From f3a63c9e46430b3cc42be9480b51b13c3d27742a Mon Sep 17 00:00:00 2001
From: Paul Schneider <paulschneider@free.fr>
Date: Sun, 10 Nov 2024 23:12:02 +0000
Subject: [PATCH] bug fixes

---
 src/Yavsc.Server/Models/Blog/BlogPost.cs      |  20 +--
 src/Yavsc.Server/Models/Blog/BlogTrad.cs      |  26 ----
 .../ViewModels/BlogPostInputViewModel.cs      |  26 ++++
 .../Relationship/CirclesViewModel.cs          |   3 +-
 .../Blogspot/FileSystemApiController.cs       |   2 +-
 .../Accounting/AccountController.cs           |  14 +-
 .../Communicating/AnnouncesController.cs      |   2 +-
 .../Communicating/BlogspotController.cs       |  30 ++--
 src/Yavsc/Extensions/HostingExtensions.cs     |   6 +
 src/Yavsc/Extensions/PermissionHandler.cs     |  46 ++++++
 src/Yavsc/Helpers/AsciiDocHelpers.cs          |  13 +-
 src/Yavsc/Models/ApplicationDbContext.cs      |   4 -
 .../CirclesControlViewComponent.cs            |   4 +
 src/Yavsc/ViewModels/Auth/EditRequirement.cs  |  19 ++-
 src/Yavsc/Views/Blogspot/Create.cshtml        |  85 +++++++++++
 src/Yavsc/Views/Blogspot/Details.cshtml       |   2 +-
 src/Yavsc/Views/Blogspot/Edit.cshtml          | 135 +-----------------
 src/Yavsc/Views/Blogspot/Title.cshtml         |   2 +-
 .../Components/BlogIndex/Default.cshtml       |   2 +-
 .../Components/CirclesControl/Default.cshtml  |   4 +-
 src/Yavsc/Views/Shared/Error.cshtml           |   2 +-
 src/Yavsc/Views/Shared/_Layout.cshtml         |   3 +-
 src/Yavsc/Views/Shared/_LoginPartial.cshtml   |   4 +-
 src/Yavsc/Views/Shared/_Nav.cshtml            |   2 +-
 .../site.scssc                                | Bin 5479 -> 9265 bytes
 src/Yavsc/wwwroot/css/site.css                |  16 +--
 src/Yavsc/wwwroot/css/site.scss               |  19 +--
 test/yavscTests/Startup.cs                    |   4 +-
 28 files changed, 261 insertions(+), 234 deletions(-)
 delete mode 100644 src/Yavsc.Server/Models/Blog/BlogTrad.cs
 create mode 100644 src/Yavsc.Server/ViewModels/BlogPostInputViewModel.cs
 create mode 100644 src/Yavsc/Extensions/PermissionHandler.cs
 create mode 100644 src/Yavsc/Views/Blogspot/Create.cshtml

diff --git a/src/Yavsc.Server/Models/Blog/BlogPost.cs b/src/Yavsc.Server/Models/Blog/BlogPost.cs
index 423dc1e3..f5d55d21 100644
--- a/src/Yavsc.Server/Models/Blog/BlogPost.cs
+++ b/src/Yavsc.Server/Models/Blog/BlogPost.cs
@@ -10,29 +10,19 @@ using Yavsc.Attributes.Validation;
 using Yavsc.Interfaces;
 using Yavsc.Models.Access;
 using Yavsc.Models.Relationship;
+using Yavsc.ViewModels.Blog;
 
 namespace Yavsc.Models.Blog
 {
-    public class BlogPost : IBlogPost, ICircleAuthorized, ITaggable<long>, IIdentified<long>
+    public class BlogPost : BlogPostInputViewModel, IBlogPost, ICircleAuthorized, ITaggable<long>, IIdentified<long>
     {
         [Key(), DatabaseGenerated(DatabaseGeneratedOption.Identity)]
         [Display(Name="Identifiant du post")]
         public long Id { get; set; }
 
-        [Display(Name="Contenu")][YaStringLength(56224)]
-        public string Content { get; set; }
-
-        [Display(Name="Photo")][YaStringLength(1024)]
-        public string Photo { get; set; }
-
-        [YaStringLength(8)]
-        public string Lang { get; set; }
-
         [Display(Name="Indice de qualité")]
         public int Rate { get; set; }
 
-        [Display(Name="Titre")][YaStringLength(1024)]
-        public string Title { get; set; }
 
         [Display(Name="Identifiant de l'auteur")]
         [ForeignKey("Author")]
@@ -41,8 +31,6 @@ namespace Yavsc.Models.Blog
         [Display(Name="Auteur")]
         public virtual ApplicationUser Author { set; get; }
 
-        [Display(Name="Visible")]
-        public bool Visible { get; set; }
 
         [Display(Name="Date de création")]
         public DateTime DateCreated
@@ -68,10 +56,6 @@ namespace Yavsc.Models.Blog
             get; set;
         }
 
