admin/raven
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Browse Source
This commit is contained in:
John Cardinal
2020-12-07 17:51:52 +00:00
parent f25706b02e
commit e6e77f121d
3 changed files with 87 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
server/AyaNova/Controllers/UserController.cs
View File

@@ -77,13 +77,11 @@ namespace AyaNova.Api.Controllers
var o = await biz.GetAsync(id);
if (o == null)
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
bool IsOutsideUser = (o.UserType == UserType.Customer || o.UserType == UserType.HeadOffice);
if (IsOutsideUser && !AllowedOutsideUser)
if (o.IsOutsideUser && !AllowedOutsideUser)
return StatusCode(403, new ApiNotAuthorizedResponse());
if (!IsOutsideUser && !AllowedInsideUser)
if (!o.IsOutsideUser && !AllowedInsideUser)
return StatusCode(403, new ApiNotAuthorizedResponse());
return Ok(ApiOkResponse.Response(o));