From 8cd1e10cd7b72390e7c8923add7379b2a9525609 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Torma=20Krist=C3=B3f?= <tormakristof@tormakristof.eu>
Date: Wed, 19 May 2021 05:08:00 +0200
Subject: [PATCH] require admin role

---
 .../Controllers/V1/HanyadikHetVanController.cs      |  1 -
 HanyadikHetVan/Controllers/V1/TestController.cs     | 13 +++++++++++--
 HanyadikHetVan/Controllers/V2/PauseController.cs    |  4 ++--
 HanyadikHetVan/Controllers/V2/PurseController.cs    |  4 ++--
 .../Controllers/V2/WeeklyTimeSpanController.cs      |  4 ++--
 5 files changed, 17 insertions(+), 9 deletions(-)

diff --git a/HanyadikHetVan/Controllers/V1/HanyadikHetVanController.cs b/HanyadikHetVan/Controllers/V1/HanyadikHetVanController.cs
index 2b59937..307b782 100644
--- a/HanyadikHetVan/Controllers/V1/HanyadikHetVanController.cs
+++ b/HanyadikHetVan/Controllers/V1/HanyadikHetVanController.cs
@@ -22,7 +22,6 @@ namespace HanyadikHetVan.Controllers.V1
         }
 
         [HttpGet("json")]
-        [Consumes(MediaTypeNames.Application.Json)]
         [Produces(MediaTypeNames.Application.Json)]
         public HanyadikHetVanDTO GetJson()
         {
diff --git a/HanyadikHetVan/Controllers/V1/TestController.cs b/HanyadikHetVan/Controllers/V1/TestController.cs
index f82addb..3109ff9 100644
--- a/HanyadikHetVan/Controllers/V1/TestController.cs
+++ b/HanyadikHetVan/Controllers/V1/TestController.cs
@@ -2,6 +2,7 @@
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Mvc;
 using System;
+using System.Net.Mime;
 using System.Security.Claims;
 
 namespace HanyadikHetVan.Controllers.V1
@@ -19,7 +20,7 @@ namespace HanyadikHetVan.Controllers.V1
         }
 
         [HttpGet("unprotected")]
-        [Produces("application/json")]
+        [Produces(MediaTypeNames.Application.Json)]
         public string Unprotected()
         {
 
@@ -28,10 +29,18 @@ namespace HanyadikHetVan.Controllers.V1
 
         [Authorize]
         [HttpGet("protected")]
-        [Produces("application/json")]
+        [Produces(MediaTypeNames.Application.Json)]
         public string Protected()
         {
             return this.User.FindFirst(ClaimTypes.NameIdentifier).Value;
         }
+
+        [Authorize(Roles = "admin")]
+        [HttpGet("roleprotected")]
+        [Produces(MediaTypeNames.Application.Json)]
+        public string RoleProtected()
+        {
+            return this.User.FindFirst(ClaimTypes.NameIdentifier).Value;
+        }
     }
 }
diff --git a/HanyadikHetVan/Controllers/V2/PauseController.cs b/HanyadikHetVan/Controllers/V2/PauseController.cs
index 6d82eaf..088b030 100644
--- a/HanyadikHetVan/Controllers/V2/PauseController.cs
+++ b/HanyadikHetVan/Controllers/V2/PauseController.cs
@@ -41,7 +41,7 @@ namespace HanyadikHetVan.Controllers.V2
             }
         }
         [HttpDelete("{pauseId}")]
-        [Authorize]
+        [Authorize(Roles = "admin")]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(WeeklyTimeSpanDTO))]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         [ProducesResponseType(StatusCodes.Status401Unauthorized)]
@@ -58,7 +58,7 @@ namespace HanyadikHetVan.Controllers.V2
             }
         }
         [HttpPut]
-        [Authorize]
+        [Authorize(Roles = "admin")]
         [Consumes(MediaTypeNames.Application.Json)]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(PauseDTO))]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
diff --git a/HanyadikHetVan/Controllers/V2/PurseController.cs b/HanyadikHetVan/Controllers/V2/PurseController.cs
index b881acc..a429d36 100644
--- a/HanyadikHetVan/Controllers/V2/PurseController.cs
+++ b/HanyadikHetVan/Controllers/V2/PurseController.cs
@@ -24,7 +24,7 @@ namespace HanyadikHetVan.Controllers.V2
         }
 
         [HttpPut("{userId}")]
-        [Authorize]
+        [Authorize(Roles = "admin")]
         [Consumes(MediaTypeNames.Application.Json)]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(PurseDTO))]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
@@ -43,7 +43,7 @@ namespace HanyadikHetVan.Controllers.V2
         }
 
         [HttpGet("{userId}")]
-        [Authorize]
+        [Authorize(Roles = "admin")]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(PurseDTO))]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         [ProducesResponseType(StatusCodes.Status401Unauthorized)]
diff --git a/HanyadikHetVan/Controllers/V2/WeeklyTimeSpanController.cs b/HanyadikHetVan/Controllers/V2/WeeklyTimeSpanController.cs
index 9fc3808..5574daa 100644
--- a/HanyadikHetVan/Controllers/V2/WeeklyTimeSpanController.cs
+++ b/HanyadikHetVan/Controllers/V2/WeeklyTimeSpanController.cs
@@ -41,7 +41,7 @@ namespace HanyadikHetVan.Controllers.V2
             }
         }
         [HttpDelete("{weeklyTimeSpanId}")]
-        [Authorize]
+        [Authorize(Roles = "admin")]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(bool))]
         [ProducesResponseType(StatusCodes.Status404NotFound)]
         [ProducesResponseType(StatusCodes.Status401Unauthorized)]
@@ -58,7 +58,7 @@ namespace HanyadikHetVan.Controllers.V2
             }
         }
         [HttpPut]
-        [Authorize]
+        [Authorize(Roles = "admin")]
         [Consumes(MediaTypeNames.Application.Json)]
         [ProducesResponseType(StatusCodes.Status200OK, Type = typeof(WeeklyTimeSpanDTO))]
         [ProducesResponseType(StatusCodes.Status404NotFound)]