From 625bc355418e6da5575a509af9be9a7869147993 Mon Sep 17 00:00:00 2001 From: crupest Date: Fri, 8 Apr 2022 22:19:00 +0800 Subject: ... --- .../IntegratedTests2/TimelinePostTest1.cs | 104 +++++++++++++++++++++ .../Timeline/Services/Timeline/TimelineService.cs | 6 +- 2 files changed, 109 insertions(+), 1 deletion(-) create mode 100644 BackEnd/Timeline.Tests/IntegratedTests2/TimelinePostTest1.cs diff --git a/BackEnd/Timeline.Tests/IntegratedTests2/TimelinePostTest1.cs b/BackEnd/Timeline.Tests/IntegratedTests2/TimelinePostTest1.cs new file mode 100644 index 00000000..412f0476 --- /dev/null +++ b/BackEnd/Timeline.Tests/IntegratedTests2/TimelinePostTest1.cs @@ -0,0 +1,104 @@ +using System; +using System.Collections.Generic; +using System.Net; +using System.Net.Http; +using System.Text; +using System.Threading.Tasks; +using FluentAssertions; +using Timeline.Models; +using Timeline.Models.Http; +using Xunit; +using Xunit.Abstractions; + +namespace Timeline.Tests.IntegratedTests2 +{ + public class TimelinePostTest1 : IntegratedTestBase + { + public TimelinePostTest1(ITestOutputHelper testOutput) : base(testOutput) + { + } + + protected override async Task OnInitializeAsync() + { + using var client = CreateClientAsUser(); + await client.TestJsonSendAsync(HttpMethod.Post, "v2/timelines", new HttpTimelineCreateRequest + { + Name = "hello" + }, expectedStatusCode: HttpStatusCode.Created); + + await client.TestJsonSendAsync(HttpMethod.Patch, "v2/timelines/user/hello", new HttpTimelinePatchRequest + { + Visibility = TimelineVisibility.Private + }); + + await client.TestJsonSendAsync(HttpMethod.Post, "v2/timelines/user/hello/posts", new HttpTimelinePostCreateRequest + { + DataList = new List + { + new HttpTimelinePostCreateRequestData + { + ContentType = MimeTypes.TextPlain, + Data = Convert.ToBase64String(Encoding.UTF8.GetBytes("hello1")) + } + } + }, expectedStatusCode: HttpStatusCode.Created); + + await client.TestJsonSendAsync(HttpMethod.Post, "v2/timelines/user/hello/posts", new HttpTimelinePostCreateRequest + { + DataList = new List + { + new HttpTimelinePostCreateRequestData + { + ContentType = MimeTypes.TextPlain, + Data = Convert.ToBase64String(Encoding.UTF8.GetBytes("hello2")) + } + } + }, expectedStatusCode: HttpStatusCode.Created); + + await client.TestJsonSendAsync(HttpMethod.Post, "v2/timelines/user/hello/posts", new HttpTimelinePostCreateRequest + { + DataList = new List + { + new HttpTimelinePostCreateRequestData + { + ContentType = MimeTypes.TextPlain, + Data = Convert.ToBase64String(Encoding.UTF8.GetBytes("hello3")) + } + } + }, expectedStatusCode: HttpStatusCode.Created); + } + + [Fact] + public async Task ListTest() + { + using var client = CreateClientAsUser(); + var posts = await client.TestJsonSendAsync>(HttpMethod.Get, "v2/timelines/user/hello/posts"); + posts.Should().HaveCount(3); + } + + [Fact] + public async Task GetTest() + { + using var client = CreateClientAsUser(); + await client.TestJsonSendAsync(HttpMethod.Get, "v2/timelines/user/hello/posts/1"); + } + + [Fact] + public async Task ListAndGetForbid() + { + await CreateUserAsync("user2", "user2pw"); + var client = CreateClientWithToken(await CreateTokenWithCredentialAsync("user2", "user2pw")); + await client.TestJsonSendAsync(HttpMethod.Get, "v2/timelines/user/hello/posts", expectedStatusCode: HttpStatusCode.Forbidden); + await client.TestJsonSendAsync(HttpMethod.Get, "v2/timelines/user/hello/posts/1", expectedStatusCode: HttpStatusCode.Forbidden); + } + + [Fact] + public async Task ListAndGetForbidForNoAuth() + { + var client = CreateDefaultClient(); + await client.TestJsonSendAsync(HttpMethod.Get, "v2/timelines/user/hello/posts", expectedStatusCode: HttpStatusCode.Forbidden); + await client.TestJsonSendAsync(HttpMethod.Get, "v2/timelines/user/hello/posts/1", expectedStatusCode: HttpStatusCode.Forbidden); + } + } +} + diff --git a/BackEnd/Timeline/Services/Timeline/TimelineService.cs b/BackEnd/Timeline/Services/Timeline/TimelineService.cs index cdea39fa..7c75ef73 100644 --- a/BackEnd/Timeline/Services/Timeline/TimelineService.cs +++ b/BackEnd/Timeline/Services/Timeline/TimelineService.cs @@ -309,7 +309,7 @@ namespace Timeline.Services.Timeline public async Task HasReadPermissionAsync(long timelineId, long? visitorId) { - var entity = await _database.Timelines.Where(t => t.Id == timelineId).Select(t => new { t.Visibility }).SingleOrDefaultAsync(); + var entity = await _database.Timelines.Where(t => t.Id == timelineId).Select(t => new { t.OwnerId, t.Visibility }).SingleOrDefaultAsync(); if (entity is null) throw CreateTimelineNotExistException(timelineId); @@ -324,6 +324,10 @@ namespace Timeline.Services.Timeline { return false; } + else if (visitorId == entity.OwnerId) + { + return true; + } else { var memberEntity = await _database.TimelineMembers.Where(m => m.UserId == visitorId && m.TimelineId == timelineId).SingleOrDefaultAsync(); -- cgit v1.2.3