-        [InverseProperty("Target")]
-        [Display(Name="Liste de contrôle d'accès")]
-        public virtual List<CircleAuthorizationToBlogPost> ACL { get; set; }
-
         public bool AuthorizeCircle(long circleId)
         {
             return ACL?.Any( i=>i.CircleId == circleId) ?? true;
diff --git a/src/Yavsc.Server/Models/Blog/BlogTrad.cs b/src/Yavsc.Server/Models/Blog/BlogTrad.cs
deleted file mode 100644
index 1a9e2777..00000000
--- a/src/Yavsc.Server/Models/Blog/BlogTrad.cs
+++ /dev/null
@@ -1,26 +0,0 @@
-using System.ComponentModel.DataAnnotations;
-using System.ComponentModel.DataAnnotations.Schema;
-using Newtonsoft.Json;
-using Yavsc.Models;
-
-namespace Yavsc.Server.Models.Blog
-{
-    public class BlogTrad
-    {
-        [Required]
-        public long PostId { get; set; }
-
-        [Required]
-        public string Lang { get; set; }
-
-        public string Title { get; set; }
-
-        public string Body { get; set; }
-
-        public string TraducerId  { get; set; }
-        
-        [ForeignKey("TraducerId"),JsonIgnore]
-        public ApplicationUser Traducer { set; get; }
-
-    }
-}
\ No newline at end of file
diff --git a/src/Yavsc.Server/ViewModels/BlogPostInputViewModel.cs b/src/Yavsc.Server/ViewModels/BlogPostInputViewModel.cs
new file mode 100644
index 00000000..20a25573
--- /dev/null
+++ b/src/Yavsc.Server/ViewModels/BlogPostInputViewModel.cs
@@ -0,0 +1,26 @@
+
+using System.ComponentModel.DataAnnotations;
+using System.ComponentModel.DataAnnotations.Schema;
+using Yavsc.Models.Access;
+
+namespace Yavsc.ViewModels.Blog
+{
+    public class BlogPostInputViewModel
+{
+        [StringLength(1024)]
+        public  string? Photo { get; set; }
+
+        [StringLength(1024)]
+        public required string Title { get; set; }
+
+        [StringLength(56224)]
+        public required string Content { get; set; }
+        
+        public bool Visible { get; set; }
+
+        [InverseProperty("Target")]
+        [Display(Name="Liste de contrôle d'accès")]
+        public virtual List<CircleAuthorizationToBlogPost>? ACL { get; set; }
+
+    }
+}
diff --git a/src/Yavsc.Server/ViewModels/Relationship/CirclesViewModel.cs b/src/Yavsc.Server/ViewModels/Relationship/CirclesViewModel.cs
index 1ce82844..173f317a 100644
--- a/src/Yavsc.Server/ViewModels/Relationship/CirclesViewModel.cs
+++ b/src/Yavsc.Server/ViewModels/Relationship/CirclesViewModel.cs
@@ -7,7 +7,8 @@ namespace Yavsc.ViewModels.Relationship
         public CirclesViewModel(ICircleAuthorized resource)
         {
             Target = resource;
-            TargetTypeName = resource.GetType().Name;
+            if (resource!=null)
+                TargetTypeName = resource.GetType().Name;
         }
         public ICircleAuthorized Target { get; set; }
         public string TargetTypeName { get; set; }
diff --git a/src/Yavsc/ApiControllers/Blogspot/FileSystemApiController.cs b/src/Yavsc/ApiControllers/Blogspot/FileSystemApiController.cs
index 8ab6b094..5a7f2251 100644
--- a/src/Yavsc/ApiControllers/Blogspot/FileSystemApiController.cs
+++ b/src/Yavsc/ApiControllers/Blogspot/FileSystemApiController.cs
@@ -65,7 +65,7 @@ namespace Yavsc.ApiControllers
             }
             _logger.LogInformation($"Receiving files, saved in '{destDir}' (specified as '{subdir}').");
             
-            var uid = User.FindFirstValue(ClaimTypes.NameIdentifier);
+            var uid = User.GetUserId();
             var user = dbContext.Users.Single(
                 u => u.Id == uid
             );
diff --git a/src/Yavsc/Controllers/Accounting/AccountController.cs b/src/Yavsc/Controllers/Accounting/AccountController.cs
index 899c4780..7c2ae269 100644
--- a/src/Yavsc/Controllers/Accounting/AccountController.cs
+++ b/src/Yavsc/Controllers/Accounting/AccountController.cs
@@ -235,9 +235,16 @@ namespace Yavsc.Controllers
         /// <summary>
         /// Show logout page
         /// </summary>
-        [HttpGet]
+        [HttpGet][Authorize]
         public async Task<IActionResult> Logout(string logoutId)
         {
+            if (string.IsNullOrWhiteSpace(logoutId))
+                {
+                    if (User.Identity.IsAuthenticated)
+                    {
+                        logoutId = User.GetUserId();
+                    }
+                }
             // build a model so the logout page knows what to display
             var vm = await BuildLogoutViewModelAsync(logoutId);
 
@@ -265,9 +272,11 @@ namespace Yavsc.Controllers
             {
                 // delete local authentication cookie
                 await HttpContext.SignOutAsync();
+                await _signInManager.SignOutAsync();
 
                 // raise the logout event
                 await _events.RaiseAsync(new UserLogoutSuccessEvent(User.GetSubjectId(), User.GetDisplayName()));
+
             }
 
             // check if we need to trigger sign-out at an upstream identity provider
@@ -282,6 +291,9 @@ namespace Yavsc.Controllers
                 return SignOut(new AuthenticationProperties { RedirectUri = url }, vm.ExternalAuthenticationScheme);
             }
 
+        
+
+
             return View("LoggedOut", vm);
         }
 
diff --git a/src/Yavsc/Controllers/Communicating/AnnouncesController.cs b/src/Yavsc/Controllers/Communicating/AnnouncesController.cs
index ac3ae0b7..7f67e346 100644
--- a/src/Yavsc/Controllers/Communicating/AnnouncesController.cs
+++ b/src/Yavsc/Controllers/Communicating/AnnouncesController.cs
@@ -60,7 +60,7 @@ namespace Yavsc.Controllers
         {
             ViewBag.IsAdmin = User.IsInRole(Constants.AdminGroupName);
             ViewBag.IsPerformer = User.IsInRole(Constants.PerformerGroupName);
-            ViewBag.AllowEdit = announce==null || announce.Id<=0 || !_authorizationService.AuthorizeAsync(User,announce,new EditRequirement()).IsFaulted;
+            ViewBag.AllowEdit = announce==null || announce.Id<=0 || !_authorizationService.AuthorizeAsync(User,announce,new EditPermission()).IsFaulted;
             List<SelectListItem> dl = new List<SelectListItem>();
             var rnames = System.Enum.GetNames(typeof(Reason));
             var rvalues = System.Enum.GetValues(typeof(Reason));
diff --git a/src/Yavsc/Controllers/Communicating/BlogspotController.cs b/src/Yavsc/Controllers/Communicating/BlogspotController.cs
index 87eaa5a4..b6f34d6e 100644
--- a/src/Yavsc/Controllers/Communicating/BlogspotController.cs
+++ b/src/Yavsc/Controllers/Communicating/BlogspotController.cs
@@ -14,6 +14,8 @@ using Yavsc.Helpers;
 using Microsoft.AspNetCore.Localization;
 using Microsoft.Extensions.Options;
 using Microsoft.EntityFrameworkCore;
+using System.Diagnostics;
+using Yavsc.ViewModels.Blog;
 
