Brusher Profile and Blog delete permisssion

2025-06-28 14:54:44 +01:00
parent b4870a1814
commit 447d926ca6
5 changed files with 3571 additions and 6 deletions
--- a/src/Yavsc.Server/Migrations/20250620185047_BrusherProfileSchedulerId.Designer.cs
+++ b/src/Yavsc.Server/Migrations/20250620185047_BrusherProfileSchedulerId.Designer.cs
--- a/src/Yavsc.Server/Migrations/20250620185047_BrusherProfileSchedulerId.cs
+++ b/src/Yavsc.Server/Migrations/20250620185047_BrusherProfileSchedulerId.cs
@ -0,0 +1,59 @@
+using Microsoft.EntityFrameworkCore.Migrations;
+
+#nullable disable
+
+namespace Yavsc.Migrations
+{
+    /// <inheritdoc />
+    public partial class BrusherProfileSchedulerId : Migration
+    {
+        /// <inheritdoc />
+        protected override void Up(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropForeignKey(
+                name: "FK_BrusherProfile_Schedule_ScheduleOwnerId",
+                table: "BrusherProfile");
+
+            migrationBuilder.AlterColumn<string>(
+                name: "ScheduleOwnerId",
+                table: "BrusherProfile",
+                type: "text",
+                nullable: true,
+                oldClrType: typeof(string),
+                oldType: "text");
+
+            migrationBuilder.AddForeignKey(
+                name: "FK_BrusherProfile_Schedule_ScheduleOwnerId",
+                table: "BrusherProfile",
+                column: "ScheduleOwnerId",
+                principalTable: "Schedule",
+                principalColumn: "OwnerId");
+        }
+
+        /// <inheritdoc />
+        protected override void Down(MigrationBuilder migrationBuilder)
+        {
+            migrationBuilder.DropForeignKey(
+                name: "FK_BrusherProfile_Schedule_ScheduleOwnerId",
+                table: "BrusherProfile");
+
+            migrationBuilder.AlterColumn<string>(
+                name: "ScheduleOwnerId",
+                table: "BrusherProfile",
+                type: "text",
+                nullable: false,
+                defaultValue: "",
+                oldClrType: typeof(string),
+                oldType: "text",
+                oldNullable: true);
+
+            migrationBuilder.AddForeignKey(
+                name: "FK_BrusherProfile_Schedule_ScheduleOwnerId",
+                table: "BrusherProfile",
+                column: "ScheduleOwnerId",
+                principalTable: "Schedule",
+                principalColumn: "OwnerId",
+                onDelete: ReferentialAction.Cascade);
+        }
+    }
+}
--- a/src/Yavsc.Server/Migrations/ApplicationDbContextModelSnapshot.cs
+++ b/src/Yavsc.Server/Migrations/ApplicationDbContextModelSnapshot.cs
@ -1123,7 +1123,6 @@ namespace Yavsc.Migrations
                        .HasColumnType("numeric");

                    b.Property<string>("ScheduleOwnerId")
-                        .IsRequired()
                        .HasColumnType("text");

                    b.Property<decimal>("ShampooPrice")
@ -2835,9 +2834,7 @@ namespace Yavsc.Migrations
                {
                    b.HasOne("Yavsc.Models.Calendar.Schedule", "Schedule")
                        .WithMany()
-                        .HasForeignKey("ScheduleOwnerId")
-                        .OnDelete(DeleteBehavior.Cascade)
-                        .IsRequired();
+                        .HasForeignKey("ScheduleOwnerId");

                    b.HasOne("Yavsc.Models.Workflow.PerformerProfile", "BaseProfile")
                        .WithMany()
--- a/src/Yavsc.Server/Models/HairCut/BrusherProfile.cs
+++ b/src/Yavsc.Server/Models/HairCut/BrusherProfile.cs
@ -60,7 +60,7 @@ namespace Yavsc.Models.Haircut

        [DisplayFormat(ConvertEmptyStringToNull = true, NullDisplayText = "[Pas d'emploi du temps spécifié]")]
        [Display(Name="Emploi du temps")]
-        public virtual Schedule Schedule { get; set; }
+        public virtual Schedule? Schedule { get; set; }

        [Display(Name="Coupe femme cheveux longs"),DisplayFormat(DataFormatString="{0:C}")]

--- a/src/Yavsc/Extensions/PermissionHandler.cs
+++ b/src/Yavsc/Extensions/PermissionHandler.cs
@ -1,6 +1,7 @@
 using System.Security.Claims;
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.EntityFrameworkCore;
+using RazorEngine.Compilation.ImpromptuInterface.Optimization;
 using Yavsc.Helpers;
 using Yavsc.Models;
 using Yavsc.Models.Blog;
@ -55,12 +56,26 @@ public class PermissionHandler : IAuthorizationHandler
        return false;
    }

-    private static bool IsOwner(ClaimsPrincipal user, object? resource)
+    private  bool IsOwner(ClaimsPrincipal user, object? resource)
    {
        if (resource is BlogPost blogPost)
        {
            return blogPost.AuthorId == user.GetUserId();
        }
+        else
+        if (resource is DefaultHttpContext httpContext)
+        {
+            if (httpContext.Request.Path.StartsWithSegments("/Blogspot/Delete", StringComparison.OrdinalIgnoreCase))
+            {
+                string postId = (string)httpContext.GetRouteValue("id");
+                if (long.TryParse(postId, out long id))
+                {
+                BlogPost b = applicationDbContext.BlogSpot.FirstOrDefault(b => b.Id == id && b.AuthorId == user.GetUserId());
+                return b != null;
+
+                }
+            }
+        }
        return false;
    }