From eae0cfb0a611106aa822cebe5cc5c7431aa5395e Mon Sep 17 00:00:00 2001 From: Paul Schneider Date: Mon, 13 Jun 2016 14:32:48 +0200 Subject: [PATCH] =?UTF-8?q?Prot=C3=A8ge=20la=20d=C3=A9claration=20des=20ap?= =?UTF-8?q?plis=20pour=20un=20autre=20que=20soi?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- Yavsc/ApiController/GCMController.cs | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/Yavsc/ApiController/GCMController.cs b/Yavsc/ApiController/GCMController.cs index a2bbec9e..85aede96 100644 --- a/Yavsc/ApiController/GCMController.cs +++ b/Yavsc/ApiController/GCMController.cs @@ -1,9 +1,11 @@ using System.Linq; +using System.Security.Claims; using Microsoft.AspNet.Authorization; using Microsoft.AspNet.Mvc; using Microsoft.Extensions.Logging; using Yavsc.Models; +[Authorize,Route("~/api/gcm")] public class GCMController : Controller { ILogger _logger; ApplicationDbContext _context; @@ -15,9 +17,14 @@ public class GCMController : Controller { _context = context; } - [Authorize] - public void Register (GoogleCloudMobileDeclaration declaration) + public IActionResult Register (GoogleCloudMobileDeclaration declaration) { + if (declaration.DeviceOwnerId!=null) + if (User.GetUserId() != declaration.DeviceOwnerId) + return new BadRequestObjectResult( + new { error = "you're not allowed to register for another user" }  + ); + declaration.DeviceOwnerId = User.GetUserId(); if (_context.GCMDevices.Any(d => d.RegistrationId == declaration.RegistrationId)) { var alreadyRegisteredDevice = _context.GCMDevices.FirstOrDefault(d => d.RegistrationId == declaration.RegistrationId); @@ -32,6 +39,7 @@ public class GCMController : Controller { _context.GCMDevices.Add(declaration); _context.SaveChanges(); } + return Ok(); } } \ No newline at end of file