From 01d22dacaf10a669e7ec6abf30450304c0eb5dde Mon Sep 17 00:00:00 2001
From: enisn <iletisim@enisnecipoglu.com>
Date: Thu, 31 Dec 2020 15:42:52 +0300
Subject: [PATCH] CmsKit - Add missing Authorize attributes to
 ContentController

---
 .../Volo/CmsKit/Admin/Contents/ContentController.cs    | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/modules/cms-kit/src/Volo.CmsKit.Admin.HttpApi/Volo/CmsKit/Admin/Contents/ContentController.cs b/modules/cms-kit/src/Volo.CmsKit.Admin.HttpApi/Volo/CmsKit/Admin/Contents/ContentController.cs
index 79cf2e0a8f..e3733d6fdb 100644
--- a/modules/cms-kit/src/Volo.CmsKit.Admin.HttpApi/Volo/CmsKit/Admin/Contents/ContentController.cs
+++ b/modules/cms-kit/src/Volo.CmsKit.Admin.HttpApi/Volo/CmsKit/Admin/Contents/ContentController.cs
@@ -1,12 +1,15 @@
-using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Mvc;
 using System;
 using System.Threading.Tasks;
 using Volo.Abp;
 using Volo.Abp.Application.Dtos;
 using Volo.CmsKit.Admin.Contents;
+using Volo.CmsKit.Permissions;
 
 namespace Volo.CmsKit.Admin.HttpApi.Volo.CmsKit.Admin.Contents
 {
+    [Authorize(CmsKitAdminPermissions.Contents.Delete)]
     [RemoteService(Name = CmsKitCommonRemoteServiceConsts.RemoteServiceName)]
     [Area("cms-kit")]
     [Route("api/cms-kit-admin/contents")]
@@ -19,26 +22,31 @@ namespace Volo.CmsKit.Admin.HttpApi.Volo.CmsKit.Admin.Contents
 
         protected IContentAdminAppService ContentAdminAppService { get; }
 
+        [Authorize(CmsKitAdminPermissions.Contents.Create)]
         public Task<ContentDto> CreateAsync(ContentCreateDto input)
         {
             return ContentAdminAppService.CreateAsync(input);
         }
 
+        [Authorize(CmsKitAdminPermissions.Contents.Delete)]
         public Task DeleteAsync(Guid id)
         {
             return ContentAdminAppService.DeleteAsync(id);
         }
 
+        [Authorize(CmsKitAdminPermissions.Contents.Default)]
         public Task<ContentDto> GetAsync(Guid id)
         {
             return ContentAdminAppService.GetAsync(id);
         }
 
+        [Authorize(CmsKitAdminPermissions.Contents.Default)]
         public Task<PagedResultDto<ContentDto>> GetListAsync(ContentGetListInput input)
         {
             return ContentAdminAppService.GetListAsync(input);
         }
 
+        [Authorize(CmsKitAdminPermissions.Contents.Update)]
         public Task<ContentDto> UpdateAsync(Guid id, ContentUpdateDto input)
         {
             return ContentAdminAppService.UpdateAsync(id, input);