admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2020-06-07 18:13:56 +00:00
parent 58a3ac71f5
commit 6f8eb9ba6b
11 changed files with 67 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
server/AyaNova/Controllers/BackupController.cs
View File

@@ -61,7 +61,7 @@ namespace AyaNova.Api.Controllers
{
if (serverState.IsClosed)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
if (!Authorized.HasAnyRole(HttpContext.Items, AuthorizationRoles.OpsAdminFull))
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.Backup))//technically maybe this could be wider open, but for now keeping as locked down
return StatusCode(403, new ApiNotAuthorizedResponse());
var JobName = $"Backup (on demand)";
OpsJob j = new OpsJob();
@@ -87,7 +87,7 @@ namespace AyaNova.Api.Controllers
//Need size and more info
if (serverState.IsClosed)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
if (!Authorized.HasAnyRole(HttpContext.Items, AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.Backup))
return StatusCode(403, new ApiNotAuthorizedResponse());
return Ok(ApiOkResponse.Response(FileUtil.BackupStatusReport()));
}
@@ -122,7 +122,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
}
if (!Authorized.HasAnyRole(DownloadUser.Roles, AuthorizationRoles.OpsAdminFull))
if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.Backup))//not technically modify but treating as such as a backup is very sensitive data
{
await Task.Delay(nFailedAuthDelay);//DOS protection
return StatusCode(403, new ApiNotAuthorizedResponse());

12
server/AyaNova/Controllers/ServerMetricsController.cs
View File

@@ -94,7 +94,7 @@ namespace AyaNova.Api.Controllers
//Note: the date and times are nullable and required so that the regular modelstate code kicks in to ensure they are present
if (serverState.IsClosed)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.Metrics))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.ServerMetrics))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
@@ -127,7 +127,7 @@ namespace AyaNova.Api.Controllers
privateBytes = dsPrivateBytes.Select(z => new MetricLong(DateTime.FromOADate(z.Item1), z.Item2 / MB)).ToArray()
};
await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserIdFromContext.Id(HttpContext.Items), 0, AyaType.Metrics, AyaEvent.Retrieved), ct);
await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserIdFromContext.Id(HttpContext.Items), 0, AyaType.ServerMetrics, AyaEvent.Retrieved), ct);
return Ok(ApiOkResponse.Response(ret));
}
@@ -145,7 +145,7 @@ namespace AyaNova.Api.Controllers
//Note: the date and times are nullable and required so that the regular modelstate code kicks in to ensure they are present
if (serverState.IsClosed)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.Metrics))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.ServerMetrics))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
@@ -189,7 +189,7 @@ namespace AyaNova.Api.Controllers
await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserIdFromContext.Id(HttpContext.Items), 0, AyaType.Metrics, AyaEvent.Retrieved), ct);
await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserIdFromContext.Id(HttpContext.Items), 0, AyaType.ServerMetrics, AyaEvent.Retrieved), ct);
return Ok(ApiOkResponse.Response(ret));
}
@@ -208,7 +208,7 @@ namespace AyaNova.Api.Controllers
//Note: the date and times are nullable and required so that the regular modelstate code kicks in to ensure they are present
if (serverState.IsClosed)
return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.Metrics))
if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.ServerMetrics))
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
@@ -296,7 +296,7 @@ namespace AyaNova.Api.Controllers
await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserIdFromContext.Id(HttpContext.Items), 0, AyaType.Metrics, AyaEvent.Retrieved), ct);
await EventLogProcessor.LogEventToDatabaseAsync(new Event(UserIdFromContext.Id(HttpContext.Items), 0, AyaType.ServerMetrics, AyaEvent.Retrieved), ct);
return Ok(ApiOkResponse.Response(ret));
}