2021-11-18 20:58:17 +00:00
parent 137cf4856e
commit fab6212113
1 changed files with 1 additions and 1 deletions
--- a/server/AyaNova/Controllers/AttachmentController.cs
+++ b/server/AyaNova/Controllers/AttachmentController.cs
@@ -566,7 +566,7 @@ namespace AyaNova.Api.Controllers
            {
                //check if allowed
                var woTags = await ct.WorkOrder.AsNoTracking().Where(x => x.Id == dbObject.AttachToObjectId).Select(x => x.Tags).FirstOrDefaultAsync();
-                var custUserRights = await UserBiz.CustomerUserEffectiveRightsAsync(UserIdFromContext.Id(HttpContext.Items), woTags);
+                var custUserRights = await UserBiz.CustomerUserEffectiveRightsAsync(DownloadUser.Id, woTags);
                if (!custUserRights.ThisWOCanAttachments)
                    return StatusCode(403, new ApiNotAuthorizedResponse());
            }