diff options
| -rw-r--r-- | Timeline.Tests/IntegratedTests/PersonalTimelineTest.cs | 7 | ||||
| -rw-r--r-- | Timeline/Controllers/PersonalTimelineController.cs | 12 |
2 files changed, 13 insertions, 6 deletions
diff --git a/Timeline.Tests/IntegratedTests/PersonalTimelineTest.cs b/Timeline.Tests/IntegratedTests/PersonalTimelineTest.cs index 9dae4c3e..43549d1a 100644 --- a/Timeline.Tests/IntegratedTests/PersonalTimelineTest.cs +++ b/Timeline.Tests/IntegratedTests/PersonalTimelineTest.cs @@ -442,6 +442,13 @@ namespace Timeline.Tests.IntegratedTests res.Should().HaveStatusCode(200); } { + var res = await client.PostAsJsonAsync("users/user/timeline/postop/delete", + new TimelinePostDeleteRequest { Id = 30000 }); + res.Should().HaveStatusCode(400) + .And.HaveCommonBody() + .Which.Code.Should().Be(ErrorCodes.Http.Timeline.PostOperationDeleteNotExist); + } + { var res = await client.GetAsync("users/user/timeline/posts"); res.Should().HaveStatusCode(200) .And.HaveJsonBody<TimelinePostInfo[]>() diff --git a/Timeline/Controllers/PersonalTimelineController.cs b/Timeline/Controllers/PersonalTimelineController.cs index 88f5ba00..c864ed39 100644 --- a/Timeline/Controllers/PersonalTimelineController.cs +++ b/Timeline/Controllers/PersonalTimelineController.cs @@ -107,14 +107,14 @@ namespace Timeline.Controllers [CatchTimelineNotExistException]
public async Task<ActionResult> PostOperationDelete([FromRoute][Username] string username, [FromBody] TimelinePostDeleteRequest body)
{
- var postId = body.Id!.Value;
- if (!IsAdmin() && !await _service.HasPostModifyPermission(username, postId, GetAuthUsername()!))
- {
- return StatusCode(StatusCodes.Status403Forbidden,
- new CommonResponse(ErrorCodes.Http.Timeline.PostOperationDeleteForbid, MessagePostOperationCreateForbid));
- }
try
{
+ var postId = body.Id!.Value;
+ if (!IsAdmin() && !await _service.HasPostModifyPermission(username, postId, GetAuthUsername()!))
+ {
+ return StatusCode(StatusCodes.Status403Forbidden,
+ new CommonResponse(ErrorCodes.Http.Timeline.PostOperationDeleteForbid, MessagePostOperationCreateForbid));
+ }
await _service.DeletePost(username, postId);
}
catch (TimelinePostNotExistException)
|