Changeset b373fea for ChapterX.API/Controllers
- Timestamp:
- 06/23/26 15:20:39 (13 days ago)
- Branches:
- main
- Children:
- 0b502c2
- Parents:
- d300631
- Location:
- ChapterX.API/Controllers
- Files:
-
- 5 edited
-
AdminsController.cs (modified) (3 diffs)
-
ChaptersController.cs (modified) (4 diffs)
-
CommentsController.cs (modified) (4 diffs)
-
StoriesController.cs (modified) (4 diffs)
-
UsersController.cs (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
ChapterX.API/Controllers/AdminsController.cs
rd300631 rb373fea 40 40 41 41 [HttpPost] 42 [Authorize ]42 [Authorize(Roles = "Admin")] 43 43 public async Task<ActionResult> Add([FromBody] AddRequest request) 44 44 { … … 49 49 50 50 [HttpPut("{id:int}")] 51 [Authorize ]51 [Authorize(Roles = "Admin")] 52 52 public async Task<ActionResult> Update(int id, [FromBody] UpdateRequest request) 53 53 { … … 63 63 64 64 [HttpDelete("{id:int}")] 65 [Authorize ]65 [Authorize(Roles = "Admin")] 66 66 public async Task<ActionResult> Delete(int id) 67 67 { -
ChapterX.API/Controllers/ChaptersController.cs
rd300631 rb373fea 5 5 using Microsoft.AspNetCore.Mvc; 6 6 using Microsoft.Extensions.Logging; 7 using System.IdentityModel.Tokens.Jwt; 8 using System.Security.Claims; 7 9 8 10 namespace ChapterX.API.Controllers … … 40 42 41 43 [HttpPost] 44 [Authorize] 42 45 public async Task<ActionResult> Add([FromBody] AddRequest request) 43 46 { … … 57 60 } 58 61 59 var response = await _mediator.Send(request); 62 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 63 var response = await _mediator.Send(request with { CallerId = callerId }); 60 64 return Ok(response); 61 65 } … … 66 70 { 67 71 _logger.LogInformation("Deleting chapter with ID: {ChapterId}", id); 68 var response = await _mediator.Send(new DeleteRequest(id)); 72 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 73 var response = await _mediator.Send(new DeleteRequest(id, callerId)); 69 74 return Ok(response); 70 75 } -
ChapterX.API/Controllers/CommentsController.cs
rd300631 rb373fea 6 6 using Microsoft.AspNetCore.Mvc; 7 7 using Microsoft.Extensions.Logging; 8 using System.IdentityModel.Tokens.Jwt; 9 using System.Security.Claims; 8 10 9 11 namespace ChapterX.API.Controllers … … 63 65 public async Task<ActionResult> Add([FromBody] AddRequest request) 64 66 { 67 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 65 68 _logger.LogInformation("Adding a new comment"); 66 var response = await _mediator.Send(request );69 var response = await _mediator.Send(request with { UserId = callerId }); 67 70 return Ok(response); 68 71 } … … 78 81 } 79 82 80 var response = await _mediator.Send(request); 83 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 84 var response = await _mediator.Send(request with { CallerId = callerId }); 81 85 return Ok(response); 82 86 } … … 87 91 { 88 92 _logger.LogInformation("Deleting comment with ID: {CommentId}", id); 89 var response = await _mediator.Send(new DeleteRequest(id)); 93 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 94 var response = await _mediator.Send(new DeleteRequest(id, callerId)); 90 95 return Ok(response); 91 96 } -
ChapterX.API/Controllers/StoriesController.cs
rd300631 rb373fea 5 5 using Microsoft.AspNetCore.Mvc; 6 6 using Microsoft.Extensions.Logging; 7 using System.IdentityModel.Tokens.Jwt; 8 using System.Security.Claims; 7 9 8 10 namespace ChapterX.API.Controllers … … 46 48 public async Task<ActionResult> Add([FromBody] AddRequest request) 47 49 { 48 _logger.LogInformation("Adding a new story for UserId: {UserId}", request.UserId); 49 var response = await _mediator.Send(request); 50 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 51 _logger.LogInformation("Adding a new story for UserId: {UserId}", callerId); 52 var response = await _mediator.Send(request with { UserId = callerId }); 50 53 return Ok(response); 51 54 } … … 62 65 } 63 66 64 var response = await _mediator.Send(request); 67 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 68 var response = await _mediator.Send(request with { CallerId = callerId }); 65 69 return Ok(response); 66 70 } … … 72 76 { 73 77 _logger.LogInformation("Deleting story with ID: {StoryId}", id); 74 var response = await _mediator.Send(new DeleteRequest(id)); 78 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 79 var response = await _mediator.Send(new DeleteRequest(id, callerId)); 75 80 return Ok(response); 76 81 } -
ChapterX.API/Controllers/UsersController.cs
rd300631 rb373fea 5 5 using Microsoft.AspNetCore.Mvc; 6 6 using Microsoft.Extensions.Logging; 7 using System.IdentityModel.Tokens.Jwt; 8 using System.Security.Claims; 7 9 8 10 namespace ChapterX.API.Controllers … … 67 69 } 68 70 71 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 72 var isAdmin = User.IsInRole("Admin"); 73 if (callerId != id && !isAdmin) 74 return Forbid(); 75 69 76 var response = await _mediator.Send(request); 70 77 return Ok(response); … … 76 83 { 77 84 _logger.LogInformation("Deleting user with ID: {UserId}", id); 85 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 86 var isAdmin = User.IsInRole("Admin"); 87 if (callerId != id && !isAdmin) 88 return Forbid(); 89 78 90 var response = await _mediator.Send(new DeleteRequest(id)); 79 91 return Ok(response);
Note:
See TracChangeset
for help on using the changeset viewer.
