Fixed Access Code Binding

Admins can now bind codes of other users
2025-02-17 19:19:18 +01:00 · 2023-12-19 16:27:17 +01:00 · 2023-12-19 16:27:17 +01:00 · e5a8526755
commit e5a8526755
parent d487d7a105
2 changed files with 15 additions and 7 deletions
--- a/TaikoWebUI/Pages/AccessCode.razor.cs
+++ b/TaikoWebUI/Pages/AccessCode.razor.cs
@ -67,7 +67,7 @@ public partial class AccessCode
    {
        if (response != null)
        {
-            var result = await LoginService.BindAccessCode(inputAccessCode, Client);
+            var result = await LoginService.BindAccessCode(inputAccessCode.ToUpper().Trim(), response.Users.First(u => u.Baid == Baid), Client);
            switch (result)
            {
                case 0:
@ -106,6 +106,13 @@ public partial class AccessCode
                        "Access code cannot be empty.<br />Please enter a valid access code.",
                        "Ok");
                    break;
+                case 5:
+                    await DialogService.ShowMessageBox(
+                        "Error",
+                        (MarkupString)
+                        "You can't do that!<br />You need to be an admin to edit someone else's access codes.",
+                        "Ok");
+                    break;
            }
        }
    }
--- a/TaikoWebUI/Services/LoginService.cs
+++ b/TaikoWebUI/Services/LoginService.cs
@ -152,16 +152,17 @@ public class LoginService
        if (newLoggedInUser is null) return;
        LoggedInUser = newLoggedInUser;
    }
-    
-    public async Task<int> BindAccessCode(string inputAccessCode, HttpClient client)
+
+    public async Task<int> BindAccessCode(string inputAccessCode, User user, HttpClient client)
    {
-        if (inputAccessCode.Trim() == "") return 4;
-        if (!IsLoggedIn) return 0;
-        if (LoggedInUser.AccessCodes.Count >= boundAccessCodeUpperLimit) return 2;
+        if (inputAccessCode.Trim() == "") return 4; /*Empty access code*/
+        if (!IsLoggedIn && LoginRequired) return 0; /*User not connected and login is required*/
+        if (LoginRequired && !IsAdmin && !(user.Baid == GetLoggedInUser().Baid)) return 5; /*User not admin trying to update someone elses Access Codes*/
+        if (user.AccessCodes.Count >= boundAccessCodeUpperLimit) return 2; /*Limit of codes has been reached*/
        var request = new BindAccessCodeRequest
        {
            AccessCode = inputAccessCode,
-            Baid = LoggedInUser.Baid
+            Baid = user.Baid
        };
        var responseMessage = await client.PostAsJsonAsync("api/Cards", request);
        return responseMessage.IsSuccessStatusCode ? 1 : 3;