Cutlery/Kyoo
1
0
Fork 0
mirror of https://github.com/zoriya/Kyoo.git synced 2025-07-09 03:04:20 -04:00
Code Issues Packages Projects Releases Wiki Activity

Fix permisson error return body

Browse Source
This commit is contained in:
Zoe Roux 2022-05-28 00:32:00 +02:00
parent dc8152dfaf
commit 5eddacb7d9
No known key found for this signature in database
GPG Key ID: 54F19BB73170955D
2 changed files with 17 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
src/Kyoo.Authentication/Controllers/PermissionValidator.cs
View File

@ -22,6 +22,7 @@ using System.Linq;
using System.Threading.Tasks;
using Kyoo.Abstractions.Controllers;
using Kyoo.Abstractions.Models.Permissions;
using Kyoo.Abstractions.Models.Utils;
using Kyoo.Authentication.Models;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.JwtBearer;
@ -173,15 +174,28 @@ namespace Kyoo.Authentication
{
ICollection<string> permissions = res.Principal.GetPermissions();
if (permissions.All(x => x != permStr && x != overallStr))
context.Result = new StatusCodeResult(StatusCodes.Status403Forbidden);
{
context.Result = _ErrorResult($"Missing permission: {permStr}", StatusCodes.Status403Forbidden);
}
}
else
{
ICollection<string> permissions = _options.CurrentValue.Default ?? Array.Empty<string>();
if (res.Failure != null || permissions.All(x => x != permStr && x != overallStr))
context.Result = new StatusCodeResult(StatusCodes.Status401Unauthorized);
context.Result = _ErrorResult($"Unlogged user does not have permission: {permStr}", StatusCodes.Status401Unauthorized);
}
}
}
/// <summary>
/// Create a new action result with the given error message and error code.
/// </summary>
/// <param name="error">The error message.</param>
/// <param name="code">The status code of the error.</param>
/// <returns>The resulting error action.</returns>
private static IActionResult _ErrorResult(string error, int code)
{
return new ObjectResult(new RequestError(error)) { StatusCode = code };
}
}
}

2
src/Kyoo.Authentication/Views/AuthApi.cs
View File

@ -230,7 +230,7 @@ namespace Kyoo.Authentication.Views
/// <param name="user">The new data for the current user.</param>
/// <returns>The currently authenticated user after modifications.</returns>
/// <response code="403">The given access token is invalid.</response>
[HttpPut("me")]
[HttpPatch("me")]
[UserOnly]
[ProducesResponseType(StatusCodes.Status200OK)]
[ProducesResponseType(StatusCodes.Status403Forbidden)]