From 6678f7ab2c5e94b86847faae188579f8e608443b Mon Sep 17 00:00:00 2001
From: YouriRombouts <youri.rombouts@gmail.com>
Date: Sun, 7 May 2023 19:55:42 +0200
Subject: [PATCH] Add comment

TODO comment regarding authentication via policy rather than hardcoding it.
---
 backend/GameDevPortal.WebAPI/Controllers/UsersController.cs | 1 +
 1 file changed, 1 insertion(+)

diff --git a/backend/GameDevPortal.WebAPI/Controllers/UsersController.cs b/backend/GameDevPortal.WebAPI/Controllers/UsersController.cs
index 5a8c5bf..ffcb077 100644
--- a/backend/GameDevPortal.WebAPI/Controllers/UsersController.cs
+++ b/backend/GameDevPortal.WebAPI/Controllers/UsersController.cs
@@ -70,6 +70,7 @@ public async Task<ActionResult<IEnumerable<UserGetDto>>> Get(Guid id)
         var userId = User.Claims.FirstOrDefault(c => c.Type == "UserId")?.Value;
         var userRole = User.Claims.FirstOrDefault(c => c.Type == ClaimTypes.Role)?.Value;
 
+        // TODO: Use a policy to do this together with an IAuthorizationService
         if (id.ToString() != userId && userRole != "Administrator")
         {
             return Unauthorized("You are not authorized to access this account's information.");