From 68678992689fa51a0b12db2afc3089b5a909ac3c Mon Sep 17 00:00:00 2001
From: LD-Reborn <lucretia.dietz@gmx.de>
Date: Fri, 17 Oct 2025 18:52:25 +0200
Subject: [PATCH] Implemented authorization for other controllers

---
 src/Controllers/AssetsController.cs    | 5 +++++
 src/Controllers/GroupsController.cs    | 2 +-
 src/Controllers/LocationsController.cs | 2 +-
 src/Controllers/UsersController.cs     | 2 +-
 4 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/src/Controllers/AssetsController.cs b/src/Controllers/AssetsController.cs
index d99b577..f1d670a 100644
--- a/src/Controllers/AssetsController.cs
+++ b/src/Controllers/AssetsController.cs
@@ -20,6 +20,7 @@ public class AssetsController : Controller
         _logger = logger;
     }
 
+    [Authorize(Roles = "CanManageAssets,CanInventorize")]
     [HttpGet("Get")]
     public async Task<AssetsGetResponseModel> GetAllAssetModelAsync(string Cn)
     {
@@ -41,6 +42,7 @@ public class AssetsController : Controller
         return result;
     }
 
+    [Authorize(Roles = "CanManageAssets")]
     [HttpGet("GetAll")]
     public async Task<AssetsGetAllResponseModel> GetAllAssetModelAsync()
     {
@@ -63,6 +65,7 @@ public class AssetsController : Controller
         return result;
     }
 
+    [Authorize(Roles = "CanManageAssets")]
     [HttpPost("Create")]
     public async Task<AssetsCreateResponseModel> Create([FromBody]AssetsCreateRequestModel assetModel)
     {
@@ -117,6 +120,7 @@ public class AssetsController : Controller
         return result;
     }
 
+    [Authorize(Roles = "CanManageAssets")]
     [HttpDelete("Delete")]
     public async Task<AssetsDeleteResponseModel> Delete([BindRequired] string cn)
     {        
@@ -143,6 +147,7 @@ public class AssetsController : Controller
         });
     }
 
+    [Authorize(Roles = "CanManageAssets,CanInventorize")]
     [HttpPatch("Update")]
     public async Task<AssetsUpdateResponseModel> Update([FromBody] AssetsModifyRequestModel requestModel)
     {
diff --git a/src/Controllers/GroupsController.cs b/src/Controllers/GroupsController.cs
index b3c7d92..523fa71 100644
--- a/src/Controllers/GroupsController.cs
+++ b/src/Controllers/GroupsController.cs
@@ -5,7 +5,7 @@ using Berufsschule_HAM.Models;
 using System.Text.Json;
 using Microsoft.AspNetCore.Authorization;
 
-[Authorize]
+[Authorize(Roles = "CanManageGroups")]
 [Route("[controller]")]
 public class GroupsController : Controller
 {
diff --git a/src/Controllers/LocationsController.cs b/src/Controllers/LocationsController.cs
index 4909cee..aab535a 100644
--- a/src/Controllers/LocationsController.cs
+++ b/src/Controllers/LocationsController.cs
@@ -6,7 +6,7 @@ using Microsoft.AspNetCore.Authorization;
 using Novell.Directory.Ldap;
 using Berufsschule_HAM.Helpers;
 
-[Authorize]
+[Authorize(Roles = "CanManageLocations")]
 [Route("[controller]")]
 public class LocationsController : Controller
 {
diff --git a/src/Controllers/UsersController.cs b/src/Controllers/UsersController.cs
index 1e9070e..96cb3b4 100644
--- a/src/Controllers/UsersController.cs
+++ b/src/Controllers/UsersController.cs
@@ -9,7 +9,7 @@ using System.Text;
 using Microsoft.AspNetCore.Authorization;
 using System.Text.Json;
 
-[Authorize]
+[Authorize(Roles = "CanManageUsers")]
 [Route("[controller]")]
 public class UsersController : Controller
 {