This commit is contained in:
2019-04-30 15:26:05 +00:00
parent de36cbbaf1
commit e8ef841590
17 changed files with 72 additions and 54 deletions

View File

@@ -70,7 +70,7 @@ namespace AyaNova.Api.Controllers
//Different than normal here: a user is *always* allowed to retrieve their own user options object
if (id != UserId && !Authorized.IsAuthorizedToReadFullRecord(HttpContext.Items, AyaType.UserOptions))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
return StatusCode(403, new ApiNotAuthorizedResponse());
}
//Instantiate the business object handler
@@ -122,7 +122,7 @@ namespace AyaNova.Api.Controllers
if (id != UserId && !Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.UserOptions, o.OwnerId))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
return StatusCode(403, new ApiNotAuthorizedResponse());
}
//Instantiate the business object handler
@@ -191,7 +191,7 @@ namespace AyaNova.Api.Controllers
if (id != UserId && !Authorized.IsAuthorizedToModify(HttpContext.Items, AyaType.UserOptions, o.OwnerId))
{
return StatusCode(401, new ApiNotAuthorizedResponse());
return StatusCode(403, new ApiNotAuthorizedResponse());
}