/// <summary> /// Validate that the current user is an administrator or this place belongs to them. /// </summary> /// <param name="place">The place to test.</param> /// <returns>True if the user is allowed.</returns> public bool IsAllowed(Entity.Place place) { var userId = new Guid(this.User.FindFirstValue(ClaimTypes.NameIdentifier)); var isAdmin = this.User.Claims.Any(c => c.Type == ClaimTypes.Role && c.Value == "administrator"); // Only admins can update other users places. return(isAdmin || place?.OwnerId == userId); }
public IActionResult AddMyPlaces(Model.Place place) { var userId = new Guid(this.User.FindFirstValue(ClaimTypes.NameIdentifier)); var entity = new Entity.Place(place.Latitude, place.Longitude, place.Note, userId); _dbContext.Places.Add(entity); _dbContext.SaveChanges(); var result = new JsonResult(new Model.Place(entity)); result.StatusCode = 201; return(result); }