fix: repoen permissions
This commit is contained in:
parent
c63a2506d2
commit
89ed49ab93
@ -9,7 +9,7 @@
|
|||||||
MinWidth="400"
|
MinWidth="400"
|
||||||
x:Class="Flawless.Client.Views.ModalBox.IssueDetailEditView">
|
x:Class="Flawless.Client.Views.ModalBox.IssueDetailEditView">
|
||||||
|
|
||||||
<u:Form>
|
<u:Form HorizontalAlignment="Stretch">
|
||||||
<u:FormItem Label="Title" IsRequired="True">
|
<u:FormItem Label="Title" IsRequired="True">
|
||||||
<TextBox Text="{Binding Title}"/>
|
<TextBox Text="{Binding Title}"/>
|
||||||
</u:FormItem>
|
</u:FormItem>
|
||||||
|
|||||||
@ -1,5 +1,4 @@
|
|||||||
using System.Net;
|
using Flawless.Communication.Request;
|
||||||
using Flawless.Communication.Request;
|
|
||||||
using Flawless.Communication.Response;
|
using Flawless.Communication.Response;
|
||||||
using Flawless.Server.Models;
|
using Flawless.Server.Models;
|
||||||
using Flawless.Server.Services;
|
using Flawless.Server.Services;
|
||||||
@ -10,15 +9,26 @@ using Microsoft.EntityFrameworkCore;
|
|||||||
|
|
||||||
namespace Flawless.Server.Controllers;
|
namespace Flawless.Server.Controllers;
|
||||||
|
|
||||||
[ApiController, Authorize(Roles = "admin"), Route("api/admin")]
|
[ApiController, Authorize, Route("api/admin")]
|
||||||
public class AdminController(
|
public class AdminController(
|
||||||
UserManager<AppUser> userManager,
|
UserManager<AppUser> userManager,
|
||||||
AccessControlService accessControlService,
|
AccessControlService accessControlService,
|
||||||
AppDbContext dbContext) : ControllerBase
|
AppDbContext dbContext) : ControllerBase
|
||||||
{
|
{
|
||||||
|
|
||||||
|
private async ValueTask<ActionResult?> TestIfValid()
|
||||||
|
{
|
||||||
|
var user = (await userManager.GetUserAsync(HttpContext.User))!;
|
||||||
|
if (user.Admin == false) return BadRequest(new FailedResponse("Only admin can do this!"));
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
[HttpPost("superuser/{username}")]
|
[HttpPost("superuser/{username}")]
|
||||||
public async Task<IActionResult> SetSuperuserAsync(string username, bool toSuper)
|
public async Task<IActionResult> SetSuperuserAsync(string username, bool toSuper)
|
||||||
{
|
{
|
||||||
|
var t = await TestIfValid();
|
||||||
|
if (t != null) return t;
|
||||||
|
|
||||||
var user = await userManager.FindByNameAsync(username);
|
var user = await userManager.FindByNameAsync(username);
|
||||||
var optUser = (await userManager.GetUserAsync(HttpContext.User))!;
|
var optUser = (await userManager.GetUserAsync(HttpContext.User))!;
|
||||||
|
|
||||||
@ -34,6 +44,9 @@ public class AdminController(
|
|||||||
[HttpGet("superuser/{username}")]
|
[HttpGet("superuser/{username}")]
|
||||||
public async Task<ActionResult<bool>> GetSuperuserAsync(string username)
|
public async Task<ActionResult<bool>> GetSuperuserAsync(string username)
|
||||||
{
|
{
|
||||||
|
var t = await TestIfValid();
|
||||||
|
if (t != null) return t;
|
||||||
|
|
||||||
var user = await userManager.FindByNameAsync(username);
|
var user = await userManager.FindByNameAsync(username);
|
||||||
if (user == null) return BadRequest(new FailedResponse("User does not exist!"));
|
if (user == null) return BadRequest(new FailedResponse("User does not exist!"));
|
||||||
|
|
||||||
@ -43,6 +56,9 @@ public class AdminController(
|
|||||||
[HttpGet("user/list")]
|
[HttpGet("user/list")]
|
||||||
public async Task<ActionResult<List<AppUser>>> GetUsersAsync()