 // For more information on enabling Web API for empty projects, visit http://go.microsoft.com/fwlink/?LinkID=397860
 
@@ -111,30 +113,35 @@ namespace Yavsc.Controllers
         [Authorize()]
         public IActionResult Create(string title)
         {
-            var result = new BlogPost{Title=title};
+            var result = new BlogPostInputViewModel{Title=title,Content=""};
             ViewData["PostTarget"]="Create";
             SetLangItems();
-            return View("Edit",result);
+            return View(result);
         }
 
         // POST: Blog/Create
         [HttpPost, Authorize, ValidateAntiForgeryToken]
-        public IActionResult Create(Models.Blog.BlogPost blog)
+        public IActionResult Create(BlogPostInputViewModel blogInput)
         {
-            blog.Rate = 0;
-            blog.AuthorId = User.GetUserId();
-            blog.Id=0;
             if (ModelState.IsValid)
             {
-
-                _context.Blogspot.Add(blog);
+                BlogPost post = new BlogPost
+                {
+                    Title = blogInput.Title,
+                    Content = blogInput.Content,
+                    Photo = blogInput.Photo,
+                    Rate = 0,
+                    AuthorId = User.GetUserId()
+                };
+                _context.Blogspot.Add(post);
                 _context.SaveChanges(User.GetUserId());
                 return RedirectToAction("Index");
             }
             ModelState.AddModelError("Unknown","Invalid Blog posted ...");
             ViewData["PostTarget"]="Create";
-            return View("Edit",blog);
+            return View("Edit",blogInput);
         }
+
         [Authorize()]
         // GET: Blog/Edit/5
         public async Task<IActionResult> Edit(long? id)
@@ -147,12 +154,11 @@ namespace Yavsc.Controllers
             ViewData["PostTarget"]="Edit";
             BlogPost blog = _context.Blogspot.Include(x => x.Author).Include(x => x.ACL).Single(m => m.Id == id);
 
-
             if (blog == null)
             {
                 return NotFound();
             }
-            if (!_authorizationService.AuthorizeAsync(User, blog, new EditRequirement()).IsFaulted)
+            if (!_authorizationService.AuthorizeAsync(User, blog, new EditPermission()).IsFaulted)
             {
                 ViewBag.ACL = _context.Circle.Where(
                 c=>c.OwnerId == blog.AuthorId)
@@ -180,7 +186,7 @@ namespace Yavsc.Controllers
         {
             if (ModelState.IsValid)
             {
-                var auth = _authorizationService.AuthorizeAsync(User, blog, new EditRequirement());
+                var auth = _authorizationService.AuthorizeAsync(User, blog, new EditPermission());
                 if (!auth.IsFaulted)
                 {
                     // saves the change
diff --git a/src/Yavsc/Extensions/HostingExtensions.cs b/src/Yavsc/Extensions/HostingExtensions.cs
index 9125f675..438310cd 100644
--- a/src/Yavsc/Extensions/HostingExtensions.cs
+++ b/src/Yavsc/Extensions/HostingExtensions.cs
@@ -29,6 +29,7 @@ using Yavsc.Models.Market;
 using Yavsc.Models.Workflow;
 using Yavsc.Services;
 using Yavsc.Settings;
+using Yavsc.ViewModels.Auth;
 
 namespace Yavsc.Extensions;
 
@@ -308,7 +309,12 @@ internal static class HostingExtensions
                 // options.AddPolicy("EmployeeId", policy => policy.RequireClaim("EmployeeId", "123", "456"));
                 // options.AddPolicy("BuildingEntry", policy => policy.Requirements.Add(new OfficeEntryRequirement()));
                 options.AddPolicy("Authenticated", policy => policy.RequireAuthenticatedUser());
+                 options.AddPolicy("IsTheAuthor", policy =>
+                    policy.Requirements.Add(new EditPermission()));
             });
+           
+            services.AddSingleton<IAuthorizationHandler, PermissionHandler>();
+
             _ = services.AddControllersWithViews()
             .AddNewtonsoftJson();
             LoadGoogleConfig(builder.Configuration);
diff --git a/src/Yavsc/Extensions/PermissionHandler.cs b/src/Yavsc/Extensions/PermissionHandler.cs
new file mode 100644
index 00000000..bb42da50
--- /dev/null
+++ b/src/Yavsc/Extensions/PermissionHandler.cs
@@ -0,0 +1,46 @@
+using System.Security.Claims;
+using Microsoft.AspNetCore.Authorization;
+using Yavsc.ViewModels.Auth;
+
+namespace Yavsc.Extensions;
+
+public class PermissionHandler : IAuthorizationHandler
+{
+    public Task HandleAsync(AuthorizationHandlerContext context)
+    {
+        var pendingRequirements = context.PendingRequirements.ToList();
+
+        foreach (var requirement in pendingRequirements)
+        {
+            if (requirement is ReadPermission)
+            {
+                if (IsOwner(context.User, context.Resource)
+                    || IsSponsor(context.User, context.Resource))
+                {
+                    context.Succeed(requirement);
+                }
+            }
+            else if (requirement is EditPermission || requirement is DeletePermission)
+            {
+                if (IsOwner(context.User, context.Resource))
+                {
+                    context.Succeed(requirement);
+                }
+            }
+        }
+
+        return Task.CompletedTask;
+    }
+
+    private static bool IsOwner(ClaimsPrincipal user, object? resource)
+    {
+        // Code omitted for brevity
+        return true;
+    }
+
+    private static bool IsSponsor(ClaimsPrincipal user, object? resource)
+    {
+        // Code omitted for brevity
+        return true;
+    }
+}
diff --git a/src/Yavsc/Helpers/AsciiDocHelpers.cs b/src/Yavsc/Helpers/AsciiDocHelpers.cs
index 76b890d8..133942f1 100644
--- a/src/Yavsc/Helpers/AsciiDocHelpers.cs
+++ b/src/Yavsc/Helpers/AsciiDocHelpers.cs
@@ -117,7 +117,18 @@ namespace Yavsc.Helpers
                     InternalAnchor a = (InternalAnchor) elt;
                     sb.AppendFormat("<a name=\"{0}\">{1}</a> ", a.Id, a.XRefLabel);
                     break;
-
+                case "AsciiDocNet.Subscript":
+                 sb.AppendHtml("<sup>");
+                    Subscript sub = (Subscript)elt;
+                    sub.ToHtml(sb);
+                    sb.AppendHtml("</sup>");
+                    break;
+                case "AsciiDocNet.Superscript":
+                 sb.AppendHtml("<sup>");
+                    Superscript sup = (Superscript)elt;
+                    sup.ToHtml(sb);
+                    sb.AppendHtml("</sup>");
+                    break;
                 default:
                     string unsupportedType = elt.GetType().FullName;
                     throw new InvalidProgramException(unsupportedType);
diff --git a/src/Yavsc/Models/ApplicationDbContext.cs b/src/Yavsc/Models/ApplicationDbContext.cs
index 3a6c732e..3d8a3009 100644
--- a/src/Yavsc/Models/ApplicationDbContext.cs
+++ b/src/Yavsc/Models/ApplicationDbContext.cs
@@ -35,7 +35,6 @@ namespace Yavsc.Models
     using Calendar;
     using Blog;
     using Yavsc.Abstract.Identity;
-    using Yavsc.Server.Models.Blog;
     using Microsoft.EntityFrameworkCore;
     using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
     using Yavsc.Server.Models.Calendar;
@@ -79,7 +78,6 @@ namespace Yavsc.Models
             builder.Entity<Models.Cratie.Option>().HasKey(o => new { o.Code, o.CodeScrutin });
             builder.Entity<Notification>().Property(n => n.icon).HasDefaultValue("exclam");
             builder.Entity<ChatRoomAccess>().HasKey(p => new { room = p.ChannelName, user = p.UserId });
-            builder.Entity<BlogTrad>().HasKey(tr => new { post = tr.PostId, lang = tr.Lang });
             builder.Entity<InstrumentRating>().HasAlternateKey(i => new { Instrument= i.InstrumentId, owner = i.OwnerId });
 
