Fix authorization of flash sales module

4 years ago · 22a4d0dbce
2 changed files with 11 additions and 18 deletions
--- a/plugins/FlashSales/src/EasyAbp.EShop.Plugins.FlashSales.Application/EasyAbp/EShop/Plugins/FlashSales/FlashSalePlans/FlashSalePlanAppService.cs
+++ b/plugins/FlashSales/src/EasyAbp.EShop.Plugins.FlashSales.Application/EasyAbp/EShop/Plugins/FlashSales/FlashSalePlans/FlashSalePlanAppService.cs
@ -107,10 +107,7 @@ public class FlashSalePlanAppService :
    {
        var flashSalePlan = await GetEntityByIdAsync(id);
-        if (GetPolicyName is not null)
+        await CheckGetPolicyAsync();
        {
            await CheckMultiStorePolicyAsync(flashSalePlan.StoreId, GetPolicyName);
        }
        if (!flashSalePlan.IsPublished)
        {
@ -122,10 +119,7 @@ public class FlashSalePlanAppService :
    public override async Task<PagedResultDto<FlashSalePlanDto>> GetListAsync(FlashSalePlanGetListInput input)
    {
-        if (GetListPolicyName is not null)
+        await CheckGetListPolicyAsync();
        {
            await CheckMultiStorePolicyAsync(input.StoreId, GetListPolicyName);
        }
        return await base.GetListAsync(input);
    }
--- a/plugins/FlashSales/src/EasyAbp.EShop.Plugins.FlashSales.Application/EasyAbp/EShop/Plugins/FlashSales/FlashSaleResults/FlashSaleResultAppService.cs
+++ b/plugins/FlashSales/src/EasyAbp.EShop.Plugins.FlashSales.Application/EasyAbp/EShop/Plugins/FlashSales/FlashSaleResults/FlashSaleResultAppService.cs
@ -5,6 +5,7 @@ using EasyAbp.EShop.Plugins.FlashSales.FlashSaleResults.Dtos;
 using EasyAbp.EShop.Plugins.FlashSales.Permissions;
 using EasyAbp.EShop.Stores.Stores;
 using Volo.Abp.Application.Dtos;
 using Volo.Abp.Users;
 namespace EasyAbp.EShop.Plugins.FlashSales.FlashSaleResults;
@ -24,12 +25,11 @@ public class FlashSaleResultAppService :
    {
        var flashSaleResult = await GetEntityByIdAsync(id);
-        if (GetPolicyName is not null)
+        if (flashSaleResult.UserId == CurrentUser.Id)
        {
-            await CheckMultiStorePolicyAsync(flashSaleResult.StoreId, GetPolicyName);
+            await CheckGetPolicyAsync();
        }
-
+        else
        if (flashSaleResult.UserId != CurrentUser.Id)
        {
            await CheckMultiStorePolicyAsync(flashSaleResult.StoreId, FlashSalesPermissions.FlashSaleResult.Manage);
        }
@ -39,7 +39,11 @@ public class FlashSaleResultAppService :
    public override async Task<PagedResultDto<FlashSaleResultDto>> GetListAsync(FlashSaleResultGetListInput input)
    {
-        if (GetListPolicyName is not null)
+        if (input.UserId.HasValue && input.UserId == CurrentUser.Id)
        {
            await CheckGetListPolicyAsync();
        }
        else
        {
            await CheckMultiStorePolicyAsync(input.StoreId, GetListPolicyName);
        }
@ -49,11 +53,6 @@ public class FlashSaleResultAppService :
    protected override async Task<IQueryable<FlashSaleResult>> CreateFilteredQueryAsync(FlashSaleResultGetListInput input)
    {
        if (input.UserId != CurrentUser.Id)
        {
            await CheckMultiStorePolicyAsync(input.StoreId, FlashSalesPermissions.FlashSaleResult.Manage);
        }
        return (await base.CreateFilteredQueryAsync(input))
            .WhereIf(input.StoreId.HasValue, x => x.StoreId == input.StoreId.Value)
            .WhereIf(input.PlanId.HasValue, x => x.PlanId == input.PlanId.Value)