2019-04-30 15:26:05 +00:00
parent de36cbbaf1
commit e8ef841590
17 changed files with 72 additions and 54 deletions
--- a/server/AyaNova/Controllers/FormCustomController.cs
+++ b/server/AyaNova/Controllers/FormCustomController.cs
@@ -67,7 +67,7 @@ namespace AyaNova.Api.Controllers

            //Just have to be authenticated for this one
            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, biz.BizType))
-                return StatusCode(401, new ApiNotAuthorizedResponse());
+                return StatusCode(403, new ApiNotAuthorizedResponse());

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));
@@ -110,7 +110,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));

            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.FormCustom))
-                return StatusCode(401, new ApiNotAuthorizedResponse());
+                return StatusCode(403, new ApiNotAuthorizedResponse());

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));
@@ -141,7 +141,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));

            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.FormCustom))
-                return StatusCode(401, new ApiNotAuthorizedResponse());
+                return StatusCode(403, new ApiNotAuthorizedResponse());

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));
@@ -165,7 +165,7 @@ namespace AyaNova.Api.Controllers
                return StatusCode(503, new ApiErrorResponse(ApiErrorCode.API_CLOSED, null, serverState.Reason));

            if (!Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.FormCustom))
-                return StatusCode(401, new ApiNotAuthorizedResponse());
+                return StatusCode(403, new ApiNotAuthorizedResponse());

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));
@@ -201,7 +201,7 @@ namespace AyaNova.Api.Controllers
                return NotFound(new ApiErrorResponse(ApiErrorCode.NOT_FOUND));

            if (!Authorized.IsAuthorizedToModify(HttpContext.Items, biz.BizType, o.OwnerId))
-                return StatusCode(401, new ApiNotAuthorizedResponse());
+                return StatusCode(403, new ApiNotAuthorizedResponse());

            try
            {
@@ -237,7 +237,7 @@ namespace AyaNova.Api.Controllers

            //check rights
            if (!Authorized.IsAuthorizedToCreate(HttpContext.Items, biz.BizType))
-                return StatusCode(401, new ApiNotAuthorizedResponse());
+                return StatusCode(403, new ApiNotAuthorizedResponse());

            if (!ModelState.IsValid)
                return BadRequest(new ApiErrorResponse(ModelState));