admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2020-12-15 19:31:38 +00:00
parent 1a3bdb36c5
commit d99115b5b9
2 changed files with 18 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
server/AyaNova/Controllers/SearchController.cs
View File

@@ -64,7 +64,13 @@ namespace AyaNova.Api.Controllers
}
//Do the search
var SearchResults = await Search.DoSearchAsync(ct, UserTranslationIdFromContext.Id(HttpContext.Items), UserRolesFromContext.Roles(HttpContext.Items), searchParams);
var SearchResults = await Search.DoSearchAsync(
ct,
UserTranslationIdFromContext.Id(HttpContext.Items),
UserRolesFromContext.Roles(HttpContext.Items),
UserIdFromContext.Id(HttpContext.Items),
searchParams
);
return Ok(ApiOkResponse.Response(SearchResults));
}
@@ -120,7 +126,7 @@ namespace AyaNova.Api.Controllers
if (!ModelState.IsValid)
return BadRequest(new ApiErrorResponse(ModelState));
if (id == 0)
return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_INVALID_VALUE, null, "id can't be zero"));
return BadRequest(new ApiErrorResponse(ApiErrorCode.VALIDATION_INVALID_VALUE, null, "id can't be zero"));
switch (ayaType)
{

8
server/AyaNova/biz/Search.cs
View File

@@ -69,7 +69,7 @@ namespace AyaNova.Biz
}
public static async Task<SearchReturnObject> DoSearchAsync(AyContext ct, long translationId, AuthorizationRoles currentUserRoles, SearchRequestParameters searchParameters)
public static async Task<SearchReturnObject> DoSearchAsync(AyContext ct, long translationId, AuthorizationRoles currentUserRoles, long currentUserId, SearchRequestParameters searchParameters)
{
var ReturnObject = new SearchReturnObject();
@@ -185,6 +185,12 @@ namespace AyaNova.Biz
CanReadMatchingObjects.Add(new AyaTypeId(f.AttachToObjectType, f.AttachToObjectId));
}
}
else if (t.ObjectType == AyaType.Memo)
{
//Users are only permitted to search their own memo's
if (await ct.Memo.AsNoTracking().AnyAsync(z => z.Id == t.ObjectId && z.ToId == currentUserId))
CanReadMatchingObjects.Add(t);
}
else
{
if (AyaNova.Api.ControllerHelpers.Authorized.HasReadFullRole(currentUserRoles, t.ObjectType))