From b7c4c8f2e3a65a85402f29fa2ed62a7cc3257e60 Mon Sep 17 00:00:00 2001
From: Sebastian Stehle <sebastian@squidex.io>
Date: Tue, 2 Jul 2019 16:57:01 +0200
Subject: [PATCH] Temp.

---
 .../Api/Controllers/Contents/ContentsController.cs     | 10 ----------
 .../Contents/Generator/SchemaSwaggerGenerator.cs       |  2 +-
 .../Api/Controllers/Contents/Models/ContentsDto.cs     |  5 +----
 3 files changed, 2 insertions(+), 15 deletions(-)

diff --git a/src/Squidex/Areas/Api/Controllers/Contents/ContentsController.cs b/src/Squidex/Areas/Api/Controllers/Contents/ContentsController.cs
index 6ddd9970d..4f75a0417 100644
--- a/src/Squidex/Areas/Api/Controllers/Contents/ContentsController.cs
+++ b/src/Squidex/Areas/Api/Controllers/Contents/ContentsController.cs
@@ -267,11 +267,6 @@ namespace Squidex.Areas.Api.Controllers.Contents
         {
             await contentQuery.GetSchemaOrThrowAsync(Context, name);
 
-            if (publish && !this.HasPermission(Helper.StatusPermission(app, name, Status.Published)))
-            {
-                return new ForbidResult();
-            }
-
             var command = new CreateContent { ContentId = Guid.NewGuid(), Data = request.ToCleaned(), Publish = publish };
 
             var response = await InvokeCommandAsync(app, name, command);
@@ -367,11 +362,6 @@ namespace Squidex.Areas.Api.Controllers.Contents
         {
             await contentQuery.GetSchemaOrThrowAsync(Context, name);
 
-            if (!this.HasPermission(Helper.StatusPermission(app, name, Status.Published)))
-            {
-                return new ForbidResult();
-            }
-
             var command = request.ToCommand(id);
 
             var response = await InvokeCommandAsync(app, name, command);
diff --git a/src/Squidex/Areas/Api/Controllers/Contents/Generator/SchemaSwaggerGenerator.cs b/src/Squidex/Areas/Api/Controllers/Contents/Generator/SchemaSwaggerGenerator.cs
index bda1b710d..56209c00c 100644
--- a/src/Squidex/Areas/Api/Controllers/Contents/Generator/SchemaSwaggerGenerator.cs
+++ b/src/Squidex/Areas/Api/Controllers/Contents/Generator/SchemaSwaggerGenerator.cs
@@ -194,7 +194,7 @@ namespace Squidex.Areas.Api.Controllers.Contents.Generator
                 operation.AddResponse("204", $"{schemaName} content status changed.", contentSchema);
                 operation.AddResponse("400", "Content data valid.");
 
-                AddSecurity(operation, Permissions.AppContentsMove);
+                AddSecurity(operation, Permissions.AppContentsUpdate);
             });
         }
 
diff --git a/src/Squidex/Areas/Api/Controllers/Contents/Models/ContentsDto.cs b/src/Squidex/Areas/Api/Controllers/Contents/Models/ContentsDto.cs
index ebf991903..4d997492d 100644
--- a/src/Squidex/Areas/Api/Controllers/Contents/Models/ContentsDto.cs
+++ b/src/Squidex/Areas/Api/Controllers/Contents/Models/ContentsDto.cs
@@ -80,10 +80,7 @@ namespace Squidex.Areas.Api.Controllers.Contents.Models
                 {
                     AddPostLink("create", controller.Url<ContentsController>(x => nameof(x.PostContent), values));
 
-                    if (controller.HasPermission(Permissions.AppContentsCreatePublished, app, schema))
-                    {
-                        AddPostLink("create/publish", controller.Url<ContentsController>(x => nameof(x.PostContent), values) + "?publish=true");
-                    }
+                    AddPostLink("create/publish", controller.Url<ContentsController>(x => nameof(x.PostContent), values) + "?publish=true");
                 }
             }