From 4f706d3e93d8e93dfc6cdac4a97425565a00ce76 Mon Sep 17 00:00:00 2001
From: "DESKTOP-GENO133\\IvanPlex" <ivancheahkf@gmail.com>
Date: Sat, 13 Jan 2024 21:35:23 -0700
Subject: [PATCH] filtered out vehicles not owned by the user when accessing
 via API.

---
 Controllers/APIController.cs | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/Controllers/APIController.cs b/Controllers/APIController.cs
index a353d9f..73e2f34 100644
--- a/Controllers/APIController.cs
+++ b/Controllers/APIController.cs
@@ -1,9 +1,11 @@
 using CarCareTracker.External.Interfaces;
 using CarCareTracker.Filter;
 using CarCareTracker.Helper;
+using CarCareTracker.Logic;
 using CarCareTracker.Models;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Mvc;
+using System.Security.Claims;
 
 namespace CarCareTracker.Controllers
 {
@@ -20,6 +22,7 @@ namespace CarCareTracker.Controllers
         private readonly IUpgradeRecordDataAccess _upgradeRecordDataAccess;
         private readonly IReminderHelper _reminderHelper;
         private readonly IGasHelper _gasHelper;
+        private readonly IUserLogic _userLogic;
         public APIController(IVehicleDataAccess dataAccess,
             IGasHelper gasHelper,
             IReminderHelper reminderHelper,
@@ -29,7 +32,8 @@ namespace CarCareTracker.Controllers
             ICollisionRecordDataAccess collisionRecordDataAccess,
             ITaxRecordDataAccess taxRecordDataAccess,
             IReminderRecordDataAccess reminderRecordDataAccess,
-            IUpgradeRecordDataAccess upgradeRecordDataAccess) 
+            IUpgradeRecordDataAccess upgradeRecordDataAccess,
+            IUserLogic userLogic) 
         {
             _dataAccess = dataAccess;
             _noteDataAccess = noteDataAccess;
@@ -41,17 +45,25 @@ namespace CarCareTracker.Controllers
             _upgradeRecordDataAccess = upgradeRecordDataAccess;
             _gasHelper = gasHelper;
             _reminderHelper = reminderHelper;
+            _userLogic = userLogic;
         }
         public IActionResult Index()
         {
             return View();
         }
-
+        private int GetUserID()
+        {
+            return int.Parse(User.FindFirstValue(ClaimTypes.NameIdentifier));
+        }
         [HttpGet]
         [Route("/api/vehicles")]
         public IActionResult Vehicles()
         {
             var result = _dataAccess.GetVehicles();
+            if (!User.IsInRole(nameof(UserData.IsRootUser)))
+            {
+                result = _userLogic.FilterUserVehicles(result, GetUserID());
+            }
             return Json(result);
         }
         [TypeFilter(typeof(CollaboratorFilter))]