diff options
9 files changed, 61 insertions, 28 deletions
diff --git a/BackEnd/Timeline.ErrorCodes/ErrorCodes.cs b/BackEnd/Timeline.ErrorCodes/ErrorCodes.cs index 91e0c1fd..df3d1861 100644 --- a/BackEnd/Timeline.ErrorCodes/ErrorCodes.cs +++ b/BackEnd/Timeline.ErrorCodes/ErrorCodes.cs @@ -43,6 +43,7 @@ {
public const int UsernameConflict = 1_102_01_01;
public const int ChangePassword_BadOldPassword = 1_102_02_01;
+ public const int ChangePermission_RootUser = 1_102_03_01;
}
public static class UserAvatar
diff --git a/BackEnd/Timeline.Tests/IntegratedTests/UserPermissionTest.cs b/BackEnd/Timeline.Tests/IntegratedTests/UserPermissionTest.cs index 77cae590..3fb581f0 100644 --- a/BackEnd/Timeline.Tests/IntegratedTests/UserPermissionTest.cs +++ b/BackEnd/Timeline.Tests/IntegratedTests/UserPermissionTest.cs @@ -36,23 +36,15 @@ namespace Timeline.Tests.IntegratedTests [Theory]
[MemberData(nameof(EveryPermissionTestData))]
- public async Task ModifyRootUserPermissionShouldHaveNoEffect(UserPermission permission)
+ public async Task ModifyRootUserPermission_Should_Error(UserPermission permission)
{
using var client = await CreateClientAsAdministrator();
- await client.TestDeleteAsync($"users/admin/permissions/{permission}");
+ await client.TestPutAssertErrorAsync($"users/admin/permissions/{permission}",
+ errorCode: ErrorCodes.UserController.ChangePermission_RootUser);
- {
- var body = await client.GetUserAsync("admin");
- body.Permissions.Should().BeEquivalentTo(Enum.GetNames<UserPermission>());
- }
-
- await client.TestPutAsync($"users/admin/permissions/{permission}");
-
- {
- var body = await client.GetUserAsync("admin");
- body.Permissions.Should().BeEquivalentTo(Enum.GetNames<UserPermission>());
- }
+ await client.TestDeleteAssertErrorAsync($"users/admin/permissions/{permission}",
+ errorCode: ErrorCodes.UserController.ChangePermission_RootUser);
}
[Theory]
diff --git a/BackEnd/Timeline.Tests/Services/UserPermissionServiceTest.cs b/BackEnd/Timeline.Tests/Services/UserPermissionServiceTest.cs index 5a4e4954..ea20bd18 100644 --- a/BackEnd/Timeline.Tests/Services/UserPermissionServiceTest.cs +++ b/BackEnd/Timeline.Tests/Services/UserPermissionServiceTest.cs @@ -48,18 +48,10 @@ namespace Timeline.Tests.Services }
[Fact]
- public async Task ModifyPermissionOnRootUserShouldHaveNoEffect()
+ public async Task ModifyPermissionOnRootUser_Should_Throw()
{
- await _service.AddPermissionToUserAsync(1, UserPermission.AllTimelineManagement);
- {
- var permission = await _service.GetPermissionsOfUserAsync(1);
- permission.Should().BeEquivalentTo(Enum.GetValues<UserPermission>());
- }
- await _service.RemovePermissionFromUserAsync(1, UserPermission.AllTimelineManagement);
- {
- var permission = await _service.GetPermissionsOfUserAsync(1);
- permission.Should().BeEquivalentTo(Enum.GetValues<UserPermission>());
- }
+ await _service.Awaiting(s => s.AddPermissionToUserAsync(1, UserPermission.AllTimelineManagement)).Should().ThrowAsync<InvalidOperationOnRootUserException>();
+ await _service.Awaiting(s => s.RemovePermissionFromUserAsync(1, UserPermission.AllTimelineManagement)).Should().ThrowAsync<InvalidOperationOnRootUserException>();
}
[Fact]
diff --git a/BackEnd/Timeline/Controllers/UserController.cs b/BackEnd/Timeline/Controllers/UserController.cs index bbdb5d57..da34cb1b 100644 --- a/BackEnd/Timeline/Controllers/UserController.cs +++ b/BackEnd/Timeline/Controllers/UserController.cs @@ -212,6 +212,10 @@ namespace Timeline.Controllers {
return NotFound(ErrorResponse.UserCommon.NotExist());
}
+ catch (InvalidOperationOnRootUserException)
+ {
+ return BadRequest(ErrorResponse.UserController.ChangePermission_RootUser());
+ }
}
[HttpDelete("users/{username}/permissions/{permission}"), PermissionAuthorize(UserPermission.UserManagement)]
@@ -232,6 +236,10 @@ namespace Timeline.Controllers {
return NotFound(ErrorResponse.UserCommon.NotExist());
}
+ catch (InvalidOperationOnRootUserException)
+ {
+ return BadRequest(ErrorResponse.UserController.ChangePermission_RootUser());
+ }
}
}
}
diff --git a/BackEnd/Timeline/Models/Http/ErrorResponse.cs b/BackEnd/Timeline/Models/Http/ErrorResponse.cs index ac86481f..616a0037 100644 --- a/BackEnd/Timeline/Models/Http/ErrorResponse.cs +++ b/BackEnd/Timeline/Models/Http/ErrorResponse.cs @@ -156,6 +156,16 @@ namespace Timeline.Models.Http return new CommonResponse(ErrorCodes.UserController.ChangePassword_BadOldPassword, string.Format(message, formatArgs));
}
+ public static CommonResponse ChangePermission_RootUser(params object?[] formatArgs)
+ {
+ return new CommonResponse(ErrorCodes.UserController.ChangePermission_RootUser, string.Format(UserController_ChangePermission_RootUser, formatArgs));
+ }
+
+ public static CommonResponse CustomMessage_ChangePermission_RootUser(string message, params object?[] formatArgs)
+ {
+ return new CommonResponse(ErrorCodes.UserController.ChangePermission_RootUser, string.Format(message, formatArgs));
+ }
+
}
public static class UserAvatar
diff --git a/BackEnd/Timeline/Resources/Messages.Designer.cs b/BackEnd/Timeline/Resources/Messages.Designer.cs index bb654ce6..fd3e1848 100644 --- a/BackEnd/Timeline/Resources/Messages.Designer.cs +++ b/BackEnd/Timeline/Resources/Messages.Designer.cs @@ -358,6 +358,15 @@ namespace Timeline.Resources { }
/// <summary>
+ /// Looks up a localized string similar to You can't change permission of root user..
