Ignore:
Timestamp:
06/23/26 15:20:39 (12 days ago)
Author:
kikisrbinoska <srbinoskakristina07@…>
Branches:
main
Children:
0b502c2
Parents:
d300631
Message:

Fixes for authentication and auhtorization\

File:
1 edited

Legend:

Unmodified
Added
Removed
  • ChapterX.API/Controllers/UsersController.cs

    rd300631 rb373fea  
    55using Microsoft.AspNetCore.Mvc;
    66using Microsoft.Extensions.Logging;
     7using System.IdentityModel.Tokens.Jwt;
     8using System.Security.Claims;
    79
    810namespace ChapterX.API.Controllers
     
    6769            }
    6870
     71            var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!);
     72            var isAdmin = User.IsInRole("Admin");
     73            if (callerId != id && !isAdmin)
     74                return Forbid();
     75
    6976            var response = await _mediator.Send(request);
    7077            return Ok(response);
     
    7683        {
    7784            _logger.LogInformation("Deleting user with ID: {UserId}", id);
     85            var callerId = int.Parse(User.FindFirstValue(JwtRegisteredClaimNames.Sub)!);
     86            var isAdmin = User.IsInRole("Admin");
     87            if (callerId != id && !isAdmin)
     88                return Forbid();
     89
    7890            var response = await _mediator.Send(new DeleteRequest(id));
    7991            return Ok(response);
Note: See TracChangeset for help on using the changeset viewer.