From ce86d103039b22695b04714ee85e9ef3e1e032b5 Mon Sep 17 00:00:00 2001
From: ivarlovlie <git@ivarlovlie.no>
Date: Sun, 23 Jan 2022 11:41:42 +0100
Subject: feat(auth): Implements first draft of basic auth gen/validation

---
 src/server/Api/V1/Entries/GetEntriesRoute.cs | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'src/server/Api/V1/Entries/GetEntriesRoute.cs')

diff --git a/src/server/Api/V1/Entries/GetEntriesRoute.cs b/src/server/Api/V1/Entries/GetEntriesRoute.cs
index adadf01..27905a2 100644
--- a/src/server/Api/V1/Entries/GetEntriesRoute.cs
+++ b/src/server/Api/V1/Entries/GetEntriesRoute.cs
@@ -16,6 +16,10 @@ public class GetEntriesRoute : RouteBaseV1Sync.WithoutRequest.WithActionResult<L
 	[ApiVersion(ApiSpecV1.VERSION_STRING)]
 	[HttpGet("~/v{version:apiVersion}/entries")]
 	public override ActionResult<List<EntryDto>> Handle() {
+		if (IsApiCall() && !HasApiPermission(Constants.TOKEN_ALLOW_READ)) {
+			return StatusCode(403, "Your token does not permit access to this resource");
+		}
+
 		return Ok(_context.Entries.Where(c => c.UserId == LoggedInUser.Id).Select(c => new EntryDto(c)));
 	}
 }
-- 
cgit v1.3