From 8443c7c5bf625b76dac139073b747bdda529e107 Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Sun, 5 Apr 2020 21:35:42 +0000
Subject: [PATCH] server state cleanup

---
 devdocs/specs/core-server-state.txt           | 12 ++++++
 devdocs/todo.txt                              |  4 +-
 .../ControllerHelpers/ApiServerState.cs       | 26 +++++++++++--
 .../Controllers/AttachmentController.cs       | 15 ++-----
 server/AyaNova/Controllers/AuthController.cs  | 11 ++----
 .../AuthorizationRolesController.cs           |  4 +-
 .../AyaNova/Controllers/DataListController.cs | 16 +++-----
 .../Controllers/DataListViewController.cs     | 22 +++++------
 .../AyaNova/Controllers/EnumListController.cs | 10 ++---
 .../AyaNova/Controllers/EventLogController.cs | 10 ++---
 .../Controllers/FormCustomController.cs       | 12 +++---
 .../FormFieldsDefinitionsController.cs        |  2 +-
 .../GlobalBizSettingsController.cs            |  8 ++--
 .../Controllers/ImportAyaNova7Controller.cs   | 39 +++++++++++--------
 .../AyaNova/Controllers/WidgetController.cs   | 26 ++++++-------
 15 files changed, 116 insertions(+), 101 deletions(-)

diff --git a/devdocs/specs/core-server-state.txt b/devdocs/specs/core-server-state.txt
index 9d48881b..15fc592e 100644
--- a/devdocs/specs/core-server-state.txt
+++ b/devdocs/specs/core-server-state.txt
@@ -2,6 +2,18 @@ SERVER STATE SPECS
 
 REQUIREMENTS
 
+
+LATEST:
+
+2020-04-05 - Decided to allow all non biz object routes that are required for running client like formcustom etc to be open unless server is fully closed
+    ops forms may need all that stuff
+    will not allow to update things like formcustom though, only to get them
+    any biz objects not ops are fully locked down though, so no getting a widget if the server is closed or opsonly
+    however you can get a widgetlist because picklist is open when opsonly as there is a probability that some things might be needed for ops
+
+OLD STUFF:
+
+
 Two parallel paths that can lead to serverstate affecting access to server:
 
 Closed or Open States
diff --git a/devdocs/todo.txt b/devdocs/todo.txt
index a3439a3f..350a1a1c 100644
--- a/devdocs/todo.txt
+++ b/devdocs/todo.txt
@@ -4,7 +4,9 @@
 
 ## IMMEDIATE ITEMS
 
-
+todo: all routes must check server state correctly and return correct error code 
+	some are only checking if closed, not checking specifically if open to cover all angles like opsonly
+	
 todo: seeder not adding a user to widgets (not sure if really needed but it looks weird in the grid)
 todo: move to client work then back here to document after
 todo: api / server landing page is shitty on a mobile
diff --git a/server/AyaNova/ControllerHelpers/ApiServerState.cs b/server/AyaNova/ControllerHelpers/ApiServerState.cs
index 0e33c5d8..cbaf0038 100644
--- a/server/AyaNova/ControllerHelpers/ApiServerState.cs
+++ b/server/AyaNova/ControllerHelpers/ApiServerState.cs
@@ -1,6 +1,6 @@
 using System;
 using Microsoft.Extensions.Logging;
-
+using AyaNova.Biz;
 namespace AyaNova.Api.ControllerHelpers
 {
 
@@ -108,6 +108,26 @@ namespace AyaNova.Api.ControllerHelpers
             }
         }
 
