diff options
| author | Syndamia <kamen.d.mladenov@protonmail.com> | 2021-01-28 21:18:39 +0200 |
|---|---|---|
| committer | Syndamia <kamen.d.mladenov@protonmail.com> | 2021-01-28 21:18:39 +0200 |
| commit | 3c7da624040169b7597ebc2691cf51943106a2a4 (patch) | |
| tree | 4f70986a6e798dada8180c06f037ff0efccc9c40 | |
| parent | fbf051f14bc6872913b293dad231701924291344 (diff) | |
| download | DevHive-3c7da624040169b7597ebc2691cf51943106a2a4.tar DevHive-3c7da624040169b7597ebc2691cf51943106a2a4.tar.gz DevHive-3c7da624040169b7597ebc2691cf51943106a2a4.zip | |
Users with only the role User can now create comments and posts (while admins can't create them from other people's accounts)
| -rw-r--r-- | src/DevHive.Services/Interfaces/IPostService.cs | 1 | ||||
| -rw-r--r-- | src/DevHive.Services/Services/PostService.cs | 7 | ||||
| -rw-r--r-- | src/DevHive.Web/Controllers/PostController.cs | 11 |
3 files changed, 16 insertions, 3 deletions
diff --git a/src/DevHive.Services/Interfaces/IPostService.cs b/src/DevHive.Services/Interfaces/IPostService.cs index 37c3354..71b558c 100644 --- a/src/DevHive.Services/Interfaces/IPostService.cs +++ b/src/DevHive.Services/Interfaces/IPostService.cs @@ -19,6 +19,7 @@ namespace DevHive.Services.Interfaces Task<bool> DeletePost(Guid id); Task<bool> DeleteComment(Guid id); + Task<bool> ValidateJwtForCreating(Guid userId, string rawTokenData); Task<bool> ValidateJwtForPost(Guid postId, string rawTokenData); Task<bool> ValidateJwtForComment(Guid commentId, string rawTokenData); } diff --git a/src/DevHive.Services/Services/PostService.cs b/src/DevHive.Services/Services/PostService.cs index c3dc82f..d80d815 100644 --- a/src/DevHive.Services/Services/PostService.cs +++ b/src/DevHive.Services/Services/PostService.cs @@ -169,6 +169,13 @@ namespace DevHive.Services.Services #endregion #region Validations + public async Task<bool> ValidateJwtForCreating(Guid userId, string rawTokenData) + { + User user = await this.GetUserForValidation(rawTokenData); + + return user.Id == userId; + } + public async Task<bool> ValidateJwtForPost(Guid postId, string rawTokenData) { Post post = await this._postRepository.GetByIdAsync(postId) ?? diff --git a/src/DevHive.Web/Controllers/PostController.cs b/src/DevHive.Web/Controllers/PostController.cs index 8bb1d66..0ca041f 100644 --- a/src/DevHive.Web/Controllers/PostController.cs +++ b/src/DevHive.Web/Controllers/PostController.cs @@ -27,9 +27,11 @@ namespace DevHive.Web.Controllers #region Create [HttpPost] - [Authorize(Roles = "Admin")] - public async Task<IActionResult> Create(Guid userId, [FromBody] CreatePostWebModel createPostWebModel) + public async Task<IActionResult> Create(Guid userId, [FromBody] CreatePostWebModel createPostWebModel, [FromHeader] string authorization) { + if (await this._postService.ValidateJwtForCreating(userId, authorization)) + return new UnauthorizedResult(); + CreatePostServiceModel createPostServiceModel = this._postMapper.Map<CreatePostServiceModel>(createPostWebModel); createPostServiceModel.CreatorId = userId; @@ -43,8 +45,11 @@ namespace DevHive.Web.Controllers [HttpPost] [Route("Comment")] - public async Task<IActionResult> AddComment(Guid userId, [FromBody] CreateCommentWebModel createCommentWebModel) + public async Task<IActionResult> AddComment(Guid userId, [FromBody] CreateCommentWebModel createCommentWebModel, [FromHeader] string authorization) { + if (await this._postService.ValidateJwtForCreating(userId, authorization)) + return new UnauthorizedResult(); + CreateCommentServiceModel createCommentServiceModel = this._postMapper.Map<CreateCommentServiceModel>(createCommentWebModel); createCommentServiceModel.CreatorId = userId; |