martinshoob
b59fef222f
Adds an authorization policy to restrict access to admin-only endpoints. Creates an `AdminOnlyRequirement` and `AdminOnlyHandler` to check if a user has admin privileges. Applies the "AdminOnly" policy to the AdminController to secure admin functionalities. Modifies the endpoint for changing user admin status to include the user ID in the route.
30 lines
No EOL
953 B
C#
30 lines
No EOL
953 B
C#
using DrinkRateAPI.ApiModels.UserProfile;
|
|
using DrinkRateAPI.Services;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Mvc;
|
|
|
|
namespace DrinkRateAPI.Controllers;
|
|
|
|
[ApiController]
|
|
[Route("admin")]
|
|
[Authorize(Policy = "AdminOnly")]
|
|
public class AdminController : ControllerBase
|
|
{
|
|
private readonly ILogger<AdminController> _logger;
|
|
private readonly UserProfileService _userProfileService;
|
|
|
|
public AdminController(ILogger<AdminController> logger, UserProfileService userProfileService)
|
|
{
|
|
_logger = logger;
|
|
_userProfileService = userProfileService;
|
|
}
|
|
|
|
[HttpPut("users/{userId}/adminStatus")]
|
|
[Produces("application/json")]
|
|
public async Task<IActionResult> PutUserAdminStatus(string userId, [FromBody] ChangeAdminStatusBody body)
|
|
{
|
|
var changedProfile = await _userProfileService.ChangeUserAdminStatusAsync(userId, body.ChangeStatusTo);
|
|
|
|
return Ok(changedProfile);
|
|
}
|
|
} |