From 667143d870679deb4be55122237e66d2d480946f Mon Sep 17 00:00:00 2001 From: crupest Date: Sun, 15 Nov 2020 20:31:22 +0800 Subject: feat: Now changing user permission returns 400. --- BackEnd/Timeline.ErrorCodes/ErrorCodes.cs | 1 + .../IntegratedTests/UserPermissionTest.cs | 18 +++++------------- .../Services/UserPermissionServiceTest.cs | 14 +++----------- BackEnd/Timeline/Controllers/UserController.cs | 8 ++++++++ BackEnd/Timeline/Models/Http/ErrorResponse.cs | 10 ++++++++++ BackEnd/Timeline/Resources/Messages.Designer.cs | 9 +++++++++ BackEnd/Timeline/Resources/Messages.resx | 3 +++ .../Exceptions/InvalidOperationOnRootUserException.cs | 16 ++++++++++++++++ BackEnd/Timeline/Services/UserPermissionService.cs | 10 ++++++---- 9 files changed, 61 insertions(+), 28 deletions(-) create mode 100644 BackEnd/Timeline/Services/Exceptions/InvalidOperationOnRootUserException.cs (limited to 'BackEnd') diff --git a/BackEnd/Timeline.ErrorCodes/ErrorCodes.cs b/BackEnd/Timeline.ErrorCodes/ErrorCodes.cs index 91e0c1fd..df3d1861 100644 --- a/BackEnd/Timeline.ErrorCodes/ErrorCodes.cs +++ b/BackEnd/Timeline.ErrorCodes/ErrorCodes.cs @@ -43,6 +43,7 @@ { public const int UsernameConflict = 1_102_01_01; public const int ChangePassword_BadOldPassword = 1_102_02_01; + public const int ChangePermission_RootUser = 1_102_03_01; } public static class UserAvatar diff --git a/BackEnd/Timeline.Tests/IntegratedTests/UserPermissionTest.cs b/BackEnd/Timeline.Tests/IntegratedTests/UserPermissionTest.cs index 77cae590..3fb581f0 100644 --- a/BackEnd/Timeline.Tests/IntegratedTests/UserPermissionTest.cs +++ b/BackEnd/Timeline.Tests/IntegratedTests/UserPermissionTest.cs @@ -36,23 +36,15 @@ namespace Timeline.Tests.IntegratedTests [Theory] [MemberData(nameof(EveryPermissionTestData))] - public async Task ModifyRootUserPermissionShouldHaveNoEffect(UserPermission permission) + public async Task ModifyRootUserPermission_Should_Error(UserPermission permission) { using var client = await CreateClientAsAdministrator(); - await client.TestDeleteAsync($"users/admin/permissions/{permission}"); + await client.TestPutAssertErrorAsync($"users/admin/permissions/{permission}", + errorCode: ErrorCodes.UserController.ChangePermission_RootUser); - { - var body = await client.GetUserAsync("admin"); - body.Permissions.Should().BeEquivalentTo(Enum.GetNames()); - } - - await client.TestPutAsync($"users/admin/permissions/{permission}"); - - { - var body = await client.GetUserAsync("admin"); - body.Permissions.Should().BeEquivalentTo(Enum.GetNames()); - } + await client.TestDeleteAssertErrorAsync($"users/admin/permissions/{permission}", + errorCode: ErrorCodes.UserController.ChangePermission_RootUser); } [Theory] diff --git a/BackEnd/Timeline.Tests/Services/UserPermissionServiceTest.cs b/BackEnd/Timeline.Tests/Services/UserPermissionServiceTest.cs index 5a4e4954..ea20bd18 100644 --- a/BackEnd/Timeline.Tests/Services/UserPermissionServiceTest.cs +++ b/BackEnd/Timeline.Tests/Services/UserPermissionServiceTest.cs @@ -48,18 +48,10 @@ namespace Timeline.Tests.Services } [Fact] - public async Task ModifyPermissionOnRootUserShouldHaveNoEffect() + public async Task ModifyPermissionOnRootUser_Should_Throw() { - await _service.AddPermissionToUserAsync(1, UserPermission.AllTimelineManagement); - { - var permission = await _service.GetPermissionsOfUserAsync(1); - permission.Should().BeEquivalentTo(Enum.GetValues()); - } - await _service.RemovePermissionFromUserAsync(1, UserPermission.AllTimelineManagement); - { - var permission = await _service.GetPermissionsOfUserAsync(1); - permission.Should().BeEquivalentTo(Enum.GetValues()); - } + await _service.Awaiting(s => s.AddPermissionToUserAsync(1, UserPermission.AllTimelineManagement)).Should().ThrowAsync(); + await _service.Awaiting(s => s.RemovePermissionFromUserAsync(1, UserPermission.AllTimelineManagement)).Should().ThrowAsync(); } [Fact] diff --git a/BackEnd/Timeline/Controllers/UserController.cs b/BackEnd/Timeline/Controllers/UserController.cs index bbdb5d57..da34cb1b 100644 --- a/BackEnd/Timeline/Controllers/UserController.cs +++ b/BackEnd/Timeline/Controllers/UserController.cs @@ -212,6 +212,10 @@ namespace Timeline.Controllers { return NotFound(ErrorResponse.UserCommon.NotExist()); } + catch (InvalidOperationOnRootUserException) + { + return BadRequest(ErrorResponse.UserController.ChangePermission_RootUser()); + } } [HttpDelete("users/{username}/permissions/{permission}"), PermissionAuthorize(UserPermission.UserManagement)] @@ -232,6 +236,10 @@ namespace Timeline.Controllers { return NotFound(ErrorResponse.UserCommon.NotExist()); } + catch (InvalidOperationOnRootUserException) + { + return BadRequest(ErrorResponse.UserController.ChangePermission_RootUser()); + } } } } diff --git a/BackEnd/Timeline/Models/Http/ErrorResponse.cs b/BackEnd/Timeline/Models/Http/ErrorResponse.cs index ac86481f..616a0037 100644 --- a/BackEnd/Timeline/Models/Http/ErrorResponse.cs +++ b/BackEnd/Timeline/Models/Http/ErrorResponse.cs @@ -156,6 +156,16 @@ namespace Timeline.Models.Http return new CommonResponse(ErrorCodes.UserController.ChangePassword_BadOldPassword, string.Format(message, formatArgs)); } + public static CommonResponse ChangePermission_RootUser(params object?