SolarNetwork/Swarm
2
3
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

🐛 Fix develop API permission check

Browse Source
This commit is contained in:
LittleSheep
2025-08-24 21:53:41 +08:00
parent 9f38a288b9
commit 51db08f374
1 changed files with 26 additions and 25 deletions
Download Patch File Download Diff File Expand all files Collapse all files

51
DysonNetwork.Develop/Identity/CustomAppController.cs
View File

@@ -8,7 +8,8 @@ namespace DysonNetwork.Develop.Identity;
[ApiController] [ApiController]
[Route("/api/developers/{pubName}/projects/{projectId:guid}/apps")] [Route("/api/developers/{pubName}/projects/{projectId:guid}/apps")]
public class CustomAppController(CustomAppService customApps, DeveloperService ds, DevProjectService projectService) : ControllerBase public class CustomAppController(CustomAppService customApps, DeveloperService ds, DevProjectService projectService)
: ControllerBase
{ {
public record CustomAppRequest( public record CustomAppRequest(
[MaxLength(1024)] string? Slug, [MaxLength(1024)] string? Slug,
@@ -26,20 +27,21 @@ public class CustomAppController(CustomAppService customApps, DeveloperService d
{ {
var developer = await ds.GetDeveloperByName(pubName); var developer = await ds.GetDeveloperByName(pubName);
if (developer is null) return NotFound(); if (developer is null) return NotFound();
var project = await projectService.GetProjectAsync(projectId, developer.Id); var project = await projectService.GetProjectAsync(projectId, developer.Id);
if (project is null) return NotFound(); if (project is null) return NotFound();
var apps = await customApps.GetAppsByProjectAsync(projectId); var apps = await customApps.GetAppsByProjectAsync(projectId);
return Ok(apps); return Ok(apps);
} }
[HttpGet("{appId:guid}")] [HttpGet("{appId:guid}")]
public async Task<IActionResult> GetApp([FromRoute] string pubName, [FromRoute] Guid projectId, [FromRoute] Guid appId) public async Task<IActionResult> GetApp([FromRoute] string pubName, [FromRoute] Guid projectId,
[FromRoute] Guid appId)
{ {
var developer = await ds.GetDeveloperByName(pubName); var developer = await ds.GetDeveloperByName(pubName);
if (developer is null) return NotFound(); if (developer is null) return NotFound();
var project = await projectService.GetProjectAsync(projectId, developer.Id); var project = await projectService.GetProjectAsync(projectId, developer.Id);
if (project is null) return NotFound(); if (project is null) return NotFound();
@@ -53,18 +55,20 @@ public class CustomAppController(CustomAppService customApps, DeveloperService d
[HttpPost] [HttpPost]
[Authorize] [Authorize]
public async Task<IActionResult> CreateApp( public async Task<IActionResult> CreateApp(
[FromRoute] string pubName, [FromRoute] string pubName,
[FromRoute] Guid projectId, [FromRoute] Guid projectId,
[FromBody] CustomAppRequest request) [FromBody] CustomAppRequest request)
{ {
if (HttpContext.Items["CurrentUser"] is not Account currentUser) if (HttpContext.Items["CurrentUser"] is not Account currentUser)
return Unauthorized(); return Unauthorized();
var developer = await ds.GetDeveloperByName(pubName); var developer = await ds.GetDeveloperByName(pubName);
var accountId = Guid.Parse(currentUser.Id); if (developer is null)
if (developer is null || developer.Id != accountId) return NotFound("Developer not found");
return Forbid();
if (!await ds.IsMemberWithRole(developer.PublisherId, Guid.Parse(currentUser.Id), PublisherMemberRole.Editor))
return StatusCode(403, "You must be an editor of the developer to create a custom app");
var project = await projectService.GetProjectAsync(projectId, developer.Id); var project = await projectService.GetProjectAsync(projectId, developer.Id);
if (project is null) if (project is null)
return NotFound("Project not found or you don't have access"); return NotFound("Project not found or you don't have access");
