From f4f5d9d5761ac74ef35e990f10031c3ac77cf277 Mon Sep 17 00:00:00 2001 From: Cursor Agent Date: Mon, 23 Feb 2026 11:46:23 +0000 Subject: [PATCH] fix: enforce booking admin auth and clean membership TODO Co-authored-by: Velik --- .../Controllers/Admin/AdminAppointmentsController.cs | 3 ++- .../Controllers/Admin/AdminResourcesController.cs | 3 ++- .../MembershipService.API/Controllers/MembersController.cs | 5 ----- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/services/booking-service-net/src/BookingService.API/Controllers/Admin/AdminAppointmentsController.cs b/services/booking-service-net/src/BookingService.API/Controllers/Admin/AdminAppointmentsController.cs index 136c79d2..b7dd0798 100644 --- a/services/booking-service-net/src/BookingService.API/Controllers/Admin/AdminAppointmentsController.cs +++ b/services/booking-service-net/src/BookingService.API/Controllers/Admin/AdminAppointmentsController.cs @@ -6,6 +6,7 @@ using BookingService.API.Application.DTOs; using BookingService.API.Application.Queries; using BookingService.API.Models.Responses; using MediatR; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; namespace BookingService.API.Controllers.Admin; @@ -14,7 +15,7 @@ namespace BookingService.API.Controllers.Admin; [ApiVersion("1.0")] [Route("api/v{version:apiVersion}/admin/appointments")] [Produces("application/json")] -// [Authorize(Roles = "Admin,ShopOwner")] // TODO: Add authorization +[Authorize(Roles = "Admin,ShopOwner")] public class AdminAppointmentsController : ControllerBase { private readonly IMediator _mediator; diff --git a/services/booking-service-net/src/BookingService.API/Controllers/Admin/AdminResourcesController.cs b/services/booking-service-net/src/BookingService.API/Controllers/Admin/AdminResourcesController.cs index 4c947570..1a6dcc29 100644 --- a/services/booking-service-net/src/BookingService.API/Controllers/Admin/AdminResourcesController.cs +++ b/services/booking-service-net/src/BookingService.API/Controllers/Admin/AdminResourcesController.cs @@ -6,6 +6,7 @@ using BookingService.API.Application.DTOs; using BookingService.API.Application.Queries; using BookingService.API.Models.Responses; using MediatR; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; namespace BookingService.API.Controllers.Admin; @@ -14,7 +15,7 @@ namespace BookingService.API.Controllers.Admin; [ApiVersion("1.0")] [Route("api/v{version:apiVersion}/admin/resources")] [Produces("application/json")] -// [Authorize(Roles = "Admin,ShopOwner")] // TODO: Add authorization +[Authorize(Roles = "Admin,ShopOwner")] public class AdminResourcesController : ControllerBase { private readonly IMediator _mediator; diff --git a/services/membership-service-net/src/MembershipService.API/Controllers/MembersController.cs b/services/membership-service-net/src/MembershipService.API/Controllers/MembersController.cs index a5c60a46..eabadaf9 100644 --- a/services/membership-service-net/src/MembershipService.API/Controllers/MembersController.cs +++ b/services/membership-service-net/src/MembershipService.API/Controllers/MembersController.cs @@ -144,11 +144,6 @@ public class MembersController : ControllerBase } } - // TODO: Add experience and level endpoints in Phase 4 - // POST /api/v1/members/{id}/experience - Add EXP - // GET /api/v1/members/{id}/progress - Get level progress - // GET /api/v1/members/{id}/experience - Get EXP history - /// /// EN: Add experience points to a member. /// VI: Thêm điểm kinh nghiệm cho member.