+        //get the api error code associated with the server state
+        public ApiErrorCode ApiErrorCode
+        {
+            get
+            {
+                switch (_currentState)
+                {
+                    case ServerState.Open:
+                        throw new System.NotSupportedException("ApiServerState:ApiErrorCode - No error code is associated with server state OPEN");
+                    case ServerState.OpsOnly:
+                        return ApiErrorCode.API_OPS_ONLY;
+                    case ServerState.Closed:
+                        return ApiErrorCode.API_CLOSED;
+
+                }
+                throw new System.NotSupportedException("ApiServerState:ApiErrorCode - No error code is associated with server state UNKNOWN");
+            }
+
+        }
+
 
         public void SetOpsOnly(string reason)
         {
@@ -143,7 +163,7 @@ namespace AyaNova.Api.ControllerHelpers
         {
             get
             {
-                return _currentState == ServerState.OpsOnly;
+                return _currentState == ServerState.OpsOnly && !SYSTEM_LOCK;
             }
         }
 
@@ -168,7 +188,7 @@ namespace AyaNova.Api.ControllerHelpers
         {
             get
             {
-                return IsOpen || IsOpsOnly;
+                return (IsOpen || IsOpsOnly) && !SYSTEM_LOCK;
             }
         }
 
diff --git a/server/AyaNova/Controllers/AttachmentController.cs b/server/AyaNova/Controllers/AttachmentController.cs
index 3daaeb52..cc662e6c 100644
--- a/server/AyaNova/Controllers/AttachmentController.cs
+++ b/server/AyaNova/Controllers/AttachmentController.cs
@@ -74,7 +74,7 @@ namespace AyaNova.Api.Controllers
         public async Task<IActionResult> GetDownloadTokenAsync()
         {
             if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             long lUserId = UserIdFromContext.Id(HttpContext.Items);
             var u = await ct.User.FirstOrDefaultAsync(a => a.Id == lUserId);
@@ -127,7 +127,7 @@ namespace AyaNova.Api.Controllers
             //Adapted from the example found here: https://docs.microsoft.com/en-us/aspnet/core/mvc/models/file-uploads#uploading-large-files-with-streaming
 
             if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             var returnList = new List<NameIdItem>();
 
@@ -273,11 +273,8 @@ namespace AyaNova.Api.Controllers
         [HttpDelete("{id}")]
         public async Task<IActionResult> DeleteAttachmentAsync([FromRoute] long id)
         {
-
             if (!serverState.IsOpen)
-            {
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
-            }
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!ModelState.IsValid)
             {
@@ -325,12 +322,8 @@ namespace AyaNova.Api.Controllers
             //copied from Rockfish
             //https://dotnetcoretutorials.com/2017/03/12/uploading-files-asp-net-core/
             //https://stackoverflow.com/questions/45763149/asp-net-core-jwt-in-uri-query-parameter/45811270#45811270
-
-
             if (!serverState.IsOpen)
-            {
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
-            }
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
 
             if (string.IsNullOrWhiteSpace(dlkey))
diff --git a/server/AyaNova/Controllers/AuthController.cs b/server/AyaNova/Controllers/AuthController.cs
index d4a5208b..53dc071b 100644
--- a/server/AyaNova/Controllers/AuthController.cs
+++ b/server/AyaNova/Controllers/AuthController.cs
@@ -68,10 +68,9 @@ namespace AyaNova.Api.Controllers
         {
             //a bit different as ops users can still login if the state is opsonly 
             //so the only real barrier here would be a completely closed api
-            if (!serverState.IsOpenOrOpsOnly)
-            {
+            if (serverState.IsClosed)
                 return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
-            }
+
             int nFailedAuthDelay = 3000;//should be just long enough to make brute force a hassle but short enough to not annoy people who just mistyped their creds to login
 
 
@@ -174,7 +173,7 @@ namespace AyaNova.Api.Controllers
                     !u.Roles.HasFlag(Biz.AuthorizationRoles.OpsAdminFull) &&
                     !u.Roles.HasFlag(Biz.AuthorizationRoles.OpsAdminLimited))
                     {
-                        return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+                        return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
                     }
 