@@ -72,17 +76,14 @@ public class CustomAppController(CustomAppService customApps, DeveloperService d
if (string.IsNullOrWhiteSpace(request.Name) || string.IsNullOrWhiteSpace(request.Slug)) if (string.IsNullOrWhiteSpace(request.Name) || string.IsNullOrWhiteSpace(request.Slug))
return BadRequest("Name and slug are required"); return BadRequest("Name and slug are required");
if (!await ds.IsMemberWithRole(developer.PublisherId, Guid.Parse(currentUser.Id), PublisherMemberRole.Editor))
return StatusCode(403, "You must be an editor of the developer to create a custom app");
try try
{ {
var app = await customApps.CreateAppAsync(projectId, request); var app = await customApps.CreateAppAsync(projectId, request);
if (app == null) if (app == null)
return BadRequest("Failed to create app"); return BadRequest("Failed to create app");
return CreatedAtAction( return CreatedAtAction(
nameof(GetApp), nameof(GetApp),
new { pubName, projectId, appId = app.Id }, new { pubName, projectId, appId = app.Id },
app app
); );
@@ -102,16 +103,16 @@ public class CustomAppController(CustomAppService customApps, DeveloperService d
[FromBody] CustomAppRequest request [FromBody] CustomAppRequest request
) )
{ {
if (HttpContext.Items["CurrentUser"] is not Account currentUser) if (HttpContext.Items["CurrentUser"] is not Account currentUser)
return Unauthorized(); return Unauthorized();
var developer = await ds.GetDeveloperByName(pubName); var developer = await ds.GetDeveloperByName(pubName);
if (developer is null) if (developer is null)
return NotFound("Developer not found"); return NotFound("Developer not found");
if (!await ds.IsMemberWithRole(developer.PublisherId, Guid.Parse(currentUser.Id), PublisherMemberRole.Editor)) if (!await ds.IsMemberWithRole(developer.PublisherId, Guid.Parse(currentUser.Id), PublisherMemberRole.Editor))
return StatusCode(403, "You must be an editor of the developer to update a custom app"); return StatusCode(403, "You must be an editor of the developer to update a custom app");
var project = await projectService.GetProjectAsync(projectId, developer.Id); var project = await projectService.GetProjectAsync(projectId, developer.Id);
if (project is null) if (project is null)
return NotFound("Project not found or you don't have access"); return NotFound("Project not found or you don't have access");
@@ -139,16 +140,16 @@ public class CustomAppController(CustomAppService customApps, DeveloperService d
[FromRoute] Guid appId [FromRoute] Guid appId
) )
{ {
if (HttpContext.Items["CurrentUser"] is not Account currentUser) if (HttpContext.Items["CurrentUser"] is not Account currentUser)
return Unauthorized(); return Unauthorized();
var developer = await ds.GetDeveloperByName(pubName); var developer = await ds.GetDeveloperByName(pubName);
if (developer is null) if (developer is null)
return NotFound("Developer not found"); return NotFound("Developer not found");
if (!await ds.IsMemberWithRole(developer.PublisherId, Guid.Parse(currentUser.Id), PublisherMemberRole.Editor)) if (!await ds.IsMemberWithRole(developer.PublisherId, Guid.Parse(currentUser.Id), PublisherMemberRole.Editor))
return StatusCode(403, "You must be an editor of the developer to delete a custom app"); return StatusCode(403, "You must be an editor of the developer to delete a custom app");
var project = await projectService.GetProjectAsync(projectId, developer.Id); var project = await projectService.GetProjectAsync(projectId, developer.Id);
if (project is null) if (project is null)
return NotFound("Project not found or you don't have access"); return NotFound("Project not found or you don't have access");
@@ -160,7 +161,7 @@ public class CustomAppController(CustomAppService customApps, DeveloperService d
var result = await customApps.DeleteAppAsync(appId); var result = await customApps.DeleteAppAsync(appId);
if (!result) if (!result)
return NotFound(); return NotFound();
return NoContent(); return NoContent();
} }
} }