             foreach (var et in builder.Model.GetEntityTypes())
@@ -291,8 +289,6 @@ namespace Yavsc.Models
 
         public DbSet<Project> Project { get; set; }
         
-        public DbSet<BlogTrad> BlogTrad { get; set; }
-
         [Obsolete("use signaled flows")]
         public DbSet<LiveFlow> LiveFlow { get; set; }
 
diff --git a/src/Yavsc/ViewComponents/CirclesControlViewComponent.cs b/src/Yavsc/ViewComponents/CirclesControlViewComponent.cs
index 117b60d7..4eb18add 100644
--- a/src/Yavsc/ViewComponents/CirclesControlViewComponent.cs
+++ b/src/Yavsc/ViewComponents/CirclesControlViewComponent.cs
@@ -20,6 +20,8 @@ namespace Yavsc.ViewComponents
 
         public IViewComponentResult Invoke (ICircleAuthorized target)
         {
+            if (target!=null)
+            {
             var oid = target.GetOwnerId();
             ViewBag.ACL = dbContext.Circle.Where(
                 c=>c.OwnerId == oid)
@@ -41,6 +43,8 @@ namespace Yavsc.ViewComponents
                         Checked  = target.AuthorizeCircle(c.Id),
                         Value = c.Id.ToString()
                     });
+            }
+           
             return View(new CirclesViewModel(target));
         }
     }
diff --git a/src/Yavsc/ViewModels/Auth/EditRequirement.cs b/src/Yavsc/ViewModels/Auth/EditRequirement.cs
index f6693943..5c3a4365 100644
--- a/src/Yavsc/ViewModels/Auth/EditRequirement.cs
+++ b/src/Yavsc/ViewModels/Auth/EditRequirement.cs
@@ -2,10 +2,25 @@ using Microsoft.AspNetCore.Authorization;
 
 namespace Yavsc.ViewModels.Auth
 {
-    public class EditRequirement : IAuthorizationRequirement
+    public class EditPermission : IAuthorizationRequirement
     {
-        public EditRequirement()
+        public EditPermission()
         {
         }
     }
+
+    public class ReadPermission: IAuthorizationRequirement
+    {
+        public ReadPermission()
+        {
+        }
+    }
+
+    public class DeletePermission: IAuthorizationRequirement
+    {
+        public DeletePermission()
+        {
+        }
+    }
+    
 }
diff --git a/src/Yavsc/Views/Blogspot/Create.cshtml b/src/Yavsc/Views/Blogspot/Create.cshtml
new file mode 100644
index 00000000..8b3c265d
--- /dev/null
+++ b/src/Yavsc/Views/Blogspot/Create.cshtml
@@ -0,0 +1,85 @@
+@model Yavsc.ViewModels.Blog.BlogPostInputViewModel
+
+@{
+   ViewData["Title"] = "Blog post edition";
+}
+
+@section header {
+
+<link href="~/css/main/dropzone.css" rel="stylesheet">
+
+<script src="~/js/dropzone.js"></script>
+
+    @{ await Html.RenderPartialAsync("_FSScriptsPartial"); }
+     
+}
+
+<h2>Blog post</h2>
+    <label><input type="checkbox" id="vcbtn" />Editer le code source Markdown</label>
+
+<div asp-validation-summary="All" class="text-danger"></div>
+
+<img class="blogphoto" alt="" src="@Model.Photo" title="Photo associée au post">
+<h2 title="Titre du post" class="blogtitle" id="titleview" >@Model.Title</h2>
+
+<div title="Contenu du post" id="contentview">@Model.Content</div>
+
+<hr>
+<form asp-controller="Blogspot" asp-action="Create">
+    <div class="form-horizontal">
+
+        <div asp-validation-summary="ModelOnly" class="text-danger"></div>
+     
+        <div class="form-group mdcoding">
+            <label asp-for="Title" class="col-md-2 control-label"></label>
+            <div class="col-md-10">
+                <input asp-for="Title" class="form-control" data-from="titleview"/>
+                <span asp-validation-for="Title" class="text-danger" >
+                </span>
+            </div>
+        </div>
+
+        <div class="form-group">
+            <label asp-for="Photo" class="col-md-2 control-label"></label>
+            <div class="col-md-10">
+                <input asp-for="Photo" class="form-control" />
+                <span asp-validation-for="Photo" class="text-danger" >
+                </span>
+            </div>
+        </div>
+        <div class="form-group mdcoding">
+            <label asp-for="Content" class="col-md-2 control-label" ></label>
+            <div class="col-md-10">
+                <textarea asp-for="Content" class="form-control" id="Content" data-from="contentview">
+                </textarea>
+                <span asp-validation-for="Content" class="text-danger" >
+                </span>
+            </div>
+        </div>
+        <div class="form-group">
+            <label asp-for="Visible" class="col-md-2 control-label"></label>
+            <div class="col-md-10">
+                    <input asp-for="Visible" class="form-control"/>
+            </div>
+        </div>
+        <div class="form-group">
+            <label asp-for="ACL" class="col-md-2 control-label"></label>
+            <div class="col-md-10">
+               @await Component.InvokeAsync("CirclesControl", Model)
+            </div>
+        </div>
+
+        <div class="form-group">
+            <div class="col-md-offset-2 col-md-10">
+                <button  class="btn btn-primary" >Save</button>
+            </div>
+        </div>
+    </div>
+</form>
+@await Component.InvokeAsync("Directory","")
+<div >
+    @{ await Html.RenderPartialAsync("_PostFilesPartial"); }
+   </div>
+<div>
+    <a asp-action="Index">Back to List</a>
+</div>
diff --git a/src/Yavsc/Views/Blogspot/Details.cshtml b/src/Yavsc/Views/Blogspot/Details.cshtml
index f37ac91d..65ab92ce 100644
--- a/src/Yavsc/Views/Blogspot/Details.cshtml
+++ b/src/Yavsc/Views/Blogspot/Details.cshtml
@@ -112,7 +112,7 @@ $('span.field-validation-valid[data-valmsg-for="Content"]').html(
     }
     
