homeburger/agologum
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feature/Auth: last one was authentication, this one is authorization #4

Merged
homeburger merged 33 commits from feature/auth into main 2026-04-23 00:18:39 -05:00
Conversation 0 Commits 33 Files Changed 29 +5 -4
2 changed files with 5 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 143d194cdb - Show all commits

6
api/src/Controllers/UsersController.cs
View File

@@ -20,7 +20,7 @@ public class UsersController : ControllerBase {
service_ = service; service_ = service;
} }
[Authorize(Policy = "RequireAdmin")] [Authorize(Policy = "SensitiveDataRead")]
[HttpGet] [HttpGet]
public async Task<ActionResult<List<User>>> getUsers() { public async Task<ActionResult<List<User>>> getUsers() {
List<User> rawArray = await service_.GetAll(); List<User> rawArray = await service_.GetAll();
@@ -42,7 +42,7 @@ public class UsersController : ControllerBase {
return Ok(dtoArray); return Ok(dtoArray);
} }
[Authorize(Policy = "RequireAdmin")] [Authorize(Policy = "SensitiveDataRead")]
[HttpGet("{id:int}")] [HttpGet("{id:int}")]
public async Task<ActionResult<User>> getUser(int id) { public async Task<ActionResult<User>> getUser(int id) {
@@ -60,7 +60,7 @@ public class UsersController : ControllerBase {
return Ok(newDto); return Ok(newDto);
} }
[Authorize(Policy = "RequireSuperuser")] [Authorize(Policy = "SensitiveDataModify")]
[HttpDelete("{id}")] [HttpDelete("{id}")]
public async Task<ActionResult> deleteUser(int id) { public async Task<ActionResult> deleteUser(int id) {

3
scripts/DEV_README.md
View File

@@ -13,7 +13,8 @@ To see live logs:
sudo docker logs -f -t agologum-api sudo docker logs -f -t agologum-api
public user: public user:
> username=bard > username=bard (admin)
> username=xvbard (superuser)
> password=Public*890 > password=Public*890
chrome dev tools troubleshooting chrome dev tools troubleshooting