server/AyaNova/ControllerHelpers/ApiServerState.cs

@@ -42,9 +42,11 @@ namespace AyaNova.Api.ControllerHelpers
         internal void SetSystemLock(string reason)
         {
             //Lock down the server for license related issue
-            //Still allows ops routes, treats as if server was set to closed even if they change it to open
+            //Only Manager account (id=1) can login or do anything, treats as if server was set to closed even if they change it to open
             //only way to reset it is to fetch a valid license
-            SetState(ServerState.OpsOnly, reason);
+            //
+            var msg=$"{reason}\r\nOnly *the* Manager account can login to make changes";
+            SetState(ServerState.OpsOnly, msg);
             SYSTEM_LOCK = true;
         }
 

server/AyaNova/Controllers/GlobalBizSettingsController.cs

@@ -45,7 +45,11 @@ namespace AyaNova.Api.Controllers
         public async Task<IActionResult> GetGlobalBizSettings()
         {
             if (serverState.IsClosed)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            {
+                //Exception for manager account to handle licensing issues
+                if (UserIdFromContext.Id(HttpContext.Items) != 1)
+                    return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            }
 
             //Instantiate the business object handler
             GlobalBizSettingsBiz biz = GlobalBizSettingsBiz.GetBiz(ct, HttpContext);

server/AyaNova/Controllers/NotifyController.cs

@@ -44,8 +44,9 @@ namespace AyaNova.Api.Controllers
         public ActionResult GetPreLoginPing()
         {
             //note: this route is called by the client as the first action so it also acts like a ping to see if the server is up as well
-            if (serverState.IsClosed)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            // if (serverState.IsClosed)
+            //     return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            //todo: check this route for dos attack potential??
             return Ok(ApiOkResponse.Response(!AyaNova.Core.License.ActiveKey.TrialLicense));
         }
 

server/AyaNova/Controllers/TranslationController.cs

@@ -130,7 +130,11 @@ namespace AyaNova.Api.Controllers
         public async Task<IActionResult> SubSet([FromBody] List<string> inObj)
         {
             if (serverState.IsClosed)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            {
+                //Exception for manager account to handle licensing issues
+                if (UserIdFromContext.Id(HttpContext.Items) != 1)
+                    return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            }
 
             //Instantiate the business object handler
 

server/AyaNova/Controllers/UserOptionsController.cs

@@ -54,7 +54,11 @@ namespace AyaNova.Api.Controllers
         public async Task<IActionResult> GetUserOptions([FromRoute] long id)
         {
             if (serverState.IsClosed)
-                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            {
+                //Exception for manager account to handle licensing issues
+                if (UserIdFromContext.Id(HttpContext.Items) != 1)
+                    return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+            }
 
             if (!ModelState.IsValid)
             {