 </div>
-@if ((await AuthorizationService.AuthorizeAsync(User, Model, new EditRequirement())).Succeeded) {
+@if ((await AuthorizationService.AuthorizeAsync(User, Model, new EditPermission())).Succeeded) {
 <a asp-action="Edit" asp-route-id="@Model.Id" class="btn btn-link">Edit</a>
 }
 <a asp-action="Index" class="btn btn-link">Back to List</a>
diff --git a/src/Yavsc/Views/Blogspot/Edit.cshtml b/src/Yavsc/Views/Blogspot/Edit.cshtml
index d08c52d4..0624a5ca 100644
--- a/src/Yavsc/Views/Blogspot/Edit.cshtml
+++ b/src/Yavsc/Views/Blogspot/Edit.cshtml
@@ -1,4 +1,4 @@
-@model BlogPost
+@model Yavsc.ViewModels.Blog.BlogPostInputViewModel
 
 @{
    ViewData["Title"] = "Blog post edition";
@@ -6,7 +6,6 @@
 
 @section header {
 
-<link href="~/css/main/quill.snow.css" rel="stylesheet">
 <link href="~/css/main/dropzone.css" rel="stylesheet">
 
 <style>
@@ -34,90 +33,12 @@
 
 </style>
 <script src="~/js/dropzone.js"></script>
-<script src="~/js/quill.js"></script>
-<script src="~/js/to-markdown.js"></script>
 
 
-@{ await Html.RenderPartialAsync("_FSScriptsPartial"); }
+    @{ await Html.RenderPartialAsync("_FSScriptsPartial"); }
      
 }
 
-@section scripts {
-<script src="~/js/showdown.js" asp-append-version="true"></script>
-<script src="~/js/md-helpers.js" asp-append-version="true"></script>
-<script>
-
-    $(document).ready(function() {
-    if (typeof(allowCircleToBlog) !== 'undefined') {
-        $('input.Blogcirle[type=checkbox]').on('change', allowCircleToBlog);
-    }
-    $(".mdcoding").addClass('hidden');
-    $("#contentview").on('drop', function(){drop(event);});
-    $("#contentview").on('dragover', function(){allowDrop(event);});
-    var onchange = function(){
-        var nv = $(this).val();
-        var tid = $(this).data('from');
-       $('#'+tid).html(htmlize(nv));
-    };
-
-    $("#Content").change(onchange);
-    $("#Title").change(onchange);
-    $('#vcbtn').change(function(){
-        var vc = $(this).prop('checked');
-        if (vc) {
-            $("#contentview").addClass('hidden');
-            $("#titleview").addClass('hidden');
-            $(".mdcoding").removeClass('hidden');
-        } else {
-            $("#contentview").removeClass('hidden');
-            $("#titleview").removeClass('hidden');
-            $(".mdcoding").addClass('hidden');
-        }
-    });
-
-    var initQuill = function() {
-        var editortitre = new Quill('#titleview', {
-            modules: { toolbar: '#Titletoolbar' },
-            theme: 'snow'
-        });
-        var editorcontenu = new Quill('#contentview', {
-            modules: { toolbar: '#contentbar' },
-            theme: 'snow'
-        });
-        editortitre.on('selection-change', function(range) {
-            if (range) {
-                $('#contentbar').addClass('hidden');
-                $('#Titletoolbar').removeClass('hidden');
-            }
-        });
-        editortitre.on('text-change',function(delta,source){
-            if (source=='user')
-            {
-                updateMD('Title',$('#ql-editor-1').html())
-            }
-        });
-        editorcontenu.on('selection-change', function(range) {
-            if (range) {
-                $('#contentbar').removeClass('hidden');
-                $('#Titletoolbar').addClass('hidden');
-            }
-        });
-        editorcontenu.on('text-change',function(delta,source){
-            if (source=='user')
-            {
-                updateMD('Content',$('#ql-editor-2').html())
-            }
-        });
-    };
- initQuill();
-
- 
-
-  });
-</script>
-    @Html.Partial("_ValidationScriptsPartial")
-
-}
 <h2 > Blog post edition </h2>
                 <label><input type="checkbox" id="vcbtn" />Editer le code source Markdown</label>
 
