_🛠️ Refactor suggestion_

[gitnasr]

🛠️ Refactor suggestion

Authorization too restrictive for user-generated content.

Posts are typically user-generated content where users should be able to manage their own posts. The current admin-only policy for updates and deletions prevents post owners from modifying their content, which is inconsistent with typical marketplace/social platform patterns.

Consider implementing ownership-based authorization that allows users to manage their own posts while preserving admin privileges:

-        [Authorize(Policy = "IsAdmin")]
+        // Should allow post owners or admins - implement in service layer

This aligns with the BaseService ownership pattern mentioned in the AI summary.

Also applies to: 64-64

🤖 Prompt for AI Agents

In Dentizone.Presentaion/Controllers/PostsController.cs at lines 57 and 64, the
current [Authorize(Policy = "IsAdmin")] attribute restricts post updates and
deletions to admins only, preventing users from managing their own posts. Modify
the authorization to implement ownership-based checks that allow users to update
or delete their own posts while retaining admin privileges. This can be done by
creating a custom authorization policy or handler that verifies if the current
user is either an admin or the owner of the post, and applying this policy to
the relevant actions.

Originally posted by @coderabbitai[bot] in #104 (comment)