From da9139b7bab95f6e5ba5f4bb2d99011c2d6db03a Mon Sep 17 00:00:00 2001 From: crupest Date: Wed, 23 Mar 2022 21:30:14 +0800 Subject: … MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- BackEnd/Timeline/Controllers/UserController.cs | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'BackEnd/Timeline/Controllers/UserController.cs') diff --git a/BackEnd/Timeline/Controllers/UserController.cs b/BackEnd/Timeline/Controllers/UserController.cs index 740bd0ed..95a99a03 100644 --- a/BackEnd/Timeline/Controllers/UserController.cs +++ b/BackEnd/Timeline/Controllers/UserController.cs @@ -7,6 +7,7 @@ using Timeline.Auth; using Timeline.Filters; using Timeline.Models.Http; using Timeline.Models.Validation; +using Timeline.Services; using Timeline.Services.Mapper; using Timeline.Services.User; @@ -103,7 +104,7 @@ namespace Timeline.Controllers } else { - if (GetUsername() != username) + if (!await CheckIsSelf(username)) return ForbidWithCommonResponse(Resource.MessageForbidNotAdministratorOrOwner); if (body.Username is not null) @@ -112,7 +113,7 @@ namespace Timeline.Controllers if (body.Password is not null) return ForbidWithCommonResponse(Resource.MessageForbidNotAdministrator); - var user = await _userService.ModifyUserAsync(GetUserId(), _mapper.AutoMapperMap(body)); + var user = await _userService.ModifyUserAsync(GetAuthUserId(), _mapper.AutoMapperMap(body)); return await _mapper.MapAsync(user, Url, User); } } @@ -152,7 +153,7 @@ namespace Timeline.Controllers { try { - await _userService.ChangePassword(GetUserId(), request.OldPassword, request.NewPassword); + await _userService.ChangePassword(GetAuthUserId(), request.OldPassword, request.NewPassword); return OkWithCommonResponse(); } catch (BadPasswordException) -- cgit v1.2.3