Cutlery/Kavita
1
0
Fork 0
mirror of https://github.com/Kareadita/Kavita.git synced 2025-06-01 20:54:12 -04:00
Code Issues Packages Projects Releases Wiki Activity

Added a new policy to require being an admin. Implemented ability to delete a user.

Browse Source
This commit is contained in:
Joseph Milazzo 2020-12-24 08:13:58 -06:00
parent bb276a5984
commit f0919042b0
6 changed files with 44 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
API/Controllers/AdminController.cs
View File

@ -26,10 +26,18 @@ namespace API.Controllers
} }
[Authorize(Policy = "RequireAdminRole")] [Authorize(Policy = "RequireAdminRole")]
[HttpDelete] [HttpDelete("delete-user")]
public async Task<ActionResult> DeleteUser(string username) public async Task<ActionResult> DeleteUser(string username)
{ {
return BadRequest("Not Implemented"); var user = await _userRepository.GetUserByUsernameAsync(username);
_userRepository.Delete(user);
if (await _userRepository.SaveAllAsync())
{
return Ok();
}
return BadRequest("Could not delete the user.");
} }

3
API/Controllers/LibraryController.cs
View File

@ -77,14 +77,13 @@ namespace API.Controllers
// return Ok(await _libraryRepository.GetLibrariesForUserAsync(user)); // return Ok(await _libraryRepository.GetLibrariesForUserAsync(user));
// } // }
[Authorize(Policy = "RequireAdminRole")]
[HttpPut("update-for")] [HttpPut("update-for")]
public async Task<ActionResult<MemberDto>> UpdateLibrary(UpdateLibraryDto updateLibraryDto) public async Task<ActionResult<MemberDto>> UpdateLibrary(UpdateLibraryDto updateLibraryDto)
{ {
// TODO: Only admins can do this
var user = await _userRepository.GetUserByUsernameAsync(updateLibraryDto.Username); var user = await _userRepository.GetUserByUsernameAsync(updateLibraryDto.Username);
if (user == null) return BadRequest("Could not validate user"); if (user == null) return BadRequest("Could not validate user");
if (!user.IsAdmin) return Unauthorized("Only admins are permitted");
user.Libraries = new List<Library>(); user.Libraries = new List<Library>();

1
API/DTOs/MemberDto.cs
View File

@ -15,5 +15,6 @@ namespace API.DTOs
public DateTime Created { get; set; } public DateTime Created { get; set; }
public DateTime LastActive { get; set; } public DateTime LastActive { get; set; }
public IEnumerable<LibraryDto> Libraries { get; set; } public IEnumerable<LibraryDto> Libraries { get; set; }
public IEnumerable<string> Roles { get; set; }
} }
} }

27
API/Data/UserRepository.cs
View File

@ -6,6 +6,7 @@ using API.Entities;
using API.Interfaces; using API.Interfaces;
using AutoMapper; using AutoMapper;
using AutoMapper.QueryableExtensions; using AutoMapper.QueryableExtensions;
using Microsoft.AspNetCore.Identity;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
namespace API.Data namespace API.Data
@ -14,11 +15,13 @@ namespace API.Data
{ {
private readonly DataContext _context; private readonly DataContext _context;
private readonly IMapper _mapper; private readonly IMapper _mapper;
private readonly UserManager<AppUser> _userManager;
public UserRepository(DataContext context, IMapper mapper) public UserRepository(DataContext context, IMapper mapper, UserManager<AppUser> userManager)
{ {
_context = context; _context = context;
_mapper = mapper; _mapper = mapper;
_userManager = userManager;
} }
public void Update(AppUser user) public void Update(AppUser user)
@ -26,6 +29,11 @@ namespace API.Data
_context.Entry(user).State = EntityState.Modified; _context.Entry(user).State = EntityState.Modified;
} }
public void Delete(AppUser user)
{
_context.Users.Remove(user);
}
public async Task<bool> SaveAllAsync() public async Task<bool> SaveAllAsync()
{ {
return await _context.SaveChangesAsync() > 0; return await _context.SaveChangesAsync() > 0;
@ -49,6 +57,23 @@ namespace API.Data
public async Task<IEnumerable<MemberDto>> GetMembersAsync() public async Task<IEnumerable<MemberDto>> GetMembersAsync()
{ {
return await _userManager.Users
.Include(x => x.Libraries)
.Include(r => r.UserRoles)
.ThenInclude(r => r.Role)
.OrderBy(u => u.UserName)
.Select(u => new MemberDto
{
Id = u.Id,
Username = u.UserName,
Created = u.Created,
LastActive = u.LastActive,
Roles = u.UserRoles.Select(r => r.Role.Name).ToList()
})
.ToListAsync();
//return await _context.Users.Include(x => x.Libraries)
return await _context.Users.Include(x => x.Libraries) return await _context.Users.Include(x => x.Libraries)
.Include(x => x.Libraries) .Include(x => x.Libraries)
.ProjectTo<MemberDto>(_mapper.ConfigurationProvider) .ProjectTo<MemberDto>(_mapper.ConfigurationProvider)

5
API/Extensions/IdentityServiceExtensions.cs
View File

@ -35,6 +35,11 @@ namespace API.Extensions
ValidateAudience = false ValidateAudience = false
}; };
}); });
services.AddAuthorization(opt =>
{
opt.AddPolicy("RequireAdminRole", policy => policy.RequireRole("Admin"));
});
return services; return services;
} }
} }

1
API/Interfaces/IUserRepository.cs
View File

@ -15,5 +15,6 @@ namespace API.Interfaces
Task<AppUser> GetUserByUsernameAsync(string username); Task<AppUser> GetUserByUsernameAsync(string username);
Task<IEnumerable<MemberDto>> GetMembersAsync(); Task<IEnumerable<MemberDto>> GetMembersAsync();
Task<MemberDto> GetMemberAsync(string username); Task<MemberDto> GetMemberAsync(string username);
public void Delete(AppUser user);
} }
} }