From 8b549668765858e56f55cc9e47b3f32693490f5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A4=D1=80=D0=BE=D0=BB=D0=BE=D0=B2?= Date: Wed, 20 Oct 2021 17:55:50 +0500 Subject: [PATCH 1/2] Fix security in WellController --- AsbCloudWebApi/Controllers/WellController.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/AsbCloudWebApi/Controllers/WellController.cs b/AsbCloudWebApi/Controllers/WellController.cs index 364d0863..85ffea8d 100644 --- a/AsbCloudWebApi/Controllers/WellController.cs +++ b/AsbCloudWebApi/Controllers/WellController.cs @@ -58,7 +58,7 @@ namespace AsbCloudWebApi.Controllers { var idCompany = User.GetCompanyId(); - if (idCompany is null) + if (idCompany is null || !await wellService.IsCompanyInvolvedInWellAsync(idCompany??default, idWell, token).ConfigureAwait(false)) return NoContent(); var well = await wellService.GetAsync(idWell, From 395d164c92949d0ce7dac888ebd3855ed3814bdb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=D0=A4=D1=80=D0=BE=D0=BB=D0=BE=D0=B2?= Date: Wed, 20 Oct 2021 17:56:36 +0500 Subject: [PATCH 2/2] Refactor WellService.GetAsync() --- AsbCloudInfrastructure/Services/WellService.cs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/AsbCloudInfrastructure/Services/WellService.cs b/AsbCloudInfrastructure/Services/WellService.cs index cd194caa..4352c660 100644 --- a/AsbCloudInfrastructure/Services/WellService.cs +++ b/AsbCloudInfrastructure/Services/WellService.cs @@ -96,12 +96,12 @@ namespace AsbCloudInfrastructure.Services .ThenInclude(c => c.Deposit) .FirstOrDefaultAsync(w => w.Id == idWell, token) .ConfigureAwait(false); - + + if (entity is null) + return null; + var dto = entity.Adapt(); - if (dto is null) - return dto; - dto.Cluster = entity.Cluster?.Caption; dto.Deposit = entity.Cluster?.Deposit?.Caption;