From 9221750af4966ba35a370e6b4597e3495b2f99c2 Mon Sep 17 00:00:00 2001 From: Oleg Zhuk Date: Fri, 26 May 2023 14:20:17 +0200 Subject: [PATCH] PT-12269: Rest API returns Unauthorized instead of Forbid. (#348) fix: Rest API returns Unauthorized instead of Forbid. --- .../Controllers/Api/OrderModuleController.cs | 16 ++++++++-------- .../Api/OrderModulePaymentsController.cs | 8 ++++---- 2 files changed, 12 insertions(+), 12 deletions(-) diff --git a/src/VirtoCommerce.OrdersModule.Web/Controllers/Api/OrderModuleController.cs b/src/VirtoCommerce.OrdersModule.Web/Controllers/Api/OrderModuleController.cs index 3f8c85ce..6a07a41e 100644 --- a/src/VirtoCommerce.OrdersModule.Web/Controllers/Api/OrderModuleController.cs +++ b/src/VirtoCommerce.OrdersModule.Web/Controllers/Api/OrderModuleController.cs @@ -127,7 +127,7 @@ public async Task> SearchCustomerOrder([ var authorizationResult = await _authorizationService.AuthorizeAsync(User, criteria, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Read)); if (!authorizationResult.Succeeded) { - return Unauthorized(); + return Forbid(); } var result = await _searchService.SearchAsync(criteria); @@ -152,7 +152,7 @@ public async Task> GetByNumber(string number, [Swagg var authorizationResult = await _authorizationService.AuthorizeAsync(User, searchCriteria, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Read)); if (!authorizationResult.Succeeded) { - return Unauthorized(); + return Forbid(); } var result = await _searchService.SearchAsync(searchCriteria); @@ -177,7 +177,7 @@ public async Task> GetById(string id, [SwaggerOption var authorizationResult = await _authorizationService.AuthorizeAsync(User, searchCriteria, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Read)); if (!authorizationResult.Succeeded) { - return Unauthorized(); + return Forbid(); } var result = await _searchService.SearchAsync(searchCriteria); @@ -254,7 +254,7 @@ public async Task> ProcessOrderPayment var authorizationResult = await _authorizationService.AuthorizeAsync(User, customerOrder, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Update)); if (!authorizationResult.Succeeded) { - return Unauthorized(); + return Forbid(); } var inPayment = customerOrder.InPayments.FirstOrDefault(x => x.Id == paymentId); @@ -374,7 +374,7 @@ public async Task UpdateOrder([FromBody] CustomerOrder customerOrd var authorizationResult = await _authorizationService.AuthorizeAsync(User, order, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Update)); if (!authorizationResult.Succeeded) { - return Unauthorized(); + return Forbid(); } var validationResult = await ValidateAsync(customerOrder); @@ -488,7 +488,7 @@ public async Task DeleteOrdersByIds([FromQuery] string[] ids) } } - return unauthorizedRequest ? Unauthorized() : NoContent(); + return unauthorizedRequest ? Forbid() : NoContent(); } /// @@ -647,7 +647,7 @@ public async Task> GetOrderChanges(string id) var authorizationResult = await _authorizationService.AuthorizeAsync(User, order, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Read)); if (!authorizationResult.Succeeded) { - return Unauthorized(); + return Forbid(); } //Load general change log for order @@ -685,7 +685,7 @@ public async Task> SearchOrderChanges([FromB var authorizationResult = await _authorizationService.AuthorizeAsync(User, order, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Read)); if (!authorizationResult.Succeeded) { - return Unauthorized(); + return Forbid(); } //Load general change log for order diff --git a/src/VirtoCommerce.OrdersModule.Web/Controllers/Api/OrderModulePaymentsController.cs b/src/VirtoCommerce.OrdersModule.Web/Controllers/Api/OrderModulePaymentsController.cs index b5a85064..f2e94ef2 100644 --- a/src/VirtoCommerce.OrdersModule.Web/Controllers/Api/OrderModulePaymentsController.cs +++ b/src/VirtoCommerce.OrdersModule.Web/Controllers/Api/OrderModulePaymentsController.cs @@ -57,7 +57,7 @@ public async Task> SearchOrderPayments([FromBo var authorizationResult = await _authorizationService.AuthorizeAsync(User, criteria, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Read)); if (!authorizationResult.Succeeded) { - return Unauthorized(); + return Forbid(); } var result = await _paymentSearchService.SearchAsync(criteria); @@ -81,7 +81,7 @@ public async Task> GetById(string id, [SwaggerOptional][ var authorizationResult = await _authorizationService.AuthorizeAsync(User, searchCriteria, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Read)); if (!authorizationResult.Succeeded) { - return Unauthorized(); + return Forbid(); } var result = await _paymentSearchService.SearchAsync(searchCriteria); @@ -112,7 +112,7 @@ public async Task> CreatePayment([FromBody] PaymentI var authorizationResult = await _authorizationService.AuthorizeAsync(User, customerOrder, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Update)); if (!authorizationResult.Succeeded) { - return Unauthorized(); + return Forbid(); } var validationResult = await ValidateAsync(payment); if (!validationResult.IsValid) @@ -151,7 +151,7 @@ public async Task DeleteOrderPaymentsByIds([FromQuery] string[] id var authorizationResult = await _authorizationService.AuthorizeAsync(User, searchCriteria, new OrderAuthorizationRequirement(ModuleConstants.Security.Permissions.Read)); if (!authorizationResult.Succeeded) { - return Unauthorized(); + return Forbid(); } var result = await _paymentSearchService.SearchAsync(searchCriteria); await _paymentService.DeleteAsync(result.Results.Select(x => x.Id).ToArray());