From 0920d6ca8d8f92e612148aa1d3c4eaea5f407d94 Mon Sep 17 00:00:00 2001 From: crupest Date: Sun, 21 Apr 2019 23:23:49 +0800 Subject: Allow ordinary user to patch his password. --- Timeline/Controllers/UserController.cs | 39 ++++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 9 deletions(-) (limited to 'Timeline/Controllers/UserController.cs') diff --git a/Timeline/Controllers/UserController.cs b/Timeline/Controllers/UserController.cs index ab7e1b99..d2708eeb 100644 --- a/Timeline/Controllers/UserController.cs +++ b/Timeline/Controllers/UserController.cs @@ -48,18 +48,39 @@ namespace Timeline.Controllers } } - [HttpPatch("user/{username}"), Authorize(Roles = "admin")] + [HttpPatch("user/{username}"), Authorize] public async Task Patch([FromBody] UserModifyRequest request, [FromRoute] string username) { - var result = await _userService.PatchUser(username, request.Password, request.Roles); - switch (result) + if (User.IsInRole("admin")) { - case PatchUserResult.Success: - return Ok(); - case PatchUserResult.NotExists: - return NotFound(); - default: - throw new Exception("Unreachable code."); + var result = await _userService.PatchUser(username, request.Password, request.Roles); + switch (result) + { + case PatchUserResult.Success: + return Ok(); + case PatchUserResult.NotExists: + return NotFound(); + default: + throw new Exception("Unreachable code."); + } + } + else + { + if (User.Identity.Name != username) + return StatusCode(403, new MessageResponse("Can't patch other user when you are not admin.")); + if (request.Roles != null) + return StatusCode(403, new MessageResponse("Can't patch roles when you are not admin.")); + + var result = await _userService.PatchUser(username, request.Password, null); + switch (result) + { + case PatchUserResult.Success: + return Ok(); + case PatchUserResult.NotExists: + return NotFound(new MessageResponse("This username no longer exists. Please update your token.")); + default: + throw new Exception("Unreachable code."); + } } } -- cgit v1.2.3