Added the Authorize attribute to the methods whereby BusinessEntityIn… #1637
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…terceptor wasn't able to get the currentUser
|
DmyMi
reviewed
Jan 21, 2025
| @@ -263,6 +263,7 @@ public async Task<IActionResult> GetByFilter([FromQuery] WorkshopFilter filter, | |||
| /// <response code="403">If the user has no rights to use this method, or sets some properties that are forbidden.</response> | |||
| /// <response code="500">If any server error occures.</response> | |||
| [HasPermission(Permissions.WorkshopAddNew)] | |||
| [Authorize] | |||
There was a problem hiding this comment.
can you double check that HasPermission does not work as authorize as it extends authorize? Maybe it is better to fix HasPermission instead of duplicating attributes
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Adding the Authorize attribute although HasPermission is derived from Authorize seems to be the only way to make the BusinessEntityInterceptor able to retrieve the UserId. Also added it to the Delete method because an unauthenticated user would never be able to delete an existing Workshop anyway (This method had the HasPermission as well so it seems to be right).