[*] ProductsController : restricted access to Create, Edit, Delete me…

…thods for non-admin users
svasorcery · Apr 16, 2018 · 2d71f49 · 2d71f49
1 parent 1837fb3
commit 2d71f49
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/LegendaryStore/Controllers/ProductsController.cs b/LegendaryStore/Controllers/ProductsController.cs
@@ -9,7 +9,6 @@ namespace LegendaryStore.Controllers
     using LegendaryStore.Models;
     using LegendaryStore.Services;
 
-    [Authorize]
     [Route("api/[controller]")]
     public class ProductsController : Controller
     {
@@ -52,6 +51,7 @@ public async Task<IActionResult> ByCategory([FromRoute]int categoryId, int page
             return Ok(result);
         }
 
+        [Authorize(Policy = "FullAccess")]
         [HttpGet("{id:int}")]
         public async Task<IActionResult> Get([FromRoute]int id)
         {
@@ -73,6 +73,7 @@ public async Task<IActionResult> Get([FromRoute]int id)
             return Ok(model);
         }
 
+        [Authorize(Policy = "FullAccess")]
         [HttpPost]
         public async Task<IActionResult> Create([FromBody]Product model)
         {
@@ -89,6 +90,7 @@ public async Task<IActionResult> Create([FromBody]Product model)
             }
         }
 
+        [Authorize(Policy = "FullAccess")]
         [HttpPut("{id:int}")]
         public async Task<IActionResult> Edit([FromRoute]int id, [FromBody]Product model)
         {
@@ -104,6 +106,7 @@ public async Task<IActionResult> Edit([FromRoute]int id, [FromBody]Product model
             }
         }
 
+        [Authorize(Policy = "FullAccess")]
         [HttpDelete("{id:int}")]
         public async Task<IActionResult> Delete([FromRoute]int id)
         {