コード例 #1
0
        public override async Task <V> CleanViewGeneralAsync(V view, Requester requester)
        {
            view = await base.CleanViewGeneralAsync(view, requester);

            //This SHOULD stop banned users from posting or editing content... I think??
            //var bansearch = new BanSearch();
            //bansearch.CreateUserIds.Add(requester.userId);
            //var ban = banSource.GetCurrentBan(await banSource.SimpleSearchRawAsync(bansearch));
            var ban = await banSource.GetUserBan(requester.userId);

            //This just means they can't create public content, but they can still make private stuff... idk
            if (ban != null && (ban.type == BanType.@public && view.permissions.ContainsKey(0) &&
                                view.permissions[0].ToLower().Contains(Actions.KeyMap[Keys.ReadAction].ToLower()))) //Don't handle other kinds of bans yet
            {
                throw new AuthorizationException("You are banned: " + ban.message);
            }

            if (view.parentId > 0)
            {
                var parent = await provider.FindByIdAsync(view.parentId);

                if (parent == null)
                {
                    throw new BadRequestException($"No parent with id {view.parentId}");
                }

                if (!String.IsNullOrEmpty(ParentType) && !parent.Entity.type.StartsWith(ParentType))
                {
                    throw new BadRequestException("Wrong parent type!");
                }

                //Only for CREATING. This is a silly weird thing since this is the general cleanup...
                //Almost NOTHING requires cleanup specifically for create.
                if (view.id == 0 && !CanUser(requester, Keys.CreateAction, parent))
                {
                    throw new AuthorizationException($"User cannot create entities in parent {view.parentId}");
                }
            }
            else if (!AllowOrphanPosts)
            {
                //Only super users can create parentless entities... for now. This is a safety feature and may (never) be removed
                FailUnlessSuper(requester);
            }

            await CheckPermissionUsersAsync(view);

            services.permissions.CheckPermissionValues(view.permissions);

            return(view);
        }
コード例 #2
0
        protected virtual async Task <EntityPackage> BasicParentCheckAsync(long parentId, Requester requester)
        {
            var parent = await provider.FindByIdAsync(parentId);

            //Parent must be content
            if (parent == null || !parent.Entity.type.StartsWith(Keys.ContentType))
            {
                throw new BadRequestException("Parent couldn't be found!");
            }

            //Banning is such a "base" thing
            var ban = await banSource.GetUserBan(requester.userId);

            //This just means they can't create public content, but they can still make private stuff... idk
            if (ban != null && (ban.type == BanType.@public && services.permissions.CanUser(new Requester()
            {
                userId = 0
            }, Keys.ReadAction, parent)))
            {
                throw new BannedException(ban.message);
            }

            return(parent);
        }