fix: 드립 삭제 권한 설정

ProdMoon · Jun 30, 2024 · 3c63b79 · 3c63b79
1 parent 59c71c7
commit 3c63b79
Showing 1 changed file with 7 additions and 0 deletions.
diff --git a/Controllers/Api/DliibController.cs b/Controllers/Api/DliibController.cs
@@ -102,6 +102,7 @@ public async Task<ActionResult<Dliib>> PostDliib(Dliib dliib)
     }
 
     [HttpDelete("{id}")]
+    [Authorize]
     public async Task<IActionResult> DeleteDliib(int id)
     {
         var dliib = await db.Dliibs.FindAsync(id);
@@ -110,6 +111,12 @@ public async Task<IActionResult> DeleteDliib(int id)
             return NotFound();
         }
 
+        var user = await db.Users.FirstOrDefaultAsync(x => x.NormalizedUserName == User.Identity.Name);
+        if (dliib.Author != user)
+        {
+            return Unauthorized();
+        }
+
         db.Dliibs.Remove(dliib);
         await db.SaveChangesAsync();