admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2019-05-16 22:28:28 +00:00
parent acc40671a0
commit 8fe776a3ac
21 changed files with 137 additions and 149 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
server/AyaNova/Controllers/UserOptionsController.cs
View File

@@ -68,7 +68,7 @@ namespace AyaNova.Api.Controllers
var UserId = UserIdFromContext.Id(HttpContext.Items);
//Different than normal here: a user is *always* allowed to retrieve their own user options object
if (id != UserId && !Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.UserOptions))
if (id != UserId && !Authorized.HasReadFullRole(HttpContext.Items, AyaType.UserOptions))
{
return StatusCode(403, new ApiNotAuthorizedResponse());
}
@@ -83,7 +83,7 @@ namespace AyaNova.Api.Controllers
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
}
return Ok(ApiOkResponse.Response(o, !Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType)));
return Ok(ApiOkResponse.Response(o, !Authorized.HasModifyRole(HttpContext.Items, biz.BizType)));
}