From b8dab3d4a46f1730948cd13c83bb5c2f8d0f7027 Mon Sep 17 00:00:00 2001 From: "DESKTOP-T0O5CDB\\DESK-555BD" Date: Thu, 8 Feb 2024 17:41:00 -0700 Subject: [PATCH] checked endpoints. --- Filter/CollaboratorFilter.cs | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/Filter/CollaboratorFilter.cs b/Filter/CollaboratorFilter.cs index f73196e..c68f4f1 100644 --- a/Filter/CollaboratorFilter.cs +++ b/Filter/CollaboratorFilter.cs @@ -17,6 +17,7 @@ namespace CarCareTracker.Filter } public override void OnActionExecuting(ActionExecutingContext filterContext) { + var shopSupplyEndpoints = new List { "ImportToVehicleIdFromCsv", "GetSupplyRecordsByVehicleId", "ExportFromVehicleToCsv" }; if (!filterContext.HttpContext.User.IsInRole(nameof(UserData.IsRootUser))) { var vehicleId = int.Parse(filterContext.ActionArguments["vehicleId"].ToString()); @@ -27,11 +28,11 @@ namespace CarCareTracker.Filter { filterContext.Result = new RedirectResult("/Error/Unauthorized"); } - } else if (filterContext.RouteData.Values["action"].ToString() == "GetSupplyRecordsByVehicleId" && !_config.GetServerEnableShopSupplies()) + } else if (shopSupplyEndpoints.Contains(filterContext.RouteData.Values["action"].ToString()) && !_config.GetServerEnableShopSupplies()) { //user trying to access shop supplies but shop supplies is not enabled by root user. filterContext.Result = new RedirectResult("/Error/Unauthorized"); - } else if (filterContext.RouteData.Values["action"].ToString() != "GetSupplyRecordsByVehicleId") + } else if (!shopSupplyEndpoints.Contains(filterContext.RouteData.Values["action"].ToString())) { //user trying to access any other endpoints using 0 as vehicle id. filterContext.Result = new RedirectResult("/Error/Unauthorized");