Ignore:
Timestamp:
06/23/26 15:20:39 (12 days ago)
Author:
kikisrbinoska <srbinoskakristina07@…>
Branches:
main
Children:
0b502c2
Parents:
d300631
Message:

Fixes for authentication and auhtorization\

File:
1 edited

Legend:

Unmodified
Added
Removed
  • ChapterX.Application/Chapter/Commands/DeleteHandler.cs

    rd300631 rb373fea  
    1818        public async Task<DeleteResponse> Handle(DeleteRequest request, CancellationToken cancellationToken)
    1919        {
    20             var chapter = await _chapterRepository.GetByIdAsync(request.Id, cancellationToken);
     20            var chapter = await _chapterRepository.GetByIdWithStoryAsync(request.Id, cancellationToken);
    2121            if (chapter is null)
    2222                return new DeleteResponse(false);
     23
     24            if (chapter.Story.UserId != request.CallerId)
     25                throw new UnauthorizedAccessException("You do not own this chapter.");
    2326
    2427            await _chapterRepository.DeleteAsync(chapter, cancellationToken);
Note: See TracChangeset for help on using the changeset viewer.