diff --git a/UrphaCapital.API/Controllers/AdminsController.cs b/UrphaCapital.API/Controllers/AdminsController.cs index a533748..4d0b940 100644 --- a/UrphaCapital.API/Controllers/AdminsController.cs +++ b/UrphaCapital.API/Controllers/AdminsController.cs @@ -1,4 +1,5 @@ using MediatR; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.RateLimiting; using UrphaCapital.Application.AuthServices; diff --git a/UrphaCapital.API/Controllers/CoursesController.cs b/UrphaCapital.API/Controllers/CoursesController.cs index 096f8f0..348652f 100644 --- a/UrphaCapital.API/Controllers/CoursesController.cs +++ b/UrphaCapital.API/Controllers/CoursesController.cs @@ -1,4 +1,5 @@ using MediatR; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using UrphaCapital.Application.UseCases.Courses.Commands; using UrphaCapital.Application.UseCases.Courses.Queries; @@ -19,6 +20,7 @@ public CoursesController(IMediator mediator) } [HttpPost] + [Authorize(Roles = "Admin")] public async Task Create([FromForm] CreateCourseCommand command, CancellationToken cancellation) { var response = await _mediator.Send(command, cancellation); @@ -66,6 +68,7 @@ public async Task> GetAll(int index, int count, Cancellation } [HttpPut] + [Authorize(Roles = "Admin")] public async Task Update([FromForm] UpdateCourseCommand command, CancellationToken cancellation) { var response = await _mediator.Send(command, cancellation); @@ -74,6 +77,7 @@ public async Task Update([FromForm] UpdateCourseCommand command, } [HttpDelete("{id}")] + [Authorize(Roles = "Admin")] public async Task Delete(Guid id, CancellationToken cancellation) { var command = new DeleteCourseCommand { Id = id }; diff --git a/UrphaCapital.API/Controllers/HelpController.cs b/UrphaCapital.API/Controllers/HelpController.cs index 9d3f7c4..8ce1bfc 100644 --- a/UrphaCapital.API/Controllers/HelpController.cs +++ b/UrphaCapital.API/Controllers/HelpController.cs @@ -1,4 +1,5 @@ using MediatR; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using UrphaCapital.Application.UseCases.Homework.Commands; @@ -27,6 +28,7 @@ public async Task PostHelp([FromForm] CreateHomeworkCommand comma } [HttpDelete("{id}")] + [Authorize(Roles = "Admin")] public async Task RemoveHelp(long id, CancellationToken cancellation) { var command = new DeleteHomeworkCommand { Id = id }; @@ -37,6 +39,7 @@ public async Task RemoveHelp(long id, CancellationToken cancellat } [HttpGet] + [Authorize(Roles = "Admin")] public async Task> GetAll(int index, int count, CancellationToken cancellation) { var query = new GetAllHomeworksQuery(); diff --git a/UrphaCapital.API/Controllers/HomeworksController.cs b/UrphaCapital.API/Controllers/HomeworksController.cs index 6d1a1aa..bb001ba 100644 --- a/UrphaCapital.API/Controllers/HomeworksController.cs +++ b/UrphaCapital.API/Controllers/HomeworksController.cs @@ -1,4 +1,5 @@ using MediatR; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using UrphaCapital.Application.UseCases.Homework.Commands; using UrphaCapital.Application.UseCases.Homework.Queries; @@ -28,6 +29,8 @@ public async Task PostLesson([FromForm] CreateHomeworkCommand com } [HttpDelete("{id}")] + [Authorize(Roles = "Admin")] + [Authorize(Roles = "Mentor")] public async Task RemoveHomework(long id, CancellationToken cancellation) { var command = new DeleteHomeworkCommand { Id = id }; @@ -46,6 +49,8 @@ public async Task PutHomework([FromForm] UpdateHomeworkCommand co } [HttpPut("grade-homework")] + [Authorize(Roles = "Admin")] + [Authorize(Roles = "Mentor")] public async Task PutHomework([FromBody] GradeHomeworkCommand command, CancellationToken cancellation) { var response = await _mediator.Send(command, cancellation); @@ -54,6 +59,9 @@ public async Task PutHomework([FromBody] GradeHomeworkCommand com } [HttpGet("{studentId}/results/{index}/{count}")] + [Authorize(Roles = "Admin")] + [Authorize(Roles = "Mentor")] + [Authorize(Roles = "Student")] public async Task> GetStudentHomeworkResults(long studentId, int index, int count, CancellationToken cancellation) { var query = new GetStudentHomeworkResultsQuery() @@ -69,6 +77,9 @@ public async Task> GetStudentHomeworkResults(lon } [HttpGet("{index}/{count}")] + [Authorize(Roles = "Admin")] + [Authorize(Roles = "Mentor")] + [Authorize(Roles = "Student")] public async Task> GetAll(int index, int count, CancellationToken cancellation) { var query = new GetAllHomeworksQuery() @@ -83,6 +94,8 @@ public async Task> GetAll(int index, int count, Cancellat } [HttpGet("{mentorId}/{index}/{count}")] + [Authorize(Roles = "Admin")] + [Authorize(Roles = "Mentor")] public async Task> GetAllHomeworksByMentorId(int index, int count, long mentorId, CancellationToken cancellation) { var query = new Application.UseCases.Homework.Queries.GetAllHomeworksByMentorIdQuery() @@ -98,6 +111,8 @@ public async Task> GetAllHomeworksByMentorId(int index, i } [HttpGet("bylesson/{lessonId}/{index}/{count}")] + [Authorize(Roles = "Admin")] + [Authorize(Roles = "Mentor")] public async Task> GetAllHomeworksByLessonId(int index, int count, long lessonId, CancellationToken cancellation) { var query = new Application.UseCases.Homework.Queries.GetAllHomeworksByLessonIdQuery() diff --git a/UrphaCapital.API/Controllers/LessonsController.cs b/UrphaCapital.API/Controllers/LessonsController.cs index 2fef6ce..71fda61 100644 --- a/UrphaCapital.API/Controllers/LessonsController.cs +++ b/UrphaCapital.API/Controllers/LessonsController.cs @@ -1,4 +1,5 @@ using MediatR; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using UrphaCapital.Application.UseCases.Lessons.Commands; @@ -21,6 +22,7 @@ public LessonsController(IMediator mediator) } [HttpPost] + [Authorize(Roles = "Admin")] public async Task PostLesson([FromForm] CreateLessonCommand command, CancellationToken cancellation) { var response = await _mediator.Send(command, cancellation); @@ -29,6 +31,9 @@ public async Task PostLesson([FromForm] CreateLessonCommand comma } [HttpGet("{id}")] + [Authorize(Roles = "Admin")] + [Authorize(Roles = "Mentor")] + [Authorize(Roles = "Student")] public async Task GetLessonById(string id, CancellationToken cancellation) { var query = new GetLessonByIdQuery { Id = id }; @@ -39,6 +44,9 @@ public async Task GetLessonById(string id, CancellationToken cancellatio } [HttpGet("getvideo")] + [Authorize(Roles = "Admin")] + [Authorize(Roles = "Mentor")] + [Authorize(Roles = "Student")] public async Task GetLessonVideo([FromQuery] string lessonId, CancellationToken cancellation) { var query = new GetLessonVideoQuery { Id = lessonId }; @@ -58,6 +66,9 @@ public async Task GetLessonVideo([FromQuery] string lessonId, Can } [HttpGet("{courseId}/{index}/{count}")] + [Authorize(Roles = "Admin")] + [Authorize(Roles = "Mentor")] + [Authorize(Roles = "Student")] public async Task> GetLessonsByCourseId(string courseId, int index, int count, CancellationToken cancellation) { var query = new GetAllLessonsByCourseIdQuery() @@ -73,6 +84,7 @@ public async Task> GetLessonsByCourseId(string courseId, int } [HttpPut] + [Authorize(Roles = "Admin")] public async Task PutLesson([FromForm] UpdateLessonCommand command, CancellationToken cancellation) { var response = await _mediator.Send(command, cancellation); @@ -81,6 +93,7 @@ public async Task PutLesson([FromForm] UpdateLessonCommand comman } [HttpDelete("{id}")] + [Authorize(Roles = "Admin")] public async Task RemoveLesson(string id, CancellationToken cancellation) { var command = new DeleteLessonCommand { Id = id }; diff --git a/UrphaCapital.API/Controllers/MentorsController.cs b/UrphaCapital.API/Controllers/MentorsController.cs index 1529ce3..883c146 100644 --- a/UrphaCapital.API/Controllers/MentorsController.cs +++ b/UrphaCapital.API/Controllers/MentorsController.cs @@ -1,4 +1,5 @@ using