sam/Foxnouns.NET
sam/Foxnouns.NET
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

feat: allow suspended *and* self-deleted users to access a handful of pages

Browse source
This commit is contained in:
sam 2024-12-17 18:08:43 +01:00
parent 36cb1d2043
commit f766a2054b
Signed by: sam
GPG key ID: B4EF20DDE721CAA1
7 changed files with 32 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Foxnouns.Backend/Dto/User.cs
View file

@ -48,6 +48,7 @@ public record UserResponse(
[property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] Instant? LastActive, [property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] Instant? LastActive,
[property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] Instant? LastSidReroll, [property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] Instant? LastSidReroll,
[property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] string? Timezone, [property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] string? Timezone,
[property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] bool? Suspended,
[property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] bool? Deleted [property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] bool? Deleted
); );

22
Foxnouns.Backend/Middleware/LimitMiddleware.cs
View file

@ -23,25 +23,29 @@ public class LimitMiddleware : IMiddleware
Endpoint? endpoint = ctx.GetEndpoint(); Endpoint? endpoint = ctx.GetEndpoint();
LimitAttribute? attribute = endpoint?.Metadata.GetMetadata<LimitAttribute>(); LimitAttribute? attribute = endpoint?.Metadata.GetMetadata<LimitAttribute>();
Token? token = ctx.GetToken();
if (attribute == null) if (attribute == null)
{ {
// Check for authorize attribute
// If it exists, and the user is deleted, throw an error.
if (
endpoint?.Metadata.GetMetadata<AuthorizeAttribute>() != null
&& token?.User.Deleted == true
)
{
throw new ApiError.Forbidden("Deleted users cannot access this endpoint.");
}
await next(ctx); await next(ctx);
return; return;
} }
Token? token = ctx.GetToken(); if (token?.User.Deleted == true && !attribute.UsableBySuspendedUsers)
if (
token?.User.Deleted == true
&& (!attribute.UsableBySuspendedUsers || token.User.DeletedBy == null)
)
{
throw new ApiError.Forbidden("Deleted users cannot access this endpoint."); throw new ApiError.Forbidden("Deleted users cannot access this endpoint.");
}
if (attribute.RequireAdmin && token?.User.Role != UserRole.Admin) if (attribute.RequireAdmin && token?.User.Role != UserRole.Admin)
{
throw new ApiError.Forbidden("This endpoint can only be used by admins."); throw new ApiError.Forbidden("This endpoint can only be used by admins.");
}
if ( if (
attribute.RequireModerator attribute.RequireModerator

1
Foxnouns.Backend/Services/ModerationRendererService.cs
View file

@ -21,7 +21,6 @@ using Newtonsoft.Json.Linq;
namespace Foxnouns.Backend.Services; namespace Foxnouns.Backend.Services;
public class ModerationRendererService( public class ModerationRendererService(
DatabaseContext db,
UserRendererService userRenderer, UserRendererService userRenderer,
MemberRendererService memberRenderer MemberRendererService memberRenderer
) )

1
Foxnouns.Backend/Services/UserRendererService.cs
View file

@ -115,6 +115,7 @@ public class UserRendererService(
tokenHidden ? user.LastActive : null, tokenHidden ? user.LastActive : null,
tokenHidden ? user.LastSidReroll : null, tokenHidden ? user.LastSidReroll : null,
tokenHidden ? user.Timezone ?? "<none>" : null, tokenHidden ? user.Timezone ?? "<none>" : null,
tokenHidden ? user is { Deleted: true, DeletedBy: not null } : null,
tokenHidden ? user.Deleted : null tokenHidden ? user.Deleted : null
); );
} }

1
Foxnouns.Frontend/src/lib/api/models/user.ts
View file

@ -26,6 +26,7 @@ export type MeUser = UserWithMembers & {
last_active: string; last_active: string;
last_sid_reroll: string; last_sid_reroll: string;
timezone: string; timezone: string;
suspended: boolean;
deleted: boolean; deleted: boolean;
}; };

17
Foxnouns.Frontend/src/lib/components/Navbar.svelte
View file

@ -21,10 +21,17 @@
</script> </script>
{#if user && user.deleted} {#if user && user.deleted}
<div class="suspended-alert text-center py-3 mb-2 px-2"> <div class="deleted-alert text-center py-3 mb-2 px-2">
<strong>{$t("nav.suspended-account-hint")}</strong> {#if user.suspended}
<br /> <strong>{$t("nav.suspended-account-hint")}</strong>
<a href="/contact">{$t("nav.appeal-suspension-link")}</a> <br />
<a href="/contact">{$t("nav.appeal-suspension-link")}</a>
{:else}
<strong>{$t("nav.deleted-account-hint")}</strong>
<br />
<a href="/settings/reactivate">{$t("nav.reactivate-account-link")}</a>
<a href="/contact">{$t("nav.delete-permanently-link")}</a>
{/if}
</div> </div>
{/if} {/if}
@ -66,7 +73,7 @@
</Navbar> </Navbar>
<style> <style>
.suspended-alert { .deleted-alert {
color: var(--bs-danger-text-emphasis); color: var(--bs-danger-text-emphasis);
background-color: var(--bs-danger-bg-subtle); background-color: var(--bs-danger-bg-subtle);
} }

5
Foxnouns.Frontend/src/lib/i18n/locales/en.json
View file

@ -4,7 +4,10 @@
"log-in": "Log in or sign up", "log-in": "Log in or sign up",
"settings": "Settings", "settings": "Settings",
"suspended-account-hint": "Your account has been suspended. Your profile has been hidden and you will not be able to change any settings.", "suspended-account-hint": "Your account has been suspended. Your profile has been hidden and you will not be able to change any settings.",
"appeal-suspension-link": "I want to appeal" "appeal-suspension-link": "I want to appeal",
"deleted-account-hint": "You have requested deletion of your account. If you want to reactivate it, click the link below.",
"reactivate-account-link": "Reactivate account",
"delete-permanently-link": "I want my account deleted permanently"
}, },
"avatar-tooltip": "Avatar for {{name}}", "avatar-tooltip": "Avatar for {{name}}",
"profile": { "profile": {