From 8b549668765858e56f55cc9e47b3f32693490f5e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=A4=D1=80=D0=BE=D0=BB=D0=BE=D0=B2?=
 <nikita.grigorevich@gmail.com>
Date: Wed, 20 Oct 2021 17:55:50 +0500
Subject: [PATCH] Fix security in WellController

---
 AsbCloudWebApi/Controllers/WellController.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/AsbCloudWebApi/Controllers/WellController.cs b/AsbCloudWebApi/Controllers/WellController.cs
index 364d0863..85ffea8d 100644
--- a/AsbCloudWebApi/Controllers/WellController.cs
+++ b/AsbCloudWebApi/Controllers/WellController.cs
@@ -58,7 +58,7 @@ namespace AsbCloudWebApi.Controllers
         {
             var idCompany = User.GetCompanyId();
 
-            if (idCompany is null)
+            if (idCompany is null || !await wellService.IsCompanyInvolvedInWellAsync(idCompany??default, idWell, token).ConfigureAwait(false))
                 return NoContent();
 
             var well = await wellService.GetAsync(idWell,