add authorization checks

damienmoulard · Clement-Roque · commit 9b8702916649 · 2015-11-19T10:20:55.000+01:00
diff --git a/Zenergy/Zenergy/Controllers/ApiControllers/membersController.cs b/Zenergy/Zenergy/Controllers/ApiControllers/membersController.cs
@@ -63,6 +63,7 @@ public async Task<IHttpActionResult> Postmember(member member)
 
         // DELETE: api/members/5
         [ResponseType(typeof(member))]
+        [Authorize(Roles = "Admin")]
         public async Task<IHttpActionResult> Deletemember(int id)
         {
             member member = await db.member.FindAsync(id);
diff --git a/Zenergy/Zenergy/Controllers/ApiControllers/usersController.cs b/Zenergy/Zenergy/Controllers/ApiControllers/usersController.cs
@@ -26,12 +26,14 @@ public usersController()
         }
 
         // GET: api/users
+        [Authorize(Roles = "Admin")]
         public IQueryable<user> Getuser()
         {
             return db.user;
         }
 
         // GET: api/users/5
+        [Authorize(Roles = "Admin")]
         [ResponseType(typeof(user))]
         public async Task<IHttpActionResult> Getuser(int id)
         {
@@ -62,6 +64,7 @@ public async Task<IHttpActionResult> findByMail(string userMail)
         [Route("api/users/findByRole")]
         [HttpGet]
         [ResponseType(typeof(user[]))]
+        [Authorize(Roles = "Admin, Manager")]
         public async Task<IHttpActionResult> findByRole(string role) {
             user[] users = null;
 
@@ -126,6 +129,7 @@ public async Task<IHttpActionResult> Putuser(int id, user user)
 
         // POST: api/users
         [ResponseType(typeof(user))]
+        [AllowAnonymous]
         public async Task<IHttpActionResult> Postuser(user user)
         {
             if (!ModelState.IsValid)
@@ -141,6 +145,7 @@ public async Task<IHttpActionResult> Postuser(user user)
 
         // DELETE: api/users/5
         [ResponseType(typeof(user))]
+        [Authorize(Roles = "Admin")]
         public async Task<IHttpActionResult> Deleteuser(int id)
         {
             user user = await db.user.FindAsync(id);

Original file line number	Diff line number	Diff line change
`@@ -63,6 +63,7 @@ public async Task<IHttpActionResult> Postmember(member member)`
`63`	`63`
`64`	`64`	`// DELETE: api/members/5`
`65`	`65`	`[ResponseType(typeof(member))]`
	`66`	`+ [Authorize(Roles = "Admin")]`
`66`	`67`	`public async Task<IHttpActionResult> Deletemember(int id)`
`67`	`68`	`{`
`68`	`69`	`member member = await db.member.FindAsync(id);`
Original file line number	Diff line number	Diff line change
`@@ -26,12 +26,14 @@ public usersController()`
`26`	`26`	`}`
`27`	`27`
`28`	`28`	`// GET: api/users`
	`29`	`+ [Authorize(Roles = "Admin")]`
`29`	`30`	`public IQueryable<user> Getuser()`
`30`	`31`	`{`
`31`	`32`	`return db.user;`
`32`	`33`	`}`
`33`	`34`
`34`	`35`	`// GET: api/users/5`
	`36`	`+ [Authorize(Roles = "Admin")]`
`35`	`37`	`[ResponseType(typeof(user))]`
`36`	`38`	`public async Task<IHttpActionResult> Getuser(int id)`
`37`	`39`	`{`
`@@ -62,6 +64,7 @@ public async Task<IHttpActionResult> findByMail(string userMail)`
`62`	`64`	`[Route("api/users/findByRole")]`
`63`	`65`	`[HttpGet]`
`64`	`66`	`[ResponseType(typeof(user[]))]`
	`67`	`+ [Authorize(Roles = "Admin, Manager")]`
`65`	`68`	`public async Task<IHttpActionResult> findByRole(string role) {`
`66`	`69`	`user[] users = null;`
`67`	`70`
`@@ -126,6 +129,7 @@ public async Task<IHttpActionResult> Putuser(int id, user user)`
`126`	`129`
`127`	`130`	`// POST: api/users`
`128`	`131`	`[ResponseType(typeof(user))]`
	`132`	`+ [AllowAnonymous]`
`129`	`133`	`public async Task<IHttpActionResult> Postuser(user user)`
`130`	`134`	`{`
`131`	`135`	`if (!ModelState.IsValid)`
`@@ -141,6 +145,7 @@ public async Task<IHttpActionResult> Postuser(user user)`
`141`	`145`
`142`	`146`	`// DELETE: api/users/5`
`143`	`147`	`[ResponseType(typeof(user))]`
	`148`	`+ [Authorize(Roles = "Admin")]`
`144`	`149`	`public async Task<IHttpActionResult> Deleteuser(int id)`
`145`	`150`	`{`
`146`	`151`	`user user = await db.user.FindAsync(id);`