diff --git a/server/AyaNova/Controllers/PickListController.cs b/server/AyaNova/Controllers/PickListController.cs index 44481a34..6600d763 100644 --- a/server/AyaNova/Controllers/PickListController.cs +++ b/server/AyaNova/Controllers/PickListController.cs @@ -76,48 +76,24 @@ namespace AyaNova.Api.Controllers if (!ModelState.IsValid) return BadRequest(new ApiErrorResponse(ModelState)); - - var PickList = PickListFactory.GetAyaPickList(ayaType); + + var PickList = PickListFactory.GetAyaPickList(ayaType); //was the name not found as a pick list? if (PickList == null) - { - //not a user error so no need to localize - AddError(ApiErrorCode.NOT_FOUND, "ayaType", $"PickList for type \"{ayaType}\" specified does not exist"); - return null; + return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); - } - - //check rights - - if (!userRoles.HasAnyFlags(PickList.AllowedRoles)) - { - AddError(ApiErrorCode.NOT_AUTHORIZED, "ayaType"); - return null; - } - throw new System.UnauthorizedAccessException("User roles insufficient for this datalist"); - - - // var UserRoles = UserRolesFromContext.Roles(HttpContext.Items); + //check rights + if (!Authorized.HasAnyRole(HttpContext.Items, PickList.AllowedRoles)) + return StatusCode(403, new ApiNotAuthorizedResponse()); var o = await biz.GetPickListAsync(PickList, query, inactive); -/* this is how a bad validation is handled in a widget post -//we need to validate the query and return an explanation if it's bad so user doesn't get confused and think theya re doing the right thing but not getting results anyway - //Create and validate - Widget o = await biz.CreateAsync(inObj); + if (o == null) return BadRequest(new ApiErrorResponse(biz.Errors)); else - return CreatedAtAction(nameof(WidgetController.GetWidget), new { id = o.Id, version = apiVersion.ToString() }, new ApiCreatedResponse(o)); - -*/ - - if (o == null) - return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND)); - - - return Ok(ApiOkResponse.Response(o, true)); + return Ok(ApiOkResponse.Response(o, true)); }