From 7cbf05a769f94cca942f05eeb9bfdfd391de47c3 Mon Sep 17 00:00:00 2001
From: Marc Gorzala <marc@dancier.net>
Date: Thu, 21 Dec 2023 15:52:15 +0100
Subject: [PATCH] more secure

---
 src/main/java/net/dancier/dancer/chat/ChatController.java | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/src/main/java/net/dancier/dancer/chat/ChatController.java b/src/main/java/net/dancier/dancer/chat/ChatController.java
index d0e2c5a..97cc7ff 100644
--- a/src/main/java/net/dancier/dancer/chat/ChatController.java
+++ b/src/main/java/net/dancier/dancer/chat/ChatController.java
@@ -99,15 +99,14 @@ public ResponseEntity postMessage(
         return new ResponseEntity(HttpStatus.CREATED);
     }
 
-    @PutMapping("/messages/{messageId}/read-by/{participantId}")
+    @PutMapping("/messages/{messageId}")
     @Secured(ROLE_USER)
     public ResponseEntity putReadFlag(
             @CurrentUser AuthenticatedUser authenticatedUser,
             @PathVariable UUID messageId,
-            @PathVariable UUID participantId,
             @RequestBody SetReadFlagRequestDto setReadFlagRequestDto
             ) {
-        chatService.setReadFlag(messageId, participantId, setReadFlagRequestDto.getRead());
+        chatService.setReadFlag(messageId, authenticatedUser.getDancerIdOrThrow(), setReadFlagRequestDto.getRead());
         return new ResponseEntity(HttpStatus.NO_CONTENT);
     }