feat(auth): Implements first draft of basic auth gen/validation

author: ivarlovlie <git@ivarlovlie.no> 2022-01-23 11:41:42 +0100
committer: ivarlovlie <git@ivarlovlie.no> 2022-01-23 14:33:05 +0100
commit: ce86d103039b22695b04714ee85e9ef3e1e032b5 (patch)
tree: 557455780de06ceb95dd556ca5ffca0208a1f8ba /src/server/Api/V1/Entries/DeleteEntryRoute.cs
parent: 89816382424e59ad953b433fbf82c925741b3136 (diff)
download: bookmark-thing-ce86d103039b22695b04714ee85e9ef3e1e032b5.tar.xz
bookmark-thing-ce86d103039b22695b04714ee85e9ef3e1e032b5.zip
1 files changed, 4 insertions, 0 deletions
diff --git a/src/server/Api/V1/Entries/DeleteEntryRoute.cs b/src/server/Api/V1/Entries/DeleteEntryRoute.cs
index fc79049..c979c1f 100644
--- a/src/server/Api/V1/Entries/DeleteEntryRoute.cs
+++ b/src/server/Api/V1/Entries/DeleteEntryRoute.cs
@@ -18,6 +18,10 @@ public class DeleteEntryRoute : RouteBaseV1Sync.WithRequest<Guid>.WithActionResu
 	[ApiVersion(ApiSpecV1.VERSION_STRING)]
 	[HttpDelete("~/v{version:apiVersion}/entries/{entryId:guid}")]
 	public override ActionResult Handle(Guid entryId) {
+		if (IsApiCall() && !HasApiPermission(Constants.TOKEN_ALLOW_DELETE)) {
+			return StatusCode(403, "Your token does not permit access to this resource");
+		}
+
 		var entry = _context.Entries.SingleOrDefault(c => c.Id == entryId && c.UserId == LoggedInUser.Id);
 		if (entry == default) {
 			return NotFound(new ErrorResult("Entry does not exist"));
author	ivarlovlie <git@ivarlovlie.no>	2022-01-23 11:41:42 +0100
committer	ivarlovlie <git@ivarlovlie.no>	2022-01-23 14:33:05 +0100
commit	ce86d103039b22695b04714ee85e9ef3e1e032b5 (patch)
tree	557455780de06ceb95dd556ca5ffca0208a1f8ba /src/server/Api/V1/Entries/DeleteEntryRoute.cs
parent	89816382424e59ad953b433fbf82c925741b3136 (diff)
download	bookmark-thing-ce86d103039b22695b04714ee85e9ef3e1e032b5.tar.xz bookmark-thing-ce86d103039b22695b04714ee85e9ef3e1e032b5.zip