Fixed GetById to return only public info

7 files changed, 32 insertions, 14 deletions

diff --git a/src/DevHive.Services/Configurations/Mapping/UserMappings.cs b/src/DevHive.Services/Configurations/Mapping/UserMappings.cs
index 9a35e43..ca8fa20 100644
--- a/src/DevHive.Services/Configurations/Mapping/UserMappings.cs
+++ b/src/DevHive.Services/Configurations/Mapping/UserMappings.cs
@@ -11,6 +11,8 @@ namespace DevHive.Services.Configurations.Mapping
 			CreateMap<UserServiceModel, User>();
 			CreateMap<RegisterServiceModel, User>();
 			CreateMap<UpdateUserServiceModel, User>();
+
+			CreateMap<User, UserServiceModel>();
 		}
 	} 
 }
diff --git a/src/DevHive.Services/Services/UserService.cs b/src/DevHive.Services/Services/UserService.cs
index c71209e..06f8b1b 100644
--- a/src/DevHive.Services/Services/UserService.cs
+++ b/src/DevHive.Services/Services/UserService.cs
@@ -11,7 +11,6 @@ using System.Security.Claims;
 using Microsoft.IdentityModel.Tokens;
 using System.Security.Cryptography;
 using System.Text;
-using System.Collections.Immutable;
 
 namespace DevHive.Services.Services
 {
@@ -62,14 +61,12 @@ namespace DevHive.Services.Services
 			return new CreatedResult("CreateUser", user);
 		}
 
-		public async Task<IActionResult> GetUserById(Guid id)
+		public async Task<UserServiceModel> GetUserById(Guid id)
 		{
-			User user = await this._userRepository.GetByIdAsync(id);
-
-			if (user == null)
-				return new NotFoundObjectResult("User does not exist!");
+			User user = await this._userRepository.GetByIdAsync(id)
+				?? throw new ArgumentException("User does not exist!");
 
-			return new OkObjectResult(user);
+			return this._userMapper.Map<UserServiceModel>(user);
 		}
 
 		public async Task<IActionResult> UpdateUser(UpdateUserServiceModel updateModel)
diff --git a/src/DevHive.Web/Configurations/Extensions/ConfigureDatabase.cs b/src/DevHive.Web/Configurations/Extensions/ConfigureDatabase.cs
index f308957..0fe32de 100644
--- a/src/DevHive.Web/Configurations/Extensions/ConfigureDatabase.cs
+++ b/src/DevHive.Web/Configurations/Extensions/ConfigureDatabase.cs
@@ -37,6 +37,12 @@ namespace DevHive.Web.Configurations.Extensions
 
 				options.Stores.MaxLengthForKeys = 20;
 			});
+
+			services.AddAuthorization(options =>
+			{
+				options.AddPolicy($"{Role.DefaultRole}",
+					policy => policy.RequireRole($"{Role.DefaultRole}"));
+			});
 		}
 
 		public static void UseDatabaseConfiguration(this IApplicationBuilder app)
diff --git a/src/DevHive.Web/Configurations/Mapping/UserMappings.cs b/src/DevHive.Web/Configurations/Mapping/UserMappings.cs
index 49f0348..06083de 100644
--- a/src/DevHive.Web/Configurations/Mapping/UserMappings.cs
+++ b/src/DevHive.Web/Configurations/Mapping/UserMappings.cs
@@ -11,7 +11,10 @@ namespace DevHive.Web.Configurations.Mapping
 		{
 			CreateMap<LoginWebModel, LoginServiceModel>();
 			CreateMap<RegisterWebModel, RegisterServiceModel>();
+			CreateMap<UserWebModel, UserServiceModel>();
 			CreateMap<UpdateUserWebModel, UpdateUserServiceModel>();
+
+			CreateMap<UserServiceModel, UserWebModel>();
 		}
 	} 
 }
diff --git a/src/DevHive.Web/Controllers/UserController.cs b/src/DevHive.Web/Controllers/UserController.cs
index f241409..74eccd4 100644
--- a/src/DevHive.Web/Controllers/UserController.cs
+++ b/src/DevHive.Web/Controllers/UserController.cs
@@ -1,6 +1,7 @@
 using System;
 using System.Threading.Tasks;
 using AutoMapper;
+using DevHive.Data.Models;
 using DevHive.Data.Repositories;
 using DevHive.Services.Models.Identity.User;
 using DevHive.Services.Options;
@@ -46,7 +47,9 @@ namespace DevHive.Web.Controllers
 		[HttpGet]
 		public async Task<IActionResult> GetById(Guid id)
 		{
-			return await this._userService.GetUserById(id);
+			UserServiceModel serviceModel = await this._userService.GetUserById(id);
+
+			return new OkObjectResult(this._userMapper.Map<UserWebModel>(serviceModel));
 		}
 
 		//Update
@@ -62,7 +65,7 @@ namespace DevHive.Web.Controllers
 
 		//Delete
 		[HttpDelete]
-	   	[Authorize]	
+		[Authorize(Roles = Role.DefaultRole)]
 		public async Task<IActionResult> Delete(Guid id)
 		{
 			return await this._userService.DeleteUser(id);
diff --git a/src/DevHive.Web/Models/Identity/User/UpdateUserWebModel.cs b/src/DevHive.Web/Models/Identity/User/UpdateUserWebModel.cs
index 3d96189..e04e7da 100644
--- a/src/DevHive.Web/Models/Identity/User/UpdateUserWebModel.cs
+++ b/src/DevHive.Web/Models/Identity/User/UpdateUserWebModel.cs
@@ -1,11 +1,7 @@
 namespace DevHive.Web.Models.Identity.User 
 {
-	public class UpdateUserWebModel
+	public class UpdateUserWebModel : UserWebModel
 	{
-		public string UserName { get; set; }
-		public string Email { get; set; }
-		public string FirstName { get; set; }
-		public string LastName { get; set; }
 		public string Password { get; set; }
 	}
 }
diff --git a/src/DevHive.Web/Models/Identity/User/UserWebModel.cs b/src/DevHive.Web/Models/Identity/User/UserWebModel.cs
new file mode 100644
index 0000000..e070d44
--- /dev/null
+++ b/src/DevHive.Web/Models/Identity/User/UserWebModel.cs
@@ -0,0 +1,11 @@
+namespace DevHive.Web.Models.Identity.User 
+{
+	public class UserWebModel
+	{
+		public string UserName { get; set; }
+		public string Email { get; set; }
+		public string FirstName { get; set; }
+		public string LastName { get; set; }
+		public string Role { get; set; }
+	}
+}