@@ -131,47 +52,17 @@
 </div>
 
 <img class="blogphoto" alt="" src="@Model.Photo" title="Photo associée au post">
-<h2 title="Titre du post" class="blogtitle" id="titleview" ismarkdown>@Model.Title</h2>
+<h2 title="Titre du post" class="blogtitle" id="titleview" >@Model.Title</h2>
 
-<div id="contentbar" class="hidden ql-snow ql-toolbar">
-<span class="ql-format-group">
-  <button class="ql-format-button ql-bold"></button>
-  <button class="ql-format-button ql-italic"></button>
-  <button class="ql-format-button ql-underline"></button>
-  <button class="ql-format-button ql-strike"></button>
-  <environment names="Development">
-  <button class="ql-format-button ql-link"></button>
-  <button class="ql-format-button ql-image"></button>
-  <button class="ql-format-button ql-video"></button>
-  <button class="ql-format-button ql-file"></button>
-  </environment>
- </span>
-<span class="ql-format-group">
-<span title="List" class="ql-format-button ql-list"></span>
-<span class="ql-format-separator"></span>
-<span title="Bullet" class="ql-format-button ql-bullet"></span>
-<span class="ql-format-separator"></span>
-<select title="Text Alignment" class="ql-align">
-<option value="left" label="Left" selected=""></option>
-<option value="center" label="Center"></option>
-<option value="right" label="Right"></option>
-<option value="justify" label="Justify"></option>
-</select>
-</span>
-</div>
 
-<div title="Contenu du post" id="contentview" markdown="@Model.Content"></div>
+<div title="Contenu du post" id="contentview">@Model.Content</div>
 
 <hr>
-<form asp-action="@ViewData["PostTarget"]">
+<form>
     <div class="form-horizontal">
 
-        <hr />
-        <p class="text-success">@ViewData["StatusMessage"]</p>
         <div asp-validation-summary="ModelOnly" class="text-danger"></div>
-        <input type="hidden" asp-for="Id" />
-        <input type="hidden" asp-for="AuthorId" />
-      
+     
 
         <div class="form-group mdcoding">
             <label asp-for="Title" class="col-md-2 control-label"></label>
@@ -182,17 +73,6 @@
             </div>
         </div>
 
-        <div class="form-group">
-            <label asp-for="Lang" class="col-md-2 control-label"></label>
-            <div class="col-md-10">
-                <select asp-for="Lang" class="form-control" asp-items="@ViewBag.LangItems" >
-                </select>
-                <span asp-validation-for="Lang" class="text-danger" >
-                </span>
-            </div>
-        </div>
-        
-
         <div class="form-group">
             <label asp-for="Photo" class="col-md-2 control-label"></label>
             <div class="col-md-10">
@@ -230,9 +110,6 @@
         </div>
     </div>
 </form>
-<div>
-    
-</div>
 @await Component.InvokeAsync("Directory","")
 <div >
     @{ await Html.RenderPartialAsync("_PostFilesPartial"); }
diff --git a/src/Yavsc/Views/Blogspot/Title.cshtml b/src/Yavsc/Views/Blogspot/Title.cshtml
index 6e2b27d5..1f02b3e5 100644
--- a/src/Yavsc/Views/Blogspot/Title.cshtml
+++ b/src/Yavsc/Views/Blogspot/Title.cshtml
@@ -46,7 +46,7 @@
                     <a asp-action="Details" asp-route-id="@item.Id"  class="btn btn-lg">Details</a>
             </li>
                 }
-            @if ((await AuthorizationService.AuthorizeAsync(User, item, new EditRequirement())).Succeeded) {
+            @if ((await AuthorizationService.AuthorizeAsync(User, item, new EditPermission())).Succeeded) {
             <li><a asp-action="Edit" asp-route-id="@item.Id" class="btn btn-default">Edit</a>
             </li>
             <li><a asp-action="Delete" asp-route-id="@item.Id" class="btn btn-danger">Delete</a>
diff --git a/src/Yavsc/Views/Shared/Components/BlogIndex/Default.cshtml b/src/Yavsc/Views/Shared/Components/BlogIndex/Default.cshtml
index 92f81b83..f0a9ab4d 100644
--- a/src/Yavsc/Views/Shared/Components/BlogIndex/Default.cshtml
+++ b/src/Yavsc/Views/Shared/Components/BlogIndex/Default.cshtml
@@ -49,7 +49,7 @@
                       <a asp-action="Details" asp-route-id="@item.Id"  class="btn btn-lg">Details</a>
               </li>
                   }
-              @if ((await AuthorizationService.AuthorizeAsync(User, item, new EditRequirement())).Succeeded) {
+              @if ((await AuthorizationService.AuthorizeAsync(User, item, new EditPermission())).Succeeded) {
               <li><a asp-action="Edit" asp-route-id="@item.Id" class="btn btn-default">Edit</a>
               </li>
               <li><a asp-action="Delete" asp-route-id="@item.Id" class="btn btn-danger">Delete</a>
diff --git a/src/Yavsc/Views/Shared/Components/CirclesControl/Default.cshtml b/src/Yavsc/Views/Shared/Components/CirclesControl/Default.cshtml
index 815cdbd6..d11cf672 100644
--- a/src/Yavsc/Views/Shared/Components/CirclesControl/Default.cshtml
+++ b/src/Yavsc/Views/Shared/Components/CirclesControl/Default.cshtml
@@ -1,6 +1,6 @@
 @model CirclesViewModel
-
-@foreach (var cb in ViewBag.Access) { 
+@if (ViewBag.Access!=null)
+foreach (var cb in ViewBag.Access) {
 <label><input type="checkbox" class="@(Model.TargetTypeName)cirle" checked="@cb.Checked" value="@cb.Text" 
  data-target-id="@Model.Target.Id" data-circle-id="@cb.Value" data-targe-type="">
  @cb.Text </label>
diff --git a/src/Yavsc/Views/Shared/Error.cshtml b/src/Yavsc/Views/Shared/Error.cshtml
index a1e04783..d5a8de36 100644
--- a/src/Yavsc/Views/Shared/Error.cshtml
+++ b/src/Yavsc/Views/Shared/Error.cshtml
@@ -6,7 +6,7 @@
 <h1 class="text-danger">Error.</h1>
 <h2 class="text-danger">An error occurred while processing your request.</h2>
 
