Develop user avatar controller.

author: 杨宇千 <crupest@outlook.com> 2019-08-18 23:08:05 +0800
committer: 杨宇千 <crupest@outlook.com> 2019-08-18 23:08:05 +0800
commit: d0d75c3ca33c5e802132107c467be20212d64fb5 (patch)
tree: 18a7553f344ad93a80f50de50e71e4e36a44b408 /Timeline
parent: 47b26e8b2884a2e4c23dfeffa0ff8b0620aaaaa1 (diff)
download: timeline-d0d75c3ca33c5e802132107c467be20212d64fb5.tar.gz
timeline-d0d75c3ca33c5e802132107c467be20212d64fb5.tar.bz2
timeline-d0d75c3ca33c5e802132107c467be20212d64fb5.zip
2 files changed, 56 insertions, 2 deletions
diff --git a/Timeline/Authenticate/PrincipalExtensions.cs b/Timeline/Authenticate/PrincipalExtensions.cs
new file mode 100644
index 00000000..fa39ea89
--- /dev/null
+++ b/Timeline/Authenticate/PrincipalExtensions.cs
@@ -0,0 +1,13 @@
+using System.Security.Principal;
+using Timeline.Entities;
+
+namespace Timeline.Authenticate
+{
+    public static class PrincipalExtensions
+    {
+        public static bool IsAdmin(this IPrincipal principal)
+        {
+            return principal.IsInRole(UserRoles.Admin);
+        }
+    }
+}
diff --git a/Timeline/Controllers/UserAvatarController.cs b/Timeline/Controllers/UserAvatarController.cs
index f61fd54a..6dc767df 100644
--- a/Timeline/Controllers/UserAvatarController.cs
+++ b/Timeline/Controllers/UserAvatarController.cs
@@ -1,7 +1,10 @@
-using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
 using Microsoft.Extensions.Logging;
 using System;
 using System.Threading.Tasks;
+using Timeline.Authenticate;
 using Timeline.Models.Http;
 using Timeline.Services;
 
@@ -15,6 +18,10 @@ namespace Timeline.Controllers
             public const int Get_UserNotExist = -1001;
 
             public const int Put_UserNotExist = -2001;
+            public const int Put_Forbid = -2002;
+
+            public const int Delete_UserNotExist = -3001;
+            public const int Delete_Forbid = -3002;
         }
 
         private readonly ILogger<UserAvatarController> _logger;
@@ -28,6 +35,7 @@ namespace Timeline.Controllers
         }
 
         [HttpGet("users/{username}/avatar")]
+        [Authorize]
         public async Task<IActionResult> Get(string username)
         {
             try
@@ -43,9 +51,17 @@ namespace Timeline.Controllers
         }
 
         [HttpPut("users/{username}/avatar")]
+        [Authorize]
         [Consumes("image/png", "image/jpeg", "image/gif", "image/webp")]
         public async Task<IActionResult> Put(string username)
         {
+            if (!User.IsAdmin() && User.Identity.Name != username)
+            {
+                _logger.LogInformation($"Attempt to put a avatar of other user as a non-admin failed. Operator Username: {User.Identity.Name} ;  Username To Put Avatar: {username} .");
+                return StatusCode(StatusCodes.Status403Forbidden,
+                    new CommonResponse(ErrorCodes.Put_Forbid, "Normal user can't change other's avatar."));
+            }
+
             try
             {
                 var data = new byte[Convert.ToInt32(Request.ContentLength)];
@@ -57,7 +73,7 @@ namespace Timeline.Controllers
                     Type = Request.ContentType
                 });
 
-                _logger.LogInformation($"Succeed to put a avatar of a user. Username: {username} . Mime Type: {Request.ContentType} .");
+                _logger.LogInformation($"Succeed to put a avatar of a user. Username: {username} ; Mime Type: {Request.ContentType} .");
                 return Ok();
             }
             catch (UserNotExistException)
@@ -66,5 +82,30 @@ namespace Timeline.Controllers
                 return BadRequest(new CommonResponse(ErrorCodes.Put_UserNotExist, "User does not exist."));
             }
         }
+
+        [HttpDelete("users/{username}/avatar")]
+        [Authorize]
+        public async Task<IActionResult> Delete(string username)
+        {
+            if (!User.IsAdmin() && User.Identity.Name != username)
+            {
+                _logger.LogInformation($"Attempt to delete a avatar of other user as a non-admin failed. Operator Username: {User.Identity.Name} ;  Username To Put Avatar: {username} .");
+                return StatusCode(StatusCodes.Status403Forbidden,
+                    new CommonResponse(ErrorCodes.Delete_Forbid, "Normal user can't delete other's avatar."));
+            }
+
+            try
+            {
+                await _service.SetAvatar(username, null);
+
+                _logger.LogInformation($"Succeed to delete a avatar of a user. Username: {username} .");
+                return Ok();
+            }
+            catch (UserNotExistException)
+            {
+                _logger.LogInformation($"Attempt to delete a avatar of a non-existent user failed. Username: {username} .");
+                return BadRequest(new CommonResponse(ErrorCodes.Delete_UserNotExist, "User does not exist."));
+            }
+        }
     }
 }
author	杨宇千 <crupest@outlook.com>	2019-08-18 23:08:05 +0800
committer	杨宇千 <crupest@outlook.com>	2019-08-18 23:08:05 +0800
commit	d0d75c3ca33c5e802132107c467be20212d64fb5 (patch)
tree	18a7553f344ad93a80f50de50e71e4e36a44b408 /Timeline
parent	47b26e8b2884a2e4c23dfeffa0ff8b0620aaaaa1 (diff)
download	timeline-d0d75c3ca33c5e802132107c467be20212d64fb5.tar.gz timeline-d0d75c3ca33c5e802132107c467be20212d64fb5.tar.bz2 timeline-d0d75c3ca33c5e802132107c467be20212d64fb5.zip