server/AyaNova/Controllers/AttachmentController.cs

@@ -195,7 +195,7 @@ namespace AyaNova.Api.Controllers
                     // else
                     // {
                         // User needs modify rights to the object type in question
-                        if (!Authorized.IsAuthorizedToModify(HttpContext.Items, attachToObject.ObjectType, attachToObjectOwnerId))
+                        if (!Authorized.HasModifyRole(HttpContext.Items, attachToObject.ObjectType))
                         {
                             //delete temp files
                             DeleteTempFileUploadDueToBadRequest(uploadFormData);
@@ -293,7 +293,7 @@ namespace AyaNova.Api.Controllers
 
             long UserId = UserIdFromContext.Id(HttpContext.Items);
 
-            if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, dbObj.AttachToObjectType, dbObj.OwnerId))
+            if (!Authorized.HasDeleteRole(HttpContext.Items, dbObj.AttachToObjectType))
             {
                 return StatusCode(403, new ApiNotAuthorizedResponse());
             }