spouliot/PowderCoatingLogix
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Gate Tools and OvenScheduler controllers (authorization audit #3)

Browse Source 
Both were class-level [Authorize] only, so any authenticated user
(including ReadOnly/Employee/ShopFloor) could reach state-changing actions:

- ToolsController (32 POSTs: bulk CSV + QuickBooks import/export of
  customers, invoices, financials, inventory, etc.) -> CanManageInvoices.
  Closes a data-egress + bulk-import gap; low-privilege roles can no longer
  export or import company data.
- OvenSchedulerController (9 POSTs: create/add/move/remove/start/complete/
  delete batch) -> CanManageJobs, matching the shop-ops domain.

Audit #3 otherwise clean: ~75/80 controllers correctly gated, platform
surface consistently SuperAdminOnly, anonymous controllers intentional
(webhooks/public flows), PasskeyController correctly per-action gated, and
this session's earlier changes (SaveDefaultAccounts -> CompanyAdminOnly,
QB sign-fix -> SuperAdminOnly) verified correct.

Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
Scott Pouliot
2026-06-20 17:57:10 -04:00
parent f9039fc735
commit 4df85d75db
2 changed files with 8 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
src/PowderCoating.Web/Controllers/OvenSchedulerController.cs
+3 -1
View File
@@ -11,7 +11,9 @@ using PowderCoating.Web.Hubs;
namespace PowderCoating.Web.Controllers;
[Authorize]
// Oven batch scheduling is shop-floor job management — gated to CanManageJobs so
// low-privilege roles can't create/modify/delete batches. (Audit #3, 2026-06-20.)
[Authorize(Policy = AppConstants.Policies.CanManageJobs)]
public class OvenSchedulerController : Controller
{
private readonly IUnitOfWork _unitOfWork;
src/PowderCoating.Web/Controllers/ToolsController.cs
+5 -1
View File
@@ -9,11 +9,15 @@ using PowderCoating.Core.Entities;
using PowderCoating.Core.Enums;
using PowderCoating.Core.Interfaces;
using PowderCoating.Infrastructure.Data;
using PowderCoating.Shared.Constants;
using System.Security.Claims;
namespace PowderCoating.Web.Controllers;
[Authorize]
// Bulk import/export + QuickBooks migration tools — gated to the financial-management
// permission so low-privilege roles (ReadOnly/Employee/ShopFloor) can't export or
// import company data. (Audit #3, 2026-06-20.)
[Authorize(Policy = AppConstants.Policies.CanManageInvoices)]
public class ToolsController : Controller
{
private readonly IUnitOfWork _unitOfWork;