Implemented authorization; Replaced Role with IdentityRole<Guid>; Renamed UserController to AccountController, updated links

1 files changed, 20 insertions, 11 deletions

diff --git a/ExamTemplate/Web/Controllers/UserController.cs b/ExamTemplate/Web/Controllers/AccountController.cs
index c7183ca..7fb7ab3 100644
--- a/ExamTemplate/Web/Controllers/UserController.cs
+++ b/ExamTemplate/Web/Controllers/AccountController.cs
@@ -4,29 +4,31 @@ using ExamTemplate.Web.Models.User;
 using AutoMapper;
 using ExamTemplate.Services.Models;
 using System.Threading.Tasks;
+using Microsoft.AspNetCore.Authorization;
 
 namespace ExamTemplate.Web.Controllers
 {
-	public class UserController : Controller
+	[Authorize]
+	public class AccountController : Controller
 	{
 		private readonly IMapper _autoMapper;
 		private readonly UserService _userService;
 
-		public UserController(IMapper autoMapper, UserService userService)
+		public AccountController(IMapper autoMapper, UserService userService)
 		{
 			this._autoMapper = autoMapper;
 			this._userService = userService;
 		}
 
 		[HttpGet]
-		[Route("/Register")]
+		[AllowAnonymous]
 		public IActionResult Register()
 		{
 			return View();
 		}
 
 		[HttpPost]
-		[Route("/Register")]
+		[AllowAnonymous]
 		public async Task<IActionResult> Register(RegisterUserViewModel registerUserViewModel)
 		{
 			if (!ModelState.IsValid)
@@ -43,14 +45,14 @@ namespace ExamTemplate.Web.Controllers
 		}
 
 		[HttpGet]
-		[Route("/Login")]
+		[AllowAnonymous]
 		public IActionResult Login()
 		{
 			return View();
 		}
 
 		[HttpPost]
-		[Route("/Login")]
+		[AllowAnonymous]
 		public async Task<IActionResult> Login(LoginUserViewModel loginUserViewModel)
 		{
 			if (!ModelState.IsValid)
@@ -75,7 +77,7 @@ namespace ExamTemplate.Web.Controllers
 		}
 
 		[HttpGet]
-		[Route("/Profile/{username}")]
+		[AllowAnonymous]
 		public async Task<IActionResult> Profile(string username)
 		{
 			UserServiceModel userServiceModel = await this._userService.GetUserByUsernameAsync(username);
@@ -89,8 +91,7 @@ namespace ExamTemplate.Web.Controllers
 		}
 
 		[HttpGet]
-		[Route("/EditProfile")]
-		public async Task<IActionResult> EditProfile()
+		public async Task<IActionResult> Edit()
 		{
 			UserServiceModel userServiceModel = await this._userService.GetUserByClaimsAsync(this.HttpContext.User);
 
@@ -103,9 +104,11 @@ namespace ExamTemplate.Web.Controllers
 		}
 
 		[HttpPost]
-		[Route("/EditProfile")]
-		public async Task<IActionResult> EditProfile(EditUserViewModel editUserViewModel)
+		public async Task<IActionResult> Edit(EditUserViewModel editUserViewModel)
 		{
+			if (!await this._userService.IsAuthorizedToModify(HttpContext.User, editUserViewModel.OriginalUsername))
+				return new UnauthorizedResult();
+
 			if (!ModelState.IsValid)
 				return View(editUserViewModel);
 
@@ -127,5 +130,11 @@ namespace ExamTemplate.Web.Controllers
 			else
 				return RedirectToAction("Profile", new { username = loggedInUser.Username });
 		}
+
+		// [HttpPost]
+		// public async Task<IActionResult> DeleteProfile(string username)
+		// {
+		// 	throw new System.NotImplementedException();
+		// }
 	}
 }