public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
if (!context.ProcessInvalidModelState())
{
return;
}
var postVm = (PostVm)context.ActionArguments["value"];
var email = (await base._auth0Service.GetTokenInfo((IHeaderProvider)context.Controller)).Email;
var user = await _dbContext.Users.SingleOrDefaultAsync(x => x.Email == email);
if (user?.Id != postVm.Author.Id)
{
context.Result = new ForbidResult();
return;
}
await base.OnActionExecutionAsync(context, next);
}
public override async Task OnActionExecutionAsync(ActionExecutingContext context, ActionExecutionDelegate next)
{
if (!context.ProcessInvalidModelState())
{
return;
}
var postId = (int)context.ActionArguments["postId"];
var email = (await base._auth0Service.GetTokenInfo((IHeaderProvider)context.Controller)).Email;
var post = await _dbContext.Posts.Include(x => x.Author).SingleOrDefaultAsync(x => x.Id == postId);
if (post == null)
{
context.Result = new NotFoundResult();
return;
}
if (post.Author?.Email != email)
{
context.Result = new UnauthorizedResult();
return;
}
await base.OnActionExecutionAsync(context, next);
}
