From 5b7b0120406ef4c609c07ab57074a76a753cd1fd Mon Sep 17 00:00:00 2001 From: crupest Date: Sun, 15 Nov 2020 20:31:22 +0800 Subject: feat: Now changing user permission returns 400. --- BackEnd/Timeline/Controllers/UserController.cs | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'BackEnd/Timeline/Controllers/UserController.cs') diff --git a/BackEnd/Timeline/Controllers/UserController.cs b/BackEnd/Timeline/Controllers/UserController.cs index bbdb5d57..da34cb1b 100644 --- a/BackEnd/Timeline/Controllers/UserController.cs +++ b/BackEnd/Timeline/Controllers/UserController.cs @@ -212,6 +212,10 @@ namespace Timeline.Controllers { return NotFound(ErrorResponse.UserCommon.NotExist()); } + catch (InvalidOperationOnRootUserException) + { + return BadRequest(ErrorResponse.UserController.ChangePermission_RootUser()); + } } [HttpDelete("users/{username}/permissions/{permission}"), PermissionAuthorize(UserPermission.UserManagement)] @@ -232,6 +236,10 @@ namespace Timeline.Controllers { return NotFound(ErrorResponse.UserCommon.NotExist()); } + catch (InvalidOperationOnRootUserException) + { + return BadRequest(ErrorResponse.UserController.ChangePermission_RootUser()); + } } } } -- cgit v1.2.3 From 45873d9115840c9db596c2dffebc7bb29df13686 Mon Sep 17 00:00:00 2001 From: crupest Date: Sun, 15 Nov 2020 20:48:28 +0800 Subject: feat: Deleting root user now returns 400. --- BackEnd/Timeline.ErrorCodes/ErrorCodes.cs | 1 + BackEnd/Timeline.Tests/IntegratedTests/UserTest.cs | 7 ++++++ .../Services/UserDeleteServiceTest.cs | 27 ++++++++++++++++++++++ BackEnd/Timeline/Controllers/UserController.cs | 18 +++++++++++---- BackEnd/Timeline/Models/Http/ErrorResponse.cs | 10 ++++++++ BackEnd/Timeline/Resources/Messages.Designer.cs | 9 ++++++++ BackEnd/Timeline/Resources/Messages.resx | 3 +++ BackEnd/Timeline/Services/UserDeleteService.cs | 5 ++++ BackEnd/Timeline/Services/UserPermissionService.cs | 4 ++-- 9 files changed, 77 insertions(+), 7 deletions(-) create mode 100644 BackEnd/Timeline.Tests/Services/UserDeleteServiceTest.cs (limited to 'BackEnd/Timeline/Controllers/UserController.cs') diff --git a/BackEnd/Timeline.ErrorCodes/ErrorCodes.cs b/BackEnd/Timeline.ErrorCodes/ErrorCodes.cs index df3d1861..90c4ed99 100644 --- a/BackEnd/Timeline.ErrorCodes/ErrorCodes.cs +++ b/BackEnd/Timeline.ErrorCodes/ErrorCodes.cs @@ -44,6 +44,7 @@ public const int UsernameConflict = 1_102_01_01; public const int ChangePassword_BadOldPassword = 1_102_02_01; public const int ChangePermission_RootUser = 1_102_03_01; + public const int Delete_RootUser = 1_102_04_01; } public static class UserAvatar diff --git a/BackEnd/Timeline.Tests/IntegratedTests/UserTest.cs b/BackEnd/Timeline.Tests/IntegratedTests/UserTest.cs index 0c2e0b0d..55a37198 100644 --- a/BackEnd/Timeline.Tests/IntegratedTests/UserTest.cs +++ b/BackEnd/Timeline.Tests/IntegratedTests/UserTest.cs @@ -175,6 +175,13 @@ namespace Timeline.Tests.IntegratedTests await client.TestDeleteAsync("users/usernotexist", false); } + [Fact] + public async Task DeleteRootUser_Should_Error() + { + using var client = await CreateClientAsAdministrator(); + await client.TestDeleteAssertErrorAsync("users/admin", errorCode: ErrorCodes.UserController.Delete_RootUser); + } + [Fact] public async Task Delete_InvalidModel() { diff --git a/BackEnd/Timeline.Tests/Services/UserDeleteServiceTest.cs b/BackEnd/Timeline.Tests/Services/UserDeleteServiceTest.cs new file mode 100644 index 00000000..be11564e --- /dev/null +++ b/BackEnd/Timeline.Tests/Services/UserDeleteServiceTest.cs @@ -0,0 +1,27 @@ +using FluentAssertions; +using Microsoft.Extensions.Logging.Abstractions; +using Moq; +using System.Threading.Tasks; +using Timeline.Services; +using Timeline.Services.Exceptions; +using Xunit; + +namespace Timeline.Tests.Services +{ + public class UserDeleteServiceTest : DatabaseBasedTest + { + private readonly Mock _mockTimelineService = new Mock(); + private UserDeleteService _service = default!; + + protected override void OnDatabaseCreated() + { + _service = new UserDeleteService(NullLogger.Instance, Database, _mockTimelineService.Object); + } + + [Fact] + public async Task DeleteRootUser_Should_Throw() + { + await _service.Awaiting(s => s.DeleteUser("admin")).Should().ThrowAsync(); + } + } +} diff --git a/BackEnd/Timeline/Controllers/UserController.cs b/BackEnd/Timeline/Controllers/UserController.cs index da34cb1b..8edae139 100644 --- a/BackEnd/Timeline/Controllers/UserController.cs +++ b/BackEnd/Timeline/Controllers/UserController.cs @@ -138,15 +138,23 @@ namespace Timeline.Controllers /// Info of