 
@@ -243,9 +242,7 @@ namespace AyaNova.Api.Controllers
         public async Task<IActionResult> ChangePassword([FromBody] AuthController.ChangePasswordParam changecreds)
         {
             if (!serverState.IsOpen)
-            {
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
-            }
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!ModelState.IsValid)
             {
diff --git a/server/AyaNova/Controllers/AuthorizationRolesController.cs b/server/AyaNova/Controllers/AuthorizationRolesController.cs
index 51a1008a..7e104f8e 100644
--- a/server/AyaNova/Controllers/AuthorizationRolesController.cs
+++ b/server/AyaNova/Controllers/AuthorizationRolesController.cs
@@ -50,9 +50,7 @@ namespace AyaNova.Api.Controllers
         public ActionResult GetRoles([FromQuery] bool AsJson = false)
         {
             if (!serverState.IsOpen)
-            {
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
-            }
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             //as json for client end of things
             if (AsJson)
diff --git a/server/AyaNova/Controllers/DataListController.cs b/server/AyaNova/Controllers/DataListController.cs
index 42aff959..5aed2e2a 100644
--- a/server/AyaNova/Controllers/DataListController.cs
+++ b/server/AyaNova/Controllers/DataListController.cs
@@ -52,8 +52,8 @@ namespace AyaNova.Api.Controllers
         [HttpPost]
         public async Task<IActionResult> List([FromBody] ListOptions listOptions)
         {
-            if (serverState.IsClosed)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (listOptions.Limit == null || listOptions.Limit < 1)
             {
@@ -61,9 +61,9 @@ namespace AyaNova.Api.Controllers
             }
             if (listOptions.Offset == null)
             {
-                listOptions.Offset = 0;            
+                listOptions.Offset = 0;
             }
-       
+
 
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
@@ -95,9 +95,7 @@ namespace AyaNova.Api.Controllers
         public ActionResult GetDataListKeys()
         {
             if (!serverState.IsOpen)
-            {
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
-            }
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             return Ok(ApiOkResponse.Response(DataListFactory.GetListOfAllDataListKeyNames(), true));
         }
@@ -111,9 +109,7 @@ namespace AyaNova.Api.Controllers
         public ActionResult GetDataListFields([FromQuery] string DataListKey)
         {
             if (!serverState.IsOpen)
-            {
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
-            }
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             var DataList = DataListFactory.GetAyaDataList(DataListKey);
             //was the name not found as a list?
diff --git a/server/AyaNova/Controllers/DataListViewController.cs b/server/AyaNova/Controllers/DataListViewController.cs
index 70296da9..6aa70f3d 100644
--- a/server/AyaNova/Controllers/DataListViewController.cs
+++ b/server/AyaNova/Controllers/DataListViewController.cs
@@ -53,8 +53,8 @@ namespace AyaNova.Api.Controllers
         [HttpGet("{id}")]
         public async Task<IActionResult> GetDataListView([FromRoute] long id)
         {
-            if (serverState.IsClosed)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             //Instantiate the business object handler
             DataListViewBiz biz = DataListViewBiz.GetBiz(ct, HttpContext);
@@ -81,8 +81,8 @@ namespace AyaNova.Api.Controllers
         [HttpGet("ViewList", Name = nameof(DataListViewList))]
         public async Task<IActionResult> DataListViewList([FromQuery] string ListKey)
         {
-            if (serverState.IsClosed)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
@@ -106,7 +106,7 @@ namespace AyaNova.Api.Controllers
         public async Task<IActionResult> PutDataListView([FromRoute] long id, [FromBody] DataListView inObj)
         {
             if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
@@ -147,7 +147,7 @@ namespace AyaNova.Api.Controllers
         public async Task<IActionResult> PostDataListView([FromBody] DataListView inObj, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             //Instantiate the business object handler
             DataListViewBiz biz = DataListViewBiz.GetBiz(ct, HttpContext);
@@ -168,7 +168,7 @@ namespace AyaNova.Api.Controllers
 
