aboutsummaryrefslogtreecommitdiff
path: root/src
diff options
context:
space:
mode:
Diffstat (limited to 'src')
-rw-r--r--src/DevHive.Services/Interfaces/IPostService.cs1
-rw-r--r--src/DevHive.Services/Services/PostService.cs7
-rw-r--r--src/DevHive.Web/Controllers/PostController.cs11
3 files changed, 16 insertions, 3 deletions
diff --git a/src/DevHive.Services/Interfaces/IPostService.cs b/src/DevHive.Services/Interfaces/IPostService.cs
index 37c3354..71b558c 100644
--- a/src/DevHive.Services/Interfaces/IPostService.cs
+++ b/src/DevHive.Services/Interfaces/IPostService.cs
@@ -19,6 +19,7 @@ namespace DevHive.Services.Interfaces
Task<bool> DeletePost(Guid id);
Task<bool> DeleteComment(Guid id);
+ Task<bool> ValidateJwtForCreating(Guid userId, string rawTokenData);
Task<bool> ValidateJwtForPost(Guid postId, string rawTokenData);
Task<bool> ValidateJwtForComment(Guid commentId, string rawTokenData);
}
diff --git a/src/DevHive.Services/Services/PostService.cs b/src/DevHive.Services/Services/PostService.cs
index c3dc82f..d80d815 100644
--- a/src/DevHive.Services/Services/PostService.cs
+++ b/src/DevHive.Services/Services/PostService.cs
@@ -169,6 +169,13 @@ namespace DevHive.Services.Services
#endregion
#region Validations
+ public async Task<bool> ValidateJwtForCreating(Guid userId, string rawTokenData)
+ {
+ User user = await this.GetUserForValidation(rawTokenData);
+
+ return user.Id == userId;
+ }
+
public async Task<bool> ValidateJwtForPost(Guid postId, string rawTokenData)
{
Post post = await this._postRepository.GetByIdAsync(postId) ??
diff --git a/src/DevHive.Web/Controllers/PostController.cs b/src/DevHive.Web/Controllers/PostController.cs
index 8bb1d66..0ca041f 100644
--- a/src/DevHive.Web/Controllers/PostController.cs
+++ b/src/DevHive.Web/Controllers/PostController.cs
@@ -27,9 +27,11 @@ namespace DevHive.Web.Controllers
#region Create
[HttpPost]
- [Authorize(Roles = "Admin")]
- public async Task<IActionResult> Create(Guid userId, [FromBody] CreatePostWebModel createPostWebModel)
+ public async Task<IActionResult> Create(Guid userId, [FromBody] CreatePostWebModel createPostWebModel, [FromHeader] string authorization)
{
+ if (await this._postService.ValidateJwtForCreating(userId, authorization))
+ return new UnauthorizedResult();
+
CreatePostServiceModel createPostServiceModel =
this._postMapper.Map<CreatePostServiceModel>(createPostWebModel);
createPostServiceModel.CreatorId = userId;
@@ -43,8 +45,11 @@ namespace DevHive.Web.Controllers
[HttpPost]
[Route("Comment")]
- public async Task<IActionResult> AddComment(Guid userId, [FromBody] CreateCommentWebModel createCommentWebModel)
+ public async Task<IActionResult> AddComment(Guid userId, [FromBody] CreateCommentWebModel createCommentWebModel, [FromHeader] string authorization)
{
+ if (await this._postService.ValidateJwtForCreating(userId, authorization))
+ return new UnauthorizedResult();
+
CreateCommentServiceModel createCommentServiceModel =
this._postMapper.Map<CreateCommentServiceModel>(createCommentWebModel);
createCommentServiceModel.CreatorId = userId;
generated by cgit v1.2.3 (git 2.46.0) at 2026-03-16 07:36:16 +0000