From 1fd776bc29cd43d4f813f242ffdadb39a7f2ff7e Mon Sep 17 00:00:00 2001
From: OlgunR <OlgunR@DD-PC-ENT05N>
Date: Fri, 16 Jan 2026 13:55:43 +0100
Subject: [PATCH] Prevent CatTitle changes in catalog update endpoint

The Update method now checks if CatTitle is being changed and returns a 400 Bad Request if so. It also returns 404 Not Found if the catalog does not exist before attempting an update. This ensures CatTitle remains immutable during updates.
---
 DbFirst.API/Controllers/CatalogsController.cs | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/DbFirst.API/Controllers/CatalogsController.cs b/DbFirst.API/Controllers/CatalogsController.cs
index f220617..086f418 100644
--- a/DbFirst.API/Controllers/CatalogsController.cs
+++ b/DbFirst.API/Controllers/CatalogsController.cs
@@ -46,6 +46,16 @@ public class CatalogsController : ControllerBase
     [HttpPut("{id:int}")]
     public async Task<ActionResult<CatalogReadDto>> Update(int id, CatalogWriteDto dto, CancellationToken cancellationToken)
     {
+        var current = await _service.GetByIdAsync(id, cancellationToken);
+        if (current == null)
+        {
+            return NotFound();
+        }
+        if (!string.Equals(current.CatTitle, dto.CatTitle, StringComparison.Ordinal))
+        {
+            return BadRequest("CatTitle cannot be changed.");
+        }
+
         var updated = await _service.UpdateAsync(id, dto, cancellationToken);
         if (updated == null)
         {