feat: Relaxed file upload authorization from 'Edit' to 'View' permission and updated the year input help text.
This commit is contained in:
@@ -21,7 +21,8 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="row mb-3 align-items-center">
|
<div class="row mb-3 align-items-center">
|
||||||
<Label Class="col-sm-3 col-form-label" For="year" HelpText="Jahrgang (z.B. 2020)"
|
<Label Class="col-sm-3 col-form-label" For="year"
|
||||||
|
HelpText="Gib das Jahr ein, in dem du die Matura abgeschlossen hast (z.B. 2020)"
|
||||||
ResourceKey="Year">Jahrgang: </Label>
|
ResourceKey="Year">Jahrgang: </Label>
|
||||||
<div class="col-sm-9">
|
<div class="col-sm-9">
|
||||||
<input id="year" type="number" class="form-control" @bind="@_year" required min="1900"
|
<input id="year" type="number" class="form-control" @bind="@_year" required min="1900"
|
||||||
@@ -118,16 +119,16 @@
|
|||||||
</form>
|
</form>
|
||||||
|
|
||||||
@code {
|
@code {
|
||||||
public override SecurityAccessLevel SecurityAccessLevel => SecurityAccessLevel.View; // Logic handles checking user own entry
|
public override SecurityAccessLevel SecurityAccessLevel => SecurityAccessLevel.View;
|
||||||
|
|
||||||
public override string Actions => "Add,Edit";
|
public override string Actions => "Add,Edit";
|
||||||
|
|
||||||
public override string Title => "Hall of Fame Eintrag verwalten";
|
public override string Title => "Hall of Fame Eintrag verwalten";
|
||||||
|
|
||||||
public override List<Resource> Resources => new List<Resource>()
|
public override List<Resource> Resources => new List<Resource>()
|
||||||
{
|
{
|
||||||
new Stylesheet("_content/SZUAbsolventenverein.Module.HallOfFame/Module.css")
|
new Stylesheet("_content/SZUAbsolventenverein.Module.HallOfFame/Module.css")
|
||||||
};
|
};
|
||||||
|
|
||||||
private ElementReference form;
|
private ElementReference form;
|
||||||
private bool validated = false;
|
private bool validated = false;
|
||||||
|
|||||||
@@ -201,7 +201,7 @@ namespace SZUAbsolventenverein.Module.HallOfFame.Controllers
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
[HttpPost("upload")]
|
[HttpPost("upload")]
|
||||||
[Authorize(Policy = PolicyNames.EditModule)]
|
[Authorize(Policy = PolicyNames.ViewModule)]
|
||||||
public async Task<IActionResult> Upload(IFormFile file)
|
public async Task<IActionResult> Upload(IFormFile file)
|
||||||
{
|
{
|
||||||
if (file == null || file.Length == 0) return BadRequest("Keine Datei ausgewählt.");
|
if (file == null || file.Length == 0) return BadRequest("Keine Datei ausgewählt.");
|
||||||
|
|||||||
@@ -189,7 +189,7 @@ namespace SZUAbsolventenverein.Module.HallOfFame.Services
|
|||||||
}
|
}
|
||||||
public async Task<string> UploadFileAsync(Stream stream, string fileName, int ModuleId)
|
public async Task<string> UploadFileAsync(Stream stream, string fileName, int ModuleId)
|
||||||
{
|
{
|
||||||
if (_userPermissions.IsAuthorized(_accessor.HttpContext.User, _alias.SiteId, EntityNames.Module, ModuleId, PermissionNames.Edit))
|
if (_userPermissions.IsAuthorized(_accessor.HttpContext.User, _alias.SiteId, EntityNames.Module, ModuleId, PermissionNames.View))
|
||||||
{
|
{
|
||||||
var extension = Path.GetExtension(fileName).ToLower();
|
var extension = Path.GetExtension(fileName).ToLower();
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user