From 55e9e6990b92be1814fb46a40d6b0ff204a8ec60 Mon Sep 17 00:00:00 2001
From: Syndamia <kamen.d.mladenov@protonmail.com>
Date: Thu, 28 Jan 2021 20:59:36 +0200
Subject: Fixed role updating

---
 src/DevHive.Data/Repositories/RoleRepository.cs | 12 ++++++++++++
 1 file changed, 12 insertions(+)

(limited to 'src')

diff --git a/src/DevHive.Data/Repositories/RoleRepository.cs b/src/DevHive.Data/Repositories/RoleRepository.cs
index e5cb959..2eeb382 100644
--- a/src/DevHive.Data/Repositories/RoleRepository.cs
+++ b/src/DevHive.Data/Repositories/RoleRepository.cs
@@ -24,6 +24,18 @@ namespace DevHive.Data.Repositories
 		}
 		#endregion
 
+		public override async Task<bool> EditAsync(Guid id, Role newEntity)
+		{
+			Role role = await this.GetByIdAsync(id);
+
+			this._context
+				.Entry(role)
+				.CurrentValues
+				.SetValues(newEntity);
+
+			return await this.SaveChangesAsync(this._context);
+		}
+
 		#region Validations
 		public async Task<bool> DoesNameExist(string name)
 		{
-- 
cgit v1.2.3


From fbf051f14bc6872913b293dad231701924291344 Mon Sep 17 00:00:00 2001
From: Syndamia <kamen.d.mladenov@protonmail.com>
Date: Thu, 28 Jan 2021 21:02:10 +0200
Subject: Fixed user not getting his properties updated upon editasync

---
 src/DevHive.Data/Repositories/UserRepository.cs | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'src')

diff --git a/src/DevHive.Data/Repositories/UserRepository.cs b/src/DevHive.Data/Repositories/UserRepository.cs
index 630ad38..6512c42 100644
--- a/src/DevHive.Data/Repositories/UserRepository.cs
+++ b/src/DevHive.Data/Repositories/UserRepository.cs
@@ -55,6 +55,11 @@ namespace DevHive.Data.Repositories
 		{
 			User user = await this.GetByIdAsync(id);
 
+			this._context
+				.Entry(user)
+				.CurrentValues
+				.SetValues(newEntity);
+
 			user.Languages.Clear();
 			foreach (var lang in newEntity.Languages)
 				user.Languages.Add(lang);
-- 
cgit v1.2.3


From 3c7da624040169b7597ebc2691cf51943106a2a4 Mon Sep 17 00:00:00 2001
From: Syndamia <kamen.d.mladenov@protonmail.com>
Date: Thu, 28 Jan 2021 21:18:39 +0200
Subject: Users with only the role User can now create comments and posts
 (while admins can't create them from other people's accounts)

---
 src/DevHive.Services/Interfaces/IPostService.cs |  1 +
 src/DevHive.Services/Services/PostService.cs    |  7 +++++++
 src/DevHive.Web/Controllers/PostController.cs   | 11 ++++++++---
 3 files changed, 16 insertions(+), 3 deletions(-)

(limited to 'src')

diff --git a/src/DevHive.Services/Interfaces/IPostService.cs b/src/DevHive.Services/Interfaces/IPostService.cs
index 37c3354..71b558c 100644
--- a/src/DevHive.Services/Interfaces/IPostService.cs
+++ b/src/DevHive.Services/Interfaces/IPostService.cs
@@ -19,6 +19,7 @@ namespace DevHive.Services.Interfaces
 		Task<bool> DeletePost(Guid id);
 		Task<bool> DeleteComment(Guid id);
 
+		Task<bool> ValidateJwtForCreating(Guid userId, string rawTokenData);
 		Task<bool> ValidateJwtForPost(Guid postId, string rawTokenData);
 		Task<bool> ValidateJwtForComment(Guid commentId, string rawTokenData);
 	}
diff --git a/src/DevHive.Services/Services/PostService.cs b/src/DevHive.Services/Services/PostService.cs
index c3dc82f..d80d815 100644
--- a/src/DevHive.Services/Services/PostService.cs
+++ b/src/DevHive.Services/Services/PostService.cs
@@ -169,6 +169,13 @@ namespace DevHive.Services.Services
 		#endregion
 
 		#region Validations
+		public async Task<bool> ValidateJwtForCreating(Guid userId, string rawTokenData)
+		{
+			User user = await this.GetUserForValidation(rawTokenData);
+
+			return user.Id == userId;
+		}
+
 		public async Task<bool> ValidateJwtForPost(Guid postId, string rawTokenData)
 		{
 			Post post = await this._postRepository.GetByIdAsync(postId) ??
diff --git a/src/DevHive.Web/Controllers/PostController.cs b/src/DevHive.Web/Controllers/PostController.cs
index 8bb1d66..0ca041f 100644
--- a/src/DevHive.Web/Controllers/PostController.cs
+++ b/src/DevHive.Web/Controllers/PostController.cs
@@ -27,9 +27,11 @@ namespace DevHive.Web.Controllers
 
 		#region Create
 		[HttpPost]
-		[Authorize(Roles = "Admin")]
-		public async Task<IActionResult> Create(Guid userId, [FromBody] CreatePostWebModel createPostWebModel)
+		public async Task<IActionResult> Create(Guid userId, [FromBody] CreatePostWebModel createPostWebModel, [FromHeader] string authorization)
 		{
+			if (await this._postService.ValidateJwtForCreating(userId, authorization))
+				return new UnauthorizedResult();
+
 			CreatePostServiceModel createPostServiceModel =
 				this._postMapper.Map<CreatePostServiceModel>(createPostWebModel);
 			createPostServiceModel.CreatorId = userId;
@@ -43,8 +45,11 @@ namespace DevHive.Web.Controllers
 
 		[HttpPost]
 		[Route("Comment")]
-		public async Task<IActionResult> AddComment(Guid userId, [FromBody] CreateCommentWebModel createCommentWebModel)
+		public async Task<IActionResult> AddComment(Guid userId, [FromBody] CreateCommentWebModel createCommentWebModel, [FromHeader] string authorization)
 		{
+			if (await this._postService.ValidateJwtForCreating(userId, authorization))
+				return new UnauthorizedResult();
+
 			CreateCommentServiceModel createCommentServiceModel =
 				this._postMapper.Map<CreateCommentServiceModel>(createCommentWebModel);
 			createCommentServiceModel.CreatorId = userId;
-- 
cgit v1.2.3