From 37f84da148d88065c05ed839d25c33d14c7068d8 Mon Sep 17 00:00:00 2001 From: Mia Winter Date: Wed, 27 Mar 2024 12:14:53 +0100 Subject: [PATCH] fixed Delete Confirm Page not allowing you to delete your own drafts --- Wave/Components/Pages/ArticleDeleteConfirm.razor | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/Wave/Components/Pages/ArticleDeleteConfirm.razor b/Wave/Components/Pages/ArticleDeleteConfirm.razor index d639a48..f8b6b46 100644 --- a/Wave/Components/Pages/ArticleDeleteConfirm.razor +++ b/Wave/Components/Pages/ArticleDeleteConfirm.razor @@ -1,8 +1,7 @@ @page "/article/{id:guid}/delete" @using Microsoft.EntityFrameworkCore @using Wave.Data - -@attribute [Authorize(Policy = "ArticleDeletePermissions")] +@using Wave.Utilities @inject IDbContextFactory ContextFactory @inject NavigationManager Navigation @@ -36,6 +35,8 @@ @code { [CascadingParameter(Name = "TitlePostfix")] private string TitlePostfix { get; set; } = default!; + [CascadingParameter] + public HttpContext HttpContext { get; set; } = default!; [Parameter] public Guid Id { get; set; } @@ -45,15 +46,16 @@ protected override async Task OnInitializedAsync() { await using var context = await ContextFactory.CreateDbContextAsync(); - Article = await context.Set
().IgnoreQueryFilters() + var article = await context.Set
().IgnoreQueryFilters() .Where(a => !a.IsDeleted).FirstOrDefaultAsync(a => a.Id == Id); + if (article.AllowedToDelete(HttpContext.User)) Article = article; } private async Task Delete() { - if (Article is null) return; + if (Article.AllowedToDelete(HttpContext.User)) return; var context = await ContextFactory.CreateDbContextAsync(); - Article.IsDeleted = true; + Article!.IsDeleted = true; context.Entry(Article).State = EntityState.Modified; await context.SaveChangesAsync();