homeburger/agologum
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feature/Auth: last one was authentication, this one is authorization #4

Merged
homeburger merged 33 commits from feature/auth into main 2026-04-23 00:18:39 -05:00
Conversation 0 Commits 33 Files Changed 29 +1 -2
1 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit be183c6fd3 - Show all commits

3
api/src/Controllers/UsersController.cs
View File

@@ -70,8 +70,7 @@ public class UsersController : ControllerBase {
[HttpDelete("{id}/{permission}")] [HttpDelete("{id}/{permission}")]
public async Task<ActionResult> removePermission(string id, string permission) { public async Task<ActionResult> removePermission(string id, string permission) {
var userId = User.FindFirstValue(ClaimTypes.NameIdentifier); if(permission == Permission.SensitiveData_Modify) return BadRequest(); // dont allow permission removal of whats allowing us to re-add premissions
if(userId == id) return BadRequest(); // dont allow permission removal of yourself
// get list of permissions of that user // get list of permissions of that user
var user = await service_.GetById(id); var user = await service_.GetById(id);