feat(backend): allow suspended users to access some endpoints, add flag scopes

2024-12-11 16:54:06 +01:00 · 2024-12-11 16:54:06 +01:00 · 5cb3faa92b
commit 5cb3faa92b
parent 7f8e72e857
7 changed files with 57 additions and 25 deletions
--- a/Foxnouns.Backend/Controllers/FlagsController.cs
+++ b/Foxnouns.Backend/Controllers/FlagsController.cs
@ -34,7 +34,8 @@ public class FlagsController(
 ) : ApiControllerBase
 {
    [HttpGet]
-    [Authorize("identify")]
+    [Limit(UsableBySuspendedUsers = true)]
+    [Authorize("user.read_flags")]
    [ProducesResponseType<IEnumerable<PrideFlagResponse>>(statusCode: StatusCodes.Status200OK)]
    public async Task<IActionResult> GetFlagsAsync(CancellationToken ct = default)
    {
@ -50,7 +51,7 @@ public class FlagsController(
    public const int MaxFlagCount = 500;

    [HttpPost]
-    [Authorize("user.update")]
+    [Authorize("user.update_flags")]
    [ProducesResponseType<PrideFlagResponse>(statusCode: StatusCodes.Status202Accepted)]
    public async Task<IActionResult> CreateFlagAsync([FromBody] CreateFlagRequest req)
    {
@ -79,7 +80,7 @@ public class FlagsController(
    }

    [HttpPatch("{id}")]
-    [Authorize("user.update")]
+    [Authorize("user.create_flags")]
    [ProducesResponseType<PrideFlagResponse>(statusCode: StatusCodes.Status200OK)]
    public async Task<IActionResult> UpdateFlagAsync(Snowflake id, [FromBody] UpdateFlagRequest req)
    {
@ -104,7 +105,7 @@ public class FlagsController(
    }

    [HttpDelete("{id}")]
-    [Authorize("user.update")]
+    [Authorize("user.update_flags")]
    public async Task<IActionResult> DeleteFlagAsync(Snowflake id)
    {
        PrideFlag? flag = await db.PrideFlags.FirstOrDefaultAsync(f =>
--- a/Foxnouns.Backend/Controllers/MembersController.cs
+++ b/Foxnouns.Backend/Controllers/MembersController.cs
@ -44,6 +44,7 @@ public class MembersController(

    [HttpGet]
    [ProducesResponseType<IEnumerable<PartialMember>>(StatusCodes.Status200OK)]
+    [Limit(UsableBySuspendedUsers = true)]
    public async Task<IActionResult> GetMembersAsync(string userRef, CancellationToken ct = default)
    {
        User user = await db.ResolveUserAsync(userRef, CurrentToken, ct);
@ -52,6 +53,7 @@ public class MembersController(

    [HttpGet("{memberRef}")]
    [ProducesResponseType<MemberResponse>(StatusCodes.Status200OK)]
+    [Limit(UsableBySuspendedUsers = true)]
    public async Task<IActionResult> GetMemberAsync(
        string userRef,
        string memberRef,
--- a/Foxnouns.Backend/Controllers/UsersController.cs
+++ b/Foxnouns.Backend/Controllers/UsersController.cs
@ -42,6 +42,7 @@ public class UsersController(

    [HttpGet("{userRef}")]
    [ProducesResponseType<UserResponse>(statusCode: StatusCodes.Status200OK)]
+    [Limit(UsableBySuspendedUsers = true)]
    public async Task<IActionResult> GetUserAsync(string userRef, CancellationToken ct = default)
    {
        User user = await db.ResolveUserAsync(userRef, CurrentToken, ct);