added authoroty to delete to teachers

johanreitan · johanreitan · commit 53464e323d93 · 2025-09-24T12:20:55.000+02:00
diff --git a/exercise.wwwapi/Endpoints/UserEndpoints.cs b/exercise.wwwapi/Endpoints/UserEndpoints.cs
@@ -386,8 +386,11 @@ public static async Task<IResult> UpdateUser(IRepository<User> userRepository, i
     public static async Task<IResult> DeleteUser(IRepository<User> userRepository, int id,
         ClaimsPrincipal claimsPrincipal)
     {
+        var userRole = claimsPrincipal.Role();
+        var authorizedAsTeacher = AuthorizeTeacher(claimsPrincipal);
+
         var userIdClaim = claimsPrincipal.UserRealId();
-        if (userIdClaim == null || userIdClaim != id)
+        if (!authorizedAsTeacher && (userIdClaim == null || userIdClaim != id))
         {
             return Results.Unauthorized();
         }

Original file line number	Diff line number	Diff line change
`@@ -386,8 +386,11 @@ public static async Task<IResult> UpdateUser(IRepository<User> userRepository, i`
`386`	`386`	`public static async Task<IResult> DeleteUser(IRepository<User> userRepository, int id,`
`387`	`387`	`ClaimsPrincipal claimsPrincipal)`
`388`	`388`	`{`
	`389`	`+ var userRole = claimsPrincipal.Role();`
	`390`	`+ var authorizedAsTeacher = AuthorizeTeacher(claimsPrincipal);`
	`391`	`+`
`389`	`392`	`var userIdClaim = claimsPrincipal.UserRealId();`
`390`		`- if (userIdClaim == null \|\| userIdClaim != id)`
	`393`	`+ if (!authorizedAsTeacher && (userIdClaim == null \|\| userIdClaim != id))`
`391`	`394`	`{`
`392`	`395`	`return Results.Unauthorized();`
`393`	`396`	`}`