Diplomarbeit-Absolventenverein/Module.HallOfFame
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Relaxed file upload authorization from 'Edit' to 'View' permission and updated the year input help text.

Browse Source
This commit is contained in:
Adam Gaiswinkler
2026-02-26 17:08:52 +01:00
parent 16cb602d3a
commit f42c3fe9f2
3 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
Client/Modules/SZUAbsolventenverein.Module.HallOfFame/Edit.razor
View File

@@ -21,7 +21,8 @@
</div> </div>
</div> </div>
<div class="row mb-3 align-items-center"> <div class="row mb-3 align-items-center">
<Label Class="col-sm-3 col-form-label" For="year" HelpText="Jahrgang (z.B. 2020)" <Label Class="col-sm-3 col-form-label" For="year"
HelpText="Gib das Jahr ein, in dem du die Matura abgeschlossen hast (z.B. 2020)"
ResourceKey="Year">Jahrgang: </Label> ResourceKey="Year">Jahrgang: </Label>
<div class="col-sm-9"> <div class="col-sm-9">
<input id="year" type="number" class="form-control" @bind="@_year" required min="1900" <input id="year" type="number" class="form-control" @bind="@_year" required min="1900"
@@ -118,7 +119,7 @@
</form> </form>
@code { @code {
public override SecurityAccessLevel SecurityAccessLevel => SecurityAccessLevel.View; // Logic handles checking user own entry public override SecurityAccessLevel SecurityAccessLevel => SecurityAccessLevel.View;
public override string Actions => "Add,Edit"; public override string Actions => "Add,Edit";

2
Server/Controllers/HallOfFameController.cs
View File

@@ -201,7 +201,7 @@ namespace SZUAbsolventenverein.Module.HallOfFame.Controllers
} }
} }
[HttpPost("upload")] [HttpPost("upload")]
[Authorize(Policy = PolicyNames.EditModule)] [Authorize(Policy = PolicyNames.ViewModule)]
public async Task<IActionResult> Upload(IFormFile file) public async Task<IActionResult> Upload(IFormFile file)
{ {
if (file == null || file.Length == 0) return BadRequest("Keine Datei ausgewählt."); if (file == null || file.Length == 0) return BadRequest("Keine Datei ausgewählt.");

2
Server/Services/HallOfFameService.cs
View File

@@ -189,7 +189,7 @@ namespace SZUAbsolventenverein.Module.HallOfFame.Services
} }
public async Task<string> UploadFileAsync(Stream stream, string fileName, int ModuleId) public async Task<string> UploadFileAsync(Stream stream, string fileName, int ModuleId)
{ {
if (_userPermissions.IsAuthorized(_accessor.HttpContext.User, _alias.SiteId, EntityNames.Module, ModuleId, PermissionNames.Edit)) if (_userPermissions.IsAuthorized(_accessor.HttpContext.User, _alias.SiteId, EntityNames.Module, ModuleId, PermissionNames.View))
{ {
var extension = Path.GetExtension(fileName).ToLower(); var extension = Path.GetExtension(fileName).ToLower();