2026-04-23 00:18:39 -05:00
2 changed files with 14 additions and 3 deletions
--- a/api/src/Controllers/AuthController.cs
+++ b/api/src/Controllers/AuthController.cs
@@ -34,6 +34,17 @@ public class AuthController : ControllerBase {
        var result = await userManager_.CreateAsync(user, dto.Password);
        if(!result.Succeeded) return BadRequest(result.Errors);

+        // assigning roles to user
+        string role = "base";
+        if(dto.UserName == "bard") {
+            role = "Superuser";
+        } else if(dto.UserName.StartsWith("x")) {
+            role = "Admin";
+        } 
+        await userManager_.AddToRoleAsync(user, role); // TODO: error check this
+        // await _userManager.RemoveFromRoleAsync(user, "Admin"); // remove role
+        // var roles = await _userManager.GetRolesAsync(user); // get list of roles for user
+
        return CreatedAtAction(
            nameof(Register),
            new { id = user.Id }
--- a/api/src/Controllers/UsersController.cs
+++ b/api/src/Controllers/UsersController.cs
@@ -20,13 +20,13 @@ public class UsersController : ControllerBase {
        service_ = service;
    }

-    [Authorize(Roles = "Admin, Superuser")]
+    [Authorize(Policy = "RequireAdmin")]
    [HttpGet]
    public async Task<ActionResult<List<User>>> getUsers() {
        return Ok(await service_.GetAll());
    }

-    [Authorize(Roles = "Admin, Superuser")]
+    [Authorize(Policy = "RequireAdmin")]
    [HttpGet("{id:int}")]
    public async Task<ActionResult<User>> getUser(int id) {

@@ -37,7 +37,7 @@ public class UsersController : ControllerBase {
        return Ok(user);
    }

-    [Authorize(Roles = "Superuser")]
+    [Authorize(Policy = "RequireSuperuser")]
    [HttpDelete("{id}")]
    public async Task<ActionResult> deleteUser(int id) {