This commit is contained in:
@@ -199,7 +199,7 @@ namespace AyaNova.Api.Controllers
|
||||
{
|
||||
//delete temp files
|
||||
DeleteTempFileUploadDueToBadRequest(uploadFormData);
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
}
|
||||
@@ -295,7 +295,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, dbObj.AttachToObjectType, dbObj.OwnerId))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//do the delete
|
||||
@@ -371,7 +371,7 @@ namespace AyaNova.Api.Controllers
|
||||
//is this allowed?
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, dbObj.AttachToObjectType))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//they are allowed, let's send the file
|
||||
|
||||
@@ -179,7 +179,9 @@ namespace AyaNova.Api.Controllers
|
||||
//If the user is inactive they may not login
|
||||
if (!u.Active)
|
||||
{
|
||||
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.NOT_AUTHORIZED, null, "User deactivated"));
|
||||
//This is leaking information, instead just act like bad creds
|
||||
//return StatusCode(401, new ApiErrorResponse(ApiErrorCode.NOT_AUTHORIZED, null, "User deactivated"));
|
||||
return StatusCode(401, new ApiErrorResponse(ApiErrorCode.AUTHENTICATION_FAILED));
|
||||
}
|
||||
|
||||
//build the key (JWT set in startup.cs)
|
||||
|
||||
@@ -62,7 +62,7 @@ namespace AyaNova.Api.Controllers
|
||||
DataFilterBiz biz = DataFilterBiz.GetBiz(ct, HttpContext);
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -128,7 +128,7 @@ namespace AyaNova.Api.Controllers
|
||||
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
||||
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
try
|
||||
{
|
||||
@@ -165,7 +165,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
|
||||
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -207,7 +207,7 @@ namespace AyaNova.Api.Controllers
|
||||
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
||||
|
||||
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, biz.BizType, o.OwnerId))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!biz.Delete(o))
|
||||
return BadRequest(new ApiErrorResponse(biz.Errors));
|
||||
|
||||
@@ -63,7 +63,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, opt.AyType))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
var result = await EventLogProcessor.GetLogForObject(opt, ct);
|
||||
@@ -99,7 +99,7 @@ namespace AyaNova.Api.Controllers
|
||||
//If not authorized to read a user and also not the current user asking for their own log then NO LOG FOR YOU!
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.User) && opt.AyId != UserId)
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
var result = await EventLogProcessor.GetLogForUser(opt, ct);
|
||||
|
||||
@@ -67,7 +67,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
//Just have to be authenticated for this one
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -110,7 +110,7 @@ namespace AyaNova.Api.Controllers
|
||||
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.FormCustom))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -141,7 +141,7 @@ namespace AyaNova.Api.Controllers
|
||||
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.FormCustom))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -165,7 +165,7 @@ namespace AyaNova.Api.Controllers
|
||||
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.FormCustom))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -201,7 +201,7 @@ namespace AyaNova.Api.Controllers
|
||||
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
||||
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
try
|
||||
{
|
||||
@@ -237,7 +237,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
//check rights
|
||||
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
|
||||
@@ -73,7 +73,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.AyaNova7Import))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
|
||||
@@ -166,7 +166,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, AyaType.AyaNova7Import))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//do the delete
|
||||
@@ -194,7 +194,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.AyaNova7Import))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
@@ -247,7 +247,7 @@ namespace AyaNova.Api.Controllers
|
||||
//Create, in that they are creating new data in AyaNova
|
||||
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.AyaNova7Import))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//does the file even exist?
