From b22719c74b41cbe8b3a54a84f77acd69ad98c546 Mon Sep 17 00:00:00 2001 From: Sebastian Date: Wed, 8 Jan 2020 12:31:43 +0100 Subject: [PATCH] Permission for uploading assets. --- backend/src/Squidex.Shared/Permissions.cs | 1 + .../Areas/Api/Controllers/Assets/AssetsController.cs | 2 +- .../Areas/Api/Controllers/Assets/Models/AssetDto.cs | 9 ++++++--- 3 files changed, 8 insertions(+), 4 deletions(-) diff --git a/backend/src/Squidex.Shared/Permissions.cs b/backend/src/Squidex.Shared/Permissions.cs index b146e89db..91587bbfc 100644 --- a/backend/src/Squidex.Shared/Permissions.cs +++ b/backend/src/Squidex.Shared/Permissions.cs @@ -102,6 +102,7 @@ namespace Squidex.Shared public const string AppAssets = "squidex.apps.{app}.assets"; public const string AppAssetsRead = "squidex.apps.{app}.assets.read"; public const string AppAssetsCreate = "squidex.apps.{app}.assets.create"; + public const string AppAssetsUpload = "squidex.apps.{app}.assets.upload"; public const string AppAssetsUpdate = "squidex.apps.{app}.assets.update"; public const string AppAssetsDelete = "squidex.apps.{app}.assets.delete"; diff --git a/backend/src/Squidex/Areas/Api/Controllers/Assets/AssetsController.cs b/backend/src/Squidex/Areas/Api/Controllers/Assets/AssetsController.cs index 4e4254bf9..a0dc9ad98 100644 --- a/backend/src/Squidex/Areas/Api/Controllers/Assets/AssetsController.cs +++ b/backend/src/Squidex/Areas/Api/Controllers/Assets/AssetsController.cs @@ -213,7 +213,7 @@ namespace Squidex.Areas.Api.Controllers.Assets [HttpPut] [Route("apps/{app}/assets/{id}/content/")] [ProducesResponseType(typeof(AssetDto), 200)] - [ApiPermission(Permissions.AppAssetsUpdate)] + [ApiPermission(Permissions.AppAssetsUpload)] [ApiCosts(1)] public async Task PutAssetContent(string app, Guid id, [OpenApiIgnore] List file) { diff --git a/backend/src/Squidex/Areas/Api/Controllers/Assets/Models/AssetDto.cs b/backend/src/Squidex/Areas/Api/Controllers/Assets/Models/AssetDto.cs index b93767441..07bdb51be 100644 --- a/backend/src/Squidex/Areas/Api/Controllers/Assets/Models/AssetDto.cs +++ b/backend/src/Squidex/Areas/Api/Controllers/Assets/Models/AssetDto.cs @@ -145,11 +145,15 @@ namespace Squidex.Areas.Api.Controllers.Assets.Models if (controller.HasPermission(Permissions.AppAssetsUpdate)) { response.AddPutLink("update", controller.Url(x => nameof(x.PutAsset), values)); - response.AddPutLink("upload", controller.Url(x => nameof(x.PutAssetContent), values)); response.AddPutLink("move", controller.Url(x => nameof(x.PutAssetParent), values)); } + if (controller.HasPermission(Permissions.AppAssetsUpload)) + { + response.AddPutLink("upload", controller.Url(x => nameof(x.PutAssetContent), values)); + } + if (controller.HasPermission(Permissions.AppAssetsDelete)) { response.AddDeleteLink("delete", controller.Url(x => nameof(x.DeleteAsset), values)); @@ -160,12 +164,11 @@ namespace Squidex.Areas.Api.Controllers.Assets.Models if (!string.IsNullOrWhiteSpace(response.Slug)) { response.AddGetLink("content", controller.Url(x => nameof(x.GetAssetContentBySlug), new { app, idOrSlug = response.Id, version, more = response.Slug })); - response.AddGetLink("content/slug", controller.Url(x => nameof(x.GetAssetContentBySlug), new { app, idOrSlug = response.Slug, version })); } else { - response.AddGetLink("content", controller.Url(x => nameof(x.GetAssetContentBySlug), new { app, id = response.Id, version })); + response.AddGetLink("content", controller.Url(x => nameof(x.GetAssetContentBySlug), new { app, idOrSlug = response.Id, version })); } return response;