deletion. [HttpDelete("users/{username}"), PermissionAuthorize(UserPermission.UserManagement)] [ProducesResponseType(StatusCodes.Status200OK)] + [ProducesResponseType(StatusCodes.Status400BadRequest)] [ProducesResponseType(StatusCodes.Status401Unauthorized)] [ProducesResponseType(StatusCodes.Status403Forbidden)] public async Task> Delete([FromRoute][Username] string username) { - var delete = await _userDeleteService.DeleteUser(username); - if (delete) - return Ok(CommonDeleteResponse.Delete()); - else - return Ok(CommonDeleteResponse.NotExist()); + try + { + var delete = await _userDeleteService.DeleteUser(username); + if (delete) + return Ok(CommonDeleteResponse.Delete()); + else + return Ok(CommonDeleteResponse.NotExist()); + } + catch (InvalidOperationOnRootUserException) + { + return BadRequest(ErrorResponse.UserController.Delete_RootUser()); + } } /// diff --git a/BackEnd/Timeline/Models/Http/ErrorResponse.cs b/BackEnd/Timeline/Models/Http/ErrorResponse.cs index 616a0037..10755fd1 100644 --- a/BackEnd/Timeline/Models/Http/ErrorResponse.cs +++ b/BackEnd/Timeline/Models/Http/ErrorResponse.cs @@ -166,6 +166,16 @@ namespace Timeline.Models.Http return new CommonResponse(ErrorCodes.UserController.ChangePermission_RootUser, string.Format(message, formatArgs)); } + public static CommonResponse Delete_RootUser(params object?[] formatArgs) + { + return new CommonResponse(ErrorCodes.UserController.Delete_RootUser, string.Format(UserController_Delete_RootUser, formatArgs)); + } + + public static CommonResponse CustomMessage_Delete_RootUser(string message, params object?[] formatArgs) + { + return new CommonResponse(ErrorCodes.UserController.Delete_RootUser, string.Format(message, formatArgs)); + } + } public static class UserAvatar diff --git a/BackEnd/Timeline/Resources/Messages.Designer.cs b/BackEnd/Timeline/Resources/Messages.Designer.cs index fd3e1848..c6b7d5e7 100644 --- a/BackEnd/Timeline/Resources/Messages.Designer.cs +++ b/BackEnd/Timeline/Resources/Messages.Designer.cs @@ -366,6 +366,15 @@ namespace Timeline.Resources { } } + /// + /// Looks up a localized string similar to You can't delete root user.. + /// + internal static string UserController_Delete_RootUser { + get { + return ResourceManager.GetString("UserController_Delete_RootUser", resourceCulture); + } + } + /// /// Looks up a localized string similar to You can't set permission unless you are administrator.. /// diff --git a/BackEnd/Timeline/Resources/Messages.resx b/BackEnd/Timeline/Resources/Messages.resx index d808499b..2386d1eb 100644 --- a/BackEnd/Timeline/Resources/Messages.resx +++ b/BackEnd/Timeline/Resources/Messages.resx @@ -219,6 +219,9 @@ You can't change permission of root user. + + You can't delete root user. + You can't set permission unless you are administrator. diff --git a/BackEnd/Timeline/Services/UserDeleteService.cs b/BackEnd/Timeline/Services/UserDeleteService.cs index b6306682..5365313b 100644 --- a/BackEnd/Timeline/Services/UserDeleteService.cs +++ b/BackEnd/Timeline/Services/UserDeleteService.cs @@ -7,6 +7,7 @@ using System.Threading.Tasks; using Timeline.Entities; using Timeline.Helpers; using Timeline.Models.Validation; +using Timeline.Services.Exceptions; using static Timeline.Resources.Services.UserService; namespace Timeline.Services @@ -20,6 +21,7 @@ namespace Timeline.Services /// True if user is deleted, false if user not exist. /// Thrown if is null. /// Thrown when is of bad format. + /// Thrown when deleting root user. Task DeleteUser(string username); } @@ -54,6 +56,9 @@ namespace Timeline.Services if (user == null) return false; + if (user.Id == 1) + throw new InvalidOperationOnRootUserException("Can't delete root user."); + await _timelineService.DeleteAllPostsOfUser(user.Id); _databaseContext.Users.Remove(user); diff --git a/BackEnd/Timeline/Services/UserPermissionService.cs b/BackEnd/Timeline/Services/UserPermissionService.cs index 2fdf3d2d..42c93283 100644 --- a/BackEnd/Timeline/Services/UserPermissionService.cs +++ b/BackEnd/Timeline/Services/UserPermissionService.cs @@ -127,7 +127,7 @@ namespace Timeline.Services /// The id of the user. /// The new permission. /// Thrown when user does not exist. - /// Thrown when change root user's permission. + /// Thrown when change root user's permission. Task AddPermissionToUserAsync(long userId, UserPermission permission); /// @@ -137,7 +137,7 @@ namespace Timeline.Services /// The permission. /// Whether check the user's existence. /// Thrown when is true and user does not exist. - /// Thrown when change root user's permission. + /// Thrown when change root user's permission. Task RemovePermissionFromUserAsync(long userId, UserPermission permission, bool checkUserExistence = true); } -- cgit v1.2.3