From 9e84b1e9ad1f2a45cd3e09759c69989fdc588c3d Mon Sep 17 00:00:00 2001 From: crupest Date: Sun, 2 Feb 2020 00:31:33 +0800 Subject: ... --- Timeline/Models/Http/TimelineCommon.cs | 36 +++++++++++++++++++++++++++++----- 1 file changed, 31 insertions(+), 5 deletions(-) (limited to 'Timeline/Models/Http/TimelineCommon.cs') diff --git a/Timeline/Models/Http/TimelineCommon.cs b/Timeline/Models/Http/TimelineCommon.cs index febb8186..0b2a714c 100644 --- a/Timeline/Models/Http/TimelineCommon.cs +++ b/Timeline/Models/Http/TimelineCommon.cs @@ -1,5 +1,7 @@ -using System; +using Microsoft.AspNetCore.Mvc; +using System; using System.Collections.Generic; +using Timeline.Controllers; namespace Timeline.Models.Http { @@ -28,17 +30,41 @@ namespace Timeline.Models.Http public DateTime LastUpdated { get; set; } = default!; } - [System.Diagnostics.CodeAnalysis.SuppressMessage("Usage", "CA2227:Collection properties should be read only", Justification = "This is a DTO class.")] - public class BaseTimelineInfo + public class TimelineInfo { + public string? Name { get; set; } public string Description { get; set; } = default!; public UserInfo Owner { get; set; } = default!; public TimelineVisibility Visibility { get; set; } +#pragma warning disable CA2227 // Collection properties should be read only public List Members { get; set; } = default!; +#pragma warning restore CA2227 // Collection properties should be read only + +#pragma warning disable CA1707 // Identifiers should not contain underscores + public TimelineInfoLinks? _links { get; set; } +#pragma warning restore CA1707 // Identifiers should not contain underscores + } + + public class TimelineInfoLinks + { + public string Posts { get; set; } = default!; } - public class TimelineInfo : BaseTimelineInfo + public static class TimelineInfoExtensions { - public string Name { get; set; } = default!; + public static TimelineInfo FillLinks(this TimelineInfo info, IUrlHelper urlHelper) + { + if (info == null) + throw new ArgumentNullException(nameof(info)); + if (urlHelper == null) + throw new ArgumentNullException(nameof(urlHelper)); + + info._links = new TimelineInfoLinks + { + Posts = urlHelper.ActionLink(nameof(PersonalTimelineController.PostListGet), nameof(PersonalTimelineController)[0..^nameof(Controller).Length], new { info.Owner.Username }) + }; + + return info; + } } } -- cgit v1.2.3 From 12f85448cde94d70d9030b757b09caa5e2f53061 Mon Sep 17 00:00:00 2001 From: crupest Date: Sun, 2 Feb 2020 22:37:47 +0800 Subject: ... --- Timeline/Controllers/PersonalTimelineController.cs | 10 +- Timeline/Controllers/TimelineController.cs | 131 +++++++++++++++++++++ Timeline/Models/Http/TimelineCommon.cs | 17 ++- Timeline/Services/TimelineService.cs | 31 +++++ 4 files changed, 183 insertions(+), 6 deletions(-) create mode 100644 Timeline/Controllers/TimelineController.cs (limited to 'Timeline/Models/Http/TimelineCommon.cs') diff --git a/Timeline/Controllers/PersonalTimelineController.cs b/Timeline/Controllers/PersonalTimelineController.cs index 842da015..8cf098bf 100644 --- a/Timeline/Controllers/PersonalTimelineController.cs +++ b/Timeline/Controllers/PersonalTimelineController.cs @@ -28,7 +28,7 @@ namespace Timeline.Controllers [HttpGet("users/{username}/timeline")] public async Task> TimelineGet([FromRoute][Username] string username) { - return (await _service.GetTimeline(username)).FillLinks(Url); + return (await _service.GetTimeline(username)).FillLinksForPersonalTimeline(Url); } [HttpGet("users/{username}/timeline/posts")] @@ -79,12 +79,12 @@ namespace Timeline.Controllers [Authorize] public async Task> TimelinePatch([FromRoute][Username] string username, [FromBody] TimelinePatchRequest body) { - if (!this.IsAdministrator() && !(User.Identity.Name == username)) + if (!this.IsAdministrator() && !