This commit is contained in:
@@ -14,8 +14,24 @@ Do the stuff in the Client todo first then back to the server as required.
|
||||
|
||||
DO CLIENT STUFF NOW COME BACK TO THIS STUFF LATER
|
||||
|
||||
|
||||
|
||||
### SERVER WORK NEEDED FIRST....
|
||||
- NOT done correctly at the server NEED TO CHANGE THIS SHIT FIRST:
|
||||
- is returning a 401 (not authenticated) for rights issues that should return 403 (not authorized)
|
||||
- Before can do below rights stuff need to go back to server and change that
|
||||
- https://stackoverflow.com/questions/3297048/403-forbidden-vs-401-unauthorized-http-responses#6937030
|
||||
- I know it works when the user SubContractorLimited logs in and force to fetch widget gets a 403 instead of a 401 and instead of logging off redirects to home or back or something instead
|
||||
- in GZAPI handleError has this: ErrorUserNotAuthenticated error string, I also need to check server and docs for the corresponding ErrorUserNotAuthorized which may need to be added and documented
|
||||
- Also need a localized text for it in all languages apparently and also document it properly and add it as a type of error returned in those circumstances
|
||||
- May be faster to just try to fetch the object and have rights checked that way and react accordingly in the client rather than try to pre-check before hand
|
||||
- This is because need the actual object to check if self owned and can still edit, let the server handle that shit and just act accordingly
|
||||
- If server returns a read only copy of an object due to read full record but not due to allow edit then perhaps the server can also tag it with a READONLY flag so client can adjust accordingly and not need to do the checking with a double request
|
||||
- SO...SERVER Should return on request of an object one of these:
|
||||
- Not authenticated at all 401
|
||||
- Not authorized for this object 403 (could be due to not own or whatever, we don't care, server handles that shit, client just knows not to show it)
|
||||
- Object...BUT with READONLY flag of some kind present (in outer wrapper??), so client knows to show read only and not allow editing
|
||||
- Object without readonly flag present so fully editable!!! WOOT!
|
||||
- FINDINGS / TODO
|
||||
- So early on the server is returning 401 not authenticated before the route is hit, so really, in any route my own rights check would always be 403, not 401, that's handled already by authentication middleware
|
||||
|
||||
|
||||
=-=-=-=-=-=-
|
||||
|
||||
@@ -199,7 +199,7 @@ namespace AyaNova.Api.Controllers
|
||||
{
|
||||
//delete temp files
|
||||
DeleteTempFileUploadDueToBadRequest(uploadFormData);
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
}
|
||||
@@ -295,7 +295,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, dbObj.AttachToObjectType, dbObj.OwnerId))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//do the delete
|
||||
@@ -371,7 +371,7 @@ namespace AyaNova.Api.Controllers
|
||||
//is this allowed?
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, dbObj.AttachToObjectType))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//they are allowed, let's send the file
|
||||
|
||||
@@ -179,7 +179,9 @@ namespace AyaNova.Api.Controllers
|
||||
//If the user is inactive they may not login
|
||||
if (!u.Active)
|
||||
{
|
||||
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.NOT_AUTHORIZED, null, "User deactivated"));
|
||||
//This is leaking information, instead just act like bad creds
|
||||
//return StatusCode(401, new ApiErrorResponse(ApiErrorCode.NOT_AUTHORIZED, null, "User deactivated"));
|
||||
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
|
||||
}
|
||||
|
||||
//build the key (JWT set in startup.cs)
|
||||
|
||||
@@ -62,7 +62,7 @@ namespace AyaNova.Api.Controllers
|
||||
DataFilterBiz biz = DataFilterBiz.GetBiz(ct, HttpContext);
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -128,7 +128,7 @@ namespace AyaNova.Api.Controllers
|
||||
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
||||
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
try
|
||||
{
|
||||
@@ -165,7 +165,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
|
||||
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -207,7 +207,7 @@ namespace AyaNova.Api.Controllers
|
||||
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
||||
|
||||
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, biz.BizType, o.OwnerId))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!biz.Delete(o))
|
||||
return BadRequest(new ApiErrorResponse(biz.Errors));
|
||||
|
||||
@@ -63,7 +63,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, opt.AyType))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
var result = await EventLogProcessor.GetLogForObject(opt, ct);
|
||||
@@ -99,7 +99,7 @@ namespace AyaNova.Api.Controllers
|
||||
//If not authorized to read a user and also not the current user asking for their own log then NO LOG FOR YOU!
