From 9e79b9d7d5fc4316f5fa4fc831814faf7aac48e2 Mon Sep 17 00:00:00 2001 From: Sebastian Date: Mon, 23 Jan 2023 21:25:46 +0100 Subject: [PATCH] Add asset folder permissions. --- backend/src/Squidex.Shared/PermissionIds.cs | 6 ++++++ .../Api/Controllers/Assets/AssetFoldersController.cs | 8 ++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/backend/src/Squidex.Shared/PermissionIds.cs b/backend/src/Squidex.Shared/PermissionIds.cs index bd77a214b..08bcdacb0 100644 --- a/backend/src/Squidex.Shared/PermissionIds.cs +++ b/backend/src/Squidex.Shared/PermissionIds.cs @@ -156,6 +156,12 @@ namespace Squidex.Shared public const string AppAssetsUpdate = "squidex.apps.{app}.assets.update"; public const string AppAssetsDelete = "squidex.apps.{app}.assets.delete"; + // App Asset Folders + public const string AppAssetFolders = "squidex.apps.{app}.assets.folders"; + public const string AppAssetFoldersCreate = "squidex.apps.{app}.assets.folders.create"; + public const string AppAssetFoldersUpdate = "squidex.apps.{app}.assets.folders.update"; + public const string AppAssetFoldersDelete = "squidex.apps.{app}.assets.folders.delete"; + // App Asset Scripts public const string AppAssetScripts = "squidex.apps.{app}.asset-scripts"; public const string AppAssetSScriptsRead = "squidex.apps.{app}.asset-scripts.read"; diff --git a/backend/src/Squidex/Areas/Api/Controllers/Assets/AssetFoldersController.cs b/backend/src/Squidex/Areas/Api/Controllers/Assets/AssetFoldersController.cs index 6ebc61815..4060bbdf5 100644 --- a/backend/src/Squidex/Areas/Api/Controllers/Assets/AssetFoldersController.cs +++ b/backend/src/Squidex/Areas/Api/Controllers/Assets/AssetFoldersController.cs @@ -77,7 +77,7 @@ public sealed class AssetFoldersController : ApiController [Route("apps/{app}/assets/folders", Order = -1)] [ProducesResponseType(typeof(AssetFolderDto), StatusCodes.Status201Created)] [AssetRequestSizeLimit] - [ApiPermissionOrAnonymous(PermissionIds.AppAssetsUpdate)] + [ApiPermissionOrAnonymous(PermissionIds.AppAssetFoldersCreate)] [ApiCosts(1)] public async Task PostAssetFolder(string app, [FromBody] CreateAssetFolderDto request) { @@ -101,7 +101,7 @@ public sealed class AssetFoldersController : ApiController [Route("apps/{app}/assets/folders/{id}/", Order = -1)] [ProducesResponseType(typeof(AssetFolderDto), StatusCodes.Status200OK)] [AssetRequestSizeLimit] - [ApiPermissionOrAnonymous(PermissionIds.AppAssetsUpdate)] + [ApiPermissionOrAnonymous(PermissionIds.AppAssetFoldersUpdate)] [ApiCosts(1)] public async Task PutAssetFolder(string app, DomainId id, [FromBody] RenameAssetFolderDto request) { @@ -125,7 +125,7 @@ public sealed class AssetFoldersController : ApiController [Route("apps/{app}/assets/folders/{id}/parent", Order = -1)] [ProducesResponseType(typeof(AssetFolderDto), StatusCodes.Status200OK)] [AssetRequestSizeLimit] - [ApiPermissionOrAnonymous(PermissionIds.AppAssetsUpdate)] + [ApiPermissionOrAnonymous(PermissionIds.AppAssetFoldersUpdate)] [ApiCosts(1)] public async Task PutAssetFolderParent(string app, DomainId id, [FromBody] MoveAssetFolderDto request) { @@ -146,7 +146,7 @@ public sealed class AssetFoldersController : ApiController [HttpDelete] [Route("apps/{app}/assets/folders/{id}/", Order = -1)] [ProducesResponseType(StatusCodes.Status204NoContent)] - [ApiPermissionOrAnonymous(PermissionIds.AppAssetsUpdate)] + [ApiPermissionOrAnonymous(PermissionIds.AppAssetFoldersDelete)] [ApiCosts(1)] public async Task DeleteAssetFolder(string app, DomainId id) {