winter-software/Wave
winter-software/Wave
1
0
Fork 0
Code Issues Wiki Activity

fixed can't delete own draft because Author is not loaded

Browse source
This commit is contained in:
Mia Rose Winter 2024-04-22 12:58:38 +02:00
parent a204191eaf
commit 3aee412a4e
Signed by: miawinter
GPG key ID: 4B6F6A83178F595E
2 changed files with 6 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
Wave/Components/Pages/ArticleDeleteConfirm.razor
View file

@ -47,6 +47,7 @@
await using var context = await ContextFactory.CreateDbContextAsync();
var article = await context.Set<Article>().IgnoreQueryFilters()
.Include(a => a.Author).Include(a => a.Reviewer)
.Where(a => !a.IsDeleted).FirstOrDefaultAsync(a => a.Id == Id);
if (article.AllowedToDelete(HttpContext.User)) Article = article;
}

5
Wave/Utilities/Permissions.cs
View file

@ -9,6 +9,7 @@ namespace Wave.Utilities;
public static class Permissions {
public static bool AllowedToRead(this Article? article, ClaimsPrincipal principal) {
if (article is null || article.IsDeleted) return false;
if (article.Author is null) throw new ArgumentException("Checking permissions without loading related Author.");
// The Article is publicly available
if (article.Status >= ArticleStatus.Published && article.PublishDate <= DateTimeOffset.UtcNow) {
@ -35,6 +36,7 @@ public static class Permissions {
public static bool AllowedToEdit(this Article? article, ClaimsPrincipal principal) {
if (article is null || article.IsDeleted) return false;
if (article.Author is null) throw new ArgumentException("Checking permissions without loading related Author.");
// Admins always can edit articles
if (principal.IsInRole("Admin")) {
@ -69,6 +71,7 @@ public static class Permissions {
public static bool AllowedToSubmitForReview(this Article? article, ClaimsPrincipal principal) {
if (article is null || article.IsDeleted) return false;
if (article.Author is null) throw new ArgumentException("Checking permissions without loading related Author.");
// Draft articles can be submitted by their authors (admins can publish them anyway, no need to submit)
if (article.Status is ArticleStatus.Draft && article.Author.Id == principal.FindFirst("Id")!.Value) {
@ -80,6 +83,7 @@ public static class Permissions {
public static bool AllowedToPublish(this Article? article, ClaimsPrincipal principal) {
if (article is null || article.IsDeleted) return false;
if (article.Author is null) throw new ArgumentException("Checking permissions without loading related Author.");
// Admins can skip review and directly publish draft articles
if (article.Status is ArticleStatus.Draft && principal.IsInRole("Admin")) {
@ -102,6 +106,7 @@ public static class Permissions {
public static bool AllowedToDelete(this Article? article, ClaimsPrincipal principal) {
if (article is null || article.IsDeleted) return false;
if (article.Author is null) throw new ArgumentException("Checking permissions without loading related Author.");
// Admins can delete articles whenever
if (principal.IsInRole("Admin")) {