fix: Correct HallOfFame add and update operations to require View permission instead of Edit.

2026-02-26 16:56:50 +01:00
parent bfa8ff158c
commit 16cb602d3a
2 changed files with 12 additions and 12 deletions
--- a/Server/Controllers/HallOfFameController.cs
+++ b/Server/Controllers/HallOfFameController.cs
@@ -91,7 +91,7 @@ namespace SZUAbsolventenverein.Module.HallOfFame.Controllers

        // POST api/<controller>
        [HttpPost]
-        [Authorize(Policy = PolicyNames.EditModule)]
+        [Authorize(Policy = PolicyNames.ViewModule)]
        public async Task<Models.HallOfFame> Post([FromBody] Models.HallOfFame HallOfFame)
        {
            if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, HallOfFame.ModuleId))
@@ -118,7 +118,7 @@ namespace SZUAbsolventenverein.Module.HallOfFame.Controllers

        // PUT api/<controller>/5
        [HttpPut("{id}")]
-        [Authorize(Policy = PolicyNames.EditModule)]
+        [Authorize(Policy = PolicyNames.ViewModule)]
        public async Task<Models.HallOfFame> Put(int id, [FromBody] Models.HallOfFame HallOfFame)
        {
            if (ModelState.IsValid && HallOfFame.HallOfFameId == id && IsAuthorizedEntityId(EntityNames.Module, HallOfFame.ModuleId))
--- a/Server/Services/HallOfFameService.cs
+++ b/Server/Services/HallOfFameService.cs
@@ -76,7 +76,7 @@ namespace SZUAbsolventenverein.Module.HallOfFame.Services

        public Task<Models.HallOfFame> AddHallOfFameAsync(Models.HallOfFame HallOfFame)
        {
-            if (_userPermissions.IsAuthorized(_accessor.HttpContext.User, _alias.SiteId, EntityNames.Module, HallOfFame.ModuleId, PermissionNames.Edit))
+            if (_userPermissions.IsAuthorized(_accessor.HttpContext.User, _alias.SiteId, EntityNames.Module, HallOfFame.ModuleId, PermissionNames.View))
            {
                HallOfFame = _HallOfFameRepository.AddHallOfFame(HallOfFame);
                _logger.Log(LogLevel.Information, this, LogFunction.Create, "HallOfFame Added {HallOfFame}", HallOfFame);
@@ -91,7 +91,7 @@ namespace SZUAbsolventenverein.Module.HallOfFame.Services

        public Task<Models.HallOfFame> UpdateHallOfFameAsync(Models.HallOfFame HallOfFame)
        {
-            if (_userPermissions.IsAuthorized(_accessor.HttpContext.User, _alias.SiteId, EntityNames.Module, HallOfFame.ModuleId, PermissionNames.Edit))
+            if (_userPermissions.IsAuthorized(_accessor.HttpContext.User, _alias.SiteId, EntityNames.Module, HallOfFame.ModuleId, PermissionNames.View))
            {
                HallOfFame = _HallOfFameRepository.UpdateHallOfFame(HallOfFame);
                _logger.Log(LogLevel.Information, this, LogFunction.Update, "HallOfFame Updated {HallOfFame}", HallOfFame);