admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2020-08-26 22:42:38 +00:00
parent 915076aea7
commit 4ea07ada85
1 changed files with 11 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
server/AyaNova/biz/ReportBiz.cs
View File

@@ -248,18 +248,25 @@ namespace AyaNova.Biz
AuthorizationRoles effectiveRoles = CurrentUserRoles; AuthorizationRoles effectiveRoles = CurrentUserRoles;
if (overrideUserId != 0) if (overrideUserId != 0)
{ {
var effectiveUser=await ct.User.FirstOrDefaultAsync(z => z.Id == overrideUserId); var effectiveUser = await ct.User.FirstOrDefaultAsync(z => z.Id == overrideUserId);
if (effectiveUser==null) if (effectiveUser == null)
{ {
var msg = $"Override user id specifies user that doesn't exist({overrideUserId}) cannot generate report {report.Name}"; var msg = $"Override user id specifies user that doesn't exist({overrideUserId}) cannot generate report {report.Name}";
log.LogError(msg); log.LogError(msg);
AddError(ApiErrorCode.NOT_FOUND, "UserId", msg); AddError(ApiErrorCode.NOT_FOUND, "UserId", msg);
return null; return null;
} }
effectiveRoles=effectiveUser.Roles; effectiveRoles = effectiveUser.Roles;
} }
if (!AyaNova.Api.ControllerHelpers.Authorized.HasReadFullRole(effectiveRoles, report.ObjectType))
{
AddError(ApiErrorCode.NOT_AUTHORIZED, null, $"User not authorized for {report.ObjectType} type object");
return null;
}
//Get data
//initialization //initialization