From 3c7da624040169b7597ebc2691cf51943106a2a4 Mon Sep 17 00:00:00 2001 From: Syndamia Date: Thu, 28 Jan 2021 21:18:39 +0200 Subject: Users with only the role User can now create comments and posts (while admins can't create them from other people's accounts) --- src/DevHive.Services/Interfaces/IPostService.cs | 1 + src/DevHive.Services/Services/PostService.cs | 7 +++++++ 2 files changed, 8 insertions(+) (limited to 'src/DevHive.Services') diff --git a/src/DevHive.Services/Interfaces/IPostService.cs b/src/DevHive.Services/Interfaces/IPostService.cs index 37c3354..71b558c 100644 --- a/src/DevHive.Services/Interfaces/IPostService.cs +++ b/src/DevHive.Services/Interfaces/IPostService.cs @@ -19,6 +19,7 @@ namespace DevHive.Services.Interfaces Task DeletePost(Guid id); Task DeleteComment(Guid id); + Task ValidateJwtForCreating(Guid userId, string rawTokenData); Task ValidateJwtForPost(Guid postId, string rawTokenData); Task ValidateJwtForComment(Guid commentId, string rawTokenData); } diff --git a/src/DevHive.Services/Services/PostService.cs b/src/DevHive.Services/Services/PostService.cs index c3dc82f..d80d815 100644 --- a/src/DevHive.Services/Services/PostService.cs +++ b/src/DevHive.Services/Services/PostService.cs @@ -169,6 +169,13 @@ namespace DevHive.Services.Services #endregion #region Validations + public async Task ValidateJwtForCreating(Guid userId, string rawTokenData) + { + User user = await this.GetUserForValidation(rawTokenData); + + return user.Id == userId; + } + public async Task ValidateJwtForPost(Guid postId, string rawTokenData) { Post post = await this._postRepository.GetByIdAsync(postId) ?? -- cgit v1.2.3