feat: allow suspended *and* self-deleted users to access a handful of pages

2024-12-17 18:08:43 +01:00 · 2024-12-17 18:08:43 +01:00 · f766a2054b
commit f766a2054b
parent 36cb1d2043
7 changed files with 32 additions and 16 deletions
--- a/Foxnouns.Backend/Dto/User.cs
+++ b/Foxnouns.Backend/Dto/User.cs
@ -48,6 +48,7 @@ public record UserResponse(
    [property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] Instant? LastActive,
    [property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] Instant? LastSidReroll,
    [property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] string? Timezone,
+    [property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] bool? Suspended,
    [property: JsonProperty(NullValueHandling = NullValueHandling.Ignore)] bool? Deleted
 );

--- a/Foxnouns.Backend/Middleware/LimitMiddleware.cs
+++ b/Foxnouns.Backend/Middleware/LimitMiddleware.cs
@ -23,26 +23,30 @@ public class LimitMiddleware : IMiddleware
        Endpoint? endpoint = ctx.GetEndpoint();
        LimitAttribute? attribute = endpoint?.Metadata.GetMetadata<LimitAttribute>();

+        Token? token = ctx.GetToken();
+
        if (attribute == null)
        {
-            await next(ctx);
-            return;
-        }
-
-        Token? token = ctx.GetToken();
+            // Check for authorize attribute
+            // If it exists, and the user is deleted, throw an error.
            if (
-            token?.User.Deleted == true
-            && (!attribute.UsableBySuspendedUsers || token.User.DeletedBy == null)
+                endpoint?.Metadata.GetMetadata<AuthorizeAttribute>() != null
+                && token?.User.Deleted == true
            )
            {
                throw new ApiError.Forbidden("Deleted users cannot access this endpoint.");
            }

-        if (attribute.RequireAdmin && token?.User.Role != UserRole.Admin)
-        {
-            throw new ApiError.Forbidden("This endpoint can only be used by admins.");
+            await next(ctx);
+            return;
        }

+        if (token?.User.Deleted == true && !attribute.UsableBySuspendedUsers)
+            throw new ApiError.Forbidden("Deleted users cannot access this endpoint.");
+
+        if (attribute.RequireAdmin && token?.User.Role != UserRole.Admin)
+            throw new ApiError.Forbidden("This endpoint can only be used by admins.");
+
        if (
            attribute.RequireModerator
            && token?.User.Role is not (UserRole.Admin or UserRole.Moderator)
--- a/Foxnouns.Backend/Services/ModerationRendererService.cs
+++ b/Foxnouns.Backend/Services/ModerationRendererService.cs
@ -21,7 +21,6 @@ using Newtonsoft.Json.Linq;
 namespace Foxnouns.Backend.Services;

 public class ModerationRendererService(
-    DatabaseContext db,
    UserRendererService userRenderer,
    MemberRendererService memberRenderer
 )
--- a/Foxnouns.Backend/Services/UserRendererService.cs
+++ b/Foxnouns.Backend/Services/UserRendererService.cs
@ -115,6 +115,7 @@ public class UserRendererService(
            tokenHidden ? user.LastActive : null,
            tokenHidden ? user.LastSidReroll : null,
            tokenHidden ? user.Timezone ?? "<none>" : null,
+            tokenHidden ? user is { Deleted: true, DeletedBy: not null } : null,
            tokenHidden ? user.Deleted : null
        );
    }
--- a/Foxnouns.Frontend/src/lib/api/models/user.ts
+++ b/Foxnouns.Frontend/src/lib/api/models/user.ts
@ -26,6 +26,7 @@ export type MeUser = UserWithMembers & {
 	last_active: string;
 	last_sid_reroll: string;
 	timezone: string;
+	suspended: boolean;
 	deleted: boolean;
 };

--- a/Foxnouns.Frontend/src/lib/components/Navbar.svelte
+++ b/Foxnouns.Frontend/src/lib/components/Navbar.svelte
@ -21,10 +21,17 @@
 </script>

 {#if user && user.deleted}
-	<div class="suspended-alert text-center py-3 mb-2 px-2">
+	<div class="deleted-alert text-center py-3 mb-2 px-2">
+		{#if user.suspended}
 			<strong>{$t("nav.suspended-account-hint")}</strong>
 			<br />
 			<a href="/contact">{$t("nav.appeal-suspension-link")}</a>
+		{:else}
+			<strong>{$t("nav.deleted-account-hint")}</strong>
+			<br />
+			<a href="/settings/reactivate">{$t("nav.reactivate-account-link")}</a> •
+			<a href="/contact">{$t("nav.delete-permanently-link")}</a>
+		{/if}
 	</div>
 {/if}

@ -66,7 +73,7 @@
 </Navbar>

 <style>
-	.suspended-alert {
+	.deleted-alert {
 		color: var(--bs-danger-text-emphasis);
 		background-color: var(--bs-danger-bg-subtle);
 	}
--- a/Foxnouns.Frontend/src/lib/i18n/locales/en.json
+++ b/Foxnouns.Frontend/src/lib/i18n/locales/en.json
@ -4,7 +4,10 @@
 		"log-in": "Log in or sign up",
 		"settings": "Settings",
 		"suspended-account-hint": "Your account has been suspended. Your profile has been hidden and you will not be able to change any settings.",
-		"appeal-suspension-link": "I want to appeal"
+		"appeal-suspension-link": "I want to appeal",
+		"deleted-account-hint": "You have requested deletion of your account. If you want to reactivate it, click the link below.",
+		"reactivate-account-link": "Reactivate account",
+		"delete-permanently-link": "I want my account deleted permanently"
 	},
 	"avatar-tooltip": "Avatar for {{name}}",
 	"profile": {