11using ClassTranscribeDatabase ;
22using ClassTranscribeDatabase . Models ;
3+ using ClassTranscribeServer . Utils ;
34using Microsoft . AspNetCore . Authorization ;
45using Microsoft . AspNetCore . Http ;
56using Microsoft . AspNetCore . Mvc ;
@@ -23,16 +24,17 @@ public class CaptionsController : BaseController
2324 private readonly WakeDownloader _wakeDownloader ;
2425 private readonly CaptionQueries _captionQueries ;
2526 private readonly SubParser parser = new SubParser ( ) ;
26-
27+ private readonly UserUtils _userUtils ;
2728 private ILogger < CaptionsController > _logger ;
2829
2930 public CaptionsController ( WakeDownloader wakeDownloader ,
3031 CTDbContext context ,
31- CaptionQueries captionQueries ,
32+ CaptionQueries captionQueries , UserUtils userUtils ,
3233 ILogger < CaptionsController > logger ) : base ( context , logger )
3334 {
3435 _captionQueries = captionQueries ;
3536 _wakeDownloader = wakeDownloader ;
37+ _userUtils = userUtils ;
3638 _logger = logger ;
3739 }
3840
@@ -92,15 +94,25 @@ public async Task<ActionResult<Caption>> GetCaption(string transcriptionId, int
9294
9395 // POST: api/Captions
9496 [ HttpPost ]
97+ [ Authorize ]
9598 public async Task < ActionResult < Caption > > PostCaption ( Caption modifiedCaption )
9699 {
97100 // This endpoint should handle deletion as well, which is represented by posting a caption
98101 // with the empty string as text.
99102 _logger . LogInformation ( "DEBUG Id: {Id}, Text: {Text}, Begin: {Begin}, End: {End}" , modifiedCaption . Id , modifiedCaption . Text , modifiedCaption . Begin , modifiedCaption . End ) ;
103+
104+ // This endpoint should be accessible only for people who are logged in
105+ var user = await _userUtils . GetUser ( User ) ;
106+ if ( user == null )
107+ {
108+ return Unauthorized ( ) ;
109+ }
110+
100111 if ( modifiedCaption == null || modifiedCaption . Id == null )
101112 {
102113 return BadRequest ( "modifiedCaption.Id not present" ) ;
103114 }
115+
104116 Caption oldCaption = await _context . Captions . FindAsync ( modifiedCaption . Id ) ;
105117 if ( oldCaption == null )
106118 {
@@ -113,7 +125,9 @@ public async Task<ActionResult<Caption>> PostCaption(Caption modifiedCaption)
113125 Index = oldCaption . Index ,
114126 CaptionType = oldCaption . CaptionType ,
115127 Text = modifiedCaption . Text ,
116- TranscriptionId = oldCaption . TranscriptionId
128+ TranscriptionId = oldCaption . TranscriptionId ,
129+ LastUpdatedBy = user . Id ,
130+ CreatedBy = oldCaption . CreatedBy
117131 } ;
118132 _context . Captions . Add ( newCaption ) ;
119133 await _context . SaveChangesAsync ( ) ;
@@ -122,12 +136,23 @@ public async Task<ActionResult<Caption>> PostCaption(Caption modifiedCaption)
122136
123137 // POST: api/Captions/Add
124138 [ HttpPost ( "Add" ) ]
139+ [ Authorize ]
125140 public async Task < ActionResult < Caption > > AddCaption ( Caption newCaption )
126141 {
127- if ( newCaption == null ) {
142+ // This endpoint should be accessible only for people who are logged in
143+ var user = await _userUtils . GetUser ( User ) ;
144+ if ( user == null )
145+ {
146+ return Unauthorized ( ) ;
147+ }
148+
149+ if ( newCaption == null )
150+ {
128151 return BadRequest ( "newCaption not present" ) ;
129152 }
153+
130154 var allCaptions = await _context . Captions . Where ( c => c . TranscriptionId == newCaption . TranscriptionId ) . ToListAsync ( ) ;
155+
131156 // Every new caption must have a unique index to avoid conflicts with existing indices.
132157 var newIndex = allCaptions . Max ( c => c . Index ) + 1 ;
133158
@@ -138,7 +163,9 @@ public async Task<ActionResult<Caption>> AddCaption(Caption newCaption)
138163 Index = newIndex ,
139164 CaptionType = newCaption . CaptionType ,
140165 Text = newCaption . Text ,
141- TranscriptionId = newCaption . TranscriptionId
166+ TranscriptionId = newCaption . TranscriptionId ,
167+ LastUpdatedBy = user . Id ,
168+ CreatedBy = user . Id
142169 } ;
143170 _context . Captions . Add ( addedCaption ) ;
144171 await _context . SaveChangesAsync ( ) ;
0 commit comments