Users with only the role User can now create comments and posts (while admins can't create them from other people's accounts)

2 files changed, 8 insertions, 0 deletions

diff --git a/src/DevHive.Services/Interfaces/IPostService.cs b/src/DevHive.Services/Interfaces/IPostService.cs
index 37c3354..71b558c 100644
--- a/src/DevHive.Services/Interfaces/IPostService.cs
+++ b/src/DevHive.Services/Interfaces/IPostService.cs
@@ -19,6 +19,7 @@ namespace DevHive.Services.Interfaces
 		Task<bool> DeletePost(Guid id);
 		Task<bool> DeleteComment(Guid id);
 
+		Task<bool> ValidateJwtForCreating(Guid userId, string rawTokenData);
 		Task<bool> ValidateJwtForPost(Guid postId, string rawTokenData);
 		Task<bool> ValidateJwtForComment(Guid commentId, string rawTokenData);
 	}
diff --git a/src/DevHive.Services/Services/PostService.cs b/src/DevHive.Services/Services/PostService.cs
index c3dc82f..d80d815 100644
--- a/src/DevHive.Services/Services/PostService.cs
+++ b/src/DevHive.Services/Services/PostService.cs
@@ -169,6 +169,13 @@ namespace DevHive.Services.Services
 		#endregion
 
 		#region Validations
+		public async Task<bool> ValidateJwtForCreating(Guid userId, string rawTokenData)
+		{
+			User user = await this.GetUserForValidation(rawTokenData);
+
+			return user.Id == userId;
+		}
+
 		public async Task<bool> ValidateJwtForPost(Guid postId, string rawTokenData)
 		{
 			Post post = await this._postRepository.GetByIdAsync(postId) ??