Merge pull request #251 from hargata/Hargata/shop.supplies

checked endpoints.
2025-12-10 00:46:08 -06:00 · 2024-02-08 17:41:50 -07:00 · 2024-02-08 17:41:50 -07:00 · 6be6a2196e
commit 6be6a2196e
parent 447c929386 b8dab3d4a4
1 changed files with 3 additions and 2 deletions
--- a/Filter/CollaboratorFilter.cs
+++ b/Filter/CollaboratorFilter.cs
@ -17,6 +17,7 @@ namespace CarCareTracker.Filter
        }
        public override void OnActionExecuting(ActionExecutingContext filterContext)
        {
+            var shopSupplyEndpoints = new List<string> { "ImportToVehicleIdFromCsv", "GetSupplyRecordsByVehicleId", "ExportFromVehicleToCsv" };
            if (!filterContext.HttpContext.User.IsInRole(nameof(UserData.IsRootUser)))
            {
                var vehicleId = int.Parse(filterContext.ActionArguments["vehicleId"].ToString());
@ -27,11 +28,11 @@ namespace CarCareTracker.Filter
                    {
                        filterContext.Result = new RedirectResult("/Error/Unauthorized");
                    }
-                } else if (filterContext.RouteData.Values["action"].ToString() == "GetSupplyRecordsByVehicleId" && !_config.GetServerEnableShopSupplies())
+                } else if (shopSupplyEndpoints.Contains(filterContext.RouteData.Values["action"].ToString()) && !_config.GetServerEnableShopSupplies())
                {
                    //user trying to access shop supplies but shop supplies is not enabled by root user.
                    filterContext.Result = new RedirectResult("/Error/Unauthorized");
-                } else if (filterContext.RouteData.Values["action"].ToString() != "GetSupplyRecordsByVehicleId")
+                } else if (!shopSupplyEndpoints.Contains(filterContext.RouteData.Values["action"].ToString()))
                {
                    //user trying to access any other endpoints using 0 as vehicle id.
                    filterContext.Result = new RedirectResult("/Error/Unauthorized");