2020-03-18 15:04:49 +00:00
parent d1e7de27b2
commit 7b78544d30
2 changed files with 5 additions and 13 deletions
--- a/server/AyaNova/Controllers/PickListController.cs
+++ b/server/AyaNova/Controllers/PickListController.cs
@@ -60,20 +60,12 @@ namespace AyaNova.Api.Controllers
        public async Task<IActionResult> GetList([FromQuery]AyaType ayaType, [FromQuery]string query, [FromQuery] bool inactive)
        {
            if (!serverState.IsOpen)
-            {
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
-            }
-
-            //Instantiate the business object handler
-            PickListBiz biz = PickListBiz.GetBiz(ct, HttpContext);
-
-            // //NOTE: This is the first check and often the only check but in some cases with some objects this will also need to check biz object rules 
-            // if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
-            //     return StatusCode(403, new ApiNotAuthorizedResponse());

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));

+            //NOTE: these sequence of calls are a little different than other objects due to the nature of rights and stuff with picklists being different

            var PickList = PickListFactory.GetAyaPickList(ayaType);

@@ -85,9 +77,10 @@ namespace AyaNova.Api.Controllers
            if (!Authorized.HasAnyRole(HttpContext.Items, PickList.AllowedRoles))
                return StatusCode(403, new ApiNotAuthorizedResponse());

+            //Instantiate the business object handler
+            PickListBiz biz = PickListBiz.GetBiz(ct, HttpContext);
+
            var o = await biz.GetPickListAsync(PickList, query, inactive);
-
-
            if (o == null)
                return BadRequest(new ApiErrorResponse(biz.Errors));
            else
--- a/server/AyaNova/biz/BizRoles.cs
+++ b/server/AyaNova/biz/BizRoles.cs
@@ -165,8 +165,7 @@ namespace AyaNova.Biz
            roles.Add(AyaType.PickListTemplate, new BizRoleSet()
            {
                Change = AuthorizationRoles.BizAdminFull,
-                ReadFullRecord = AuthorizationRoles.All,
-                Select = AuthorizationRoles.All
+                ReadFullRecord = AuthorizationRoles.All
            });

            ////////////////////////////////////////////////////////////////////