Add comment

TODO comment regarding authentication via policy rather than hardcoding it.

backend/GameDevPortal.WebAPI/Controllers/UsersController.cs

@@ -70,6 +70,7 @@ public async Task<ActionResult<IEnumerable<UserGetDto>>> Get(Guid id)
         var userId = User.Claims.FirstOrDefault(c => c.Type == "UserId")?.Value;
         var userRole = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Role)?.Value;
 
+        // TODO: Use a policy to do this together with an IAuthorizationService
         if (id.ToString() != userId && userRole != "Administrator")
         {
             return Unauthorized("You are not authorized to access this account's information.");