Merge pull request #188 from crupest/root-user

Forbid some operation on root user.
author: crupest <crupest@outlook.com> 2020-11-15 20:54:33 +0800
committer: GitHub <noreply@github.com> 2020-11-15 20:54:33 +0800
commit: dbc05b79c94894b25cbbb23025ed91dd1cf8a7a3 (patch)
tree: 7c2c792c141def97603cb43d98e83d29ac718e9a /BackEnd/Timeline/Controllers/UserController.cs
parent: 63ec1050dd24e4123f73e9ed757376dc8128803d (diff)
parent: 1bbc60966cea77ec6ed7895bea1a01ad9c090c3a (diff)
download: timeline-dbc05b79c94894b25cbbb23025ed91dd1cf8a7a3.tar.gz
timeline-dbc05b79c94894b25cbbb23025ed91dd1cf8a7a3.tar.bz2
timeline-dbc05b79c94894b25cbbb23025ed91dd1cf8a7a3.zip
1 files changed, 21 insertions, 5 deletions
diff --git a/BackEnd/Timeline/Controllers/UserController.cs b/BackEnd/Timeline/Controllers/UserController.cs
index bbdb5d57..8edae139 100644
--- a/BackEnd/Timeline/Controllers/UserController.cs
+++ b/BackEnd/Timeline/Controllers/UserController.cs
@@ -138,15 +138,23 @@ namespace Timeline.Controllers
         /// <returns>Info of deletion.</returns>
         [HttpDelete("users/{username}"), PermissionAuthorize(UserPermission.UserManagement)]
         [ProducesResponseType(StatusCodes.Status200OK)]
+        [ProducesResponseType(StatusCodes.Status400BadRequest)]
         [ProducesResponseType(StatusCodes.Status401Unauthorized)]
         [ProducesResponseType(StatusCodes.Status403Forbidden)]
         public async Task<ActionResult<CommonDeleteResponse>> Delete([FromRoute][Username] string username)
         {
-            var delete = await _userDeleteService.DeleteUser(username);
-            if (delete)
-                return Ok(CommonDeleteResponse.Delete());
-            else
-                return Ok(CommonDeleteResponse.NotExist());
+            try
+            {
+                var delete = await _userDeleteService.DeleteUser(username);
+                if (delete)
+                    return Ok(CommonDeleteResponse.Delete());
+                else
+                    return Ok(CommonDeleteResponse.NotExist());
+            }
+            catch (InvalidOperationOnRootUserException)
+            {
+                return BadRequest(ErrorResponse.UserController.Delete_RootUser());
+            }
         }
 
         /// <summary>
@@ -212,6 +220,10 @@ namespace Timeline.Controllers
             {
                 return NotFound(ErrorResponse.UserCommon.NotExist());
             }
+            catch (InvalidOperationOnRootUserException)
+            {
+                return BadRequest(ErrorResponse.UserController.ChangePermission_RootUser());
+            }
         }
 
         [HttpDelete("users/{username}/permissions/{permission}"), PermissionAuthorize(UserPermission.UserManagement)]
@@ -232,6 +244,10 @@ namespace Timeline.Controllers
             {
                 return NotFound(ErrorResponse.UserCommon.NotExist());
             }
+            catch (InvalidOperationOnRootUserException)
+            {
+                return BadRequest(ErrorResponse.UserController.ChangePermission_RootUser());
+            }
         }
     }
 }
author	crupest <crupest@outlook.com>	2020-11-15 20:54:33 +0800
committer	GitHub <noreply@github.com>	2020-11-15 20:54:33 +0800
commit	dbc05b79c94894b25cbbb23025ed91dd1cf8a7a3 (patch)
tree	7c2c792c141def97603cb43d98e83d29ac718e9a /BackEnd/Timeline/Controllers/UserController.cs
parent	63ec1050dd24e4123f73e9ed757376dc8128803d (diff)
parent	1bbc60966cea77ec6ed7895bea1a01ad9c090c3a (diff)
download	timeline-dbc05b79c94894b25cbbb23025ed91dd1cf8a7a3.tar.gz timeline-dbc05b79c94894b25cbbb23025ed91dd1cf8a7a3.tar.bz2 timeline-dbc05b79c94894b25cbbb23025ed91dd1cf8a7a3.zip