Merge pull request #15117 from abpframework/Cmskit-deleting-comment-15111

Cmskit - deleting comment by the allowed user

modules/cms-kit/src/Volo.CmsKit.Domain.Shared/Volo/CmsKit/Localization/Resources/en.json

@@ -86,7 +86,7 @@
     "Permission:BlogPostManagement.Delete": "Delete",
     "Permission:BlogPostManagement.Update": "Update",
     "Permission:BlogPostManagement.Publish": "Publish",
-    "Permission:CmsKit": "CmsKit",
+    "Permission:CmsKit": "CmsKit Admin",
     "Permission:Comments": "Comment Management",
     "Permission:Comments.Delete": "Delete",
     "Permission:Contents": "Content Management",
@@ -118,6 +118,8 @@
     "Permission:TagManagement.Delete": "Delete",
     "Permission:TagManagement.Update": "Update",
     "Permission:GlobalResources": "Global Resources",
+    "Permission:CmsKitPublic": "CmsKit Public",
+    "Permission:Comments.DeleteAll": "Delete All",
     "PickYourReaction": "Pick your reaction",
     "Rating": "Rating",
     "RatingUndoMessage": "Your rating will be undo.",

modules/cms-kit/src/Volo.CmsKit.Domain.Shared/Volo/CmsKit/Localization/Resources/tr.json

@@ -86,7 +86,7 @@
     "Permission:BlogPostManagement.Delete": "Silme",
     "Permission:BlogPostManagement.Update": "Güncelleme",
     "Permission:BlogPostManagement.Publish": "Yayınlama",
-    "Permission:CmsKit": "CmsKit",
+    "Permission:CmsKit": "CmsKit Admin",
     "Permission:Comments": "Yorum Yönetimi",
     "Permission:Comments.Delete": "Silmek",
     "Permission:Contents": "İçerik Yönetimi",
@@ -117,6 +117,8 @@
     "Permission:TagManagement.Create": "Etiket Oluşturma",
     "Permission:TagManagement.Delete": "Etiket Silme",
     "Permission:TagManagement.Update": "Etiket Güncelleme",
+    "Permission:CmsKitPublic": "CmsKit Genel",
+    "Permission:Comments.DeleteAll": "Tümünü Silme",
     "PickYourReaction": "Tepkinizi seçin",
     "Rating": "Puan",
     "RatingUndoMessage": "Oylamanız geri alınacak.",

modules/cms-kit/src/Volo.CmsKit.Public.Application.Contracts/Volo/CmsKit/Permissions/CmsKitPublicPermissionDefinitionProvider.cs

@@ -0,0 +1,26 @@
+
+using Volo.Abp.Authorization.Permissions;
+using Volo.Abp.GlobalFeatures;
+using Volo.Abp.Localization;
+using Volo.CmsKit.GlobalFeatures;
+using Volo.CmsKit.Localization;
+
+namespace Volo.CmsKit.Permissions;
+
+public class CmsKitPublicPermissionDefinitionProvider : PermissionDefinitionProvider
+{
+    public override void Define(IPermissionDefinitionContext context)
+    {
+        var cmsGroup = context.GetGroupOrNull(CmsKitPublicPermissions.GroupName) ?? context.AddGroup(CmsKitPublicPermissions.GroupName, L("Permission:CmsKitPublic"));
+
+        var contentGroup = cmsGroup.AddPermission(CmsKitPublicPermissions.Comments.Default, L("Permission:Comments"))
+            .RequireGlobalFeatures(typeof(CommentsFeature));
+        contentGroup.AddChild(CmsKitPublicPermissions.Comments.DeleteAll, L("Permission:Comments.DeleteAll"))
+            .RequireGlobalFeatures(typeof(CommentsFeature));
+    }
+
+    private static LocalizableString L(string name)
+    {
+        return LocalizableString.Create<CmsKitResource>(name);
+    }
+}

modules/cms-kit/src/Volo.CmsKit.Public.Application.Contracts/Volo/CmsKit/Permissions/CmsKitPublicPermissions.cs

@@ -0,0 +1,12 @@
+namespace Volo.CmsKit.Permissions;
+
+public static class CmsKitPublicPermissions
+{
+    public const string GroupName = "CmsKitPublic";
+
+    public static class Comments
+    {
+        public const string Default = GroupName + ".Comments";
+        public const string DeleteAll = Default + ".DeleteAll";
+    }
+}

modules/cms-kit/src/Volo.CmsKit.Public.Application/Volo/CmsKit/Public/Comments/CommentPublicAppService.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Collections.Generic;
 using System.Linq;
+using System.Security;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
 using Volo.Abp.Application.Dtos;
@@ -13,6 +14,7 @@ using Volo.Abp.Users;
 using Volo.CmsKit.Comments;
 using Volo.CmsKit.Features;
 using Volo.CmsKit.GlobalFeatures;
+using Volo.CmsKit.Permissions;
 using Volo.CmsKit.Users;
 
 namespace Volo.CmsKit.Public.Comments;
@@ -25,17 +27,20 @@ public class CommentPublicAppService : CmsKitPublicAppServiceBase, ICommentPubli
     protected ICmsUserLookupService CmsUserLookupService { get; }
     public IDistributedEventBus DistributedEventBus { get; }
     protected CommentManager CommentManager { get; }
+    protected IAuthorizationService AuthorizationService { get; }
 
     public CommentPublicAppService(
         ICommentRepository commentRepository,
         ICmsUserLookupService cmsUserLookupService,
         IDistributedEventBus distributedEventBus,
-        CommentManager commentManager)
+        CommentManager commentManager,
+        IAuthorizationService authorizationService)
     {
         CommentRepository = commentRepository;
         CmsUserLookupService = cmsUserLookupService;
         DistributedEventBus = distributedEventBus;
         CommentManager = commentManager;
+        AuthorizationService = authorizationService;
     }
 
     public virtual async Task<ListResultDto<CommentWithDetailsDto>> GetListAsync(string entityType, string entityId)
@@ -99,14 +104,17 @@ public class CommentPublicAppService : CmsKitPublicAppServiceBase, ICommentPubli
     [Authorize]
     public virtual async Task DeleteAsync(Guid id)
     {
-        var comment = await CommentRepository.GetAsync(id);
+        var allowDelete = await AuthorizationService.IsGrantedAsync(CmsKitPublicPermissions.Comments.DeleteAll);
 
