admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2019-05-16 22:28:28 +00:00
parent acc40671a0
commit 8fe776a3ac
21 changed files with 137 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

20
server/AyaNova/Controllers/AttachmentController.cs
View File

@@ -186,14 +186,14 @@ namespace AyaNova.Api.Controllers
if (!badRequest)
{
//check if object exists
long attachToObjectOwnerId = attachToObject.OwnerId(ct);
if (attachToObjectOwnerId == -1)
{
badRequest = true;
errorMessage = "Invalid attach object";
}
else
{
// long attachToObjectOwnerId = attachToObject.OwnerId(ct);
// if (attachToObjectOwnerId == -1)
// {
// badRequest = true;
// errorMessage = "Invalid attach object";
// }
// else
// {
// User needs modify rights to the object type in question
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, attachToObject.ObjectType, attachToObjectOwnerId))
{
@@ -202,7 +202,7 @@ namespace AyaNova.Api.Controllers
return StatusCode(403, new ApiNotAuthorizedResponse());
}
}
//}
}
@@ -369,7 +369,7 @@ namespace AyaNova.Api.Controllers
}
//is this allowed?
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, dbObj.AttachToObjectType))
if (!Authorized.HasReadFullRole(HttpContext.Items, dbObj.AttachToObjectType))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}