From 3c7da624040169b7597ebc2691cf51943106a2a4 Mon Sep 17 00:00:00 2001 From: Syndamia Date: Thu, 28 Jan 2021 21:18:39 +0200 Subject: Users with only the role User can now create comments and posts (while admins can't create them from other people's accounts) --- src/DevHive.Web/Controllers/PostController.cs | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) (limited to 'src/DevHive.Web/Controllers') diff --git a/src/DevHive.Web/Controllers/PostController.cs b/src/DevHive.Web/Controllers/PostController.cs index 8bb1d66..0ca041f 100644 --- a/src/DevHive.Web/Controllers/PostController.cs +++ b/src/DevHive.Web/Controllers/PostController.cs @@ -27,9 +27,11 @@ namespace DevHive.Web.Controllers #region Create [HttpPost] - [Authorize(Roles = "Admin")] - public async Task Create(Guid userId, [FromBody] CreatePostWebModel createPostWebModel) + public async Task Create(Guid userId, [FromBody] CreatePostWebModel createPostWebModel, [FromHeader] string authorization) { + if (await this._postService.ValidateJwtForCreating(userId, authorization)) + return new UnauthorizedResult(); + CreatePostServiceModel createPostServiceModel = this._postMapper.Map(createPostWebModel); createPostServiceModel.CreatorId = userId; @@ -43,8 +45,11 @@ namespace DevHive.Web.Controllers [HttpPost] [Route("Comment")] - public async Task AddComment(Guid userId, [FromBody] CreateCommentWebModel createCommentWebModel) + public async Task AddComment(Guid userId, [FromBody] CreateCommentWebModel createCommentWebModel, [FromHeader] string authorization) { + if (await this._postService.ValidateJwtForCreating(userId, authorization)) + return new UnauthorizedResult(); + CreateCommentServiceModel createCommentServiceModel = this._postMapper.Map(createCommentWebModel); createCommentServiceModel.CreatorId = userId; -- cgit v1.2.3