MediatR; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.RateLimiting; @@ -28,6 +29,7 @@ public MentorsController(IMediator mediator, IPasswordHasher passwordHasher, IAu } [HttpPost] + [Authorize(Roles = "Admin")] public async Task Create([FromForm] CreateMentorCommand command, CancellationToken cancellation) { var response = await _mediator.Send(command, cancellation); @@ -36,6 +38,7 @@ public async Task Create([FromForm] CreateMentorCommand command, } [HttpGet("{id}")] + [Authorize(Roles = "Admin")] public async Task GetById(long id, CancellationToken cancellation) { var query = new GetMentorByIdQuery { Id = id }; @@ -46,6 +49,7 @@ public async Task GetById(long id, CancellationToken cancellation) } [HttpGet("{index}/{count}")] + [Authorize(Roles = "Admin")] public async Task> GetAll(int index, int count, CancellationToken cancellation) { var query = new GetAllMentorsQuery() @@ -60,6 +64,7 @@ public async Task> GetAll(int index, int count, Cancellation } [HttpPut] + [Authorize(Roles = "Admin")] public async Task Update([FromForm] UpdateMentorCommand command, CancellationToken cancellation) { var response = await _mediator.Send(command, cancellation); @@ -68,6 +73,7 @@ public async Task Update([FromForm] UpdateMentorCommand command, } [HttpDelete("{id}")] + [Authorize(Roles = "Admin")] public async Task Delete(long id, CancellationToken cancellation) { var command = new DeleteMentorCommand { Id = id }; diff --git a/UrphaCapital.API/Controllers/StudentController.cs b/UrphaCapital.API/Controllers/StudentController.cs index e0cc9e0..d9e7952 100644 --- a/UrphaCapital.API/Controllers/StudentController.cs +++ b/UrphaCapital.API/Controllers/StudentController.cs @@ -1,4 +1,5 @@ using MediatR; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.RateLimiting; using UrphaCapital.Application.AuthServices; @@ -28,6 +29,8 @@ public StudentController(IMediator mediator, IAuthService authService, IPassword } [HttpPost] + [Authorize(Roles = "Admin")] + [Authorize(Roles = "Student")] public async Task PostStudent([FromBody] CreateStudentsCommand command, CancellationToken cancellation) { var response = await _mediator.Send(command, cancellation); @@ -36,6 +39,7 @@ public async Task PostStudent([FromBody] CreateStudentsCommand co } [HttpGet("{id}")] + [Authorize(Roles = "Admin")] public async Task GetStudentById(long id, CancellationToken cancellation) { var query = new GetAllStudentsByIdQuery { Id = id }; @@ -46,6 +50,8 @@ public async Task GetStudentById(long id, CancellationToken cancellatio } [HttpGet("get-my-courses/{id}")] + [Authorize(Roles = "Admin")] + [Authorize(Roles = "Student")] //one public async Task> GetMyCoursesById(long id, CancellationToken cancellation) // two @@ -59,6 +65,7 @@ public async Task> GetMyCoursesById(long id, CancellationTok } [HttpGet("{index}/{count}")] + [Authorize(Roles = "Admin")] public async Task> GetStudentsByStudentId(int index, int count, CancellationToken cancellation) { var query = new GetAllStudentsQuery() @@ -73,6 +80,7 @@ public async Task> GetStudentsByStudentId(int index, int co } [HttpPut] + [Authorize(Roles = "Admin")] public async Task PutStudent([FromBody] UpdateStudentCommand command, CancellationToken cancellation) { var response = await _mediator.Send(command, cancellation); @@ -81,6 +89,8 @@ public async Task PutStudent([FromBody] UpdateStudentCommand comm } [HttpPut("add-course")] + [Authorize(Roles = "Admin")] + [Authorize(Roles = "Student")] public async Task AddMyCourse([FromQuery] AddMyCourseCommand command, CancellationToken cancellation) { var response = await _mediator.Send(command, cancellation); @@ -89,6 +99,7 @@ public async Task AddMyCourse([FromQuery] AddMyCourseCommand comm } [HttpDelete("{id}")] + [Authorize(Roles = "Admin")] public async Task RemoveStudent(string id, CancellationToken cancellation) { var command = new DeleteLessonCommand { Id = id };