-@if (Model.ShowRequestId)
+@if (Model!=null) if (Model.ShowRequestId)
 {
     <p>
         <strong>Request ID:</strong> <code>@Model.RequestId</code>
diff --git a/src/Yavsc/Views/Shared/_Layout.cshtml b/src/Yavsc/Views/Shared/_Layout.cshtml
index 0682ddaa..b3006a56 100644
--- a/src/Yavsc/Views/Shared/_Layout.cshtml
+++ b/src/Yavsc/Views/Shared/_Layout.cshtml
@@ -10,8 +10,7 @@
     <link rel="stylesheet" href="~/lib/bootstrap/dist/css/bootstrap.min.css"  asp-append-version="true"/>
     <link rel="stylesheet" href="~/css/site.css"  asp-append-version="true"/>
     <!-- #region jQuery Slim
-    <script src="~/lib/jquery/dist/jquery.slim.min.js"></script>
-    -->
+    <script src="~/lib/jquery/dist/jquery.slim.min.js"></script> -->
     <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js"></script>
     @await RenderSectionAsync("header", false)
 </head>
diff --git a/src/Yavsc/Views/Shared/_LoginPartial.cshtml b/src/Yavsc/Views/Shared/_LoginPartial.cshtml
index a95c1363..01f02585 100644
--- a/src/Yavsc/Views/Shared/_LoginPartial.cshtml
+++ b/src/Yavsc/Views/Shared/_LoginPartial.cshtml
@@ -46,7 +46,9 @@
             Manage your account
         </a>
             </li>
-            <li><a class="dropdown-item" asp-controller="Grants" asp-action="Index">Your Grants</a></li>
+            <li><a class="dropdown-item" asp-controller="Grants" asp-action="Index">Grants</a></li>
+            <li><a class="dropdown-item" asp-controller="Device" asp-action="Index">Device</a></li>
+            <li><a class="dropdown-item" asp-controller="Diagnostics" asp-action="Index">Diagnostics</a></li>
             <li><a class="dropdown-item" asp-controller="Account" asp-action="Logout">Logout</a></li>
         </ul>
     </li>
diff --git a/src/Yavsc/Views/Shared/_Nav.cshtml b/src/Yavsc/Views/Shared/_Nav.cshtml
index 2e0cd068..158a5c00 100644
--- a/src/Yavsc/Views/Shared/_Nav.cshtml
+++ b/src/Yavsc/Views/Shared/_Nav.cshtml
@@ -5,7 +5,7 @@
 
       <button class="navbar-toggler" type="button" data-bs-toggle="collapse" 
       data-bs-target="#navbar" aria-controls="navbar" 
-      aria-expanded="false" aria-label="Toggle navigation">
+      aria-expanded="true" aria-label="Toggle navigation">
         <span class="navbar-toggler-icon"></span>
       </button>
 