|
public async Task<ActionResult<List<AppUser>>> GetUsersAsync()
|
||||||
{
|
{
|
||||||
|
var t = await TestIfValid();
|
||||||
|
if (t != null) return t;
|
||||||
|
|
||||||
var users = await userManager.Users.ToListAsync();
|
var users = await userManager.Users.ToListAsync();
|
||||||
return users;
|
return users;
|
||||||
}
|
}
|
||||||
@ -50,6 +66,9 @@ public class AdminController(
|
|||||||
[HttpPost("user/delete/{username}")]
|
[HttpPost("user/delete/{username}")]
|
||||||
public async Task<IActionResult> DeleteUserAsync(string username)
|
public async Task<IActionResult> DeleteUserAsync(string username)
|
||||||
{
|
{
|
||||||
|
var t = await TestIfValid();
|
||||||
|
if (t != null) return t;
|
||||||
|
|
||||||
var user = await userManager.FindByNameAsync(username);
|
var user = await userManager.FindByNameAsync(username);
|
||||||
|
|
||||||
if (user == null) return BadRequest(new FailedResponse("User does not exist!"));
|
if (user == null) return BadRequest(new FailedResponse("User does not exist!"));
|
||||||
@ -74,6 +93,9 @@ public class AdminController(
|
|||||||
[HttpPost("user/disable/{username}")]
|
[HttpPost("user/disable/{username}")]
|
||||||
public async Task<IActionResult> DisableUserAsync(string username)
|
public async Task<IActionResult> DisableUserAsync(string username)
|
||||||
{
|
{
|
||||||
|
var t = await TestIfValid();
|
||||||
|
if (t != null) return t;
|
||||||
|
|
||||||
var user = await userManager.FindByNameAsync(username);
|
var user = await userManager.FindByNameAsync(username);
|
||||||
|
|
||||||
if (user == null) return BadRequest(new FailedResponse("User does not exist!"));
|
if (user == null) return BadRequest(new FailedResponse("User does not exist!"));
|
||||||
@ -86,6 +108,9 @@ public class AdminController(
|
|||||||
[HttpPost("user/reset_password")]
|
[HttpPost("user/reset_password")]
|
||||||
public async Task<IActionResult> ResetPasswordAsync(ResetPasswordRequest r)
|
public async Task<IActionResult> ResetPasswordAsync(ResetPasswordRequest r)
|
||||||
{
|
{
|
||||||
|
var t = await TestIfValid();
|
||||||
|
if (t != null) return t;
|
||||||
|
|
||||||
if (r.Identity == null) return BadRequest(new FailedResponse("Identity (User Id) is not set!"));
|
if (r.Identity == null) return BadRequest(new FailedResponse("Identity (User Id) is not set!"));
|
||||||
var user = await userManager.FindByIdAsync(r.Identity);
|
var user = await userManager.FindByIdAsync(r.Identity);
|
||||||
|
|
||||||
@ -100,6 +125,9 @@ public class AdminController(
|
|||||||
[HttpPost("access_control/ip_whitelist")]
|
[HttpPost("access_control/ip_whitelist")]
|
||||||
public async Task<IActionResult> SetIpWhitelistAsync([FromBody] string[] ips)
|
public async Task<IActionResult> SetIpWhitelistAsync([FromBody] string[] ips)
|
||||||
{
|
{
|
||||||
|
var t = await TestIfValid();
|
||||||
|
if (t != null) return t;
|
||||||
|
|
||||||
await accessControlService.UpdatePolicyAsync(IpPolicyType.Whitelist, ips);
|
await accessControlService.UpdatePolicyAsync(IpPolicyType.Whitelist, ips);
|
||||||
return Ok();
|
return Ok();
|
||||||
}
|
}
|
||||||
@ -107,12 +135,18 @@ public class AdminController(
|
|||||||
[HttpGet("access_control/ip_whitelist")]
|
[HttpGet("access_control/ip_whitelist")]
|
||||||
public async Task<ActionResult<IEnumerable<string>>> GetIpWhitelistAsync()
|
public async Task<ActionResult<IEnumerable<string>>> GetIpWhitelistAsync()
|
||||||
{
|
{
|
||||||
|
