admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2020-10-29 23:26:26 +00:00
parent e52cc4053e
commit 6c87ae8151
1 changed files with 6 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
server/AyaNova/Controllers/DashboardViewController.cs
View File

@@ -59,8 +59,9 @@ namespace AyaNova.Api.Controllers
//Instantiate the business object handler
DashboardViewBiz biz = DashboardViewBiz.GetBiz(ct, HttpContext);
if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
//user always has full access to their own dashboard view and can only access their own through api so no need to check
// if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
// return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
@@ -96,8 +97,9 @@ namespace AyaNova.Api.Controllers
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
return StatusCode(403, new ApiNotAuthorizedResponse());
//user always has full access to their own dashboard view and can only access their own through api so no need to check
// if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType))
// return StatusCode(403, new ApiNotAuthorizedResponse());
try
{