Skip to content
Permalink
Browse files Browse the repository at this point in the history
refactor(cloudStorage): improve file onwer check in remove api (#392)
  • Loading branch information
BlackHole1 committed Jul 30, 2021
1 parent e23fe48 commit 425aa97
Showing 1 changed file with 19 additions and 2 deletions.
21 changes: 19 additions & 2 deletions src/v1/controller/cloudStorage/alibabaCloud/remove/index.ts
Expand Up @@ -2,8 +2,8 @@ import { createQueryBuilder, getConnection, In } from "typeorm";
import { Region, Status } from "../../../../../constants/Project";
import {
CloudStorageConfigsDAO,
CloudStorageUserFilesDAO,
CloudStorageFilesDAO,
CloudStorageUserFilesDAO,
} from "../../../../../dao";
import { CloudStorageFilesModel } from "../../../../../model/cloudStorage/CloudStorageFiles";
import { CloudStorageUserFilesModel } from "../../../../../model/cloudStorage/CloudStorageUserFiles";
Expand Down Expand Up @@ -41,6 +41,8 @@ export class AlibabaCloudRemoveFile extends AbstractController<RequestType, Resp
const { fileUUIDs } = this.body;
const userUUID = this.userUUID;

await this.assertFilesOwnerIsCurrentUser();

const fileInfo: FileInfoType[] = await createQueryBuilder(CloudStorageUserFilesModel, "fc")
.addSelect("f.file_uuid", "file_uuid")
.addSelect("f.file_name", "file_name")
Expand All @@ -60,7 +62,10 @@ export class AlibabaCloudRemoveFile extends AbstractController<RequestType, Resp
.getRawMany();

if (fileInfo.length === 0) {
throw new ControllerError(ErrorCode.FileNotFound);
return {
status: Status.Success,
data: {},
};
}

const cloudStorageConfigsInfo = await CloudStorageConfigsDAO().findOne(["total_usage"], {
Expand Down Expand Up @@ -138,6 +143,18 @@ export class AlibabaCloudRemoveFile extends AbstractController<RequestType, Resp
public errorHandler(error: Error): ResponseError {
return this.autoHandlerError(error);
}

private async assertFilesOwnerIsCurrentUser(): Promise<void> {
const filesOwner = await CloudStorageUserFilesDAO().find(["user_uuid"], {
file_uuid: In(this.body.fileUUIDs),
});

for (const { user_uuid } of filesOwner) {
if (user_uuid !== this.userUUID) {
throw new ControllerError(ErrorCode.NotPermission);
}
}
}
}

interface RequestType {
Expand Down

0 comments on commit 425aa97

Please sign in to comment.