From 6089bc2e3b14155c334c9fed057383b9ca6e4df6 Mon Sep 17 00:00:00 2001 From: Danail Dimitrov Date: Sat, 27 Feb 2021 21:53:14 +0200 Subject: Adding user validation for rating layer --- src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs | 2 ++ src/Web/DevHive.Web/Controllers/RatingController.cs | 6 ++++++ 2 files changed, 8 insertions(+) (limited to 'src/Web') diff --git a/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs b/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs index 07ba0c3..425c3e1 100644 --- a/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs +++ b/src/Web/DevHive.Web.Models/Rating/UpdateRatingWebModel.cs @@ -8,6 +8,8 @@ namespace DevHive.Web.Models.Rating { public class UpdateRatingWebModel { + public Guid Id { get; set; } + public Guid PostId { get; set; } public bool IsLike { get; set; } diff --git a/src/Web/DevHive.Web/Controllers/RatingController.cs b/src/Web/DevHive.Web/Controllers/RatingController.cs index 216dc27..33e6992 100644 --- a/src/Web/DevHive.Web/Controllers/RatingController.cs +++ b/src/Web/DevHive.Web/Controllers/RatingController.cs @@ -28,6 +28,9 @@ namespace DevHive.Web.Controllers [HttpPost] public async Task RatePost(Guid userId, [FromBody] CreateRatingWebModel createRatingWebModel, [FromHeader] string authorization) { + if (!await this._rateService.ValidateJwtForCreating(userId, authorization)) + return new UnauthorizedResult(); + CreateRatingServiceModel ratePostServiceModel = this._mapper.Map(createRatingWebModel); ratePostServiceModel.UserId = userId; @@ -51,6 +54,9 @@ namespace DevHive.Web.Controllers [HttpPut] public async Task UpdateRating(Guid userId, [FromBody] UpdateRatingWebModel updateRatingWebModel, [FromHeader] string authorization) { + if (!await this._rateService.ValidateJwtForRating(updateRatingWebModel.Id, authorization)) + return new UnauthorizedResult(); + UpdateRatingServiceModel updateRatingServiceModel = this._mapper.Map(updateRatingWebModel); updateRatingServiceModel.UserId = userId; -- cgit v1.2.3