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.User) && opt.AyId != UserId)
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
var result = await EventLogProcessor.GetLogForUser(opt, ct);
|
||||
|
||||
@@ -67,7 +67,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
//Just have to be authenticated for this one
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -110,7 +110,7 @@ namespace AyaNova.Api.Controllers
|
||||
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.FormCustom))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -141,7 +141,7 @@ namespace AyaNova.Api.Controllers
|
||||
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.FormCustom))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -165,7 +165,7 @@ namespace AyaNova.Api.Controllers
|
||||
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.FormCustom))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -201,7 +201,7 @@ namespace AyaNova.Api.Controllers
|
||||
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
||||
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
try
|
||||
{
|
||||
@@ -237,7 +237,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
//check rights
|
||||
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
|
||||
@@ -73,7 +73,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.AyaNova7Import))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
|
||||
@@ -166,7 +166,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, AyaType.AyaNova7Import))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//do the delete
|
||||
@@ -194,7 +194,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.AyaNova7Import))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
@@ -247,7 +247,7 @@ namespace AyaNova.Api.Controllers
|
||||
//Create, in that they are creating new data in AyaNova
|
||||
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.AyaNova7Import))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//does the file even exist?
|
||||
|
||||
@@ -65,7 +65,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.JobOperations))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
@@ -104,7 +104,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.JobOperations))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
|
||||
@@ -62,7 +62,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.License))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
var ret = AyaNova.Core.License.LicenseInfoAsJson;
|
||||
@@ -94,7 +94,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.License))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
@@ -157,7 +157,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.License))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
|
||||
@@ -235,7 +235,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.Locale, oDbParent.OwnerId))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//Instantiate the business object handler
|
||||
@@ -301,7 +301,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.Locale, oFromDb.OwnerId))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//Instantiate the business object handler
|
||||
@@ -369,7 +369,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, AyaType.Locale, dbObj.OwnerId))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -62,7 +62,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.LogFile))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
@@ -109,7 +109,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.LogFile))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
|
||||
@@ -62,7 +62,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Metrics))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
string sResult = await GetTheMetrics("plain");
|
||||
@@ -92,7 +92,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Metrics))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
string sResult = await GetTheMetrics("json");
|
||||
|
||||
@@ -70,7 +70,7 @@ namespace AyaNova.Api.Controllers
|
||||
{
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.ServerState))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (serverState.IsSystemLocked)//no state change allowed when system locked, must correct the problem first
|
||||
|
||||
@@ -67,7 +67,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
@@ -106,7 +106,7 @@ namespace AyaNova.Api.Controllers
|
||||
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
return Ok(new
|
||||
{
|
||||
@@ -137,7 +137,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
@@ -216,7 +216,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
|
||||
@@ -280,7 +280,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
try
|
||||
@@ -330,7 +330,7 @@ namespace AyaNova.Api.Controllers
|
||||
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
|
||||
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
@@ -394,7 +394,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, biz.BizType, dbObj.OwnerId))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -70,7 +70,7 @@ namespace AyaNova.Api.Controllers
|
||||
//Different than normal here: a user is *always* allowed to retrieve their own user options object
|
||||
if (id != UserId && !Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.UserOptions))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//Instantiate the business object handler
|
||||
@@ -122,7 +122,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (id != UserId && !Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.UserOptions, o.OwnerId))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//Instantiate the business object handler
|
||||
@@ -191,7 +191,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (id != UserId && !Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.UserOptions, o.OwnerId))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -65,7 +65,7 @@ namespace AyaNova.Api.Controllers
|
||||
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -96,7 +96,7 @@ namespace AyaNova.Api.Controllers
|
||||
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
return Ok(new
|
||||
{
|
||||
@@ -122,7 +122,7 @@ namespace AyaNova.Api.Controllers
|
||||
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -186,7 +186,7 @@ namespace AyaNova.Api.Controllers
|
||||
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
||||
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
try
|
||||
{
|
||||
@@ -235,7 +235,7 @@ namespace AyaNova.Api.Controllers
|
||||
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
||||
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
try
|
||||
{
|
||||
@@ -273,7 +273,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
|
||||
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -316,7 +316,7 @@ namespace AyaNova.Api.Controllers
|
||||
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
||||
|
||||
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, biz.BizType, o.OwnerId))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!biz.Delete(o))
|
||||
return BadRequest(new ApiErrorResponse(biz.Errors));
|
||||
@@ -361,7 +361,7 @@ namespace AyaNova.Api.Controllers
|
||||
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
|
||||
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.JobOperations))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
//Create the job here
|
||||
OpsJob j = new OpsJob();
|
||||
|
||||
@@ -11,7 +11,7 @@ namespace AyaNova.Util
|
||||
{
|
||||
get
|
||||
{
|
||||
return "8.0.0-alpha.2019.April.08";
|
||||
return "8.0.0-alpha.2019.April.30";
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user