[authorize]

NET-Bootcamp-N11 · Sep 21, 2024 · 8e22ba7 · 8e22ba7
1 parent fe88318
commit 8e22ba7
Show file tree

Hide file tree

Showing 7 changed files with 53 additions and 0 deletions.
diff --git a/UrphaCapital.API/Controllers/AdminsController.cs b/UrphaCapital.API/Controllers/AdminsController.cs
@@ -1,4 +1,5 @@
 using MediatR;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.RateLimiting;
 using UrphaCapital.Application.AuthServices;

diff --git a/UrphaCapital.API/Controllers/CoursesController.cs b/UrphaCapital.API/Controllers/CoursesController.cs
@@ -1,4 +1,5 @@
 using MediatR;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using UrphaCapital.Application.UseCases.Courses.Commands;
 using UrphaCapital.Application.UseCases.Courses.Queries;
@@ -19,6 +20,7 @@ public CoursesController(IMediator mediator)
         }
 
         [HttpPost]
+        [Authorize(Roles = "Admin")]
         public async Task<ResponseModel> Create([FromForm] CreateCourseCommand command, CancellationToken cancellation)
         {
             var response = await _mediator.Send(command, cancellation);
@@ -66,6 +68,7 @@ public async Task<IEnumerable<Course>> GetAll(int index, int count, Cancellation
         }
 
         [HttpPut]
+        [Authorize(Roles = "Admin")]
         public async Task<ResponseModel> Update([FromForm] UpdateCourseCommand command, CancellationToken cancellation)
         {
             var response = await _mediator.Send(command, cancellation);
@@ -74,6 +77,7 @@ public async Task<ResponseModel> Update([FromForm] UpdateCourseCommand command,
         }
 
         [HttpDelete("{id}")]
+        [Authorize(Roles = "Admin")]
         public async Task<ResponseModel> Delete(Guid id, CancellationToken cancellation)
         {
             var command = new DeleteCourseCommand { Id = id };

diff --git a/UrphaCapital.API/Controllers/HelpController.cs b/UrphaCapital.API/Controllers/HelpController.cs
@@ -1,4 +1,5 @@
 using MediatR;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using UrphaCapital.Application.UseCases.Homework.Commands;
@@ -27,6 +28,7 @@ public async Task<ResponseModel> PostHelp([FromForm] CreateHomeworkCommand comma
         }
 
         [HttpDelete("{id}")]
+        [Authorize(Roles = "Admin")]
         public async Task<ResponseModel> RemoveHelp(long id, CancellationToken cancellation)
         {
             var command = new DeleteHomeworkCommand { Id = id };
@@ -37,6 +39,7 @@ public async Task<ResponseModel> RemoveHelp(long id, CancellationToken cancellat
         }
 
         [HttpGet]
+        [Authorize(Roles = "Admin")]
         public async Task<IEnumerable<Homeworks>> GetAll(int index, int count, CancellationToken cancellation)
         {
             var query = new GetAllHomeworksQuery();

diff --git a/UrphaCapital.API/Controllers/HomeworksController.cs b/UrphaCapital.API/Controllers/HomeworksController.cs
@@ -1,4 +1,5 @@
 using MediatR;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using UrphaCapital.Application.UseCases.Homework.Commands;
 using UrphaCapital.Application.UseCases.Homework.Queries;
@@ -28,6 +29,8 @@ public async Task<ResponseModel> PostLesson([FromForm] CreateHomeworkCommand com
         }
 
         [HttpDelete("{id}")]
+        [Authorize(Roles = "Admin")]
+        [Authorize(Roles = "Mentor")]
         public async Task<ResponseModel> RemoveHomework(long id, CancellationToken cancellation)
         {
             var command = new DeleteHomeworkCommand { Id = id };
@@ -46,6 +49,8 @@ public async Task<ResponseModel> PutHomework([FromForm] UpdateHomeworkCommand co
         }
 
         [HttpPut("grade-homework")]
+        [Authorize(Roles = "Admin")]
+        [Authorize(Roles = "Mentor")]
         public async Task<ResponseModel> PutHomework([FromBody] GradeHomeworkCommand command, CancellationToken cancellation)
         {
             var response = await _mediator.Send(command, cancellation);
@@ -54,6 +59,9 @@ public async Task<ResponseModel> PutHomework([FromBody] GradeHomeworkCommand com
         }
 
         [HttpGet("{studentId}/results/{index}/{count}")]
+        [Authorize(Roles = "Admin")]
+        [Authorize(Roles = "Mentor")]
+        [Authorize(Roles = "Student")]
         public async Task<IEnumerable<HomeworkResultView>> GetStudentHomeworkResults(long studentId, int index, int count, CancellationToken cancellation)
         {
             var query = new GetStudentHomeworkResultsQuery()
@@ -69,6 +77,9 @@ public async Task<IEnumerable<HomeworkResultView>> GetStudentHomeworkResults(lon
         }
 
