From 72b50c59e650b413c2df5b87329701a76903c4b8 Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Sat, 30 Jan 2021 20:44:32 +0000
Subject: [PATCH]

---
 server/AyaNova/Controllers/DataListColumnViewController.cs | 6 ++----
 1 file changed, 2 insertions(+), 4 deletions(-)

diff --git a/server/AyaNova/Controllers/DataListColumnViewController.cs b/server/AyaNova/Controllers/DataListColumnViewController.cs
index f537a349..05a66da9 100644
--- a/server/AyaNova/Controllers/DataListColumnViewController.cs
+++ b/server/AyaNova/Controllers/DataListColumnViewController.cs
@@ -51,8 +51,7 @@ namespace AyaNova.Api.Controllers
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
             DataListColumnViewBiz biz = DataListColumnViewBiz.GetBiz(ct, HttpContext);
-            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
+
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
             var o = await biz.GetAsync(biz.UserId, listKey, true);
@@ -74,8 +73,7 @@ namespace AyaNova.Api.Controllers
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
             DataListColumnViewBiz biz = DataListColumnViewBiz.GetBiz(ct, HttpContext);
-            if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
-                return StatusCode(403, new ApiNotAuthorizedResponse());
+
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
             DataListColumnView o = await biz.CreateAsync(newObject);