-        if (comment.CreatorId != CurrentUser.GetId())
+        var comment = await CommentRepository.GetAsync(id);
+        if (allowDelete || comment.CreatorId == CurrentUser.Id)
+        {
+            await CommentRepository.DeleteWithRepliesAsync(comment);
+        }
+        else
         {
             throw new AbpAuthorizationException();
         }
-
-        await CommentRepository.DeleteWithRepliesAsync(comment);
     }
 
     private List<CommentWithDetailsDto> ConvertCommentsToNestedStructure(List<CommentWithAuthorQueryResultItem> comments)

modules/cms-kit/src/Volo.CmsKit.Public.Web/Pages/CmsKit/Shared/Components/Commenting/Default.cshtml

@@ -53,7 +53,6 @@
                             <div class="flex-grow-1 bd-highlight">
                                 <abp-input type="number" asp-for="@Model.Input.Captcha" suppress-label="true" class="d-inline-block" autocomplete="off" />
                             </div>
-                            
                             <abp-input asp-for="@Model.CaptchaId" value="@Model.CaptchaOutput.Id" />
                         </div>
                     </div>
@@ -90,20 +89,25 @@
         {
             @if (CurrentUser.IsAuthenticated)
             {
-            <a href="#" class="comment-links comment-reply-link btn btn-sm  shadow-sm  btn-primary" data-reply-id="@id.ToString()" id="@($"cms-comment_{Model.Input.EntityType}_{Model.Input.EntityId}_{id}_link")">
+                <a href="#" class="comment-links comment-reply-link btn btn-sm  shadow-sm  btn-primary" data-reply-id="@id.ToString()" id="@($"cms-comment_{Model.Input.EntityType}_{Model.Input.EntityId}_{id}_link")">
                     <i class="fa fa-reply mr -1"></i> @L["Reply"]
                 </a>
+
+                <a href="#" class="comment-links comment-delete-link btn btn-sm shadow-sm btn-link text-muted bg-white " data-author-id="@authorId.ToString()" data-id="@id.ToString()">
+                    <i class="fa fa-trash  mr -1"></i> @L["Delete"]
+                </a>
             }
             else
             {
-            <a href="@(Model.Input.LoginUrl + "_" + id)" class="btn btn-sm btn-light shadow-sm"> @L["LoginToReply"]</a>
+                <a href="@(Model.Input.LoginUrl + "_" + id)" class="btn btn-sm btn-light shadow-sm">
+                    @L["LoginToReply"]
+                </a>
             }
         }
+        
+        
         @if (authorId == CurrentUser.Id)
         {
-            <a href="#" class="comment-links comment-delete-link btn btn-sm shadow-sm btn-link text-muted bg-white " data-id="@id.ToString()">
-                <i class="fa fa-trash  mr -1"></i> @L["Delete"]
-            </a>
             <a href="#" class="comment-links comment-edit-link  btn btn-sm shadow-sm  btn-link text-muted bg-white" data-id="@id.ToString()">
                 <i class="fa fa-pencil  mr -1 "></i> @L["Edit"]
             </a>
@@ -114,8 +118,7 @@
     Func<dynamic, IHtmlContent> GetEditArea(Guid id, string text, string concurrencyStamp) =>
     @<div class="cms-comment-edit-area" id="@($"cms-comment_{Model.Input.EntityType}_{Model.Input.EntityId}_{id}")" data-id="@id.ToString()" style="display:none">
         <div class="card bg-light p-3 mx-0 mt-3">
-            <form id="ContactForm" class="cms-comment-update-form">
-                <abp-input asp-for="@Model.RecaptchaToken" />
+            <form class="cms-comment-update-form">
                 <input hidden value="@id.ToString()" name="id" />
                 <div class="row">
                     <div class="col">

modules/cms-kit/src/Volo.CmsKit.Public.Web/Pages/CmsKit/Shared/Components/Commenting/default.js

@@ -82,18 +82,26 @@
         function registerDeleteLinks($container) {
             $container.find('.comment-delete-link').each(function () {
                 let $link = $(this);
-                $link.on('click', '', function (e) {
-                    e.preventDefault();
 
-                    abp.message.confirm(l("MessageDeletionConfirmationMessage"), function (ok) {
-                        if (ok) {
-                            volo.cmsKit.public.comments.commentPublic.delete($link.data('id')
-                            ).then(function () {
-                                widgetManager.refresh($widget);
-                            });
-                        }
+                let allowDelete = abp.auth.isGranted('CmsKitPublic.Comments.DeleteAll');
+                let isCurrentUser = abp.currentUser.id == $link.data('author-id');
+                if (!allowDelete && !isCurrentUser) {
+                    $link.hide();
+                }
+                else {
+                    $link.on('click', '', function (e) {
+                        e.preventDefault();
+
+                        abp.message.confirm(l("MessageDeletionConfirmationMessage"), function (ok) {
+                            if (ok) {
+                                volo.cmsKit.public.comments.commentPublic.delete($link.data('id')
+                                ).then(function () {
+                                    widgetManager.refresh($widget);
+                                });
+                            }
+                        });
                     });
-                });
+                }
             });
         }