var t = await TestIfValid();
|
||||||
|
if (t != null) return t;
|
||||||
|
|
||||||
return Ok(await accessControlService.GetIpListAsync(IpPolicyType.Whitelist));
|
return Ok(await accessControlService.GetIpListAsync(IpPolicyType.Whitelist));
|
||||||
}
|
}
|
||||||
|
|
||||||
[HttpPost("access_control/ip_blacklist")]
|
[HttpPost("access_control/ip_blacklist")]
|
||||||
public async Task<IActionResult> SetIpBlacklistAsync([FromBody] string[] ips)
|
public async Task<IActionResult> SetIpBlacklistAsync([FromBody] string[] ips)
|
||||||
{
|
{
|
||||||
|
var t = await TestIfValid();
|
||||||
|
if (t != null) return t;
|
||||||
|
|
||||||
await accessControlService.UpdatePolicyAsync(IpPolicyType.Blacklist, ips);
|
await accessControlService.UpdatePolicyAsync(IpPolicyType.Blacklist, ips);
|
||||||
return Ok();
|
return Ok();
|
||||||
}
|
}
|
||||||
@ -120,6 +154,9 @@ public class AdminController(
|
|||||||
[HttpGet("access_control/ip_blacklist")]
|
[HttpGet("access_control/ip_blacklist")]
|
||||||
public async Task<ActionResult<IEnumerable<string>>> GetIpBlacklistAsync()
|
public async Task<ActionResult<IEnumerable<string>>> GetIpBlacklistAsync()
|
||||||
{
|
{
|
||||||
|
var t = await TestIfValid();
|
||||||
|
if (t != null) return t;
|
||||||
|
|
||||||
return Ok(await accessControlService.GetIpListAsync(IpPolicyType.Blacklist));
|
return Ok(await accessControlService.GetIpListAsync(IpPolicyType.Blacklist));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -131,6 +168,9 @@ public class AdminController(
|
|||||||
[FromQuery] int page = 1,
|
[FromQuery] int page = 1,
|
||||||
[FromQuery] int pageSize = 50)
|
[FromQuery] int pageSize = 50)
|
||||||
{
|
{
|
||||||
|
var t = await TestIfValid();
|
||||||
|
if (t != null) return t;
|
||||||
|
|
||||||
var query = dbContext.SystemLogs.AsQueryable();
|
var query = dbContext.SystemLogs.AsQueryable();
|
||||||
|
|
||||||
// 时间过滤
|
// 时间过滤
|
||||||
|
|||||||
@ -189,7 +189,6 @@ public static class Program
|
|||||||
|
|
||||||
if (auth?.Any() ?? false)
|
if (auth?.Any() ?? false)
|
||||||
{
|
{
|
||||||
var adminOnly = auth.Any(a => a.Policy?.ToLower() == "admin");
|
|
||||||
var id = p.FindFirst(ClaimTypes.NameIdentifier)?.Value;
|
var id = p.FindFirst(ClaimTypes.NameIdentifier)?.Value;
|
||||||
if (id == null) throw new SecurityTokenExpiredException("User is not defined in the token!");
|
if (id == null) throw new SecurityTokenExpiredException("User is not defined in the token!");
|
||||||
|
|
||||||
@ -201,8 +200,6 @@ public static class Program
|
|||||||
|
|
||||||
var u = await db.FindByIdAsync(id!);
|
var u = await db.FindByIdAsync(id!);
|
||||||
if (u == null) throw new SecurityTokenExpiredException("User is not existed.");
|
if (u == null) throw new SecurityTokenExpiredException("User is not existed.");
|
||||||
if (adminOnly && u.Admin == false)
|
|
||||||
throw new SecurityException("This api is Admin called only!");
|
|
||||||
|
|
||||||
if (u.SecurityStamp != stamp) throw new SecurityTokenExpiredException("SecurityStamp is mismatched.");
|
if (u.SecurityStamp != stamp) throw new SecurityTokenExpiredException("SecurityStamp is mismatched.");
|
||||||
// if (u.LockoutEnabled) throw new SecurityTokenExpiredException("User has been locked."); //todo Fix lockout prob
|
// if (u.LockoutEnabled) throw new SecurityTokenExpiredException("User has been locked."); //todo Fix lockout prob
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user