From d3a1bf5f2939049f11e77f91ad9ddea30d8acd64 Mon Sep 17 00:00:00 2001 From: 杨宇千 Date: Thu, 31 Oct 2019 00:56:46 +0800 Subject: Continue to construct feature and tests. --- Timeline/Filters/User.cs | 66 ++++++++++++++++++++++++++++++++++++++++-------- 1 file changed, 56 insertions(+), 10 deletions(-) (limited to 'Timeline/Filters') diff --git a/Timeline/Filters/User.cs b/Timeline/Filters/User.cs index 22fae938..16c76750 100644 --- a/Timeline/Filters/User.cs +++ b/Timeline/Filters/User.cs @@ -1,7 +1,13 @@ -using Microsoft.AspNetCore.Mvc; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.Filters; +using Microsoft.Extensions.DependencyInjection; +using Microsoft.Extensions.Logging; using System; +using Timeline.Auth; using Timeline.Models.Http; +using Timeline.Services; +using static Timeline.Resources.Filters; namespace Timeline { @@ -13,9 +19,10 @@ namespace Timeline { public static class User // bbb = 101 { - public const int NotExist = 11010001; - } + public const int NotExist = 11010101; + public const int NotSelfOrAdminForbid = 11010201; + } } } } @@ -23,20 +30,59 @@ namespace Timeline namespace Timeline.Filters { + public class SelfOrAdminAttribute : ActionFilterAttribute + { + [System.Diagnostics.CodeAnalysis.SuppressMessage("Design", "CA1062:Validate arguments of public methods")] + public override void OnActionExecuting(ActionExecutingContext context) + { + var logger = context.HttpContext.RequestServices.GetRequiredService>(); + + var user = context.HttpContext.User; + + if (user == null) + { + logger.LogError(LogSelfOrAdminNoUser); + return; + } + + if (context.ModelState.TryGetValue("username", out var model)) + { + if (model.RawValue is string username) + { + if (!user.IsAdministrator() && user.Identity.Name != username) + { + context.Result = new ObjectResult( + new CommonResponse(ErrorCodes.Http.Filter.User.NotSelfOrAdminForbid, MessageSelfOrAdminForbid)) + { StatusCode = StatusCodes.Status403Forbidden }; + } + } + else + { + logger.LogError(LogSelfOrAdminUsernameNotString); + } + } + else + { + logger.LogError(LogSelfOrAdminNoUsername); + } + } + } + [AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, AllowMultiple = true, Inherited = true)] public class CatchUserNotExistExceptionAttribute : ExceptionFilterAttribute { [System.Diagnostics.CodeAnalysis.SuppressMessage("Design", "CA1062:Validate arguments of public methods", Justification = "ASP.Net already checked.")] public override void OnException(ExceptionContext context) { - var body = new CommonResponse( - ErrorCodes.Http.Filter.User.NotExist, - Resources.Filters.MessageUserNotExist); + if (context.Exception is UserNotExistException) + { + var body = new CommonResponse(ErrorCodes.Http.Filter.User.NotExist, MessageUserNotExist); - if (context.HttpContext.Request.Method == "GET") - context.Result = new NotFoundObjectResult(body); - else - context.Result = new BadRequestObjectResult(body); + if (context.HttpContext.Request.Method == "GET") + context.Result = new NotFoundObjectResult(body); + else + context.Result = new BadRequestObjectResult(body); + } } } } -- cgit v1.2.3