Skip to content

Commit

Permalink
fixed small bugs + added better auth checks
Browse files Browse the repository at this point in the history
  • Loading branch information
Geertvdc committed Oct 19, 2019
1 parent 11aa442 commit 233a020
Show file tree
Hide file tree
Showing 9 changed files with 88 additions and 33 deletions.
4 changes: 2 additions & 2 deletions Xpirit.BeerXchange/Controllers/BeerAdditionController.cs
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@

namespace Xpirit.BeerXchange.Controllers
{
//[Authorize]
[Authorize]
[Route("api/[controller]")]
[ApiController]
public class BeerAdditionController : ControllerBase
Expand Down Expand Up @@ -38,7 +38,7 @@ public async Task<IActionResult> Post([FromBody]BeerAddition beerAdditionRequest
beer.Country = beerAdditionRequest.Country;
beer.AddedDate = DateTime.Now;

if (beerAdditionRequest.switchedBeer.HasValue)
if (beerAdditionRequest.switchedBeer.HasValue && beerAdditionRequest.switchedBeer.Value != -1)
{
var switchedBeer = await beerService.GetBeerById(beerAdditionRequest.switchedBeer.Value);
if (switchedBeer.RemovedDate.HasValue || !string.IsNullOrEmpty(switchedBeer.RemovedBy))
Expand Down
4 changes: 1 addition & 3 deletions Xpirit.BeerXchange/Controllers/BeerController.cs
Original file line number Diff line number Diff line change
Expand Up @@ -7,13 +7,11 @@
using Xpirit.BeerXchange.Model;
using Xpirit.BeerXchange.Services;

// For more information on enabling Web API for empty projects, visit https://go.microsoft.com/fwlink/?LinkID=397860

namespace Xpirit.BeerXchange.Controllers
{
[Authorize]
[Route("api/[controller]")]

[ApiController]
public class BeerController : Controller
{
private readonly IBeerService beerService;
Expand Down
9 changes: 6 additions & 3 deletions Xpirit.BeerXchange/Controllers/BeerRemovalController.cs
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@

namespace Xpirit.BeerXchange.Controllers
{
//[Authorize]
[Authorize]
[Route("api/[controller]")]
[ApiController]
public class BeerRemovalController : ControllerBase
Expand All @@ -30,11 +30,14 @@ public async Task<IActionResult> Post([FromBody]BeerRemoval beerRemovalRequest)
{
return BadRequest("Not a valid Beer removal request");
}

var user = $"{User.Claims.Where(c => c.Type == System.Security.Claims.ClaimTypes.GivenName).FirstOrDefault().Value} {User.Claims.Where(c => c.Type == System.Security.Claims.ClaimTypes.Surname).FirstOrDefault().Value}";

if (!(await beerService.GetUserCredits(user) > 0))
{
return BadRequest("User does not have enough credits to remove beer");
}


//User.Claims.Where(c => c.Type == System.Security.Claims.ClaimTypes.Name).FirstOrDefault();
var beer = await beerService.GetBeerById(beerRemovalRequest.BeerId);
beer.RemovedDate = DateTime.Now;
beer.RemovedBy = user;
Expand Down
5 changes: 2 additions & 3 deletions Xpirit.BeerXchange/Controllers/CreditController.cs
Original file line number Diff line number Diff line change
Expand Up @@ -7,12 +7,11 @@
using Xpirit.BeerXchange.Model;
using Xpirit.BeerXchange.Services;

// For more information on enabling Web API for empty projects, visit https://go.microsoft.com/fwlink/?LinkID=397860

namespace Xpirit.BeerXchange.Controllers
{
[Route("api/[controller]")]
[Authorize]
[Route("api/[controller]")]
[ApiController]
public class CreditController : Controller
{
private readonly IBeerService beerService;
Expand Down
9 changes: 8 additions & 1 deletion Xpirit.BeerXchange/Controllers/CreditTransferController.cs
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@

namespace Xpirit.BeerXchange.Controllers
{
//[Authorize]
[Authorize]
[Route("api/[controller]")]
[ApiController]
public class CreditTransferController : ControllerBase
Expand All @@ -32,6 +32,13 @@ public async Task<IActionResult> Post([FromBody]CreditTransfer creditTransfer)
return BadRequest("invalid beerId");
}

var user = $"{User.Claims.Where(c => c.Type == System.Security.Claims.ClaimTypes.GivenName).FirstOrDefault().Value} {User.Claims.Where(c => c.Type == System.Security.Claims.ClaimTypes.Surname).FirstOrDefault().Value}";

if (beer.CreatedBy != user)
{
return BadRequest($"Invalid beerId, Beer not owned by user {user}");
}

beer.CreatedBy = creditTransfer.CreditReceiver;

await beerService.UpdateBeer(beer);
Expand Down
2 changes: 2 additions & 0 deletions Xpirit.BeerXchange/Controllers/UserController.cs
Original file line number Diff line number Diff line change
Expand Up @@ -2,12 +2,14 @@
using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Xpirit.BeerXchange.Services;

namespace Xpirit.BeerXchange.Controllers
{
[Authorize]
[Route("api/[controller]")]
[ApiController]
public class UserController : ControllerBase
Expand Down
Loading

0 comments on commit 233a020

Please sign in to comment.