[] formatArgs) + { + return new CommonResponse(ErrorCodes.UserController.ChangePermission_RootUser, string.Format(UserController_ChangePermission_RootUser, formatArgs)); + } + + public static CommonResponse CustomMessage_ChangePermission_RootUser(string message, params object?[] formatArgs) + { + return new CommonResponse(ErrorCodes.UserController.ChangePermission_RootUser, string.Format(message, formatArgs)); + } + } public static class UserAvatar diff --git a/BackEnd/Timeline/Resources/Messages.Designer.cs b/BackEnd/Timeline/Resources/Messages.Designer.cs index bb654ce6..fd3e1848 100644 --- a/BackEnd/Timeline/Resources/Messages.Designer.cs +++ b/BackEnd/Timeline/Resources/Messages.Designer.cs @@ -357,6 +357,15 @@ namespace Timeline.Resources { } } + /// + /// Looks up a localized string similar to You can't change permission of root user.. + /// + internal static string UserController_ChangePermission_RootUser { + get { + return ResourceManager.GetString("UserController_ChangePermission_RootUser", resourceCulture); + } + } + /// /// Looks up a localized string similar to You can't set permission unless you are administrator.. /// diff --git a/BackEnd/Timeline/Resources/Messages.resx b/BackEnd/Timeline/Resources/Messages.resx index 2bbf494e..d808499b 100644 --- a/BackEnd/Timeline/Resources/Messages.resx +++ b/BackEnd/Timeline/Resources/Messages.resx @@ -216,6 +216,9 @@ Old password is wrong. + + You can't change permission of root user. + You can't set permission unless you are administrator. diff --git a/BackEnd/Timeline/Services/Exceptions/InvalidOperationOnRootUserException.cs b/BackEnd/Timeline/Services/Exceptions/InvalidOperationOnRootUserException.cs new file mode 100644 index 00000000..2bcab316 --- /dev/null +++ b/BackEnd/Timeline/Services/Exceptions/InvalidOperationOnRootUserException.cs @@ -0,0 +1,16 @@ +using System; + +namespace Timeline.Services.Exceptions +{ + + [Serializable] + public class InvalidOperationOnRootUserException : InvalidOperationException + { + public InvalidOperationOnRootUserException() { } + public InvalidOperationOnRootUserException(string message) : base(message) { } + public InvalidOperationOnRootUserException(string message, Exception inner) : base(message, inner) { } + protected InvalidOperationOnRootUserException( + System.Runtime.Serialization.SerializationInfo info, + System.Runtime.Serialization.StreamingContext context) : base(info, context) { } + } +} diff --git a/BackEnd/Timeline/Services/UserPermissionService.cs b/BackEnd/Timeline/Services/UserPermissionService.cs index ff09b4ee..2fdf3d2d 100644 --- a/BackEnd/Timeline/Services/UserPermissionService.cs +++ b/BackEnd/Timeline/Services/UserPermissionService.cs @@ -127,6 +127,7 @@ namespace Timeline.Services /// The id of the user. /// The new permission. /// Thrown when user does not exist. + /// Thrown when change root user's permission. Task AddPermissionToUserAsync(long userId, UserPermission permission); /// @@ -136,6 +137,7 @@ namespace Timeline.Services /// The permission. /// Whether check the user's existence. /// Thrown when is true and user does not exist. + /// Thrown when change root user's permission. Task RemovePermissionFromUserAsync(long userId, UserPermission permission, bool checkUserExistence = true); } @@ -176,8 +178,8 @@ namespace Timeline.Services public async Task AddPermissionToUserAsync(long userId, UserPermission permission) { - if (userId == 1) // The init administrator account. - return; + if (userId == 1) + throw new InvalidOperationOnRootUserException("Can't change root user's permission."); await CheckUserExistence(userId, true); @@ -193,8 +195,8 @@ namespace Timeline.Services public async Task RemovePermissionFromUserAsync(long userId, UserPermission permission, bool checkUserExistence = true) { - if (userId == 1) // The init administrator account. - return; + if (userId == 1) + throw new InvalidOperationOnRootUserException("Can't change root user's permission."); await CheckUserExistence(userId, checkUserExistence); -- cgit v1.2.3