From 774f8f018ccb48c538f6d972ed99571f13fc140e Mon Sep 17 00:00:00 2001 From: crupest Date: Thu, 12 Nov 2020 23:45:00 +0800 Subject: feat: Add REST API for user permission. --- BackEnd/Timeline/Controllers/UserController.cs | 48 ++++++++++++++++++++++++-- 1 file changed, 46 insertions(+), 2 deletions(-) (limited to 'BackEnd/Timeline/Controllers/UserController.cs') diff --git a/BackEnd/Timeline/Controllers/UserController.cs b/BackEnd/Timeline/Controllers/UserController.cs index 524e5559..c5d1d4de 100644 --- a/BackEnd/Timeline/Controllers/UserController.cs +++ b/BackEnd/Timeline/Controllers/UserController.cs @@ -26,20 +26,24 @@ namespace Timeline.Controllers { private readonly ILogger _logger; private readonly IUserService _userService; + private readonly IUserPermissionService _userPermissionService; private readonly IUserDeleteService _userDeleteService; private readonly IMapper _mapper; /// - public UserController(ILogger logger, IUserService userService, IUserDeleteService userDeleteService, IMapper mapper) + public UserController(ILogger logger, IUserService userService, IUserPermissionService userPermissionService, IUserDeleteService userDeleteService, IMapper mapper) { _logger = logger; _userService = userService; + _userPermissionService = userPermissionService; _userDeleteService = userDeleteService; _mapper = mapper; } private UserInfo ConvertToUserInfo(User user) => _mapper.Map(user); + private bool UserHasUserManagementPermission => this.UserHasPermission(UserPermission.UserManagement); + /// /// Get all users. /// @@ -90,7 +94,7 @@ namespace Timeline.Controllers [ProducesResponseType(StatusCodes.Status404NotFound)] public async Task> Patch([FromBody] UserPatchRequest body, [FromRoute][Username] string username) { - if (this.UserHasPermission(UserPermission.UserManagement)) + if (UserHasUserManagementPermission) { try { @@ -189,5 +193,45 @@ namespace Timeline.Controllers } // User can't be non-existent or the token is bad. } + + [HttpPut("users/{username}/permissions/{permission}"), PermissionAuthorize(UserPermission.UserManagement)] + [ProducesResponseType(StatusCodes.Status200OK)] + [ProducesResponseType(StatusCodes.Status400BadRequest)] + [ProducesResponseType(StatusCodes.Status401Unauthorized)] + [ProducesResponseType(StatusCodes.Status403Forbidden)] + [ProducesResponseType(StatusCodes.Status404NotFound)] + public async Task PutUserPermission([FromRoute] string username, [FromRoute] UserPermission permission) + { + try + { + var id = await _userService.GetUserIdByUsername(username); + await _userPermissionService.AddPermissionToUserAsync(id, permission); + return Ok(); + } + catch (UserNotExistException) + { + return NotFound(ErrorResponse.UserCommon.NotExist()); + } + } + + [HttpDelete("users/{username}/permissions/{permission}"), PermissionAuthorize(UserPermission.UserManagement)] + [ProducesResponseType(StatusCodes.Status200OK)] + [ProducesResponseType(StatusCodes.Status400BadRequest)] + [ProducesResponseType(StatusCodes.Status401Unauthorized)] + [ProducesResponseType(StatusCodes.Status403Forbidden)] + [ProducesResponseType(StatusCodes.Status404NotFound)] + public async Task DeleteUserPermission([FromRoute] string username, [FromRoute] UserPermission permission) + { + try + { + var id = await _userService.GetUserIdByUsername(username); + await _userPermissionService.RemovePermissionFromUserAsync(id, permission); + return Ok(); + } + catch (UserNotExistException) + { + return NotFound(ErrorResponse.UserCommon.NotExist()); + } + } } } -- cgit v1.2.3