diff options
Diffstat (limited to 'Timeline/Controllers/UserAvatarController.cs')
| -rw-r--r-- | Timeline/Controllers/UserAvatarController.cs | 45 |
1 files changed, 43 insertions, 2 deletions
diff --git a/Timeline/Controllers/UserAvatarController.cs b/Timeline/Controllers/UserAvatarController.cs index f61fd54a..6dc767df 100644 --- a/Timeline/Controllers/UserAvatarController.cs +++ b/Timeline/Controllers/UserAvatarController.cs @@ -1,7 +1,10 @@ -using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
+using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Logging;
using System;
using System.Threading.Tasks;
+using Timeline.Authenticate;
using Timeline.Models.Http;
using Timeline.Services;
@@ -15,6 +18,10 @@ namespace Timeline.Controllers public const int Get_UserNotExist = -1001;
public const int Put_UserNotExist = -2001;
+ public const int Put_Forbid = -2002;
+
+ public const int Delete_UserNotExist = -3001;
+ public const int Delete_Forbid = -3002;
}
private readonly ILogger<UserAvatarController> _logger;
@@ -28,6 +35,7 @@ namespace Timeline.Controllers }
[HttpGet("users/{username}/avatar")]
+ [Authorize]
public async Task<IActionResult> Get(string username)
{
try
@@ -43,9 +51,17 @@ namespace Timeline.Controllers }
[HttpPut("users/{username}/avatar")]
+ [Authorize]
[Consumes("image/png", "image/jpeg", "image/gif", "image/webp")]
public async Task<IActionResult> Put(string username)
{
+ if (!User.IsAdmin() && User.Identity.Name != username)
+ {
+ _logger.LogInformation($"Attempt to put a avatar of other user as a non-admin failed. Operator Username: {User.Identity.Name} ; Username To Put Avatar: {username} .");
+ return StatusCode(StatusCodes.Status403Forbidden,
+ new CommonResponse(ErrorCodes.Put_Forbid, "Normal user can't change other's avatar."));
+ }
+
try
{
var data = new byte[Convert.ToInt32(Request.ContentLength)];
@@ -57,7 +73,7 @@ namespace Timeline.Controllers Type = Request.ContentType
});
- _logger.LogInformation($"Succeed to put a avatar of a user. Username: {username} . Mime Type: {Request.ContentType} .");
+ _logger.LogInformation($"Succeed to put a avatar of a user. Username: {username} ; Mime Type: {Request.ContentType} .");
return Ok();
}
catch (UserNotExistException)
@@ -66,5 +82,30 @@ namespace Timeline.Controllers return BadRequest(new CommonResponse(ErrorCodes.Put_UserNotExist, "User does not exist."));
}
}
+
+ [HttpDelete("users/{username}/avatar")]
+ [Authorize]
+ public async Task<IActionResult> Delete(string username)
+ {
+ if (!User.IsAdmin() && User.Identity.Name != username)
+ {
+ _logger.LogInformation($"Attempt to delete a avatar of other user as a non-admin failed. Operator Username: {User.Identity.Name} ; Username To Put Avatar: {username} .");
+ return StatusCode(StatusCodes.Status403Forbidden,
+ new CommonResponse(ErrorCodes.Delete_Forbid, "Normal user can't delete other's avatar."));
+ }
+
+ try
+ {
+ await _service.SetAvatar(username, null);
+
+ _logger.LogInformation($"Succeed to delete a avatar of a user. Username: {username} .");
+ return Ok();
+ }
+ catch (UserNotExistException)
+ {
+ _logger.LogInformation($"Attempt to delete a avatar of a non-existent user failed. Username: {username} .");
+ return BadRequest(new CommonResponse(ErrorCodes.Delete_UserNotExist, "User does not exist."));
+ }
+ }
}
}
|