From 4df85d75dbd49d4e3577ae653817f0fbd05e6710 Mon Sep 17 00:00:00 2001 From: Scott Pouliot Date: Sat, 20 Jun 2026 17:57:10 -0400 Subject: [PATCH] Gate Tools and OvenScheduler controllers (authorization audit #3) Both were class-level [Authorize] only, so any authenticated user (including ReadOnly/Employee/ShopFloor) could reach state-changing actions: - ToolsController (32 POSTs: bulk CSV + QuickBooks import/export of customers, invoices, financials, inventory, etc.) -> CanManageInvoices. Closes a data-egress + bulk-import gap; low-privilege roles can no longer export or import company data. - OvenSchedulerController (9 POSTs: create/add/move/remove/start/complete/ delete batch) -> CanManageJobs, matching the shop-ops domain. Audit #3 otherwise clean: ~75/80 controllers correctly gated, platform surface consistently SuperAdminOnly, anonymous controllers intentional (webhooks/public flows), PasskeyController correctly per-action gated, and this session's earlier changes (SaveDefaultAccounts -> CompanyAdminOnly, QB sign-fix -> SuperAdminOnly) verified correct. Co-Authored-By: Claude Opus 4.8 --- .../Controllers/OvenSchedulerController.cs | 4 +++- src/PowderCoating.Web/Controllers/ToolsController.cs | 6 +++++- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/PowderCoating.Web/Controllers/OvenSchedulerController.cs b/src/PowderCoating.Web/Controllers/OvenSchedulerController.cs index 6ec4ff4..11cdd70 100644 --- a/src/PowderCoating.Web/Controllers/OvenSchedulerController.cs +++ b/src/PowderCoating.Web/Controllers/OvenSchedulerController.cs @@ -11,7 +11,9 @@ using PowderCoating.Web.Hubs; namespace PowderCoating.Web.Controllers; -[Authorize] +// Oven batch scheduling is shop-floor job management — gated to CanManageJobs so +// low-privilege roles can't create/modify/delete batches. (Audit #3, 2026-06-20.) +[Authorize(Policy = AppConstants.Policies.CanManageJobs)] public class OvenSchedulerController : Controller { private readonly IUnitOfWork _unitOfWork; diff --git a/src/PowderCoating.Web/Controllers/ToolsController.cs b/src/PowderCoating.Web/Controllers/ToolsController.cs index 8f6efbd..938ce9b 100644 --- a/src/PowderCoating.Web/Controllers/ToolsController.cs +++ b/src/PowderCoating.Web/Controllers/ToolsController.cs @@ -9,11 +9,15 @@ using PowderCoating.Core.Entities; using PowderCoating.Core.Enums; using PowderCoating.Core.Interfaces; using PowderCoating.Infrastructure.Data; +using PowderCoating.Shared.Constants; using System.Security.Claims; namespace PowderCoating.Web.Controllers; -[Authorize] +// Bulk import/export + QuickBooks migration tools — gated to the financial-management +// permission so low-privilege roles (ReadOnly/Employee/ShopFloor) can't export or +// import company data. (Audit #3, 2026-06-20.) +[Authorize(Policy = AppConstants.Policies.CanManageInvoices)] public class ToolsController : Controller { private readonly IUnitOfWork _unitOfWork;