🐛 Bug fixes in permission management

DysonNetwork.Sphere/Permission/PermissionService.cs

@@ -6,6 +6,12 @@ namespace DysonNetwork.Sphere.Permission;
 
 public class PermissionService(AppDatabase db)
 {
+    public async Task<bool> HasPermissionAsync(string actor, string area, string key)
+    {
+        var value = await GetPermissionAsync<bool>(actor, area, key);
+        return value;
+    }
+
     public async Task<T?> GetPermissionAsync<T>(string actor, string area, string key)
     {
         var now = SystemClock.Instance.GetCurrentInstant();
@@ -17,7 +23,7 @@ public class PermissionService(AppDatabase db)
             .ToListAsync();
         var permission = await db.PermissionNodes
             .Where(n => n.GroupId == null || groupsId.Contains(n.GroupId.Value))
-            .Where(n => n.Key == key && n.Actor == actor && n.Area == area)
+            .Where(n => n.Key == key && (n.GroupId != null || n.Actor == actor) && n.Area == area)
             .Where(n => n.ExpiredAt == null || n.ExpiredAt < now)
             .Where(n => n.AffectedAt == null || n.AffectedAt >= now)
             .FirstOrDefaultAsync();

DysonNetwork.Sphere/Program.cs

@@ -212,11 +212,9 @@ app.MapTus("/files/tus", (_) => Task.FromResult<DefaultTusConfiguration>(new()
 
             var userId = httpContext.User.FindFirst("user_id")?.Value;
             if (userId == null) return;
-            var isSuperuser = httpContext.User.FindFirst("is_superuser")?.Value == "1";
-            if (isSuperuser) userId = "super:" + userId;
 
-            var enforcer = httpContext.RequestServices.GetRequiredService<IEnforcer>();
+            var pm = httpContext.RequestServices.GetRequiredService<PermissionService>();
-            var allowed = await enforcer.EnforceAsync(userId, "global", "files", "create");
+            var allowed = await pm.HasPermissionAsync($"user:{userId}", "global", "files.create");
             if (!allowed)
             {
                 eventContext.FailRequest(HttpStatusCode.Forbidden);