server/AyaNova/Controllers/EventLogController.cs

@@ -107,14 +107,14 @@ namespace AyaNova.Api.Controllers
         /// <param name="apiVersion">Automatically filled from route path, no need to specify in body</param>
         /// <returns></returns>
         [ApiExplorerSettings(IgnoreApi = true)]
-        [HttpPost]
+        [HttpPost("v7")]
         public async Task<IActionResult> PostV7Modify([FromBody] V7Event inObj, ApiVersion apiVersion)
         {
             if (!serverState.IsOpen)
                 return StatusCode(503, new ApiErrorResponse(serverState.ApiErrorCode, null, serverState.Reason));
 
-            //Only biz admin full users can do this
-            if (!Authorized.HasAnyRole(HttpContext.Items, AuthorizationRoles.BizAdminFull))
+           //NOTE: only bizadmin full and opsadminfull have this right so it's perfect for this task
+            if (!Authorized.HasCreateRole(HttpContext.Items, AyaType.License))           
                 return StatusCode(403, new ApiNotAuthorizedResponse());
 
             if (!ModelState.IsValid)