From 2cf5d1ce4d5de9cd787c81cc7d346bb8cb89c3e1 Mon Sep 17 00:00:00 2001
From: Rafael Wolf de Goes <rewgoes@gmail.com>
Date: Mon, 15 Feb 2021 15:11:10 -0600
Subject: [PATCH] Fix #5: Delete unapproved photo not working

---
 API/Controllers/UsersController.cs | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/API/Controllers/UsersController.cs b/API/Controllers/UsersController.cs
index 6c7e667..ab5b264 100644
--- a/API/Controllers/UsersController.cs
+++ b/API/Controllers/UsersController.cs
@@ -117,7 +117,9 @@ public async Task<ActionResult> SetMainPhoto(int photoId)
         [HttpDelete("delete-photo/{photoId}")]
         public async Task<ActionResult> DeletePhoto(int photoId)
         {
-            var user = await _unitOfWork.UserRepository.GetUserByUsernameAsync(User.GetUsername());
+            var user = await _unitOfWork.UserRepository.GetUserByPhotoId(photoId);
+
+            if (user.UserName != User.GetUsername()) return Unauthorized("You cannot delete this message");
 
             var photo = user.Photos.FirstOrDefault(x => x.Id == photoId);