diff --git a/API/Controllers/TacticsController.cs b/API/Controllers/TacticsController.cs index e67aaf8..9b5582a 100644 --- a/API/Controllers/TacticsController.cs +++ b/API/Controllers/TacticsController.cs @@ -26,7 +26,7 @@ public class TacticController(ITacticService service, IContextAccessor accessor) [FromBody] UpdateNameRequest req) { var userId = accessor.CurrentUserId(HttpContext); - if (!await service.HasAnyRights(userId, tacticId)) + if (!await service.IsOwnerOf(userId, tacticId)) { return Unauthorized(); } @@ -41,7 +41,7 @@ public class TacticController(ITacticService service, IContextAccessor accessor) public async Task GetTacticInfo(int tacticId) { var userId = accessor.CurrentUserId(HttpContext); - if (!await service.HasAnyRights(userId, tacticId)) + if (!await service.IsOwnerOf(userId, tacticId)) { return Unauthorized(); } @@ -57,7 +57,7 @@ public class TacticController(ITacticService service, IContextAccessor accessor) public async Task GetTacticStepsRoot(int tacticId) { var userId = accessor.CurrentUserId(HttpContext); - if (!await service.HasAnyRights(userId, tacticId)) + if (!await service.IsOwnerOf(userId, tacticId)) { return Unauthorized(); } @@ -110,7 +110,7 @@ public class TacticController(ITacticService service, IContextAccessor accessor) { var userId = accessor.CurrentUserId(HttpContext); - if (!await service.HasAnyRights(userId, tacticId)) + if (!await service.IsOwnerOf(userId, tacticId)) { return Unauthorized(); } @@ -125,7 +125,7 @@ public class TacticController(ITacticService service, IContextAccessor accessor) { var userId = accessor.CurrentUserId(HttpContext); - if (!await service.HasAnyRights(userId, tacticId)) + if (!await service.IsOwnerOf(userId, tacticId)) { return Unauthorized(); } @@ -142,7 +142,7 @@ public class TacticController(ITacticService service, IContextAccessor accessor) public async Task SaveStepContent(int tacticId, int stepId, [FromBody] SaveStepContentRequest req) { var userId = accessor.CurrentUserId(HttpContext); - if (!await service.HasAnyRights(userId, tacticId)) + if (!await service.IsOwnerOf(userId, tacticId)) { return Unauthorized(); } @@ -150,5 +150,14 @@ public class TacticController(ITacticService service, IContextAccessor accessor) var found = await service.SetTacticStepContent(tacticId, stepId, JsonSerializer.Serialize(req.Content)); return found ? Ok() : NotFound(); } - + + public record CanEditResponse(bool CanEdit); + + [HttpGet("/tactics/{tacticId:int}/can-edit")] + [Authorize] + public async Task CanEdit(int tacticId) + { + var userId = accessor.CurrentUserId(HttpContext); + return new CanEditResponse(await service.IsOwnerOf(userId, tacticId)); + } } \ No newline at end of file diff --git a/DbServices/DbTacticService.cs b/DbServices/DbTacticService.cs index 0d4a3ba..7f02808 100644 --- a/DbServices/DbTacticService.cs +++ b/DbServices/DbTacticService.cs @@ -18,7 +18,7 @@ public class DbTacticService(AppContext.AppContext context) : ITacticService ); } - public async Task HasAnyRights(int userId, int tacticId) + public async Task IsOwnerOf(int userId, int tacticId) { var tacticEntity = await context.Tactics.FirstOrDefaultAsync(u => u.Id == tacticId); if (tacticEntity == null) diff --git a/Services/ITacticService.cs b/Services/ITacticService.cs index 99c3b80..2a80b64 100644 --- a/Services/ITacticService.cs +++ b/Services/ITacticService.cs @@ -15,12 +15,12 @@ public interface ITacticService Task> ListTacticsOf(int userId); /// - /// Checks if the user has any rights to access the specified tactic. + /// Checks if the userId corresponds to the tactic's owner identifier /// /// The ID of the user. /// The ID of the tactic. /// A task that represents the asynchronous operation. The task result contains a boolean indicating whether the user has rights. - Task HasAnyRights(int userId, int tacticId); + Task IsOwnerOf(int userId, int tacticId); /// /// Adds a new tactic for the specified user.