Allow ordinary user to patch his password.

author: crupest <crupest@outlook.com> 2019-04-21 23:23:49 +0800
committer: crupest <crupest@outlook.com> 2019-04-21 23:23:49 +0800
commit: e347b4a4092a24ff7106ffd3aca67d6ca7decca8 (patch)
tree: e139e794df8cd20c1cf4f60c668dd1d94bf239e1 /Timeline/Controllers/UserController.cs
parent: fce9074be199b1c100481f49ccd9e231df2b84c8 (diff)
download: timeline-e347b4a4092a24ff7106ffd3aca67d6ca7decca8.tar.gz
timeline-e347b4a4092a24ff7106ffd3aca67d6ca7decca8.tar.bz2
timeline-e347b4a4092a24ff7106ffd3aca67d6ca7decca8.zip
1 files changed, 30 insertions, 9 deletions
diff --git a/Timeline/Controllers/UserController.cs b/Timeline/Controllers/UserController.cs
index ab7e1b99..d2708eeb 100644
--- a/Timeline/Controllers/UserController.cs
+++ b/Timeline/Controllers/UserController.cs
@@ -48,18 +48,39 @@ namespace Timeline.Controllers
             }
         }
 
-        [HttpPatch("user/{username}"), Authorize(Roles = "admin")]
+        [HttpPatch("user/{username}"), Authorize]
         public async Task<IActionResult> Patch([FromBody] UserModifyRequest request, [FromRoute] string username)
         {
-            var result = await _userService.PatchUser(username, request.Password, request.Roles);
-            switch (result)
+            if (User.IsInRole("admin"))
             {
-                case PatchUserResult.Success:
-                    return Ok();
-                case PatchUserResult.NotExists:
-                    return NotFound();
-                default:
-                    throw new Exception("Unreachable code.");
+                var result = await _userService.PatchUser(username, request.Password, request.Roles);
+                switch (result)
+                {
+                    case PatchUserResult.Success:
+                        return Ok();
+                    case PatchUserResult.NotExists:
+                        return NotFound();
+                    default:
+                        throw new Exception("Unreachable code.");
+                }
+            }
+            else
+            {
+                if (User.Identity.Name != username)
+                    return StatusCode(403, new MessageResponse("Can't patch other user when you are not admin."));
+                if (request.Roles != null)
+                    return StatusCode(403, new MessageResponse("Can't patch roles when you are not admin."));
+
+                var result = await _userService.PatchUser(username, request.Password, null);
+                switch (result)
+                {
+                    case PatchUserResult.Success:
+                        return Ok();
+                    case PatchUserResult.NotExists:
+                        return NotFound(new MessageResponse("This username no longer exists. Please update your token."));
+                    default:
+                        throw new Exception("Unreachable code.");
+                }
             }
         }
author	crupest <crupest@outlook.com>	2019-04-21 23:23:49 +0800
committer	crupest <crupest@outlook.com>	2019-04-21 23:23:49 +0800
commit	e347b4a4092a24ff7106ffd3aca67d6ca7decca8 (patch)
tree	e139e794df8cd20c1cf4f60c668dd1d94bf239e1 /Timeline/Controllers/UserController.cs
parent	fce9074be199b1c100481f49ccd9e231df2b84c8 (diff)
download	timeline-e347b4a4092a24ff7106ffd3aca67d6ca7decca8.tar.gz timeline-e347b4a4092a24ff7106ffd3aca67d6ca7decca8.tar.bz2 timeline-e347b4a4092a24ff7106ffd3aca67d6ca7decca8.zip