Fix anonymous access.

5 years ago · c653a9a70c
4 changed files with 18 additions and 10 deletions
--- a/backend/src/Squidex.Domain.Apps.Entities/Assets/Queries/AssetQueryParser.cs
+++ b/backend/src/Squidex.Domain.Apps.Entities/Assets/Queries/AssetQueryParser.cs
@ -40,13 +40,15 @@ namespace Squidex.Domain.Apps.Entities.Assets.Queries
            Guard.NotNull(tagService, nameof(tagService));

            this.jsonSerializer = jsonSerializer;
-            this.options = options.Value;
            this.tagService = tagService;
+
+            this.options = options.Value;
        }

        public virtual async ValueTask<ClrQuery> ParseQueryAsync(Context context, Q q)
        {
            Guard.NotNull(context, nameof(context));
+            Guard.NotNull(q, nameof(q));

            using (Profiler.TraceMethod<AssetQueryParser>())
            {
--- a/backend/src/Squidex.Domain.Apps.Entities/Contents/Queries/ContentQueryParser.cs
+++ b/backend/src/Squidex.Domain.Apps.Entities/Contents/Queries/ContentQueryParser.cs
@ -42,7 +42,11 @@ namespace Squidex.Domain.Apps.Entities.Contents.Queries
        public ContentQueryParser(IMemoryCache cache, IJsonSerializer jsonSerializer, IOptions<ContentOptions> options)
            : base(cache)
        {
+            Guard.NotNull(jsonSerializer, nameof(jsonSerializer));
+            Guard.NotNull(options, nameof(options));
+
            this.jsonSerializer = jsonSerializer;
+
            this.options = options.Value;
        }

@ -50,6 +54,7 @@ namespace Squidex.Domain.Apps.Entities.Contents.Queries
        {
            Guard.NotNull(context, nameof(context));
            Guard.NotNull(schema, nameof(schema));
+            Guard.NotNull(q, nameof(q));

            using (Profiler.TraceMethod<ContentQueryParser>())
            {
--- a/backend/src/Squidex/Areas/Api/Controllers/Contents/ContentsController.cs
+++ b/backend/src/Squidex/Areas/Api/Controllers/Contents/ContentsController.cs
@ -53,7 +53,7 @@ namespace Squidex.Areas.Api.Controllers.Contents
        /// </remarks>
        [HttpGet]
        [Route("content/{app}/graphql/")]
-        [ApiPermission]
+        [ApiPermissionOrAnonymous]
        [ApiCosts(2)]
        public async Task<IActionResult> GetGraphQL(string app, [FromQuery] GraphQLGetDto? queries = null)
        {
@ -85,7 +85,7 @@ namespace Squidex.Areas.Api.Controllers.Contents
        /// </remarks>
        [HttpPost]
        [Route("content/{app}/graphql/")]
-        [ApiPermission]
+        [ApiPermissionOrAnonymous]
        [ApiCosts(2)]
        public async Task<IActionResult> PostGraphQL(string app, [FromBody] GraphQLPostDto query)
        {
@ -117,7 +117,7 @@ namespace Squidex.Areas.Api.Controllers.Contents
        /// </remarks>
        [HttpPost]
        [Route("content/{app}/graphql/batch")]
-        [ApiPermission]
+        [ApiPermissionOrAnonymous]
        [ApiCosts(2)]
        public async Task<IActionResult> PostGraphQLBatch(string app, [FromBody] GraphQLPostDto[] batch)
        {
@ -150,7 +150,7 @@ namespace Squidex.Areas.Api.Controllers.Contents
        [HttpGet]
        [Route("content/{app}/")]
        [ProducesResponseType(typeof(ContentsDto), 200)]
-        [ApiPermission]
+        [ApiPermissionOrAnonymous]
        [ApiCosts(1)]
        public async Task<IActionResult> GetAllContents(string app, [FromQuery] string ids)
        {
@ -179,7 +179,7 @@ namespace Squidex.Areas.Api.Controllers.Contents
        [HttpPost]
        [Route("content/{app}/")]
        [ProducesResponseType(typeof(ContentsDto), 200)]
-        [ApiPermission]
+        [ApiPermissionOrAnonymous]
        [ApiCosts(1)]
        public async Task<IActionResult> GetAllContentsPost(string app, [FromBody] ContentsIdsQueryDto query)
        {
@ -210,7 +210,7 @@ namespace Squidex.Areas.Api.Controllers.Contents
        [HttpGet]
        [Route("content/{app}/{name}/")]
        [ProducesResponseType(typeof(ContentsDto), 200)]
-        [ApiPermission]
+        [ApiPermissionOrAnonymous]
        [ApiCosts(1)]
        public async Task<IActionResult> GetContents(string app, string name, [FromQuery] string? ids = null, [FromQuery] string? q = null)
        {
@ -242,7 +242,7 @@ namespace Squidex.Areas.Api.Controllers.Contents
        [HttpPost]
        [Route("content/{app}/{name}/query")]
        [ProducesResponseType(typeof(ContentsDto), 200)]
-        [ApiPermission]
+        [ApiPermissionOrAnonymous]
        [ApiCosts(1)]
        public async Task<IActionResult> GetContentsPost(string app, string name, [FromBody] QueryDto query)
        {
@ -274,7 +274,7 @@ namespace Squidex.Areas.Api.Controllers.Contents
        [HttpGet]
        [Route("content/{app}/{name}/{id}/")]
        [ProducesResponseType(typeof(ContentsDto), 200)]
-        [ApiPermission]
+        [ApiPermissionOrAnonymous]
        [ApiCosts(1)]
        public async Task<IActionResult> GetContent(string app, string name, Guid id)
        {
--- a/frontend/app/theme/_forms.scss
+++ b/frontend/app/theme/_forms.scss
@ -117,8 +117,9 @@

    .form-alert {
        @include absolute(.25rem, 0, auto, auto);
-        font-size: 1rem;
+        font-size: .9rem;
        font-weight: normal;
+        line-height: 1.75;
        max-width: 600px;
        min-width: 200px;
        padding: 1rem;