From f0f3627e00ac30d30b58cd0b3cafb18d4e014d97 Mon Sep 17 00:00:00 2001
From: John Cardinal <support@ayanova.com>
Date: Thu, 3 Nov 2022 15:28:04 +0000
Subject: [PATCH] case 4231

---
 server/AyaNova/Controllers/WorkOrderController.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/server/AyaNova/Controllers/WorkOrderController.cs b/server/AyaNova/Controllers/WorkOrderController.cs
index ab4833d4..fbf4ef98 100644
--- a/server/AyaNova/Controllers/WorkOrderController.cs
+++ b/server/AyaNova/Controllers/WorkOrderController.cs
@@ -251,7 +251,7 @@ namespace AyaNova.Api.Controllers
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
             WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
-            if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.WorkOrderStatus) || biz.UserIsSubContractorFull || biz.UserIsSubContractorRestricted)
+            if (!Authorized.HasModifyRole(HttpContext.Items, biz.BizType) || biz.UserIsSubContractorFull || biz.UserIsSubContractorRestricted)
                 return StatusCode(403, new ApiNotAuthorizedResponse());
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));
@@ -274,7 +274,7 @@ namespace AyaNova.Api.Controllers
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
             WorkOrderBiz biz = WorkOrderBiz.GetBiz(ct, HttpContext);
-            if (!Authorized.HasReadFullRole(HttpContext.Items, AyaType.WorkOrderStatus))
+            if (!Authorized.HasReadFullRole(HttpContext.Items, biz.BizType))
                 return StatusCode(403, new ApiNotAuthorizedResponse());
             if (!ModelState.IsValid)
                 return BadRequest(new ApiErrorResponse(ModelState));