From be9c9e7721610536259f1ea997c259956c894bbd Mon Sep 17 00:00:00 2001
From: Danail Dimitrov <danaildimitrov321@gmail.com>
Date: Sun, 3 Jan 2021 21:49:47 +0200
Subject: added user validation for deleting and updating comments

---
 src/DevHive.Web/Controllers/PostController.cs | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'src/DevHive.Web/Controllers')

diff --git a/src/DevHive.Web/Controllers/PostController.cs b/src/DevHive.Web/Controllers/PostController.cs
index 397ddbc..60c3935 100644
--- a/src/DevHive.Web/Controllers/PostController.cs
+++ b/src/DevHive.Web/Controllers/PostController.cs
@@ -92,8 +92,11 @@ namespace DevHive.Web.Controllers
 
 		[HttpPut]
 		[Route("Comment")]
-		public async Task<IActionResult> UpdateComment(Guid id, [FromBody] CommentWebModel commentWebModel)
+		public async Task<IActionResult> UpdateComment(Guid id, [FromBody] CommentWebModel commentWebModel, [FromHeader] string authorization)
 		{
+			if (!await this._postService.ValidateJwtForComment(id, authorization))
+				return new UnauthorizedResult();
+
 			UpdateCommentServiceModel updateCommentServiceModel = this._postMapper.Map<UpdateCommentServiceModel>(commentWebModel);
 			updateCommentServiceModel.Id = id;
 
@@ -119,8 +122,11 @@ namespace DevHive.Web.Controllers
 
 		[HttpDelete]
 		[Route("Comment")]
-		public async Task<IActionResult> DeleteComment(Guid id)
+		public async Task<IActionResult> DeleteComment(Guid id, [FromHeader] string authorization)
 		{
+			if (!await this._postService.ValidateJwtForComment(id, authorization))
+				return new UnauthorizedResult();
+			
 			bool result = await this._postService.DeleteComment(id);
 
 			if (!result)
-- 
cgit v1.2.3