(await _service.HasManagePermission(username, this.GetUserId()))) { return StatusCode(StatusCodes.Status403Forbidden, ErrorResponse.Common.Forbid()); } await _service.ChangeProperty(username, body); - var timeline = (await _service.GetTimeline(username)).FillLinks(Url); + var timeline = (await _service.GetTimeline(username)).FillLinksForPersonalTimeline(Url); return Ok(timeline); } @@ -92,7 +92,7 @@ namespace Timeline.Controllers [Authorize] public async Task TimelineMemberPut([FromRoute][Username] string username, [FromRoute][Username] string member) { - if (!this.IsAdministrator() && !(User.Identity.Name == username)) + if (!this.IsAdministrator() && !(await _service.HasManagePermission(username, this.GetUserId()))) { return StatusCode(StatusCodes.Status403Forbidden, ErrorResponse.Common.Forbid()); } @@ -112,7 +112,7 @@ namespace Timeline.Controllers [Authorize] public async Task TimelineMemberDelete([FromRoute][Username] string username, [FromRoute][Username] string member) { - if (!this.IsAdministrator() && !(User.Identity.Name == username)) + if (!this.IsAdministrator() && !(await _service.HasManagePermission(username, this.GetUserId()))) { return StatusCode(StatusCodes.Status403Forbidden, ErrorResponse.Common.Forbid()); } diff --git a/Timeline/Controllers/TimelineController.cs b/Timeline/Controllers/TimelineController.cs new file mode 100644 index 00000000..be271de7 --- /dev/null +++ b/Timeline/Controllers/TimelineController.cs @@ -0,0 +1,131 @@ +using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Mvc; +using Microsoft.Extensions.Logging; +using System.Collections.Generic; +using System.Threading.Tasks; +using Timeline.Models.Http; +using Timeline.Models.Validation; +using Timeline.Services; + +namespace Timeline.Controllers +{ + [ApiController] + public class TimelineController : Controller + { + private readonly ILogger _logger; + + private readonly ITimelineService _service; + + public TimelineController(ILogger logger, ITimelineService service) + { + _logger = logger; + _service = service; + } + + [HttpGet("timelines/{name}")] + public async Task> TimelineGet([FromRoute][TimelineName] string name) + { + return (await _service.GetTimeline(name)).FillLinksForNormalTimeline(Url); + } + + [HttpGet("timelines/{name}/posts")] + public async Task>> PostListGet([FromRoute][TimelineName] string name) + { + if (!this.IsAdministrator() && !await _service.HasReadPermission(name, this.GetOptionalUserId())) + { + return StatusCode(StatusCodes.Status403Forbidden, ErrorResponse.Common.Forbid()); + } + + return await _service.GetPosts(name); + } + + [HttpPost("timelines/{name}/posts")] + [Authorize] + public async Task> PostPost([FromRoute][TimelineName] string name, [FromBody] TimelinePostCreateRequest body) + { + var id = this.GetUserId(); + if (!this.IsAdministrator() && !await _service.IsMemberOf(name, id)) + { + return StatusCode(StatusCodes.Status403Forbidden, ErrorResponse.Common.Forbid()); + } + + var res = await _service.CreatePost(name, id, body.Content, body.Time); + return res; + } + + [HttpDelete("timelines/{name}/posts/{id}")] + [Authorize] + public async Task PostDelete([FromRoute][TimelineName] string name, [FromRoute] long id) + { + try + { + if (!this.IsAdministrator() && !await _service.HasPostModifyPermission(name, id, this.GetUserId())) + { + return StatusCode(StatusCodes.Status403Forbidden, ErrorResponse.Common.Forbid()); + } + await _service.DeletePost(name, id); + return Ok(CommonDeleteResponse.Delete()); + } + catch (TimelinePostNotExistException) + { + return Ok(CommonDeleteResponse.NotExist()); + } + } + + [HttpPatch("timelines/{name}")] + [Authorize] + public async Task> TimelinePatch([FromRoute][TimelineName] string name, [FromBody] TimelinePatchRequest body) + { + if (!this.IsAdministrator() && !(await _service.HasManagePermission(name, this.GetUserId()))) + { + return StatusCode(StatusCodes.Status403Forbidden, ErrorResponse.Common.Forbid()); + } + await _service.ChangeProperty(name, body); + var timeline = (await _service.GetTimeline(name)).FillLinksForNormalTimeline(Url); + return Ok(timeline); + } + + [HttpPut("timelines/{name}/members/{member}")] + [Authorize] + public async Task TimelineMemberPut([FromRoute][TimelineName] string name, [FromRoute][Username] string member) + { + if (!this.IsAdministrator() && !