This commit is contained in:
@@ -6,7 +6,7 @@ using Microsoft.EntityFrameworkCore;
|
||||
using AyaNova.Models;
|
||||
using AyaNova.Api.ControllerHelpers;
|
||||
using AyaNova.Biz;
|
||||
//using AyaNova.PickList;
|
||||
using AyaNova.PickList;
|
||||
using System.Threading.Tasks;
|
||||
using Newtonsoft.Json;
|
||||
using Newtonsoft.Json.Linq;
|
||||
@@ -77,10 +77,30 @@ namespace AyaNova.Api.Controllers
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
|
||||
|
||||
|
||||
var UserRoles = UserRolesFromContext.Roles(HttpContext.Items);
|
||||
var PickList = PickListFactory.GetAyaPickList(ayaType);
|
||||
|
||||
var o = await biz.GetPickListAsync(ayaType, query, inactive, UserRoles);
|
||||
//was the name not found as a pick list?
|
||||
if (PickList == null)
|
||||
{
|
||||
//not a user error so no need to localize
|
||||
AddError(ApiErrorCode.NOT_FOUND, "ayaType", $"PickList for type \"{ayaType}\" specified does not exist");
|
||||
return null;
|
||||
|
||||
}
|
||||
|
||||
//check rights
|
||||
|
||||
if (!userRoles.HasAnyFlags(PickList.AllowedRoles))
|
||||
{
|
||||
AddError(ApiErrorCode.NOT_AUTHORIZED, "ayaType");
|
||||
return null;
|
||||
}
|
||||
throw new System.UnauthorizedAccessException("User roles insufficient for this datalist");
|
||||
|
||||
|
||||
// var UserRoles = UserRolesFromContext.Roles(HttpContext.Items);
|
||||
|
||||
var o = await biz.GetPickListAsync(PickList, query, inactive);
|
||||
|
||||
/* this is how a bad validation is handled in a widget post
|
||||
//we need to validate the query and return an explanation if it's bad so user doesn't get confused and think theya re doing the right thing but not getting results anyway
|
||||
|
||||
Reference in New Issue
Block a user