[Authorize("AdminOnly")]//僅管理員擁有權限
public JsonResult AddUser(
[FromForm]string id,
[FromForm]string password = "******",
[FromForm]UserAuthority authority = UserAuthority.User,
[FromForm]long spaceSize = 0) {
if (string.IsNullOrWhiteSpace(id)) {
throw new ApiArgumentException($"參數{nameof(id)}不該為空字串或null");
}
User newUser = new User() {
Id = id,
Authority = UserAuthority.User,
Name = id,
SpaceSize = spaceSize == -1 ? null : (long?)spaceSize
};
if (newUser.Authority == UserAuthority.Admin) newUser.SpaceSize = null;
newUser.SetPassword(password);
Database.User.Add(newUser);
var rootNode = new FileNode() { Owner = newUser, Name = id };
Database.FileNode.Add(rootNode);
Database.SaveChanges();
return new ApiResult() {
Result = newUser
};
}
public JsonResult Put(
User target,
[FromForm]string name=null,
[FromForm]string password = null,
[FromForm]UserAuthority? authority = null,
[FromForm]long? spaceSize = null) {
if (target == null) target = User;
if (User.Authority != UserAuthority.Admin && target != User) {
throw new AuthorizeException("必須為管理員才可針對其餘使用者資料變更");
}
if(User.Authority == UserAuthority.Admin) {
if (authority.HasValue) target.Authority = authority.Value;
if (spaceSize.HasValue) target.SpaceSize = spaceSize.Value == -1 ? null : spaceSize;
}
if (name != null) target.Name = name;
if (password != null) target.SetPassword(password);
Database.SaveChanges();
return new ApiResult() {
Result = target
};
}