+ /// </summary>
+ internal static string UserController_ChangePermission_RootUser {
+ get {
+ return ResourceManager.GetString("UserController_ChangePermission_RootUser", resourceCulture);
+ }
+ }
+
+ /// <summary>
/// Looks up a localized string similar to You can't set permission unless you are administrator..
/// </summary>
internal static string UserController_Patch_Forbid_Administrator {
diff --git a/BackEnd/Timeline/Resources/Messages.resx b/BackEnd/Timeline/Resources/Messages.resx index 2bbf494e..d808499b 100644 --- a/BackEnd/Timeline/Resources/Messages.resx +++ b/BackEnd/Timeline/Resources/Messages.resx @@ -216,6 +216,9 @@ <data name="UserController_ChangePassword_BadOldPassword" xml:space="preserve">
<value>Old password is wrong.</value>
</data>
+ <data name="UserController_ChangePermission_RootUser" xml:space="preserve">
+ <value>You can't change permission of root user.</value>
+ </data>
<data name="UserController_Patch_Forbid_Administrator" xml:space="preserve">
<value>You can't set permission unless you are administrator.</value>
</data>
diff --git a/BackEnd/Timeline/Services/Exceptions/InvalidOperationOnRootUserException.cs b/BackEnd/Timeline/Services/Exceptions/InvalidOperationOnRootUserException.cs new file mode 100644 index 00000000..2bcab316 --- /dev/null +++ b/BackEnd/Timeline/Services/Exceptions/InvalidOperationOnRootUserException.cs @@ -0,0 +1,16 @@ +using System;
+
+namespace Timeline.Services.Exceptions
+{
+
+ [Serializable]
+ public class InvalidOperationOnRootUserException : InvalidOperationException
+ {
+ public InvalidOperationOnRootUserException() { }
+ public InvalidOperationOnRootUserException(string message) : base(message) { }
+ public InvalidOperationOnRootUserException(string message, Exception inner) : base(message, inner) { }
+ protected InvalidOperationOnRootUserException(
+ System.Runtime.Serialization.SerializationInfo info,
+ System.Runtime.Serialization.StreamingContext context) : base(info, context) { }
+ }
+}
diff --git a/BackEnd/Timeline/Services/UserPermissionService.cs b/BackEnd/Timeline/Services/UserPermissionService.cs index ff09b4ee..2fdf3d2d 100644 --- a/BackEnd/Timeline/Services/UserPermissionService.cs +++ b/BackEnd/Timeline/Services/UserPermissionService.cs @@ -127,6 +127,7 @@ namespace Timeline.Services /// <param name="userId">The id of the user.</param>
/// <param name="permission">The new permission.</param>
/// <exception cref="UserNotExistException">Thrown when user does not exist.</exception>
+ /// <exception cref="InvalidOperationException">Thrown when change root user's permission.</exception>
Task AddPermissionToUserAsync(long userId, UserPermission permission);
/// <summary>
@@ -136,6 +137,7 @@ namespace Timeline.Services /// <param name="permission">The permission.</param>
/// <param name="checkUserExistence">Whether check the user's existence.</param>
/// <exception cref="UserNotExistException">Thrown when <paramref name="checkUserExistence"/> is true and user does not exist.</exception>
+ /// <exception cref="InvalidOperationException">Thrown when change root user's permission.</exception>
Task RemovePermissionFromUserAsync(long userId, UserPermission permission, bool checkUserExistence = true);
}
@@ -176,8 +178,8 @@ namespace Timeline.Services public async Task AddPermissionToUserAsync(long userId, UserPermission permission)
{
- if (userId == 1) // The init administrator account.
- return;
+ if (userId == 1)
+ throw new InvalidOperationOnRootUserException("Can't change root user's permission.");
await CheckUserExistence(userId, true);
@@ -193,8 +195,8 @@ namespace Timeline.Services public async Task RemovePermissionFromUserAsync(long userId, UserPermission permission, bool checkUserExistence = true)
{
- if (userId == 1) // The init administrator account.
- return;
+ if (userId == 1)
+ throw new InvalidOperationOnRootUserException("Can't change root user's permission.");
await CheckUserExistence(userId, checkUserExistence);
|