cphipps/lubelog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fixed collaboratorfilter so that user can only access shop supplies

Browse Source
This commit is contained in:
DESKTOP-T0O5CDB\DESK-555BD
2024-02-08 17:32:06 -07:00
parent 08ace8b08d
commit 9e37c01a83
1 changed files with 13 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
Filter/CollaboratorFilter.cs
View File

@@ -1,4 +1,5 @@
using CarCareTracker.Logic;
using CarCareTracker.Helper;
using CarCareTracker.Logic;
using CarCareTracker.Models;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
@@ -9,8 +10,10 @@ namespace CarCareTracker.Filter
public class CollaboratorFilter: ActionFilterAttribute
{
private readonly IUserLogic _userLogic;
public CollaboratorFilter(IUserLogic userLogic) {
private readonly IConfigHelper _config;
public CollaboratorFilter(IUserLogic userLogic, IConfigHelper config) {
_userLogic = userLogic;
_config = config;
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
@@ -24,6 +27,14 @@ namespace CarCareTracker.Filter
{
filterContext.Result = new RedirectResult("/Error/Unauthorized");
}
} else if (filterContext.RouteData.Values["action"].ToString() == "GetSupplyRecordsByVehicleId" && !_config.GetServerEnableShopSupplies())
{
//user trying to access shop supplies but shop supplies is not enabled by root user.
filterContext.Result = new RedirectResult("/Error/Unauthorized");
} else if (filterContext.RouteData.Values["action"].ToString() != "GetSupplyRecordsByVehicleId")
{
//user trying to access any other endpoints using 0 as vehicle id.
filterContext.Result = new RedirectResult("/Error/Unauthorized");
}
}
}