         [HttpGet("{index}/{count}")]
+        [Authorize(Roles = "Admin")]
+        [Authorize(Roles = "Mentor")]
+        [Authorize(Roles = "Student")]
         public async Task<IEnumerable<Homeworks>> GetAll(int index, int count, CancellationToken cancellation)
         {
             var query = new GetAllHomeworksQuery()
@@ -83,6 +94,8 @@ public async Task<IEnumerable<Homeworks>> GetAll(int index, int count, Cancellat
         }
 
         [HttpGet("{mentorId}/{index}/{count}")]
+        [Authorize(Roles = "Admin")]
+        [Authorize(Roles = "Mentor")]
         public async Task<IEnumerable<Homeworks>> GetAllHomeworksByMentorId(int index, int count, long mentorId, CancellationToken cancellation)
         {
             var query = new Application.UseCases.Homework.Queries.GetAllHomeworksByMentorIdQuery()
@@ -98,6 +111,8 @@ public async Task<IEnumerable<Homeworks>> GetAllHomeworksByMentorId(int index, i
         }
 
         [HttpGet("bylesson/{lessonId}/{index}/{count}")]
+        [Authorize(Roles = "Admin")]
+        [Authorize(Roles = "Mentor")]
         public async Task<IEnumerable<Homeworks>> GetAllHomeworksByLessonId(int index, int count, long lessonId, CancellationToken cancellation)
         {
             var query = new Application.UseCases.Homework.Queries.GetAllHomeworksByLessonIdQuery()

diff --git a/UrphaCapital.API/Controllers/LessonsController.cs b/UrphaCapital.API/Controllers/LessonsController.cs
@@ -1,4 +1,5 @@
 using MediatR;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using UrphaCapital.Application.UseCases.Lessons.Commands;
@@ -21,6 +22,7 @@ public LessonsController(IMediator mediator)
         }
 
         [HttpPost]
+        [Authorize(Roles = "Admin")]
         public async Task<ResponseModel> PostLesson([FromForm] CreateLessonCommand command, CancellationToken cancellation)
         {
             var response = await _mediator.Send(command, cancellation);
@@ -29,6 +31,9 @@ public async Task<ResponseModel> PostLesson([FromForm] CreateLessonCommand comma
         }
 
         [HttpGet("{id}")]
+        [Authorize(Roles = "Admin")]
+        [Authorize(Roles = "Mentor")]
+        [Authorize(Roles = "Student")]
         public async Task<Lesson> GetLessonById(string id, CancellationToken cancellation)
         {
             var query = new GetLessonByIdQuery { Id = id };
@@ -39,6 +44,9 @@ public async Task<Lesson> GetLessonById(string id, CancellationToken cancellatio
         }
 
         [HttpGet("getvideo")]
+        [Authorize(Roles = "Admin")]
+        [Authorize(Roles = "Mentor")]
+        [Authorize(Roles = "Student")]
         public async Task<IActionResult> GetLessonVideo([FromQuery] string lessonId, CancellationToken cancellation)
         {
             var query = new GetLessonVideoQuery { Id = lessonId };
@@ -58,6 +66,9 @@ public async Task<IActionResult> GetLessonVideo([FromQuery] string lessonId, Can
         }
 
         [HttpGet("{courseId}/{index}/{count}")]
+        [Authorize(Roles = "Admin")]
+        [Authorize(Roles = "Mentor")]
+        [Authorize(Roles = "Student")]
         public async Task<IEnumerable<Lesson>> GetLessonsByCourseId(string courseId, int index, int count, CancellationToken cancellation)
         {
             var query = new GetAllLessonsByCourseIdQuery()
@@ -73,6 +84,7 @@ public async Task<IEnumerable<Lesson>> GetLessonsByCourseId(string courseId, int
         }
 
         [HttpPut]
+        [Authorize(Roles = "Admin")]
         public async Task<ResponseModel> PutLesson([FromForm] UpdateLessonCommand command, CancellationToken cancellation)
         {
             var response = await _mediator.Send(command, cancellation);
@@ -81,6 +93,7 @@ public async Task<ResponseModel> PutLesson([FromForm] UpdateLessonCommand comman
         }
 
         [HttpDelete("{id}")]
+        [Authorize(Roles = "Admin")]
         public async Task<ResponseModel> RemoveLesson(string id, CancellationToken cancellation)
         {
             var command = new DeleteLessonCommand { Id = id };

diff --git a/UrphaCapital.API/Controllers/MentorsController.cs b/UrphaCapital.API/Controllers/MentorsController.cs
@@ -1,4 +1,5 @@
 using MediatR;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.RateLimiting;
@@ -28,6 +29,7 @@ public MentorsController(IMediator mediator, IPasswordHasher passwordHasher, IAu
         }
 