|
||||
|
||||
@@ -65,7 +65,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.JobOperations))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
@@ -104,7 +104,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.JobOperations))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
|
||||
@@ -62,7 +62,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.License))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
var ret = AyaNova.Core.License.LicenseInfoAsJson;
|
||||
@@ -94,7 +94,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.License))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
@@ -157,7 +157,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, AyaType.License))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
|
||||
@@ -235,7 +235,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.Locale, oDbParent.OwnerId))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//Instantiate the business object handler
|
||||
@@ -301,7 +301,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.Locale, oFromDb.OwnerId))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//Instantiate the business object handler
|
||||
@@ -369,7 +369,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, AyaType.Locale, dbObj.OwnerId))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -62,7 +62,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.LogFile))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
@@ -109,7 +109,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.LogFile))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
|
||||
@@ -62,7 +62,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Metrics))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
string sResult = await GetTheMetrics("plain");
|
||||
@@ -92,7 +92,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.Metrics))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
string sResult = await GetTheMetrics("json");
|
||||
|
||||
@@ -70,7 +70,7 @@ namespace AyaNova.Api.Controllers
|
||||
{
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.ServerState))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (serverState.IsSystemLocked)//no state change allowed when system locked, must correct the problem first
|
||||
|
||||
@@ -67,7 +67,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
@@ -106,7 +106,7 @@ namespace AyaNova.Api.Controllers
|
||||
UserBiz biz = UserBiz.GetBiz(ct, HttpContext);
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
return Ok(new
|
||||
{
|
||||
@@ -137,7 +137,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
@@ -216,7 +216,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
|
||||
@@ -280,7 +280,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
try
|
||||
@@ -330,7 +330,7 @@ namespace AyaNova.Api.Controllers
|
||||
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
|
||||
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
@@ -394,7 +394,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, biz.BizType, dbObj.OwnerId))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -70,7 +70,7 @@ namespace AyaNova.Api.Controllers
|
||||
//Different than normal here: a user is *always* allowed to retrieve their own user options object
|
||||
if (id != UserId && !Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.UserOptions))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//Instantiate the business object handler
|
||||
@@ -122,7 +122,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (id != UserId && !Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.UserOptions, o.OwnerId))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
//Instantiate the business object handler
|
||||
@@ -191,7 +191,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
if (id != UserId && !Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.UserOptions, o.OwnerId))
|
||||
{
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -65,7 +65,7 @@ namespace AyaNova.Api.Controllers
|
||||
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -96,7 +96,7 @@ namespace AyaNova.Api.Controllers
|
||||
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
return Ok(new
|
||||
{
|
||||
@@ -122,7 +122,7 @@ namespace AyaNova.Api.Controllers
|
||||
WidgetBiz biz = WidgetBiz.GetBiz(ct, HttpContext);
|
||||
|
||||
if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -186,7 +186,7 @@ namespace AyaNova.Api.Controllers
|
||||
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
||||
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
try
|
||||
{
|
||||
@@ -235,7 +235,7 @@ namespace AyaNova.Api.Controllers
|
||||
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
||||
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
try
|
||||
{
|
||||
@@ -273,7 +273,7 @@ namespace AyaNova.Api.Controllers
|
||||
|
||||
//If a user has change roles, or editOwnRoles then they can create, true is passed for isOwner since they are creating so by definition the owner
|
||||
if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!ModelState.IsValid)
|
||||
return BadRequest(new ApiErrorResponse(ModelState));
|
||||
@@ -316,7 +316,7 @@ namespace AyaNova.Api.Controllers
|
||||
return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));
|
||||
|
||||
if (!Authorized.IsAuthorizedToDelete(HttpContext.Items, biz.BizType, o.OwnerId))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
if (!biz.Delete(o))
|
||||
return BadRequest(new ApiErrorResponse(biz.Errors));
|
||||
@@ -361,7 +361,7 @@ namespace AyaNova.Api.Controllers
|
||||
return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));
|
||||
|
||||
if (!Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.JobOperations))
|
||||
return StatusCode(401, new ApiNotAuthorizedResponse());
|
||||
return StatusCode(403, new ApiNotAuthorizedResponse());
|
||||
|
||||
//Create the job here
|
||||
OpsJob j = new OpsJob();
|
||||
|
||||
Reference in New Issue
Block a user