2 files changed, 8 insertions, 0 deletions

diff --git a/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs b/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs
index 07ba0c3..425c3e1 100644
--- a/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs
+++ b/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs
@@ -8,6 +8,8 @@ namespace DevHive.Web.Models.Rating
 {
 	public class UpdateRatingWebModel
 	{
+		public Guid Id { get; set; }
+
 		public Guid PostId { get; set; }
 
 		public bool IsLike { get; set; }
diff --git a/src/Web/DevHive.Web/Controllers/RatingController.cs b/src/Web/DevHive.Web/Controllers/RatingController.cs
index 216dc27..33e6992 100644
--- a/src/Web/DevHive.Web/Controllers/RatingController.cs
+++ b/src/Web/DevHive.Web/Controllers/RatingController.cs
@@ -28,6 +28,9 @@ namespace DevHive.Web.Controllers
 		[HttpPost]
 		public async Task<IActionResult> RatePost(Guid userId, [FromBody] CreateRatingWebModel createRatingWebModel, [FromHeader] string authorization)
 		{
+			if (!await this._rateService.ValidateJwtForCreating(userId, authorization))
+				return new UnauthorizedResult();
+
 			CreateRatingServiceModel ratePostServiceModel = this._mapper.Map<CreateRatingServiceModel>(createRatingWebModel);
 			ratePostServiceModel.UserId = userId;
 
@@ -51,6 +54,9 @@ namespace DevHive.Web.Controllers
 		[HttpPut]
 		public async Task<IActionResult> UpdateRating(Guid userId, [FromBody] UpdateRatingWebModel updateRatingWebModel, [FromHeader] string authorization)
 		{
+			if (!await this._rateService.ValidateJwtForRating(updateRatingWebModel.Id, authorization))
+				return new UnauthorizedResult();
+
 			UpdateRatingServiceModel updateRatingServiceModel =
 				this._mapper.Map<UpdateRatingServiceModel>(updateRatingWebModel);
 			updateRatingServiceModel.UserId = userId;