🐛 Bug fixes in permission management

This commit is contained in:
LittleSheep 2025-04-29 22:18:40 +08:00
parent 35792efa9f
commit 8417d766e3
2 changed files with 13 additions and 9 deletions

View File

@ -6,9 +6,15 @@ namespace DysonNetwork.Sphere.Permission;
public class PermissionService(AppDatabase db)
{
public async Task<bool> HasPermissionAsync(string actor, string area, string key)
{
var value = await GetPermissionAsync<bool>(actor, area, key);
return value;
}
public async Task<T?> GetPermissionAsync<T>(string actor, string area, string key)
{
var now = SystemClock.Instance.GetCurrentInstant();
var now = SystemClock.Instance.GetCurrentInstant();
var groupsId = await db.PermissionGroupMembers
.Where(n => n.Actor == actor)
.Where(n => n.ExpiredAt == null || n.ExpiredAt < now)
@ -17,14 +23,14 @@ public class PermissionService(AppDatabase db)
.ToListAsync();
var permission = await db.PermissionNodes
.Where(n => n.GroupId == null || groupsId.Contains(n.GroupId.Value))
.Where(n => n.Key == key && n.Actor == actor && n.Area == area)
.Where(n => n.Key == key && (n.GroupId != null || n.Actor == actor) && n.Area == area)
.Where(n => n.ExpiredAt == null || n.ExpiredAt < now)
.Where(n => n.AffectedAt == null || n.AffectedAt >= now)
.FirstOrDefaultAsync();
return permission is not null ? _DeserializePermissionValue<T>(permission.Value) : default;
}
public async Task<PermissionNode> AddPermissionNode<T>(
string actor,
string area,
@ -95,7 +101,7 @@ public class PermissionService(AppDatabase db)
{
var node = await db.PermissionNodes
.Where(n => n.GroupId == group.Id)
.Where(n => n.Actor == actor && n.Area == area && n.Key == key)
.Where(n => n.Actor == actor && n.Area == area && n.Key == key)
.FirstOrDefaultAsync();
if (node is null) return;
db.PermissionNodes.Remove(node);

View File

@ -212,11 +212,9 @@ app.MapTus("/files/tus", (_) => Task.FromResult<DefaultTusConfiguration>(new()
var userId = httpContext.User.FindFirst("user_id")?.Value;
if (userId == null) return;
var isSuperuser = httpContext.User.FindFirst("is_superuser")?.Value == "1";
if (isSuperuser) userId = "super:" + userId;
var enforcer = httpContext.RequestServices.GetRequiredService<IEnforcer>();
var allowed = await enforcer.EnforceAsync(userId, "global", "files", "create");
var pm = httpContext.RequestServices.GetRequiredService<PermissionService>();
var allowed = await pm.HasPermissionAsync($"user:{userId}", "global", "files.create");
if (!allowed)
{
eventContext.FailRequest(HttpStatusCode.Forbidden);