admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2020-12-15 19:31:38 +00:00
parent 1a3bdb36c5
commit d99115b5b9
2 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/AyaNova/biz/Search.cs
View File

@@ -69,7 +69,7 @@ namespace AyaNova.Biz
}
public static async Task<SearchReturnObject> DoSearchAsync(AyContext ct, long translationId, AuthorizationRoles currentUserRoles, SearchRequestParameters searchParameters)
public static async Task<SearchReturnObject> DoSearchAsync(AyContext ct, long translationId, AuthorizationRoles currentUserRoles, long currentUserId, SearchRequestParameters searchParameters)
{
var ReturnObject = new SearchReturnObject();
@@ -185,6 +185,12 @@ namespace AyaNova.Biz
CanReadMatchingObjects.Add(new AyaTypeId(f.AttachToObjectType, f.AttachToObjectId));
}
}
else if (t.ObjectType == AyaType.Memo)
{
//Users are only permitted to search their own memo's
if (await ct.Memo.AsNoTracking().AnyAsync(z => z.Id == t.ObjectId && z.ToId == currentUserId))
CanReadMatchingObjects.Add(t);
}
else
{
if (AyaNova.Api.ControllerHelpers.Authorized.HasReadFullRole(currentUserRoles, t.ObjectType))