         [HttpPost]
+        [Authorize(Roles = "Admin")]
         public async Task<ResponseModel> Create([FromForm] CreateMentorCommand command, CancellationToken cancellation)
         {
             var response = await _mediator.Send(command, cancellation);
@@ -36,6 +38,7 @@ public async Task<ResponseModel> Create([FromForm] CreateMentorCommand command,
         }
 
         [HttpGet("{id}")]
+        [Authorize(Roles = "Admin")]
         public async Task<Mentor> GetById(long id, CancellationToken cancellation)
         {
             var query = new GetMentorByIdQuery { Id = id };
@@ -46,6 +49,7 @@ public async Task<Mentor> GetById(long id, CancellationToken cancellation)
         }
 
         [HttpGet("{index}/{count}")]
+        [Authorize(Roles = "Admin")]
         public async Task<IEnumerable<Mentor>> GetAll(int index, int count, CancellationToken cancellation)
         {
             var query = new GetAllMentorsQuery()
@@ -60,6 +64,7 @@ public async Task<IEnumerable<Mentor>> GetAll(int index, int count, Cancellation
         }
 
         [HttpPut]
+        [Authorize(Roles = "Admin")]
         public async Task<ResponseModel> Update([FromForm] UpdateMentorCommand command, CancellationToken cancellation)
         {
             var response = await _mediator.Send(command, cancellation);
@@ -68,6 +73,7 @@ public async Task<ResponseModel> Update([FromForm] UpdateMentorCommand command,
         }
 
         [HttpDelete("{id}")]
+        [Authorize(Roles = "Admin")]
         public async Task<ResponseModel> Delete(long id, CancellationToken cancellation)
         {
             var command = new DeleteMentorCommand { Id = id };

diff --git a/UrphaCapital.API/Controllers/StudentController.cs b/UrphaCapital.API/Controllers/StudentController.cs
@@ -1,4 +1,5 @@
 using MediatR;
+using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.RateLimiting;
 using UrphaCapital.Application.AuthServices;
@@ -28,6 +29,8 @@ public StudentController(IMediator mediator, IAuthService authService, IPassword
         }
 
         [HttpPost]
+        [Authorize(Roles = "Admin")]
+        [Authorize(Roles = "Student")]
         public async Task<ResponseModel> PostStudent([FromBody] CreateStudentsCommand command, CancellationToken cancellation)
         {
             var response = await _mediator.Send(command, cancellation);
@@ -36,6 +39,7 @@ public async Task<ResponseModel> PostStudent([FromBody] CreateStudentsCommand co
         }
 
         [HttpGet("{id}")]
+        [Authorize(Roles = "Admin")]
         public async Task<Student> GetStudentById(long id, CancellationToken cancellation)
         {
             var query = new GetAllStudentsByIdQuery { Id = id };
@@ -46,6 +50,8 @@ public async Task<Student> GetStudentById(long id, CancellationToken cancellatio
         }
 
         [HttpGet("get-my-courses/{id}")]
+        [Authorize(Roles = "Admin")]
+        [Authorize(Roles = "Student")]
         //one
         public async Task<IEnumerable<Course>> GetMyCoursesById(long id, CancellationToken cancellation)
         // two
@@ -59,6 +65,7 @@ public async Task<IEnumerable<Course>> GetMyCoursesById(long id, CancellationTok
         }
 
         [HttpGet("{index}/{count}")]
+        [Authorize(Roles = "Admin")]
         public async Task<IEnumerable<Student>> GetStudentsByStudentId(int index, int count, CancellationToken cancellation)
         {
             var query = new GetAllStudentsQuery()
@@ -73,6 +80,7 @@ public async Task<IEnumerable<Student>> GetStudentsByStudentId(int index, int co
         }
 
         [HttpPut]
+        [Authorize(Roles = "Admin")]
         public async Task<ResponseModel> PutStudent([FromBody] UpdateStudentCommand command, CancellationToken cancellation)
         {
             var response = await _mediator.Send(command, cancellation);
@@ -81,6 +89,8 @@ public async Task<ResponseModel> PutStudent([FromBody] UpdateStudentCommand comm
         }
 
         [HttpPut("add-course")]
+        [Authorize(Roles = "Admin")]
+        [Authorize(Roles = "Student")]
         public async Task<ResponseModel> AddMyCourse([FromQuery] AddMyCourseCommand command, CancellationToken cancellation)
         {
             var response = await _mediator.Send(command, cancellation);
@@ -89,6 +99,7 @@ public async Task<ResponseModel> AddMyCourse([FromQuery] AddMyCourseCommand comm
         }
 
         [HttpDelete("{id}")]
+        [Authorize(Roles = "Admin")]
         public async Task<ResponseModel> RemoveStudent(string id, CancellationToken cancellation)
         {
             var command = new DeleteLessonCommand { Id = id };