(await _service.HasManagePermission(name, this.GetUserId()))) + { + return StatusCode(StatusCodes.Status403Forbidden, ErrorResponse.Common.Forbid()); + } + + try + { + await _service.ChangeMember(name, new List { member }, null); + return Ok(); + } + catch (UserNotExistException) + { + return BadRequest(ErrorResponse.TimelineController.MemberPut_NotExist()); + } + } + + [HttpDelete("timelines/{name}/members/{member}")] + [Authorize] + public async Task TimelineMemberDelete([FromRoute][TimelineName] string name, [FromRoute][Username] string member) + { + if (!this.IsAdministrator() && !(await _service.HasManagePermission(name, this.GetUserId()))) + { + return StatusCode(StatusCodes.Status403Forbidden, ErrorResponse.Common.Forbid()); + } + + try + { + await _service.ChangeMember(name, null, new List { member }); + return Ok(CommonDeleteResponse.Delete()); + } + catch (UserNotExistException) + { + return Ok(CommonDeleteResponse.NotExist()); + } + } + + // TODO: Create API . + } +} diff --git a/Timeline/Models/Http/TimelineCommon.cs b/Timeline/Models/Http/TimelineCommon.cs index 0b2a714c..1cb47dac 100644 --- a/Timeline/Models/Http/TimelineCommon.cs +++ b/Timeline/Models/Http/TimelineCommon.cs @@ -52,7 +52,7 @@ namespace Timeline.Models.Http public static class TimelineInfoExtensions { - public static TimelineInfo FillLinks(this TimelineInfo info, IUrlHelper urlHelper) + public static TimelineInfo FillLinksForPersonalTimeline(this TimelineInfo info, IUrlHelper urlHelper) { if (info == null) throw new ArgumentNullException(nameof(info)); @@ -66,5 +66,20 @@ namespace Timeline.Models.Http return info; } + + public static TimelineInfo FillLinksForNormalTimeline(this TimelineInfo info, IUrlHelper urlHelper) + { + if (info == null) + throw new ArgumentNullException(nameof(info)); + if (urlHelper == null) + throw new ArgumentNullException(nameof(urlHelper)); + + info._links = new TimelineInfoLinks + { + Posts = urlHelper.ActionLink(nameof(TimelineController.PostListGet), nameof(TimelineController)[0..^nameof(Controller).Length], new { info.Name }) + }; + + return info; + } } } diff --git a/Timeline/Services/TimelineService.cs b/Timeline/Services/TimelineService.cs index b031297e..991669ad 100644 --- a/Timeline/Services/TimelineService.cs +++ b/Timeline/Services/TimelineService.cs @@ -138,6 +138,26 @@ namespace Timeline.Services /// Task ChangeMember(string name, IList? add, IList? remove); + /// + /// Check whether a user can manage(change timeline info, member, ...) a timeline. + /// + /// + /// + /// True if the user can manage the timeline, otherwise false. + /// Thrown when is null. + /// Thrown when is illegal. It is not a valid timeline name (for normal timeline service) or a valid username (for personal timeline service). + /// + /// Thrown when timeline does not exist. + /// For normal timeline, it means the name does not exist. + /// For personal timeline, it means the user of that username does not exist + /// and the inner exception should be a . + /// + /// + /// This method does not check whether visitor is administrator. + /// Return false if user with user id does not exist. + /// + Task HasManagePermission(string name, long userId); + /// /// Verify whether a visitor has the permission to read a timeline. /// @@ -490,6 +510,17 @@ namespace Timeline.Services await Database.SaveChangesAsync(); } + public async Task HasManagePermission(string name, long userId) + { + if (name == null) + throw new ArgumentNullException(nameof(name)); + + var timelineId = await FindTimelineId(name); + var timelineEntity = await Database.Timelines.Where(t => t.Id == timelineId).Select(t => new { t.OwnerId }).SingleAsync(); + + return userId == timelineEntity.OwnerId; + } + public async Task HasReadPermission(string name, long? visitorId) { if (name == null) -- cgit v1.2.3