🐛 Bug fixes in permission management

2025-04-29 22:18:40 +08:00 · 2025-04-29 22:18:40 +08:00 · 8417d766e3
commit 8417d766e3
parent 35792efa9f
2 changed files with 13 additions and 9 deletions
--- a/DysonNetwork.Sphere/Permission/PermissionService.cs
+++ b/DysonNetwork.Sphere/Permission/PermissionService.cs
@ -6,9 +6,15 @@ namespace DysonNetwork.Sphere.Permission;

 public class PermissionService(AppDatabase db)
 {
+    public async Task<bool> HasPermissionAsync(string actor, string area, string key)
+    {
+        var value = await GetPermissionAsync<bool>(actor, area, key);
+        return value;
+    }
+
    public async Task<T?> GetPermissionAsync<T>(string actor, string area, string key)
    {
-        var now =  SystemClock.Instance.GetCurrentInstant();
+        var now = SystemClock.Instance.GetCurrentInstant();
        var groupsId = await db.PermissionGroupMembers
            .Where(n => n.Actor == actor)
            .Where(n => n.ExpiredAt == null || n.ExpiredAt < now)
@ -17,14 +23,14 @@ public class PermissionService(AppDatabase db)
            .ToListAsync();
        var permission = await db.PermissionNodes
            .Where(n => n.GroupId == null || groupsId.Contains(n.GroupId.Value))
-            .Where(n => n.Key == key && n.Actor == actor && n.Area == area)
+            .Where(n => n.Key == key && (n.GroupId != null || n.Actor == actor) && n.Area == area)
            .Where(n => n.ExpiredAt == null || n.ExpiredAt < now)
            .Where(n => n.AffectedAt == null || n.AffectedAt >= now)
            .FirstOrDefaultAsync();
-        
+
        return permission is not null ? _DeserializePermissionValue<T>(permission.Value) : default;
    }
-    
+
    public async Task<PermissionNode> AddPermissionNode<T>(
        string actor,
        string area,
@ -95,7 +101,7 @@ public class PermissionService(AppDatabase db)
    {
        var node = await db.PermissionNodes
            .Where(n => n.GroupId == group.Id)
-            .Where(n => n.Actor == actor &&  n.Area == area && n.Key == key)
+            .Where(n => n.Actor == actor && n.Area == area && n.Key == key)
            .FirstOrDefaultAsync();
        if (node is null) return;
        db.PermissionNodes.Remove(node);
--- a/DysonNetwork.Sphere/Program.cs
+++ b/DysonNetwork.Sphere/Program.cs
@ -212,11 +212,9 @@ app.MapTus("/files/tus", (_) => Task.FromResult<DefaultTusConfiguration>(new()

            var userId = httpContext.User.FindFirst("user_id")?.Value;
            if (userId == null) return;
-            var isSuperuser = httpContext.User.FindFirst("is_superuser")?.Value == "1";
-            if (isSuperuser) userId = "super:" + userId;

-            var enforcer = httpContext.RequestServices.GetRequiredService<IEnforcer>();
-            var allowed = await enforcer.EnforceAsync(userId, "global", "files", "create");
+            var pm = httpContext.RequestServices.GetRequiredService<PermissionService>();
+            var allowed = await pm.HasPermissionAsync($"user:{userId}", "global", "files.create");
            if (!allowed)
            {
                eventContext.FailRequest(HttpStatusCode.Forbidden);