2019-05-16 22:28:28 +00:00
parent acc40671a0
commit 8fe776a3ac
21 changed files with 137 additions and 149 deletions
--- a/server/AyaNova/Controllers/UserController.cs
+++ b/server/AyaNova/Controllers/UserController.cs
@@ -65,7 +65,7 @@ namespace AyaNova.Api.Controllers
            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

-            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
+            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
            {
                return StatusCode(403, new ApiNotAuthorizedResponse());
            }
@@ -83,7 +83,7 @@ namespace AyaNova.Api.Controllers
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
            }

-            return Ok(ApiOkResponse.Response(o, !Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType)));
+            return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
        }


@@ -105,7 +105,7 @@ namespace AyaNova.Api.Controllers
            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

-            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
+            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
                return StatusCode(403, new ApiNotAuthorizedResponse());

            return Ok(new
@@ -135,7 +135,7 @@ namespace AyaNova.Api.Controllers
            //Instantiate the business object handler
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

-            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
+            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
            {
                return StatusCode(403, new ApiNotAuthorizedResponse());
            }
@@ -328,7 +328,7 @@ namespace AyaNova.Api.Controllers
            UserBiz biz = UserBiz.GetBiz(ct, HttpContext);

            //If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
-            if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
+            if (!Authorized.HasCreateRole(HttpContext.Items, biz.BizType))
            {
                return StatusCode(403, new ApiNotAuthorizedResponse());
            }