diff options
| author | crupest <crupest@outlook.com> | 2020-03-11 17:25:39 +0800 |
|---|---|---|
| committer | crupest <crupest@outlook.com> | 2020-03-11 17:25:39 +0800 |
| commit | 17ef86c81c24c1cda900d0c05feb2265acc2524b (patch) | |
| tree | f67996f329a5e5d5683470db84db65828d96869e /Timeline/Controllers/TimelineController.cs | |
| parent | 09835ee6432ad5eaaa2cc267c02b7586118ca705 (diff) | |
| download | timeline-17ef86c81c24c1cda900d0c05feb2265acc2524b.tar.gz timeline-17ef86c81c24c1cda900d0c05feb2265acc2524b.tar.bz2 timeline-17ef86c81c24c1cda900d0c05feb2265acc2524b.zip | |
New logic for HasPostModifyPermission
Diffstat (limited to 'Timeline/Controllers/TimelineController.cs')
| -rw-r--r-- | Timeline/Controllers/TimelineController.cs | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/Timeline/Controllers/TimelineController.cs b/Timeline/Controllers/TimelineController.cs index 440b0d19..d21603cd 100644 --- a/Timeline/Controllers/TimelineController.cs +++ b/Timeline/Controllers/TimelineController.cs @@ -189,12 +189,12 @@ namespace Timeline.Controllers [Authorize]
public async Task<ActionResult<CommonDeleteResponse>> PostDelete([FromRoute][GeneralTimelineName] string name, [FromRoute] long id)
{
+ if (!this.IsAdministrator() && !await _service.HasPostModifyPermission(name, id, this.GetUserId()))
+ {
+ return StatusCode(StatusCodes.Status403Forbidden, ErrorResponse.Common.Forbid());
+ }
try
{
- if (!this.IsAdministrator() && !await _service.HasPostModifyPermission(name, id, this.GetUserId()))
- {
- return StatusCode(StatusCodes.Status403Forbidden, ErrorResponse.Common.Forbid());
- }
await _service.DeletePost(name, id);
return CommonDeleteResponse.Delete();
}
|