Require delete permission for blog posts

Remove the ownership-based fallback that allowed post creators to delete their own posts in Detail.cshtml. Deletion now strictly requires BloggingPermissions.Posts.Delete, centralizing authorization on explicit permissions to enforce consistent access control.
3 weeks ago · f6f1996b8c
1 changed files with 1 additions and 1 deletions
--- a/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Detail.cshtml
+++ b/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Detail.cshtml
@ -95,7 +95,7 @@
                                                <i class="fa fa-pencil"></i> @L["Edit"]
                                            </a>
                                        }
-                                        @if (await Authorization.IsGrantedAsync(BloggingPermissions.Posts.Delete) || (CurrentUser.Id.HasValue && CurrentUser.Id == Model.Post.CreatorId))
+                                        @if (await Authorization.IsGrantedAsync(BloggingPermissions.Posts.Delete))
                                        {
                                            <span class="seperator">|</span>
                                            <a href="#" id="DeletePostLink" data-postid="@Model.Post.Id" data-blogShortName="@Model.BlogShortName">