From ce86d103039b22695b04714ee85e9ef3e1e032b5 Mon Sep 17 00:00:00 2001
From: ivarlovlie <git@ivarlovlie.no>
Date: Sun, 23 Jan 2022 11:41:42 +0100
Subject: feat(auth): Implements first draft of basic auth gen/validation

---
 src/server/Api/V1/Entries/UpdateEntryRoute.cs | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'src/server/Api/V1/Entries/UpdateEntryRoute.cs')

diff --git a/src/server/Api/V1/Entries/UpdateEntryRoute.cs b/src/server/Api/V1/Entries/UpdateEntryRoute.cs
index 96c60fe..919364d 100644
--- a/src/server/Api/V1/Entries/UpdateEntryRoute.cs
+++ b/src/server/Api/V1/Entries/UpdateEntryRoute.cs
@@ -1,4 +1,3 @@
-using System.Security.Cryptography;
 using IOL.BookmarkThing.Server.Api.V1.Entries.Dtos;
 
 namespace IOL.BookmarkThing.Server.Api.V1.Entries;
@@ -24,6 +23,10 @@ public class UpdateEntryRoute : RouteBaseV1Sync.WithRequest<UpdateEntryRequest>.
 	[ApiVersion(ApiSpecV1.VERSION_STRING)]
 	[HttpPost("~/v{version:apiVersion}/entries/update")]
 	public override ActionResult<EntryDto> Handle(UpdateEntryRequest entryToUpdate) {
+		if (IsApiCall() && !HasApiPermission(Constants.TOKEN_ALLOW_UPDATE)) {
+			return StatusCode(403, "Your token does not permit access to this resource");
+		}
+
 		var entry = _context.Entries.SingleOrDefault(c => c.Id == entryToUpdate.Id && c.UserId == LoggedInUser.Id);
 		if (entry == default) {
 			return NotFound(new ErrorResult("Entry does not exist"));
-- 
cgit v1.3