|
||||
var DownloadUser = ct.User.AsNoTracking().SingleOrDefault(z => z.DlKey == token.ToString() && z.Active == true);
|
||||
if (DownloadUser != null)
|
||||
var u = ct.User.AsNoTracking().SingleOrDefault(z => z.DlKey == token.ToString() && z.Active == true);
|
||||
if (u != null)
|
||||
{
|
||||
//this is necessary because they might have an expired JWT but this would just keep on working without a date check
|
||||
//the default is the same timespan as the jwt so it's all good
|
||||
var utcNow = new DateTimeOffset(DateTime.Now.ToUniversalTime(), TimeSpan.Zero);
|
||||
if (DownloadUser.DlKeyExpire > utcNow.DateTime)
|
||||
{
|
||||
//TODO: extra role check required here
|
||||
context.Request.HttpContext.Items["AY_PROFILER_ALLOWED"] = true;
|
||||
if (u.DlKeyExpire > utcNow.DateTime)
|
||||
{
|
||||
if (AyaNova.Api.ControllerHelpers.Authorized.HasReadFullRole(u.Roles, AyaType.Metrics))
|
||||
context.Request.HttpContext.Items["AY_PROFILER_ALLOWED"] = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user