fix: Correct HallOfFame add and update operations to require View permission instead of Edit.
This commit is contained in:
@@ -91,7 +91,7 @@ namespace SZUAbsolventenverein.Module.HallOfFame.Controllers
|
|||||||
|
|
||||||
// POST api/<controller>
|
// POST api/<controller>
|
||||||
[HttpPost]
|
[HttpPost]
|
||||||
[Authorize(Policy = PolicyNames.EditModule)]
|
[Authorize(Policy = PolicyNames.ViewModule)]
|
||||||
public async Task<Models.HallOfFame> Post([FromBody] Models.HallOfFame HallOfFame)
|
public async Task<Models.HallOfFame> Post([FromBody] Models.HallOfFame HallOfFame)
|
||||||
{
|
{
|
||||||
if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, HallOfFame.ModuleId))
|
if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, HallOfFame.ModuleId))
|
||||||
@@ -118,7 +118,7 @@ namespace SZUAbsolventenverein.Module.HallOfFame.Controllers
|
|||||||
|
|
||||||
// PUT api/<controller>/5
|
// PUT api/<controller>/5
|
||||||
[HttpPut("{id}")]
|
[HttpPut("{id}")]
|
||||||
[Authorize(Policy = PolicyNames.EditModule)]
|
[Authorize(Policy = PolicyNames.ViewModule)]
|
||||||
public async Task<Models.HallOfFame> Put(int id, [FromBody] Models.HallOfFame HallOfFame)
|
public async Task<Models.HallOfFame> Put(int id, [FromBody] Models.HallOfFame HallOfFame)
|
||||||
{
|
{
|
||||||
if (ModelState.IsValid && HallOfFame.HallOfFameId == id && IsAuthorizedEntityId(EntityNames.Module, HallOfFame.ModuleId))
|
if (ModelState.IsValid && HallOfFame.HallOfFameId == id && IsAuthorizedEntityId(EntityNames.Module, HallOfFame.ModuleId))
|
||||||
|
|||||||
@@ -76,7 +76,7 @@ namespace SZUAbsolventenverein.Module.HallOfFame.Services
|
|||||||
|
|
||||||
public Task<Models.HallOfFame> AddHallOfFameAsync(Models.HallOfFame HallOfFame)
|
public Task<Models.HallOfFame> AddHallOfFameAsync(Models.HallOfFame HallOfFame)
|
||||||
{
|
{
|
||||||
if (_userPermissions.IsAuthorized(_accessor.HttpContext.User, _alias.SiteId, EntityNames.Module, HallOfFame.ModuleId, PermissionNames.Edit))
|
if (_userPermissions.IsAuthorized(_accessor.HttpContext.User, _alias.SiteId, EntityNames.Module, HallOfFame.ModuleId, PermissionNames.View))
|
||||||
{
|
{
|
||||||
HallOfFame = _HallOfFameRepository.AddHallOfFame(HallOfFame);
|
HallOfFame = _HallOfFameRepository.AddHallOfFame(HallOfFame);
|
||||||
_logger.Log(LogLevel.Information, this, LogFunction.Create, "HallOfFame Added {HallOfFame}", HallOfFame);
|
_logger.Log(LogLevel.Information, this, LogFunction.Create, "HallOfFame Added {HallOfFame}", HallOfFame);
|
||||||
@@ -91,7 +91,7 @@ namespace SZUAbsolventenverein.Module.HallOfFame.Services
|
|||||||
|
|
||||||
public Task<Models.HallOfFame> UpdateHallOfFameAsync(Models.HallOfFame HallOfFame)
|
public Task<Models.HallOfFame> UpdateHallOfFameAsync(Models.HallOfFame HallOfFame)
|
||||||
{
|
{
|
||||||
if (_userPermissions.IsAuthorized(_accessor.HttpContext.User, _alias.SiteId, EntityNames.Module, HallOfFame.ModuleId, PermissionNames.Edit))
|
if (_userPermissions.IsAuthorized(_accessor.HttpContext.User, _alias.SiteId, EntityNames.Module, HallOfFame.ModuleId, PermissionNames.View))
|
||||||
{
|
{
|
||||||
HallOfFame = _HallOfFameRepository.UpdateHallOfFame(HallOfFame);
|
HallOfFame = _HallOfFameRepository.UpdateHallOfFame(HallOfFame);
|
||||||
_logger.Log(LogLevel.Information, this, LogFunction.Update, "HallOfFame Updated {HallOfFame}", HallOfFame);
|
_logger.Log(LogLevel.Information, this, LogFunction.Update, "HallOfFame Updated {HallOfFame}", HallOfFame);
|
||||||
|
|||||||
Reference in New Issue
Block a user