From 15931ec368d4bcd05eb16157e3a9772c22446cca Mon Sep 17 00:00:00 2001 From: Halil ibrahim Kalkan Date: Thu, 21 Feb 2019 16:58:55 +0300 Subject: [PATCH] #833 Blog module authorization revision. --- .../Volo/Blogging/BloggingPermissions.cs | 1 - .../Volo/Blogging/Comments/CommentAppService.cs | 5 +++-- .../Volo/Blogging/Posts/PostAppService.cs | 12 +++--------- .../Volo/Blogging/Tagging/TagAppService.cs | 7 ------- 4 files changed, 6 insertions(+), 19 deletions(-) diff --git a/modules/blogging/src/Volo.Blogging.Application.Contracts/Volo/Blogging/BloggingPermissions.cs b/modules/blogging/src/Volo.Blogging.Application.Contracts/Volo/Blogging/BloggingPermissions.cs index f77e25f570..e73dc334da 100644 --- a/modules/blogging/src/Volo.Blogging.Application.Contracts/Volo/Blogging/BloggingPermissions.cs +++ b/modules/blogging/src/Volo.Blogging.Application.Contracts/Volo/Blogging/BloggingPermissions.cs @@ -11,7 +11,6 @@ public const string Delete = Default + ".Delete"; public const string Update = Default + ".Update"; public const string Create = Default + ".Create"; - } public static class Posts diff --git a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAppService.cs b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAppService.cs index 32b31da23a..0ff7bc46cc 100644 --- a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAppService.cs +++ b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAppService.cs @@ -5,7 +5,6 @@ using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Volo.Abp.Application.Services; using Volo.Abp.Guids; -using Volo.Abp.Users; using Volo.Blogging.Comments.Dtos; using Volo.Blogging.Posts; using Volo.Blogging.Users; @@ -81,7 +80,7 @@ namespace Volo.Blogging.Comments ObjectMapper.Map, List>(comments)); } - //[Authorize(BloggingPermissions.Comments.Create)] TODO: Temporary removed + [Authorize] public async Task CreateAsync(CreateCommentDto input) { var comment = new Comment(_guidGenerator.Create(), input.PostId, input.RepliedCommentId, input.Text); @@ -91,6 +90,7 @@ namespace Volo.Blogging.Comments return ObjectMapper.Map(comment); } + [Authorize] public async Task UpdateAsync(Guid id, UpdateCommentDto input) { var comment = await _commentRepository.GetAsync(id); @@ -104,6 +104,7 @@ namespace Volo.Blogging.Comments return ObjectMapper.Map(comment); } + [Authorize] public async Task DeleteAsync(Guid id) { var comment = await _commentRepository.GetAsync(id); diff --git a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Posts/PostAppService.cs b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Posts/PostAppService.cs index 6d7b23e8c6..8799b4e0d0 100644 --- a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Posts/PostAppService.cs +++ b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Posts/PostAppService.cs @@ -13,11 +13,6 @@ using Volo.Blogging.Users; namespace Volo.Blogging.Posts { - /* TODO: Custom policy with configuration. - * We should create a custom policy to see the blog as read only if the blog is - * configured as 'public' or the current user has the related permission. - */ - //[Authorize(BloggingPermissions.Posts.Default)] public class PostAppService : ApplicationService, IPostAppService { protected IBlogUserLookupService UserLookupService { get; } @@ -256,14 +251,13 @@ namespace Volo.Blogging.Posts return new List(tags.Split(",").Select(t => t.Trim())); } - private async Task> FilterPostsByTag(List allPostDtos, Tag tag) + private Task> FilterPostsByTag(List allPostDtos, Tag tag) { var filteredPostDtos = new List(); - var posts = await _postRepository.GetListAsync(); foreach (var postDto in allPostDtos) { - if (!postDto.Tags.Any(p => p.Id == tag.Id)) + if (postDto.Tags.All(p => p.Id != tag.Id)) { continue; } @@ -271,7 +265,7 @@ namespace Volo.Blogging.Posts filteredPostDtos.Add(postDto); } - return filteredPostDtos; + return Task.FromResult(filteredPostDtos); } } } diff --git a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Tagging/TagAppService.cs b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Tagging/TagAppService.cs index 473a8698df..0e6e75e071 100644 --- a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Tagging/TagAppService.cs +++ b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Tagging/TagAppService.cs @@ -2,17 +2,11 @@ using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; -using Microsoft.AspNetCore.Authorization; using Volo.Abp.Application.Services; using Volo.Blogging.Tagging.Dtos; namespace Volo.Blogging.Tagging { - /* TODO: Custom policy with configuration. - * We should create a custom policy to see the blog as read only if the blog is - * configured as 'public' or the current user has the related permission. - */ - //[Authorize(BloggingPermissions.Tags.Default)] public class TagAppService : ApplicationService, ITagAppService { private readonly ITagRepository _tagRepository; @@ -28,7 +22,6 @@ namespace Volo.Blogging.Tagging .WhereIf(input.MinimumPostCount != null, t=>t.UsageCount >= input.MinimumPostCount) .Take(input.ResultCount).ToList(); - return new List( ObjectMapper.Map, List>(postTags)); }