From d3da412fa7e10db8c721846152a2c056dd4ccbcf Mon Sep 17 00:00:00 2001 From: crupest Date: Thu, 12 Nov 2020 23:21:31 +0800 Subject: ... --- BackEnd/Timeline/Controllers/UserController.cs | 24 +++++++++++------------- 1 file changed, 11 insertions(+), 13 deletions(-) (limited to 'BackEnd/Timeline/Controllers/UserController.cs') diff --git a/BackEnd/Timeline/Controllers/UserController.cs b/BackEnd/Timeline/Controllers/UserController.cs index 02c09aab..524e5559 100644 --- a/BackEnd/Timeline/Controllers/UserController.cs +++ b/BackEnd/Timeline/Controllers/UserController.cs @@ -65,7 +65,8 @@ namespace Timeline.Controllers { try { - var user = await _userService.GetUserByUsername(username); + var id = await _userService.GetUserIdByUsername(username); + var user = await _userService.GetUser(id); return Ok(ConvertToUserInfo(user)); } catch (UserNotExistException e) @@ -89,11 +90,12 @@ namespace Timeline.Controllers [ProducesResponseType(StatusCodes.Status404NotFound)] public async Task> Patch([FromBody] UserPatchRequest body, [FromRoute][Username] string username) { - if (this.IsAdministrator()) + if (this.UserHasPermission(UserPermission.UserManagement)) { try { - var user = await _userService.ModifyUser(username, _mapper.Map(body)); + var id = await _userService.GetUserIdByUsername(username); + var user = await _userService.ModifyUser(id, _mapper.Map(body)); return Ok(ConvertToUserInfo(user)); } catch (UserNotExistException e) @@ -108,7 +110,7 @@ namespace Timeline.Controllers } else { - if (User.Identity.Name != username) + if (User.Identity!.Name != username) return StatusCode(StatusCodes.Status403Forbidden, ErrorResponse.Common.CustomMessage_Forbid(Common_Forbid_NotSelf)); @@ -120,11 +122,7 @@ namespace Timeline.Controllers return StatusCode(StatusCodes.Status403Forbidden, ErrorResponse.Common.CustomMessage_Forbid(UserController_Patch_Forbid_Password)); - if (body.Administrator != null) - return StatusCode(StatusCodes.Status403Forbidden, - ErrorResponse.Common.CustomMessage_Forbid(UserController_Patch_Forbid_Administrator)); - - var user = await _userService.ModifyUser(this.GetUserId(), _mapper.Map(body)); + var user = await _userService.ModifyUser(this.GetUserId(), _mapper.Map(body)); return Ok(ConvertToUserInfo(user)); } } @@ -134,7 +132,7 @@ namespace Timeline.Controllers /// /// Username of the user to delete. /// Info of deletion. - [HttpDelete("users/{username}"), AdminAuthorize] + [HttpDelete("users/{username}"), PermissionAuthorize(UserPermission.UserManagement)] [ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status401Unauthorized)] [ProducesResponseType(StatusCodes.Status403Forbidden)] @@ -151,7 +149,7 @@ namespace Timeline.Controllers /// Create a new user. You have to be administrator. /// /// The new user's info. - [HttpPost("userop/createuser"), AdminAuthorize] + [HttpPost("userop/createuser"), PermissionAuthorize(UserPermission.UserManagement)] [ProducesResponseType(StatusCodes.Status200OK)] [ProducesResponseType(StatusCodes.Status400BadRequest)] [ProducesResponseType(StatusCodes.Status401Unauthorized)] @@ -160,7 +158,7 @@ namespace Timeline.Controllers { try { - var user = await _userService.CreateUser(_mapper.Map(body)); + var user = await _userService.CreateUser(body.Username, body.Password); return Ok(ConvertToUserInfo(user)); } catch (EntityAlreadyExistException e) when (e.EntityName == EntityNames.User) @@ -186,7 +184,7 @@ namespace Timeline.Controllers catch (BadPasswordException e) { _logger.LogInformation(e, Log.Format(LogChangePasswordBadPassword, - ("Username", User.Identity.Name), ("Old Password", request.OldPassword))); + ("Username", User.Identity!.Name), ("Old Password", request.OldPassword))); return BadRequest(ErrorResponse.UserController.ChangePassword_BadOldPassword()); } // User can't be non-existent or the token is bad. -- cgit v1.2.3