diff --git a/server/AyaNova/ControllerHelpers/ApiServerState.cs b/server/AyaNova/ControllerHelpers/ApiServerState.cs index 11070f71..01f90f1c 100644 --- a/server/AyaNova/ControllerHelpers/ApiServerState.cs +++ b/server/AyaNova/ControllerHelpers/ApiServerState.cs @@ -42,9 +42,11 @@ namespace AyaNova.Api.ControllerHelpers internal void SetSystemLock(string reason) { //Lock down the server for license related issue - //Still allows ops routes, treats as if server was set to closed even if they change it to open + //Only Manager account (id=1) can login or do anything, treats as if server was set to closed even if they change it to open //only way to reset it is to fetch a valid license - SetState(ServerState.OpsOnly, reason); + // + var msg=$"{reason}\r\nOnly *the* Manager account can login to make changes"; + SetState(ServerState.OpsOnly, msg); SYSTEM_LOCK = true; } diff --git a/server/AyaNova/Controllers/GlobalBizSettingsController.cs b/server/AyaNova/Controllers/GlobalBizSettingsController.cs index 016229b5..79ce6afd 100644 --- a/server/AyaNova/Controllers/GlobalBizSettingsController.cs +++ b/server/AyaNova/Controllers/GlobalBizSettingsController.cs @@ -45,7 +45,11 @@ namespace AyaNova.Api.Controllers public async Task GetGlobalBizSettings() { if (serverState.IsClosed) - return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + { + //Exception for manager account to handle licensing issues + if (UserIdFromContext.Id(HttpContext.Items) != 1) + return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + } //Instantiate the business object handler GlobalBizSettingsBiz biz = GlobalBizSettingsBiz.GetBiz(ct, HttpContext); diff --git a/server/AyaNova/Controllers/NotifyController.cs b/server/AyaNova/Controllers/NotifyController.cs index 5429de3f..9f130e05 100644 --- a/server/AyaNova/Controllers/NotifyController.cs +++ b/server/AyaNova/Controllers/NotifyController.cs @@ -44,8 +44,9 @@ namespace AyaNova.Api.Controllers public ActionResult GetPreLoginPing() { //note: this route is called by the client as the first action so it also acts like a ping to see if the server is up as well - if (serverState.IsClosed) - return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + // if (serverState.IsClosed) + // return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + //todo: check this route for dos attack potential?? return Ok(ApiOkResponse.Response(!AyaNova.Core.License.ActiveKey.TrialLicense)); } diff --git a/server/AyaNova/Controllers/TranslationController.cs b/server/AyaNova/Controllers/TranslationController.cs index 4fa99231..5665e2c5 100644 --- a/server/AyaNova/Controllers/TranslationController.cs +++ b/server/AyaNova/Controllers/TranslationController.cs @@ -130,7 +130,11 @@ namespace AyaNova.Api.Controllers public async Task SubSet([FromBody] List inObj) { if (serverState.IsClosed) - return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + { + //Exception for manager account to handle licensing issues + if (UserIdFromContext.Id(HttpContext.Items) != 1) + return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + } //Instantiate the business object handler diff --git a/server/AyaNova/Controllers/UserOptionsController.cs b/server/AyaNova/Controllers/UserOptionsController.cs index 9a2008f6..d8123f1d 100644 --- a/server/AyaNova/Controllers/UserOptionsController.cs +++ b/server/AyaNova/Controllers/UserOptionsController.cs @@ -54,7 +54,11 @@ namespace AyaNova.Api.Controllers public async Task GetUserOptions([FromRoute] long id) { if (serverState.IsClosed) - return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + { + //Exception for manager account to handle licensing issues + if (UserIdFromContext.Id(HttpContext.Items) != 1) + return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason)); + } if (!ModelState.IsValid) {