cphipps/lubelog
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

checked endpoints.

Browse Source
This commit is contained in:
DESKTOP-T0O5CDB\DESK-555BD
2024-02-08 17:41:00 -07:00
parent 9e37c01a83
commit b8dab3d4a4
1 changed files with 3 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Filter/CollaboratorFilter.cs
View File

@@ -17,6 +17,7 @@ namespace CarCareTracker.Filter
}
public override void OnActionExecuting(ActionExecutingContext filterContext)
{
var shopSupplyEndpoints = new List<string> { "ImportToVehicleIdFromCsv", "GetSupplyRecordsByVehicleId", "ExportFromVehicleToCsv" };
if (!filterContext.HttpContext.User.IsInRole(nameof(UserData.IsRootUser)))
{
var vehicleId = int.Parse(filterContext.ActionArguments["vehicleId"].ToString());
@@ -27,11 +28,11 @@ namespace CarCareTracker.Filter
{
filterContext.Result = new RedirectResult("/Error/Unauthorized");
}
} else if (filterContext.RouteData.Values["action"].ToString() == "GetSupplyRecordsByVehicleId" && !_config.GetServerEnableShopSupplies())
} else if (shopSupplyEndpoints.Contains(filterContext.RouteData.Values["action"].ToString()) && !_config.GetServerEnableShopSupplies())
{
//user trying to access shop supplies but shop supplies is not enabled by root user.
filterContext.Result = new RedirectResult("/Error/Unauthorized");
} else if (filterContext.RouteData.Values["action"].ToString() != "GetSupplyRecordsByVehicleId")
} else if (!shopSupplyEndpoints.Contains(filterContext.RouteData.Values["action"].ToString()))
{
//user trying to access any other endpoints using 0 as vehicle id.
filterContext.Result = new RedirectResult("/Error/Unauthorized");