SolarNetwork/Swarm
2
3
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

🐛 Fix develop API permission check

Browse Source
This commit is contained in:
LittleSheep
2025-08-24 21:53:41 +08:00
parent 9f38a288b9
commit 51db08f374
1 changed files with 26 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
DysonNetwork.Develop/Identity/CustomAppController.cs
View File

@@ -8,7 +8,8 @@ namespace DysonNetwork.Develop.Identity;
[ApiController] [ApiController]
[Route("/api/developers/{pubName}/projects/{projectId:guid}/apps")] [Route("/api/developers/{pubName}/projects/{projectId:guid}/apps")]
public class CustomAppController(CustomAppService customApps, DeveloperService ds, DevProjectService projectService) : ControllerBase public class CustomAppController(CustomAppService customApps, DeveloperService ds, DevProjectService projectService)
: ControllerBase
{ {
public record CustomAppRequest( public record CustomAppRequest(
[MaxLength(1024)] string? Slug, [MaxLength(1024)] string? Slug,
@@ -35,7 +36,8 @@ public class CustomAppController(CustomAppService customApps, DeveloperService d
} }
[HttpGet("{appId:guid}")] [HttpGet("{appId:guid}")]
public async Task<IActionResult> GetApp([FromRoute] string pubName, [FromRoute] Guid projectId, [FromRoute] Guid appId) public async Task<IActionResult> GetApp([FromRoute] string pubName, [FromRoute] Guid projectId,
[FromRoute] Guid appId)
{ {
var developer = await ds.GetDeveloperByName(pubName); var developer = await ds.GetDeveloperByName(pubName);
if (developer is null) return NotFound(); if (developer is null) return NotFound();
@@ -61,9 +63,11 @@ public class CustomAppController(CustomAppService customApps, DeveloperService d
return Unauthorized(); return Unauthorized();
var developer = await ds.GetDeveloperByName(pubName); var developer = await ds.GetDeveloperByName(pubName);
var accountId = Guid.Parse(currentUser.Id); if (developer is null)
if (developer is null || developer.Id != accountId) return NotFound("Developer not found");
return Forbid();
if (!await ds.IsMemberWithRole(developer.PublisherId, Guid.Parse(currentUser.Id), PublisherMemberRole.Editor))
return StatusCode(403, "You must be an editor of the developer to create a custom app");
var project = await projectService.GetProjectAsync(projectId, developer.Id); var project = await projectService.GetProjectAsync(projectId, developer.Id);
if (project is null) if (project is null)
@@ -72,9 +76,6 @@ public class CustomAppController(CustomAppService customApps, DeveloperService d
if (string.IsNullOrWhiteSpace(request.Name) || string.IsNullOrWhiteSpace(request.Slug)) if (string.IsNullOrWhiteSpace(request.Name) || string.IsNullOrWhiteSpace(request.Slug))
return BadRequest("Name and slug are required"); return BadRequest("Name and slug are required");
if (!await ds.IsMemberWithRole(developer.PublisherId, Guid.Parse(currentUser.Id), PublisherMemberRole.Editor))
return StatusCode(403, "You must be an editor of the developer to create a custom app");
try try
{ {
var app = await customApps.CreateAppAsync(projectId, request); var app = await customApps.CreateAppAsync(projectId, request);