         }
 
- /// <summary>
+        /// <summary>
         /// Duplicate DataListView
         /// </summary>
         /// <param name="id">Create a duplicate of this items id</param>
@@ -178,7 +178,7 @@ namespace AyaNova.Api.Controllers
         public async Task<IActionResult> Duplicate([FromRoute] long id, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             //Instantiate the business object handler
             DataListViewBiz biz = DataListViewBiz.GetBiz(ct, HttpContext);
@@ -212,7 +212,7 @@ namespace AyaNova.Api.Controllers
         public async Task<IActionResult> DeleteDataListView([FromRoute] long id)
         {
             if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
@@ -241,8 +241,8 @@ namespace AyaNova.Api.Controllers
         [HttpGet("default/{dataListKey}")]
         public ActionResult GetDefaultDataListView([FromRoute] string dataListKey)
         {
-            if (serverState.IsClosed)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             //Instantiate the business object handler
             DataListViewBiz biz = DataListViewBiz.GetBiz(ct, HttpContext);
diff --git a/server/AyaNova/Controllers/EnumListController.cs b/server/AyaNova/Controllers/EnumListController.cs
index 05d83ab9..721da271 100644
--- a/server/AyaNova/Controllers/EnumListController.cs
+++ b/server/AyaNova/Controllers/EnumListController.cs
@@ -50,10 +50,8 @@ namespace AyaNova.Api.Controllers
         [HttpGet("List/{enumkey}")]
         public ActionResult GetList([FromRoute]string enumkey)
         {
-            if (!serverState.IsOpen)
-            {
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
-            }
+            if (serverState.IsClosed)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             long TranslationId = UserTranslationIdFromContext.Id(HttpContext.Items);
             List<string> TranslationKeysToFetch = new List<string>();
@@ -173,9 +171,7 @@ namespace AyaNova.Api.Controllers
         public ActionResult GetTypesList()
         {
             if (!serverState.IsOpen)
-            {
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
-            }
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             List<KeyValuePair<string, string>> ret = new List<KeyValuePair<string, string>>();
             ret.Add(new KeyValuePair<string, string>(StringUtil.TrimTypeName(typeof(UserType).ToString()), "AyaNova user account types"));
diff --git a/server/AyaNova/Controllers/EventLogController.cs b/server/AyaNova/Controllers/EventLogController.cs
index 21ac7007..de5f93d2 100644
--- a/server/AyaNova/Controllers/EventLogController.cs
+++ b/server/AyaNova/Controllers/EventLogController.cs
@@ -57,9 +57,7 @@ namespace AyaNova.Api.Controllers
         public async Task<IActionResult> GetObjectLog([FromQuery] EventLogOptions opt)
         {
             if (serverState.IsClosed)
-            {
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
-            }
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!Authorized.HasReadFullRole(HttpContext.Items, opt.AyType))
             {
@@ -83,9 +81,7 @@ namespace AyaNova.Api.Controllers
         public async Task<IActionResult> GetUserLog([FromQuery] EventLogOptions opt)
         {
             if (serverState.IsClosed)
-            {
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
-            }
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (opt.AyType != AyaType.User)
             {
@@ -103,7 +99,7 @@ namespace AyaNova.Api.Controllers
 
             var result = await EventLogProcessor.GetLogForUserAsync(opt, ct);
 
-             return Ok(ApiOkResponse.Response(result, true));
+            return Ok(ApiOkResponse.Response(result, true));
         }
 
