From bc832053bdad644a0a86ded0173f3f47c0159018 Mon Sep 17 00:00:00 2001 From: 杨宇千 Date: Sun, 18 Aug 2019 23:08:05 +0800 Subject: Develop user avatar controller. --- Timeline/Controllers/UserAvatarController.cs | 45 ++++++++++++++++++++++++++-- 1 file changed, 43 insertions(+), 2 deletions(-) (limited to 'Timeline/Controllers/UserAvatarController.cs') diff --git a/Timeline/Controllers/UserAvatarController.cs b/Timeline/Controllers/UserAvatarController.cs index f61fd54a..6dc767df 100644 --- a/Timeline/Controllers/UserAvatarController.cs +++ b/Timeline/Controllers/UserAvatarController.cs @@ -1,7 +1,10 @@ -using Microsoft.AspNetCore.Mvc; +using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Mvc; using Microsoft.Extensions.Logging; using System; using System.Threading.Tasks; +using Timeline.Authenticate; using Timeline.Models.Http; using Timeline.Services; @@ -15,6 +18,10 @@ namespace Timeline.Controllers public const int Get_UserNotExist = -1001; public const int Put_UserNotExist = -2001; + public const int Put_Forbid = -2002; + + public const int Delete_UserNotExist = -3001; + public const int Delete_Forbid = -3002; } private readonly ILogger _logger; @@ -28,6 +35,7 @@ namespace Timeline.Controllers } [HttpGet("users/{username}/avatar")] + [Authorize] public async Task Get(string username) { try @@ -43,9 +51,17 @@ namespace Timeline.Controllers } [HttpPut("users/{username}/avatar")] + [Authorize] [Consumes("image/png", "image/jpeg", "image/gif", "image/webp")] public async Task Put(string username) { + if (!User.IsAdmin() && User.Identity.Name != username) + { + _logger.LogInformation($"Attempt to put a avatar of other user as a non-admin failed. Operator Username: {User.Identity.Name} ; Username To Put Avatar: {username} ."); + return StatusCode(StatusCodes.Status403Forbidden, + new CommonResponse(ErrorCodes.Put_Forbid, "Normal user can't change other's avatar.")); + } + try { var data = new byte[Convert.ToInt32(Request.ContentLength)]; @@ -57,7 +73,7 @@ namespace Timeline.Controllers Type = Request.ContentType }); - _logger.LogInformation($"Succeed to put a avatar of a user. Username: {username} . Mime Type: {Request.ContentType} ."); + _logger.LogInformation($"Succeed to put a avatar of a user. Username: {username} ; Mime Type: {Request.ContentType} ."); return Ok(); } catch (UserNotExistException) @@ -66,5 +82,30 @@ namespace Timeline.Controllers return BadRequest(new CommonResponse(ErrorCodes.Put_UserNotExist, "User does not exist.")); } } + + [HttpDelete("users/{username}/avatar")] + [Authorize] + public async Task Delete(string username) + { + if (!User.IsAdmin() && User.Identity.Name != username) + { + _logger.LogInformation($"Attempt to delete a avatar of other user as a non-admin failed. Operator Username: {User.Identity.Name} ; Username To Put Avatar: {username} ."); + return StatusCode(StatusCodes.Status403Forbidden, + new CommonResponse(ErrorCodes.Delete_Forbid, "Normal user can't delete other's avatar.")); + } + + try + { + await _service.SetAvatar(username, null); + + _logger.LogInformation($"Succeed to delete a avatar of a user. Username: {username} ."); + return Ok(); + } + catch (UserNotExistException) + { + _logger.LogInformation($"Attempt to delete a avatar of a non-existent user failed. Username: {username} ."); + return BadRequest(new CommonResponse(ErrorCodes.Delete_UserNotExist, "User does not exist.")); + } + } } } -- cgit v1.2.3