sam/Foxnouns.NET
sam/Foxnouns.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages 2 Wiki Activity Actions

feat: allow suspended *and* self-deleted users to access a handful of pages

Browse source
This commit is contained in:
sam 2024-12-17 18:08:43 +01:00
parent 36cb1d2043
commit f766a2054b
Signed by: sam
GPG key ID: B4EF20DDE721CAA1
7 changed files with 32 additions and 16 deletions
Download patch file Download diff file Expand all files Collapse all files

22
Foxnouns.Backend/Middleware/LimitMiddleware.cs
View file

@ -23,25 +23,29 @@ public class LimitMiddleware : IMiddleware
Endpoint? endpoint = ctx.GetEndpoint();
LimitAttribute? attribute = endpoint?.Metadata.GetMetadata<LimitAttribute>();
Token? token = ctx.GetToken();
if (attribute == null)
{
// Check for authorize attribute
// If it exists, and the user is deleted, throw an error.
if (
endpoint?.Metadata.GetMetadata<AuthorizeAttribute>() != null
&& token?.User.Deleted == true
)
{
throw new ApiError.Forbidden("Deleted users cannot access this endpoint.");
}
await next(ctx);
return;
}
Token? token = ctx.GetToken();
if (
token?.User.Deleted == true
&& (!attribute.UsableBySuspendedUsers || token.User.DeletedBy == null)
)
{
if (token?.User.Deleted == true && !attribute.UsableBySuspendedUsers)
throw new ApiError.Forbidden("Deleted users cannot access this endpoint.");
}
if (attribute.RequireAdmin && token?.User.Role != UserRole.Admin)
{
throw new ApiError.Forbidden("This endpoint can only be used by admins.");
}
if (
attribute.RequireModerator