 
diff --git a/server/AyaNova/Controllers/FormCustomController.cs b/server/AyaNova/Controllers/FormCustomController.cs
index 67a6ca04..34cd6640 100644
--- a/server/AyaNova/Controllers/FormCustomController.cs
+++ b/server/AyaNova/Controllers/FormCustomController.cs
@@ -57,7 +57,7 @@ namespace AyaNova.Api.Controllers
         public async Task<IActionResult> GetFormCustom([FromRoute] string formkey, [FromQuery] uint? concurrencyToken)
         {
             if (serverState.IsClosed)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             //Instantiate the business object handler
             FormCustomBiz biz = FormCustomBiz.GetBiz(ct, HttpContext);
@@ -104,8 +104,8 @@ namespace AyaNova.Api.Controllers
         [HttpGet("AvailableCustomTypes")]
         public ActionResult GetAvailableCustomTypes()
         {
-            if (serverState.IsClosed)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.FormCustom))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
@@ -124,8 +124,8 @@ namespace AyaNova.Api.Controllers
         [HttpGet("AvailableCustomizableFormKeys")]
         public ActionResult GetAvailableCustomizableFormKeys()
         {
-            if (serverState.IsClosed)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.FormCustom))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
@@ -148,7 +148,7 @@ namespace AyaNova.Api.Controllers
         public async Task<IActionResult> PutFormCustom([FromRoute] string formkey, [FromBody] FormCustom inObj)
         {
             if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
diff --git a/server/AyaNova/Controllers/FormFieldsDefinitionsController.cs b/server/AyaNova/Controllers/FormFieldsDefinitionsController.cs
index 2f95bbd6..320b17dd 100644
--- a/server/AyaNova/Controllers/FormFieldsDefinitionsController.cs
+++ b/server/AyaNova/Controllers/FormFieldsDefinitionsController.cs
@@ -47,7 +47,7 @@ namespace AyaNova.Api.Controllers
         public ActionResult GetFormFields([FromRoute] string FormFieldDefinitionKey)
         {
             if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
diff --git a/server/AyaNova/Controllers/GlobalBizSettingsController.cs b/server/AyaNova/Controllers/GlobalBizSettingsController.cs
index 2e753774..7c5041fe 100644
--- a/server/AyaNova/Controllers/GlobalBizSettingsController.cs
+++ b/server/AyaNova/Controllers/GlobalBizSettingsController.cs
@@ -45,7 +45,7 @@ namespace AyaNova.Api.Controllers
         public async Task<IActionResult> GetGlobalBizSettings()
         {
             if (serverState.IsClosed)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             //Instantiate the business object handler
             GlobalBizSettingsBiz biz = GlobalBizSettingsBiz.GetBiz(ct, HttpContext);
@@ -72,8 +72,8 @@ namespace AyaNova.Api.Controllers
         [HttpPost]
         public async Task<IActionResult> ReplaceGlobalBizSettings([FromBody] GlobalBizSettings global)
         {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            if (serverState.IsClosed)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
@@ -104,7 +104,7 @@ namespace AyaNova.Api.Controllers
         public ActionResult GetClientGlobalBizSettings()
         {
             if (serverState.IsClosed)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             //Instantiate the business object handler
             //  GlobalBizSettingsBiz biz = GlobalBizSettingsBiz.GetBiz(ct, HttpContext);
diff --git a/server/AyaNova/Controllers/ImportAyaNova7Controller.cs b/server/AyaNova/Controllers/ImportAyaNova7Controller.cs
index 4588283f..be294d20 100644
--- a/server/AyaNova/Controllers/ImportAyaNova7Controller.cs
+++ b/server/AyaNova/Controllers/ImportAyaNova7Controller.cs
@@ -65,11 +65,16 @@ namespace AyaNova.Api.Controllers
         [RequestSizeLimit(10737418241)]//10737418240 = 10gb  https://github.com/aspnet/Announcements/issues/267
         public async Task<IActionResult> Upload()
         {
-            //Open or opsOnly and user is opsadminfull
-            if (!serverState.IsOpenOrOpsOnly || (serverState.IsOpsOnly && !Authorized.HasAnyRole(HttpContext.Items, AuthorizationRoles.OpsAdminFull)))
-            {
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
-            }
+            //outright closed then not allowed
+            if (serverState.IsClosed)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
+
+            // //Open or opsOnly only other state so they are ok but check user is opsadminfull
+
+            // if (!serverState.IsOpenOrOpsOnly || (serverState.IsOpsOnly && !Authorized.HasAnyRole(HttpContext.Items, AuthorizationRoles.OpsAdminFull)))
+            // {
+            //     return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            // }
 
             if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.AyaNova7Import))
             {
@@ -224,18 +229,18 @@ namespace AyaNova.Api.Controllers
                 return BadRequest(new ApiErrorResponse(ModelState));
             }
 
