homeburger/agologum
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Feature/Auth: last one was authentication, this one is authorization #4

Merged
homeburger merged 33 commits from feature/auth into main 2026-04-23 00:18:39 -05:00
Conversation 0 Commits 33 Files Changed 29 +2 -3
1 changed files with 2 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit ef1e9aa759 - Show all commits

5
api/src/Controllers/UsersController.cs
View File

@@ -30,8 +30,6 @@ public class UsersController : ControllerBase {
List<UserDto> dtoArray = new List<UserDto>(); List<UserDto> dtoArray = new List<UserDto>();
foreach(User user in rawArray) { foreach(User user in rawArray) {
// TODO: can you operator overload a cast? if so cast<UserDto>(UserDto) would go hard
// if not then just a new custom cast function that returns a dto type will do
UserDto newDto = new UserDto(user); UserDto newDto = new UserDto(user);
dtoArray.Add(newDto); dtoArray.Add(newDto);
} }
@@ -70,7 +68,8 @@ public class UsersController : ControllerBase {
[HttpDelete("{id}/{permission}")] [HttpDelete("{id}/{permission}")]
public async Task<ActionResult> removePermission(string id, string permission) { public async Task<ActionResult> removePermission(string id, string permission) {
if(permission == Permission.SensitiveData_Modify) return BadRequest(); // dont allow permission removal of whats allowing us to re-add premissions var userId = User.FindFirstValue(ClaimTypes.NameIdentifier);
if(permission == Permission.SensitiveData_Modify && userId == id) return BadRequest(); // dont allow permission removal of whats allowing us to re-add premissions
// get list of permissions of that user // get list of permissions of that user
var user = await service_.GetById(id); var user = await service_.GetById(id);