diff --git a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAuthorizationHandler.cs b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAuthorizationHandler.cs index 662b324a077..bd6dcdf8c57 100644 --- a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAuthorizationHandler.cs +++ b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Comments/CommentAuthorizationHandler.cs @@ -35,6 +35,11 @@ protected override async Task HandleRequirementAsync( private async Task HasDeletePermission(AuthorizationHandlerContext context, Comment resource) { + if (resource.CreatorId != null && resource.CreatorId == context.User.FindUserId()) + { + return true; + } + if (await _permissionChecker.IsGrantedAsync(context.User, BloggingPermissions.Comments.Delete)) { return true; diff --git a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Posts/PostAuthorizationHandler.cs b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Posts/PostAuthorizationHandler.cs index c5f65ec7e32..9d2d0e9e9ff 100644 --- a/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Posts/PostAuthorizationHandler.cs +++ b/modules/blogging/src/Volo.Blogging.Application/Volo/Blogging/Posts/PostAuthorizationHandler.cs @@ -35,6 +35,11 @@ protected override async Task HandleRequirementAsync( private async Task HasDeletePermission(AuthorizationHandlerContext context, Post resource) { + if (resource.CreatorId != null && resource.CreatorId == context.User.FindUserId()) + { + return true; + } + if (await _permissionChecker.IsGrantedAsync(context.User, BloggingPermissions.Posts.Delete)) { return true; diff --git a/modules/blogging/src/Volo.Blogging.HttpApi/Volo/Blogging/CommentsController.cs b/modules/blogging/src/Volo.Blogging.HttpApi/Volo/Blogging/CommentsController.cs index 158a3416ba6..270d8f1e13e 100644 --- a/modules/blogging/src/Volo.Blogging.HttpApi/Volo/Blogging/CommentsController.cs +++ b/modules/blogging/src/Volo.Blogging.HttpApi/Volo/Blogging/CommentsController.cs @@ -45,7 +45,7 @@ public Task UpdateAsync(Guid id, UpdateCommentDto input) [Route("{id}")] public Task DeleteAsync(Guid id) { - throw new NotImplementedException(); + return _commentAppService.DeleteAsync(id); } } } diff --git a/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Detail.cshtml b/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Detail.cshtml index a76e92ea9b9..b9d505d24b1 100644 --- a/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Detail.cshtml +++ b/modules/blogging/src/Volo.Blogging.Web/Pages/Blogs/Posts/Detail.cshtml @@ -147,7 +147,7 @@ } - @if (await Authorization.IsGrantedAsync(BloggingPermissions.Comments.Delete)) + @if (await Authorization.IsGrantedAsync(BloggingPermissions.Comments.Delete) || (CurrentUser.Id == commentWithRepliesDto.Comment.CreatorId)) { |