From 62c14b8cb87135d2c2bbb86b6bbb480be6a91bbd Mon Sep 17 00:00:00 2001
From: Syndamia <kamen.d.mladenov@protonmail.com>
Date: Fri, 11 Dec 2020 21:06:18 +0200
Subject: Added very simple and insecure roles

---
 API/Controllers/UserController.cs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'API/Controllers')

diff --git a/API/Controllers/UserController.cs b/API/Controllers/UserController.cs
index 8c7a3c3..5b47f1c 100644
--- a/API/Controllers/UserController.cs
+++ b/API/Controllers/UserController.cs
@@ -9,6 +9,7 @@ using Microsoft.AspNetCore.Authorization;
 
 namespace API.Controllers
 {
+	[Authorize]
 	[ApiController]
 	[Route("/api/[controller]")]
 	public class UserController: ControllerBase
@@ -20,6 +21,7 @@ namespace API.Controllers
 			this._service = new UserService(context, mapper);
 		}
 
+		[AllowAnonymous]
 		[HttpPost]
 		[Route("login")]
 		public async Task<IActionResult> Login([FromBody] UserDTO userDTO)
@@ -29,6 +31,7 @@ namespace API.Controllers
 
 
 		//Create
+		[AllowAnonymous]
 		[HttpPost]
 		public async Task<IActionResult> Create([FromBody] UserDTO userDTO)
 		{
@@ -36,8 +39,8 @@ namespace API.Controllers
 		}
 
 		//Read
-		[Authorize]
 		[HttpGet]
+		[Authorize(Roles = "Admin")]
 		public async Task<IActionResult> GetById(int id)
 		{
 			return await this._service.GetUserById(id);
-- 
cgit v1.2.3