diff options
| author | 杨宇千 <crupest@outlook.com> | 2019-10-31 00:56:46 +0800 |
|---|---|---|
| committer | 杨宇千 <crupest@outlook.com> | 2019-10-31 00:56:46 +0800 |
| commit | 2198ad257a2c049f3601a6f95b8906c5be8b27d5 (patch) | |
| tree | 7d034bb824b50d892136c6f1225a15e8baa30741 /Timeline/Filters | |
| parent | fbaa8cab95a91b887bbd2d108d27c5abb38e4e29 (diff) | |
| download | timeline-2198ad257a2c049f3601a6f95b8906c5be8b27d5.tar.gz timeline-2198ad257a2c049f3601a6f95b8906c5be8b27d5.tar.bz2 timeline-2198ad257a2c049f3601a6f95b8906c5be8b27d5.zip | |
Continue to construct feature and tests.
Diffstat (limited to 'Timeline/Filters')
| -rw-r--r-- | Timeline/Filters/User.cs | 66 |
1 files changed, 56 insertions, 10 deletions
diff --git a/Timeline/Filters/User.cs b/Timeline/Filters/User.cs index 22fae938..16c76750 100644 --- a/Timeline/Filters/User.cs +++ b/Timeline/Filters/User.cs @@ -1,7 +1,13 @@ -using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
+using Microsoft.Extensions.DependencyInjection;
+using Microsoft.Extensions.Logging;
using System;
+using Timeline.Auth;
using Timeline.Models.Http;
+using Timeline.Services;
+using static Timeline.Resources.Filters;
namespace Timeline
{
@@ -13,9 +19,10 @@ namespace Timeline {
public static class User // bbb = 101
{
- public const int NotExist = 11010001;
- }
+ public const int NotExist = 11010101;
+ public const int NotSelfOrAdminForbid = 11010201;
+ }
}
}
}
@@ -23,20 +30,59 @@ namespace Timeline namespace Timeline.Filters
{
+ public class SelfOrAdminAttribute : ActionFilterAttribute
+ {
+ [System.Diagnostics.CodeAnalysis.SuppressMessage("Design", "CA1062:Validate arguments of public methods")]
+ public override void OnActionExecuting(ActionExecutingContext context)
+ {
+ var logger = context.HttpContext.RequestServices.GetRequiredService<ILogger<SelfOrAdminAttribute>>();
+
+ var user = context.HttpContext.User;
+
+ if (user == null)
+ {
+ logger.LogError(LogSelfOrAdminNoUser);
+ return;
+ }
+
+ if (context.ModelState.TryGetValue("username", out var model))
+ {
+ if (model.RawValue is string username)
+ {
+ if (!user.IsAdministrator() && user.Identity.Name != username)
+ {
+ context.Result = new ObjectResult(
+ new CommonResponse(ErrorCodes.Http.Filter.User.NotSelfOrAdminForbid, MessageSelfOrAdminForbid))
+ { StatusCode = StatusCodes.Status403Forbidden };
+ }
+ }
+ else
+ {
+ logger.LogError(LogSelfOrAdminUsernameNotString);
+ }
+ }
+ else
+ {
+ logger.LogError(LogSelfOrAdminNoUsername);
+ }
+ }
+ }
+
[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)]
public class CatchUserNotExistExceptionAttribute : ExceptionFilterAttribute
{
[System.Diagnostics.CodeAnalysis.SuppressMessage("Design", "CA1062:Validate arguments of public methods", Justification = "ASP.Net already checked.")]
public override void OnException(ExceptionContext context)
{
- var body = new CommonResponse(
- ErrorCodes.Http.Filter.User.NotExist,
- Resources.Filters.MessageUserNotExist);
+ if (context.Exception is UserNotExistException)
+ {
+ var body = new CommonResponse(ErrorCodes.Http.Filter.User.NotExist, MessageUserNotExist);
- if (context.HttpContext.Request.Method == "GET")
- context.Result = new NotFoundObjectResult(body);
- else
- context.Result = new BadRequestObjectResult(body);
+ if (context.HttpContext.Request.Method == "GET")
+ context.Result = new NotFoundObjectResult(body);
+ else
+ context.Result = new BadRequestObjectResult(body);
+ }
}
}
}
|