dmolinari/MotoresArgentinosV2
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix: Usuarios Admin No Pueden Tener Avisos Propios

Browse Source
This commit is contained in:
dmolinari
2026-02-19 19:59:23 -03:00
parent 042cd8c6f1
commit 8569f57a62
2 changed files with 20 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Backend/MotoresArgentinosV2.API/Controllers/AdminController.cs
View File

@@ -452,7 +452,11 @@ public class AdminController : ControllerBase
if (string.IsNullOrEmpty(q)) return Ok(new List<object>()); if (string.IsNullOrEmpty(q)) return Ok(new List<object>());
var users = await _context.Users var users = await _context.Users
.Where(u => (u.Email ?? "").Contains(q) || (u.UserName ?? "").Contains(q) || (u.FirstName ?? "").Contains(q) || (u.LastName ?? "").Contains(q)) .Where(u =>
((u.Email ?? "").Contains(q) || (u.UserName ?? "").Contains(q) || (u.FirstName ?? "").Contains(q) || (u.LastName ?? "").Contains(q))
&&
u.UserType != 3 // Excluir usuarios tipo 3 de la búsqueda para asignar avisos, ya que no pueden ser asignados a nuevos avisos en V2.
)
.Take(10) .Take(10)
.Select(u => new { u.UserID, u.UserName, u.Email, u.FirstName, u.LastName, u.PhoneNumber, u.IsBlocked }) .Select(u => new { u.UserID, u.UserName, u.Email, u.FirstName, u.LastName, u.PhoneNumber, u.IsBlocked })
.ToListAsync(); .ToListAsync();

15
Backend/MotoresArgentinosV2.API/Controllers/AdsV2Controller.cs
View File

@@ -349,10 +349,25 @@ public class AdsV2Controller : ControllerBase
{ {
if (request.TargetUserID.HasValue) if (request.TargetUserID.HasValue)
{ {
// Validación adicional: Asegurar que el ID seleccionado no sea Admin (por seguridad extra)
var targetUser = await _context.Users.FindAsync(request.TargetUserID.Value);
if (targetUser != null && targetUser.UserType == 3)
{
return BadRequest("No se puede asignar un aviso a una cuenta de Administrador.");
}
finalUserId = request.TargetUserID.Value; finalUserId = request.TargetUserID.Value;
} }
else if (!string.IsNullOrEmpty(request.GhostUserEmail)) else if (!string.IsNullOrEmpty(request.GhostUserEmail))
{ {
// Verificamos si el email escrito manualmente pertenece a un Admin existente
var existingAdmin = await _context.Users
.AnyAsync(u => u.Email == request.GhostUserEmail && u.UserType == 3);
if (existingAdmin)
{
return BadRequest($"El correo '{request.GhostUserEmail}' pertenece a un Administrador. No puedes asignar avisos a administradores.");
}
// Pasamos nombre y apellido por separado // Pasamos nombre y apellido por separado
var ghost = await _identityService.CreateGhostUserAsync( var ghost = await _identityService.CreateGhostUserAsync(
request.GhostUserEmail, request.GhostUserEmail,