From a26d849dd6f48d2da54603244d4ae216b013a675 Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Fri, 22 May 2020 17:48:00 +0000
Subject: [PATCH]

---
 server/AyaNova/Controllers/BackupController.cs | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/server/AyaNova/Controllers/BackupController.cs b/server/AyaNova/Controllers/BackupController.cs
index edc7c225..07f6dc29 100644
--- a/server/AyaNova/Controllers/BackupController.cs
+++ b/server/AyaNova/Controllers/BackupController.cs
@@ -25,8 +25,7 @@ namespace AyaNova.Api.Controllers
     [ApiController]
     [ApiVersion("8.0")]
     [Route("api/v{version:apiVersion}/backup")]
-    [Produces("application/json")]
-    [Authorize]
+    [Produces("application/json")]    
     public class BackupController : ControllerBase
     {
         private readonly AyContext ct;
@@ -80,6 +79,7 @@ namespace AyaNova.Api.Controllers
         /// </summary>
         /// <returns></returns>            
         [HttpGet("status")]
+        [Authorize]
         public ActionResult BackupStatus()
         {
             //Need size and more info
@@ -119,7 +119,8 @@ namespace AyaNova.Api.Controllers
                 await Task.Delay(nFailedAuthDelay);//DOS protection
                 return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
             }
-            if (!Authorized.HasAnyRole(HttpContext.Items, AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited))
+
+            if (!Authorized.HasAnyRole(DownloadUser.Roles, AuthorizationRoles.OpsAdminFull | AuthorizationRoles.OpsAdminLimited))
             {
                 await Task.Delay(nFailedAuthDelay);//DOS protection
                 return StatusCode(403, new ApiNotAuthorizedResponse());
@@ -133,10 +134,13 @@ namespace AyaNova.Api.Controllers
             string mimetype = fileName.EndsWith("zip") ? "application/zip" : "application/octet-stream";
             var utilityFilePath = FileUtil.GetFullPathForUtilityFile(fileName);
             await EventLogProcessor.LogEventToDatabaseAsync(new Event(DownloadUser.Id, 0, AyaType.NoType, AyaEvent.UtilityFileDownload, fileName), ct);
-            return PhysicalFile(utilityFilePath, mimetype);
+            return PhysicalFile(utilityFilePath, mimetype, fileName);
 
         }
 
 
+//DANGER: MUST ADD AUTHORIZE ATTRIBUTE TO ANY NEW ROUTES
+//[Authorize]
+
     }//eoc
 }//eons