blog module basic auth on delete

modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAppService.cs

@@ -80,8 +80,26 @@ namespace Volo.Blogging.Comments
             return ObjectMapper.Map<Comment, CommentDto>(comment);
         }
 
-        [Authorize(BloggingPermissions.Comments.Delete)]
         public async Task DeleteAsync(Guid id)
+        {
+            var comment = await _commentRepository.GetAsync(id);
+
+            if (CurrentUser.Id != comment.CreatorId)
+            {
+                await DeleteAsAdminAsync(id);
+                return;
+            }
+
+            await DeleteCommentAsync(id);
+        }
+
+        [Authorize(BloggingPermissions.Comments.Delete)]
+        private async Task DeleteAsAdminAsync(Guid id)
+        {
+            await DeleteCommentAsync(id);
+        }
+
+        private async Task DeleteCommentAsync(Guid id)
         {
             await _commentRepository.DeleteAsync(id);
 

modules/blogging/src/Volo.Blogging.Web/Pages/Blog/Posts/Detail.cshtml

@@ -183,7 +183,7 @@
                                                 <i class="fa fa-reply" aria-hidden="true"></i> @L["Reply"]
                                             </a>
                                             
-                                            @if (await Authorization.IsGrantedAsync(BloggingPermissions.Comments.Delete))
+                                            @if (await Authorization.IsGrantedAsync(BloggingPermissions.Comments.Delete) || (CurrentUser.Id == commentWithRepliesDto.Comment.CreatorId))
                                             {
                                                 <span class="seperator">|</span>
                                                 <a href="#" class="tag" data-deleteid="@reply.Id">