From 6089bc2e3b14155c334c9fed057383b9ca6e4df6 Mon Sep 17 00:00:00 2001
From: Danail Dimitrov <danaildimitrov321@gmail.com>
Date: Sat, 27 Feb 2021 21:53:14 +0200
Subject: Adding user validation for rating layer

---
 src/Web/DevHive.Web/Controllers/RatingController.cs | 6 ++++++
 1 file changed, 6 insertions(+)

(limited to 'src/Web/DevHive.Web')

diff --git a/src/Web/DevHive.Web/Controllers/RatingController.cs b/src/Web/DevHive.Web/Controllers/RatingController.cs
index 216dc27..33e6992 100644
--- a/src/Web/DevHive.Web/Controllers/RatingController.cs
+++ b/src/Web/DevHive.Web/Controllers/RatingController.cs
@@ -28,6 +28,9 @@ namespace DevHive.Web.Controllers
 		[HttpPost]
 		public async Task<IActionResult> RatePost(Guid userId, [FromBody] CreateRatingWebModel createRatingWebModel, [FromHeader] string authorization)
 		{
+			if (!await this._rateService.ValidateJwtForCreating(userId, authorization))
+				return new UnauthorizedResult();
+
 			CreateRatingServiceModel ratePostServiceModel = this._mapper.Map<CreateRatingServiceModel>(createRatingWebModel);
 			ratePostServiceModel.UserId = userId;
 
@@ -51,6 +54,9 @@ namespace DevHive.Web.Controllers
 		[HttpPut]
 		public async Task<IActionResult> UpdateRating(Guid userId, [FromBody] UpdateRatingWebModel updateRatingWebModel, [FromHeader] string authorization)
 		{
+			if (!await this._rateService.ValidateJwtForRating(updateRatingWebModel.Id, authorization))
+				return new UnauthorizedResult();
+
 			UpdateRatingServiceModel updateRatingServiceModel =
 				this._mapper.Map<UpdateRatingServiceModel>(updateRatingWebModel);
 			updateRatingServiceModel.UserId = userId;
-- 
cgit v1.2.3