Changeset b373fea for ChapterX.API/Controllers/UsersController.cs
- Timestamp:
- 06/23/26 15:20:39 (12 days ago)
- Branches:
- main
- Children:
- 0b502c2
- Parents:
- d300631
- File:
-
- 1 edited
-
ChapterX.API/Controllers/UsersController.cs (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
ChapterX.API/Controllers/UsersController.cs
rd300631 rb373fea 5 5 using Microsoft.AspNetCore.Mvc; 6 6 using Microsoft.Extensions.Logging; 7 using System.IdentityModel.Tokens.Jwt; 8 using System.Security.Claims; 7 9 8 10 namespace ChapterX.API.Controllers … … 67 69 } 68 70 71 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 72 var isAdmin = User.IsInRole("Admin"); 73 if (callerId != id && !isAdmin) 74 return Forbid(); 75 69 76 var response = await _mediator.Send(request); 70 77 return Ok(response); … … 76 83 { 77 84 _logger.LogInformation("Deleting user with ID: {UserId}", id); 85 var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!); 86 var isAdmin = User.IsInRole("Admin"); 87 if (callerId != id && !isAdmin) 88 return Forbid(); 89 78 90 var response = await _mediator.Send(new DeleteRequest(id)); 79 91 return Ok(response);
Note:
See TracChangeset
for help on using the changeset viewer.
