From a908d22253b7d6cb5f07eecf5b35c64e4bab0390 Mon Sep 17 00:00:00 2001
From: crupest <crupest@outlook.com>
Date: Wed, 11 Mar 2020 17:25:39 +0800
Subject: New logic for HasPostModifyPermission

---
 Timeline.Tests/IntegratedTests/TimelineTest.cs |  4 ++++
 Timeline/Controllers/TimelineController.cs     |  8 ++++----
 Timeline/Services/TimelineService.cs           | 21 +++++++++++----------
 3 files changed, 19 insertions(+), 14 deletions(-)

diff --git a/Timeline.Tests/IntegratedTests/TimelineTest.cs b/Timeline.Tests/IntegratedTests/TimelineTest.cs
index 5a721205..720140f1 100644
--- a/Timeline.Tests/IntegratedTests/TimelineTest.cs
+++ b/Timeline.Tests/IntegratedTests/TimelineTest.cs
@@ -868,6 +868,10 @@ namespace Timeline.Tests.IntegratedTests
                     var res = await client.DeleteAsync($"timelines/t1/posts/{createRes.Id}");
                     res.Should().BeDelete(true);
                 }
+                {
+                    var res = await client.DeleteAsync($"timelines/t1/posts/{createRes.Id}");
+                    res.Should().BeDelete(false);
+                }
                 {
                     var res = await client.DeleteAsync("timelines/t1/posts/30000");
                     res.Should().BeDelete(false);
diff --git a/Timeline/Controllers/TimelineController.cs b/Timeline/Controllers/TimelineController.cs
index 440b0d19..d21603cd 100644
--- a/Timeline/Controllers/TimelineController.cs
+++ b/Timeline/Controllers/TimelineController.cs
@@ -189,12 +189,12 @@ namespace Timeline.Controllers
         [Authorize]
         public async Task<ActionResult<CommonDeleteResponse>> PostDelete([FromRoute][GeneralTimelineName] string name, [FromRoute] long id)
         {
+            if (!this.IsAdministrator() && !await _service.HasPostModifyPermission(name, id, this.GetUserId()))
+            {
+                return StatusCode(StatusCodes.Status403Forbidden, ErrorResponse.Common.Forbid());
+            }
             try
             {
-                if (!this.IsAdministrator() && !await _service.HasPostModifyPermission(name, id, this.GetUserId()))
-                {
-                    return StatusCode(StatusCodes.Status403Forbidden, ErrorResponse.Common.Forbid());
-                }
                 await _service.DeletePost(name, id);
                 return CommonDeleteResponse.Delete();
             }
diff --git a/Timeline/Services/TimelineService.cs b/Timeline/Services/TimelineService.cs
index 3a5825ae..97280728 100644
--- a/Timeline/Services/TimelineService.cs
+++ b/Timeline/Services/TimelineService.cs
@@ -210,19 +210,18 @@ namespace Timeline.Services
         /// </summary>
         /// <param name="name">See remarks of <see cref="IBaseTimelineService"/>.</param>
         /// <param name="modifierId">The id of the user to check on.</param>
+        /// <param name="throwOnPostNotExist">True if you want it to throw <see cref="TimelinePostNotExistException"/>. Default false.</param>
         /// <returns>True if can modify, false if can't modify.</returns>
         /// <exception cref="ArgumentNullException">Thrown when <paramref name="name"/> is null.</exception>
         /// <exception cref="ArgumentException">See remarks of <see cref="IBaseTimelineService"/>.</exception>
         /// <exception cref="TimelineNotExistException">See remarks of <see cref="IBaseTimelineService"/>.</exception>
-        /// <exception cref="TimelinePostNotExistException">
-        /// Thrown when the post with given id does not exist or is deleted already.
-        /// </exception>
+        /// <exception cref="TimelinePostNotExistException">Thrown when the post with given id does not exist or is deleted already and <paramref name="throwOnPostNotExist"/> is true.</exception>
         /// <remarks>
         /// This method does not check whether the user is administrator.
         /// It only checks whether he is the author of the post or the owner of the timeline.
         /// Return false when user with modifier id does not exist.
         /// </remarks>
-        Task<bool> HasPostModifyPermission(string name, long id, long modifierId);
+        Task<bool> HasPostModifyPermission(string name, long id, long modifierId, bool throwOnPostNotExist = false);
 
         /// <summary>
         /// Verify whether a user is member of a timeline.
@@ -705,7 +704,7 @@ namespace Timeline.Services
             }
         }
 
-        public async Task<bool> HasPostModifyPermission(string name, long id, long modifierId)
+        public async Task<bool> HasPostModifyPermission(string name, long id, long modifierId, bool throwOnPostNotExist = false)
         {
             if (name == null)
                 throw new ArgumentNullException(nameof(name));
@@ -716,10 +715,12 @@ namespace Timeline.Services
 
             var postEntity = await Database.TimelinePosts.Where(p => p.Id == id).Select(p => new { p.AuthorId }).SingleOrDefaultAsync();
 
-            if (postEntity == null)
-                throw new TimelinePostNotExistException(name, id);
+            if (postEntity == null && throwOnPostNotExist)
+            {
+                throw new TimelinePostNotExistException(name, id, false);
+            }
 
-            return timelineEntity.OwnerId == modifierId || postEntity.AuthorId == modifierId;
+            return timelineEntity.OwnerId == modifierId || postEntity == null || postEntity.AuthorId == modifierId;
         }
 
         public async Task<bool> IsMemberOf(string name, long userId)
@@ -1055,10 +1056,10 @@ namespace Timeline.Services
             return s.HasReadPermission(realName, visitorId);
         }
 
-        public Task<bool> HasPostModifyPermission(string name, long id, long modifierId)
+        public Task<bool> HasPostModifyPermission(string name, long id, long modifierId, bool throwOnPostNotExist = false)
         {
             var s = BranchName(name, out var realName);
-            return s.HasPostModifyPermission(realName, id, modifierId);
+            return s.HasPostModifyPermission(realName, id, modifierId, throwOnPostNotExist);
         }
 
         public Task<bool> IsMemberOf(string name, long userId)
-- 
cgit v1.2.3