feat: Relaxed file upload authorization from 'Edit' to 'View' permission and updated the year input help text.

2026-02-26 17:08:52 +01:00
parent 16cb602d3a
commit f42c3fe9f2
3 changed files with 8 additions and 7 deletions
--- a/Client/Modules/SZUAbsolventenverein.Module.HallOfFame/Edit.razor
+++ b/Client/Modules/SZUAbsolventenverein.Module.HallOfFame/Edit.razor
@@ -21,7 +21,8 @@
            </div>
        </div>
        <div class="row mb-3 align-items-center">
-            <Label Class="col-sm-3 col-form-label" For="year" HelpText="Jahrgang (z.B. 2020)"
+            <Label Class="col-sm-3 col-form-label" For="year"
+                HelpText="Gib das Jahr ein, in dem du die Matura abgeschlossen hast (z.B. 2020)"
                ResourceKey="Year">Jahrgang: </Label>
            <div class="col-sm-9">
                <input id="year" type="number" class="form-control" @bind="@_year" required min="1900"
@@ -118,16 +119,16 @@
 </form>

@code {
-    public override SecurityAccessLevel SecurityAccessLevel => SecurityAccessLevel.View; // Logic handles checking user own entry
+    public override SecurityAccessLevel SecurityAccessLevel => SecurityAccessLevel.View;

    public override string Actions => "Add,Edit";

    public override string Title => "Hall of Fame Eintrag verwalten";

    public override List<Resource> Resources => new List<Resource>()
-    {
-        new Stylesheet("_content/SZUAbsolventenverein.Module.HallOfFame/Module.css")
-    };
+{
+new Stylesheet("_content/SZUAbsolventenverein.Module.HallOfFame/Module.css")
+};

    private ElementReference form;
    private bool validated = false;
--- a/Server/Controllers/HallOfFameController.cs
+++ b/Server/Controllers/HallOfFameController.cs
@@ -201,7 +201,7 @@ namespace SZUAbsolventenverein.Module.HallOfFame.Controllers
            }
        }
        [HttpPost("upload")]
-        [Authorize(Policy = PolicyNames.EditModule)]
+        [Authorize(Policy = PolicyNames.ViewModule)]
        public async Task<IActionResult> Upload(IFormFile file)
        {
            if (file == null || file.Length == 0) return BadRequest("Keine Datei ausgewählt.");
--- a/Server/Services/HallOfFameService.cs
+++ b/Server/Services/HallOfFameService.cs
@@ -189,7 +189,7 @@ namespace SZUAbsolventenverein.Module.HallOfFame.Services
        }
        public async Task<string> UploadFileAsync(Stream stream, string fileName, int ModuleId)
        {
-            if (_userPermissions.IsAuthorized(_accessor.HttpContext.User, _alias.SiteId, EntityNames.Module, ModuleId, PermissionNames.Edit))
+            if (_userPermissions.IsAuthorized(_accessor.HttpContext.User, _alias.SiteId, EntityNames.Module, ModuleId, PermissionNames.View))
            {
                var extension = Path.GetExtension(fileName).ToLower();