From 4d3858ecce3b3b52dcbb2d8ae8a1c433562abc8a Mon Sep 17 00:00:00 2001 From: Yunus Emre Kalkan Date: Fri, 7 Sep 2018 12:54:07 +0300 Subject: [PATCH] blog module basic auth on delete --- .../Blogging/Comments/CommentAppService.cs | 20 ++++++++++++++++++- .../Pages/Blog/Posts/Detail.cshtml | 2 +- 2 files changed, 20 insertions(+), 2 deletions(-) diff --git a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAppService.cs b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAppService.cs index 6263159480..60f8ac1d46 100644 --- a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAppService.cs +++ b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAppService.cs @@ -80,8 +80,26 @@ namespace Volo.Blogging.Comments return ObjectMapper.Map(comment); } - [Authorize(BloggingPermissions.Comments.Delete)] public async Task DeleteAsync(Guid id) + { + var comment = await _commentRepository.GetAsync(id); + + if (CurrentUser.Id != comment.CreatorId) + { + await DeleteAsAdminAsync(id); + return; + } + + await DeleteCommentAsync(id); + } + + [Authorize(BloggingPermissions.Comments.Delete)] + private async Task DeleteAsAdminAsync(Guid id) + { + await DeleteCommentAsync(id); + } + + private async Task DeleteCommentAsync(Guid id) { await _commentRepository.DeleteAsync(id); diff --git a/modules/blogging/src/Volo.Blogging.Web/Pages/Blog/Posts/Detail.cshtml b/modules/blogging/src/Volo.Blogging.Web/Pages/Blog/Posts/Detail.cshtml index 71843c16d9..561f96bfc7 100644 --- a/modules/blogging/src/Volo.Blogging.Web/Pages/Blog/Posts/Detail.cshtml +++ b/modules/blogging/src/Volo.Blogging.Web/Pages/Blog/Posts/Detail.cshtml @@ -183,7 +183,7 @@ @L["Reply"] - @if (await Authorization.IsGrantedAsync(BloggingPermissions.Comments.Delete)) + @if (await Authorization.IsGrantedAsync(BloggingPermissions.Comments.Delete) || (CurrentUser.Id == commentWithRepliesDto.Comment.CreatorId)) { |