Permission for uploading assets.

6 years ago · b22719c74b
3 changed files with 8 additions and 4 deletions
--- a/backend/src/Squidex.Shared/Permissions.cs
+++ b/backend/src/Squidex.Shared/Permissions.cs
@ -102,6 +102,7 @@ namespace Squidex.Shared
        public const string AppAssets = "squidex.apps.{app}.assets";
        public const string AppAssetsRead = "squidex.apps.{app}.assets.read";
        public const string AppAssetsCreate = "squidex.apps.{app}.assets.create";
+        public const string AppAssetsUpload = "squidex.apps.{app}.assets.upload";
        public const string AppAssetsUpdate = "squidex.apps.{app}.assets.update";
        public const string AppAssetsDelete = "squidex.apps.{app}.assets.delete";

--- a/backend/src/Squidex/Areas/Api/Controllers/Assets/AssetsController.cs
+++ b/backend/src/Squidex/Areas/Api/Controllers/Assets/AssetsController.cs
@ -213,7 +213,7 @@ namespace Squidex.Areas.Api.Controllers.Assets
        [HttpPut]
        [Route("apps/{app}/assets/{id}/content/")]
        [ProducesResponseType(typeof(AssetDto), 200)]
-        [ApiPermission(Permissions.AppAssetsUpdate)]
+        [ApiPermission(Permissions.AppAssetsUpload)]
        [ApiCosts(1)]
        public async Task<IActionResult> PutAssetContent(string app, Guid id, [OpenApiIgnore] List<IFormFile> file)
        {
--- a/backend/src/Squidex/Areas/Api/Controllers/Assets/Models/AssetDto.cs
+++ b/backend/src/Squidex/Areas/Api/Controllers/Assets/Models/AssetDto.cs
@ -145,11 +145,15 @@ namespace Squidex.Areas.Api.Controllers.Assets.Models
            if (controller.HasPermission(Permissions.AppAssetsUpdate))
            {
                response.AddPutLink("update", controller.Url<AssetsController>(x => nameof(x.PutAsset), values));
-                response.AddPutLink("upload", controller.Url<AssetsController>(x => nameof(x.PutAssetContent), values));

                response.AddPutLink("move", controller.Url<AssetsController>(x => nameof(x.PutAssetParent), values));
            }

+            if (controller.HasPermission(Permissions.AppAssetsUpload))
+            {
+                response.AddPutLink("upload", controller.Url<AssetsController>(x => nameof(x.PutAssetContent), values));
+            }
+
            if (controller.HasPermission(Permissions.AppAssetsDelete))
            {
                response.AddDeleteLink("delete", controller.Url<AssetsController>(x => nameof(x.DeleteAsset), values));
@ -160,12 +164,11 @@ namespace Squidex.Areas.Api.Controllers.Assets.Models
            if (!string.IsNullOrWhiteSpace(response.Slug))
            {
                response.AddGetLink("content", controller.Url<AssetContentController>(x => nameof(x.GetAssetContentBySlug), new { app, idOrSlug = response.Id, version, more = response.Slug }));
-
                response.AddGetLink("content/slug", controller.Url<AssetContentController>(x => nameof(x.GetAssetContentBySlug), new { app, idOrSlug = response.Slug, version }));
            }
            else
            {
-                response.AddGetLink("content", controller.Url<AssetContentController>(x => nameof(x.GetAssetContentBySlug), new { app, id = response.Id, version }));
+                response.AddGetLink("content", controller.Url<AssetContentController>(x => nameof(x.GetAssetContentBySlug), new { app, idOrSlug = response.Id, version }));
            }

            return response;