#833 Blog module authorization revision.

6 years ago · 15931ec368
parent 853aab9704
commit 15931ec368
4 changed files with 6 additions and 19 deletions
--- a/modules/blogging/src/Volo.Blogging.Application.Contracts/Volo/Blogging/BloggingPermissions.cs
+++ b/modules/blogging/src/Volo.Blogging.Application.Contracts/Volo/Blogging/BloggingPermissions.cs
@ -11,7 +11,6 @@
            public const string Delete = Default + ".Delete";
            public const string Update = Default + ".Update";
            public const string Create = Default + ".Create";
-
        }

        public static class Posts
--- a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAppService.cs
+++ b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAppService.cs
@ -5,7 +5,6 @@ using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Volo.Abp.Application.Services;
 using Volo.Abp.Guids;
-using Volo.Abp.Users;
 using Volo.Blogging.Comments.Dtos;
 using Volo.Blogging.Posts;
 using Volo.Blogging.Users;
@ -81,7 +80,7 @@ namespace Volo.Blogging.Comments
                ObjectMapper.Map<List<Comment>, List<CommentWithDetailsDto>>(comments));
        }

-        //[Authorize(BloggingPermissions.Comments.Create)] TODO: Temporary removed
+        [Authorize]
        public async Task<CommentWithDetailsDto> CreateAsync(CreateCommentDto input)
        {
            var comment = new Comment(_guidGenerator.Create(), input.PostId, input.RepliedCommentId, input.Text);
@ -91,6 +90,7 @@ namespace Volo.Blogging.Comments
            return ObjectMapper.Map<Comment, CommentWithDetailsDto>(comment);
        }

+        [Authorize]
        public async Task<CommentWithDetailsDto> UpdateAsync(Guid id, UpdateCommentDto input)
        {
            var comment = await _commentRepository.GetAsync(id);
@ -104,6 +104,7 @@ namespace Volo.Blogging.Comments
            return ObjectMapper.Map<Comment, CommentWithDetailsDto>(comment);
        }

+        [Authorize]
        public async Task DeleteAsync(Guid id)
        {
            var comment = await _commentRepository.GetAsync(id);
--- a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Posts/PostAppService.cs
+++ b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Posts/PostAppService.cs
@ -13,11 +13,6 @@ using Volo.Blogging.Users;

 namespace Volo.Blogging.Posts
 {
-    /* TODO: Custom policy with configuration.
-     * We should create a custom policy to see the blog as read only if the blog is
-     * configured as 'public' or the current user has the related permission.
-     */
-    //[Authorize(BloggingPermissions.Posts.Default)]
    public class PostAppService : ApplicationService, IPostAppService
    {
        protected IBlogUserLookupService UserLookupService { get; }
@ -256,14 +251,13 @@ namespace Volo.Blogging.Posts
            return new List<string>(tags.Split(",").Select(t => t.Trim()));
        }

-        private async Task<List<PostWithDetailsDto>> FilterPostsByTag(List<PostWithDetailsDto> allPostDtos, Tag tag)
+        private Task<List<PostWithDetailsDto>> FilterPostsByTag(List<PostWithDetailsDto> allPostDtos, Tag tag)
        {
            var filteredPostDtos = new List<PostWithDetailsDto>();
-            var posts = await _postRepository.GetListAsync();

            foreach (var postDto in allPostDtos)
            {
-                if (!postDto.Tags.Any(p => p.Id == tag.Id))
+                if (postDto.Tags.All(p => p.Id != tag.Id))
                {
                    continue;
                }
@ -271,7 +265,7 @@ namespace Volo.Blogging.Posts
                filteredPostDtos.Add(postDto);
            }

-            return filteredPostDtos;
+            return Task.FromResult(filteredPostDtos);
        }
    }
 }
--- a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Tagging/TagAppService.cs
+++ b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Tagging/TagAppService.cs
@ -2,17 +2,11 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Authorization;
 using Volo.Abp.Application.Services;
 using Volo.Blogging.Tagging.Dtos;

 namespace Volo.Blogging.Tagging
 {
-    /* TODO: Custom policy with configuration.
-     * We should create a custom policy to see the blog as read only if the blog is
-     * configured as 'public' or the current user has the related permission.
-     */
-    //[Authorize(BloggingPermissions.Tags.Default)]
    public class TagAppService : ApplicationService, ITagAppService
    {
        private readonly ITagRepository _tagRepository;
@ -28,7 +22,6 @@ namespace Volo.Blogging.Tagging
                .WhereIf(input.MinimumPostCount != null, t=>t.UsageCount >= input.MinimumPostCount)
                .Take(input.ResultCount).ToList();

-
            return new List<TagDto>(
                ObjectMapper.Map<List<Tag>, List<TagDto>>(postTags));
        }