-//UPDATE: I think it should be ok so commenting this out for now pending something coming up in testing
-//             //LOOKAT: I decided not to allow trial to import v7 data. 
-//             //This was a snap decision, I didn't think about it much other than
-//             //I'm concerned right now as of April 17 2018 during development that
-//             //a trial user will import their old AyaNova data and then ... well somehow continue to use it I guess, 
-//             //maybe it's a non-issue as a trial will only work so long anyway
-// #if (!DEBUG)
-//             if (AyaNova.Core.License.LicenseIsTrial)
-//             {
-//                 return BadRequest(new ApiErrorResponse(ApiErrorCode.INVALID_OPERATION, null, "Current license is a trial license key.  Only a licensed database can be used with import."));
-//             }
-// #endif
+            //UPDATE: I think it should be ok so commenting this out for now pending something coming up in testing
+            //             //LOOKAT: I decided not to allow trial to import v7 data. 
+            //             //This was a snap decision, I didn't think about it much other than
+            //             //I'm concerned right now as of April 17 2018 during development that
+            //             //a trial user will import their old AyaNova data and then ... well somehow continue to use it I guess, 
+            //             //maybe it's a non-issue as a trial will only work so long anyway
+            // #if (!DEBUG)
+            //             if (AyaNova.Core.License.LicenseIsTrial)
+            //             {
+            //                 return BadRequest(new ApiErrorResponse(ApiErrorCode.INVALID_OPERATION, null, "Current license is a trial license key.  Only a licensed database can be used with import."));
+            //             }
+            // #endif
 
             //Create, in that they are creating new data in AyaNova
             if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.AyaNova7Import))
diff --git a/server/AyaNova/Controllers/WidgetController.cs b/server/AyaNova/Controllers/WidgetController.cs
index b55aa9f2..09eb09b8 100644
--- a/server/AyaNova/Controllers/WidgetController.cs
+++ b/server/AyaNova/Controllers/WidgetController.cs
@@ -55,8 +55,8 @@ namespace AyaNova.Api.Controllers
         [HttpGet("{id}")]
         public async Task<IActionResult> GetWidget([FromRoute] long id)
         {
-            if (serverState.IsClosed)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+            if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             //Instantiate the business object handler
             WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
@@ -90,7 +90,7 @@ namespace AyaNova.Api.Controllers
         public async Task<IActionResult> PutWidget([FromRoute] long id, [FromBody] Widget inObj)
         {
             if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
@@ -135,7 +135,7 @@ namespace AyaNova.Api.Controllers
             //https://dotnetcoretutorials.com/2017/11/29/json-patch-asp-net-core/
 
             if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
@@ -176,8 +176,8 @@ namespace AyaNova.Api.Controllers
         [HttpPost]
         public async Task<IActionResult> PostWidget([FromBody] Widget inObj, ApiVersion apiVersion)
         {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+           if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             //Instantiate the business object handler
             WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
@@ -209,7 +209,7 @@ namespace AyaNova.Api.Controllers
         public async Task<IActionResult> DuplicateWidget([FromRoute] long id, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             //Instantiate the business object handler
             WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
@@ -245,7 +245,7 @@ namespace AyaNova.Api.Controllers
         public async Task<IActionResult> DeleteWidget([FromRoute] long id)
         {
             if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
@@ -275,8 +275,8 @@ namespace AyaNova.Api.Controllers
         public ActionResult GetException()
         {
             //log.LogInformation("Widget::getexception-> Test exception and log from controller test");
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+           if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
             throw new System.NotSupportedException("Test exception from widget controller");
         }
 
@@ -287,8 +287,8 @@ namespace AyaNova.Api.Controllers
         [HttpGet("altexception")]
         public ActionResult GetAltException()
         {
-            if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+           if (!serverState.IsOpen)
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
             throw new System.ArgumentException("Test exception (ALT) from widget controller");
         }
 
@@ -301,7 +301,7 @@ namespace AyaNova.Api.Controllers
         public async Task<IActionResult> TestWidgetJob()
         {
             if (!serverState.IsOpen)
-                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
+                return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
             if (!Authorized.HasModifyRole(HttpContext.Items, AyaType.JobOperations))
                 return StatusCode(403, new ApiNotAuthorizedResponse());