Ignore:
Timestamp:
06/23/26 15:20:39 (13 days ago)
Author:
kikisrbinoska <srbinoskakristina07@…>
Branches:
main
Children:
0b502c2
Parents:
d300631
Message:

Fixes for authentication and auhtorization\

Location:
ChapterX.API/Controllers
Files:
5 edited

Legend:

Unmodified
Added
Removed
  • ChapterX.API/Controllers/AdminsController.cs

    rd300631 rb373fea  
    4040
    4141        [HttpPost]
    42         [Authorize]
     42        [Authorize(Roles = "Admin")]
    4343        public async Task<ActionResult> Add([FromBody] AddRequest request)
    4444        {
     
    4949
    5050        [HttpPut("{id:int}")]
    51         [Authorize]
     51        [Authorize(Roles = "Admin")]
    5252        public async Task<ActionResult> Update(int id, [FromBody] UpdateRequest request)
    5353        {
     
    6363
    6464        [HttpDelete("{id:int}")]
    65         [Authorize]
     65        [Authorize(Roles = "Admin")]
    6666        public async Task<ActionResult> Delete(int id)
    6767        {
  • ChapterX.API/Controllers/ChaptersController.cs

    rd300631 rb373fea  
    55using Microsoft.AspNetCore.Mvc;
    66using Microsoft.Extensions.Logging;
     7using System.IdentityModel.Tokens.Jwt;
     8using System.Security.Claims;
    79
    810namespace ChapterX.API.Controllers
     
    4042
    4143        [HttpPost]
     44        [Authorize]
    4245        public async Task<ActionResult> Add([FromBody] AddRequest request)
    4346        {
     
    5760            }
    5861
    59             var response = await _mediator.Send(request);
     62            var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!);
     63            var response = await _mediator.Send(request with { CallerId = callerId });
    6064            return Ok(response);
    6165        }
     
    6670        {
    6771            _logger.LogInformation("Deleting chapter with ID: {ChapterId}", id);
    68             var response = await _mediator.Send(new DeleteRequest(id));
     72            var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!);
     73            var response = await _mediator.Send(new DeleteRequest(id, callerId));
    6974            return Ok(response);
    7075        }
  • ChapterX.API/Controllers/CommentsController.cs

    rd300631 rb373fea  
    66using Microsoft.AspNetCore.Mvc;
    77using Microsoft.Extensions.Logging;
     8using System.IdentityModel.Tokens.Jwt;
     9using System.Security.Claims;
    810
    911namespace ChapterX.API.Controllers
     
    6365        public async Task<ActionResult> Add([FromBody] AddRequest request)
    6466        {
     67            var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!);
    6568            _logger.LogInformation("Adding a new comment");
    66             var response = await _mediator.Send(request);
     69            var response = await _mediator.Send(request with { UserId = callerId });
    6770            return Ok(response);
    6871        }
     
    7881            }
    7982
    80             var response = await _mediator.Send(request);
     83            var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!);
     84            var response = await _mediator.Send(request with { CallerId = callerId });
    8185            return Ok(response);
    8286        }
     
    8791        {
    8892            _logger.LogInformation("Deleting comment with ID: {CommentId}", id);
    89             var response = await _mediator.Send(new DeleteRequest(id));
     93            var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!);
     94            var response = await _mediator.Send(new DeleteRequest(id, callerId));
    9095            return Ok(response);
    9196        }
  • ChapterX.API/Controllers/StoriesController.cs

    rd300631 rb373fea  
    55using Microsoft.AspNetCore.Mvc;
    66using Microsoft.Extensions.Logging;
     7using System.IdentityModel.Tokens.Jwt;
     8using System.Security.Claims;
    79
    810namespace ChapterX.API.Controllers
     
    4648        public async Task<ActionResult> Add([FromBody] AddRequest request)
    4749        {
    48             _logger.LogInformation("Adding a new story for UserId: {UserId}", request.UserId);
    49             var response = await _mediator.Send(request);
     50            var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!);
     51            _logger.LogInformation("Adding a new story for UserId: {UserId}", callerId);
     52            var response = await _mediator.Send(request with { UserId = callerId });
    5053            return Ok(response);
    5154        }
     
    6265            }
    6366
    64             var response = await _mediator.Send(request);
     67            var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!);
     68            var response = await _mediator.Send(request with { CallerId = callerId });
    6569            return Ok(response);
    6670        }
     
    7276        {
    7377            _logger.LogInformation("Deleting story with ID: {StoryId}", id);
    74             var response = await _mediator.Send(new DeleteRequest(id));
     78            var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!);
     79            var response = await _mediator.Send(new DeleteRequest(id, callerId));
    7580            return Ok(response);
    7681        }
  • ChapterX.API/Controllers/UsersController.cs

    rd300631 rb373fea  
    55using Microsoft.AspNetCore.Mvc;
    66using Microsoft.Extensions.Logging;
     7using System.IdentityModel.Tokens.Jwt;
     8using System.Security.Claims;
    79
    810namespace ChapterX.API.Controllers
     
    6769            }
    6870
     71            var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!);
     72            var isAdmin = User.IsInRole("Admin");
     73            if (callerId != id && !isAdmin)
     74                return Forbid();
     75
    6976            var response = await _mediator.Send(request);
    7077            return Ok(response);
     
    7683        {
    7784            _logger.LogInformation("Deleting user with ID: {UserId}", id);
     85            var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!);
     86            var isAdmin = User.IsInRole("Admin");
     87            if (callerId != id && !isAdmin)
     88                return Forbid();
     89
    7890            var response = await _mediator.Send(new DeleteRequest(id));
    7991            return Ok(response);
Note: See TracChangeset for help on using the changeset viewer.