This commit is contained in:
@@ -94,7 +94,7 @@ namespace AyaNova.Api.Controllers
|
||||
// return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
// }
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
return Ok(ApiOkResponse.Response(await JobsBiz.GetJobStatusAsync(gid)));
|
||||
}
|
||||
@@ -112,10 +112,13 @@ namespace AyaNova.Api.Controllers
|
||||
if (serverState.IsClosed)
|
||||
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
|
||||
|
||||
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.ServerJob))
|
||||
{
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//## NOTE: deliberately do *not* check for authorization as this is called by any bulk operation users may submit via extensions
|
||||
//and the user would need the exact Guid to view a job so not likely they will fish for it in a nefarious way
|
||||
// if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.ServerJob))
|
||||
// {
|
||||
// return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
// }
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
{
|
||||
@@ -187,7 +190,7 @@ namespace AyaNova.Api.Controllers
|
||||
//
|
||||
|
||||
|
||||
/// <summary>
|
||||
/// <summary>
|
||||
/// Bulk DELETE list of object id's specified
|
||||
/// </summary>
|
||||
/// <param name="dataListSelection"></param>
|
||||
@@ -203,7 +206,7 @@ namespace AyaNova.Api.Controllers
|
||||
if (dataListSelection.IsEmpty)
|
||||
return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_REQUIRED, null, "DataListSelection is required"));
|
||||
|
||||
|
||||
|
||||
if (!Authorized.HasDeleteRole(HttpContext.Items, dataListSelection.ObjectType))
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
|
||||
Reference in New Issue
Block a user