blogging: Let users delete their own comments

abpframework · Mar 9, 2020 · b0adb9f · b0adb9f
1 parent 4a0567a
commit b0adb9f
Show file tree

Hide file tree

Showing 4 changed files with 12 additions and 2 deletions.
diff --git a/...gging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAuthorizationHandler.cs b/...gging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAuthorizationHandler.cs
@@ -35,6 +35,11 @@ protected override async Task HandleRequirementAsync(
 
         private async Task<bool> HasDeletePermission(AuthorizationHandlerContext context, Comment resource)
         {
+            if (resource.CreatorId != null && resource.CreatorId == context.User.FindUserId())
+            {
+                return true;
+            }
+
             if (await _permissionChecker.IsGrantedAsync(context.User, BloggingPermissions.Comments.Delete))
             {
                 return true;

diff --git a/...es/blogging/src/Volo.Blogging.Application/Volo/Blogging/Posts/PostAuthorizationHandler.cs b/...es/blogging/src/Volo.Blogging.Application/Volo/Blogging/Posts/PostAuthorizationHandler.cs
@@ -35,6 +35,11 @@ protected override async Task HandleRequirementAsync(
 
         private async Task<bool> HasDeletePermission(AuthorizationHandlerContext context, Post resource)
         {
+            if (resource.CreatorId != null && resource.CreatorId == context.User.FindUserId())
+            {
+                return true;
+            }
+
             if (await _permissionChecker.IsGrantedAsync(context.User, BloggingPermissions.Posts.Delete))
             {
                 return true;

diff --git a/modules/blogging/src/Volo.Blogging.HttpApi/Volo/Blogging/CommentsController.cs b/modules/blogging/src/Volo.Blogging.HttpApi/Volo/Blogging/CommentsController.cs
@@ -45,7 +45,7 @@ public Task<CommentWithDetailsDto> UpdateAsync(Guid id, UpdateCommentDto input)
         [Route("{id}")]
         public Task DeleteAsync(Guid id)
         {
-            throw new NotImplementedException();
+            return _commentAppService.DeleteAsync(id);
         }
     }
 }
diff --git a/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Detail.cshtml b/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Detail.cshtml
@@ -147,7 +147,7 @@
                                             </a>
                                         }
 
-                                        @if (await Authorization.IsGrantedAsync(BloggingPermissions.Comments.Delete))
+                                        @if (await Authorization.IsGrantedAsync(BloggingPermissions.Comments.Delete) || (CurrentUser.Id == commentWithRepliesDto.Comment.CreatorId))
                                         {
                                             <span class="seperator">|</span>
                                             <a href="#" class="tag deleteLink" data-deleteid="@commentWithRepliesDto.Comment.Id">