diff --git a/src/Yavsc/wwwroot/css/.sass-cache/f72b97d2a2f775ae72a70903abdc00c6553756a7/site.scssc b/src/Yavsc/wwwroot/css/.sass-cache/f72b97d2a2f775ae72a70903abdc00c6553756a7/site.scssc
index 5384691e53ac895054a7410d18b416bd9beac339..e91dd8617e756cc2dadd54ee2409897610d9164f 100644
GIT binary patch
literal 9265
zcmd^F&2rnw5tf(@MN<Fr%9bU|Mkq_v+9C;2mb}7PTZmojDph4&PNYp$N(UB5LKGqp
zg9SkS#Bn9p<Q0-za!+0%IpvZ(KrYEOdrMv*=^hMbI1p%A-o2%EX<&e!p8ol!r@Nu8
z+SA&TlHJ+e+}S>EAMfryX<0k1on3vm^>oL6YVAJV+1b*!c8?p!PwZCdqXISV9#~;$
z7>9vv8^(_)jb71?Jz-3l?GwlC1h#inN)z>68;Pckk{Q7LQGUNXTk8gv7ll>d>e_iD
z|M{UYXZltU+MOoSgw!a<3mw?5-HvEr7%ynAXC2sI^=+?h7mP`>XZKom5FX{Jv79DO
z=*GwdzF)cW-s$<SoluR(REue<7cMAU0J%M@XYZG128AZYLwMmjp6%p8{bR?qkxB=_
z!hY+gAT+zB{h*EN6b|et4--zT@Z{~tOHemtubN<ou1$>vzBYRZmc^$<W7-TOD~Ost
z1r|#x$!i)qkwd*PG7Az+nDqEKv?I8kG;OcLrjSMUk}NrMur!LOgQ%c74I(?xaUz+E
zFY&FhWQN?}O+`MkP$YM$<d-M+21d8Y@_u;=#Ib8(I}Gz+8*-l-S}gEBUk_mO5=00u
z!^rNTRRe&}etEloLVI@IxB71VoCc?%Z?*0ErF9mz>tWEY|AgJ0pPwUnowEna1h(Zi
zzX^*4GX#e<(QD0fEASkz8&Wc#C%4f-B{Q;Gp)*4A03b3pO$rFyQmt(T9j0K3lJNoq
z4w;N$My6sQk?8`N*)JCb>8vw`cD|*PkHrGy4t=*#$H}rz?xT0uWW4a(2g=MbaBo4l
z14mP2*<2*|%_Z`X$zM$E$kze&aYxRO8PsXIX9Zoyt47pE#f)+D%yRp%PlX2$+JWOo
z$*%ta_&KoL0$IC4@MD~47za@R#w?OGFhWE3FBscNllq9)@XZJs_tLkGX{Td*k#p?W
zfl)R)wjbDSD}or{c(8=ugw5`NEI@;1D5OkQ099`b#c{MasJJm}`k-hty!0aL!YFw5
zIrwq}9r20zYzV(nHb3JI3jrB>!hEjG_&AZkSct8dF@<j&F24C9nL^1b_sCp}1|2)7
zwrCX59z)w2qOgKCC+p0x3!DCh7E;&gXs**ei6AyzGD=kL5qV5D&}PMy&5B^9yFy|d
zZ6wPxuvAG+HBuG>X(W|FJ;tSZs4Q?tETAj6<)WBhChz4gn_;`G8aa_`Go7y8Yty*b
z1}4lp<2T=Nvtq}w$;gBAQFq)pm`&OMN4FCl_>L<`T?$UGdyNjpz4XEJxoh_T^+f_<
zBw+v{4?`6TkLcQon=4op3bM(_gY!`poB)+3gcETzlTvU@g0*z+bfS}Nkd`)ezWv#r
z6R@02!EzFom=_D;NZHEd3M{i2Obua>z;g6g3IQBiJW8s#<g%EfzfK6GuHz>*?zNjK
zJC#y)3e=Nv3r9=IO4)lbi-A;DWgwLOjZhW|L|h`OvRoE(^tVC;5g#WKxy@e)UJ4c<
ziGg&cnPh&4(oR#y)QhU2^RsySUI|{s&4#|ptf)k**<?i?B4<JJJ7R4dU1O;%1`^0B
z17WE@C@ahhL#USGvY4ZPObDd9Gfds{cVMH~qHdfvC<@P|6rKYWWq8KXa<W=BG_n{-
zg;fSZ;Xet5kziPS=CYWhe-<JLXpARvo2P=88V9!k4I*iBt(NUx69ma7i*_YR+rTI{
zfAc6O6DKwqd2l{zl$!_TWf;d%I?BP3n;gj>?Bd&rsW_%@!#dK%IJ(BgSq!9$RR+Sv
z{}OINf?+P^vY4Y^Uv=?(BDXpEcfm|G($=9&rp5$$Lr|-^=pc1oP%jATJP0ad@*sZJ
zYMyo0vVv;I3Qo0T5YcYeg(S&oQ!f)+a7L*K`OE+tHe(jz31IqWdHI|;L~(L@jRn5O
z73tn{ty_vcD#}^_<0bY3nN=t+f$d~ThNE@i(YOW}fbx9HYM*uk+V?tDr-ubN)@vA}
zlZs8v_h0tCw&l9hSmeXiYC#!EFfr)|Y*Rxv4+R9);iLkoX_BChe%-Mm%U~<i!?W(=
zi=Ml&y48kT4Q{<~uW}MazEQ73ZC5+rs?nfZZ|J&?#1-w#vCp5=i@l1j>Dm_lUs>I<
zVZLugCt4T<^wi#~1l^Xk+W54wy}hByfAre+_G)9d!pW*wrME2~$WdwWxQB&|>%e8N
zvZ;&5ET7q{G%8wWukytc?deIQ0hi6~_}bWlYo#6wgR;UMvmlG?#yE%u#ZR1m-%D`L
zH~&5G%(Cz>j&dK33Qx_Mi(unZ`x46F4ix<N<FxS0$Z-wh6%Bfp3nyyl3(Fsa;s)rN
z@mg3>70sUI!*$#Yeb<8C0}wz_+ik`}fK8SxG7vFYzN^T>QZ_`-mFz2v)tIW*0IMV@
z<tn2J&9JD1qJUs#Zhb(Uq-a}8ENbSaB|8=I5Id5TI_^_p>j=_m)~Z6F@0VZKA89S<
zCx8JhzXnYO?dKXtqe}thCp3(VZ3Lt1wCaKq+YfTY<~^!2=RY#WJ?0^`e9{teIRG@!
zO>R^i{V;LAJTFPdIl~Hw_MsV5bv(}ww9hnr2!QSJTk#%%jb(K;Zo8x_B^a|H2*EHu
zU<<&9Nz9Jd6&Awce#I@pk}b)IW*wxsVT4=|Q41&Um-C+?ulE<Eh-%(s`6YoXJVaK$
z;qrHc9aPi4r!CeLVV)_%z&2cAzbg@ZMF9qm_7Y(5ni4#jBqQT-$A+2cYHnTI=GIeE
z&4(!@K7=J^gs3=@HA3d5&tf3^PAUVj<$bwFkwSK+)a05AW9GgRTV85AcwV)sO9QF*
zlWDTe&Y~h71nl|FQIVfR>C=oir(X53ZCoO25ZS;&#=PnEd(hB=CUdjzIZ=2t0_`4X
zOwpd>DNm<N8aU7?vs}Qm4y(NcU#_O?x(aGO5O&3pCL9R?J~<;zAprS4G^L)KxnGWw
z7uWFpp2D~Mt?^w^_&yxQ_qd?fcG#()h>TC)VT@IUIb<}v>IP$wPbt|QBgUH%Lg4pI
zCwrLlXPI<S;Ucpe<bpWQglrZg30d@wWF#Q_I|*5&fMAx{Cct+fl$rZ|24qXaa9RMI
za+pGoC{C9c6h{A>VOYp$xM9~)C|iToWvYlH*@8-=>;qWKq8nMuUd$ENf60<sPxeNZ
z)G}5h>-)mG!{Ly{Wm>=ixjay~4244$BMAqUk$}TrB^;1qQY@uLFnk9>nYq7Zz~O_7
z$4biW6<9^~$#8U6$dkDPvKUB}RR%)ke@K;)LKbDJ%3K&T_s<NKCw!~ZfjpRj{e91<
z^_05nu==d<G>&9<CR5!k22x#>fl&9~QeC8&78X_2<-(Y`{|I$4HA1xEsm?#=m^n+b
zQ;+e%l6DTd!nKx5yZ#A{C^HhA@0s6|WagH1l3C{Vcp!6|QaQ~!`0|EH8+e(2Zeo*>
z2j`=fnvcOmGK0mDnm6Q+271F&J?o<Sj{a~F`okH0z>UP3JZs*7Rb;fok*pmuagfD8
z;y`5}aIlmUP(up%8ju<IxiDt#UM``Kxe9zsyQsdaNjya3YD(iOvupB=6-V+M%G5ZE
zfz()KAT+K@jgbO68<`q&Va!}jXe^QcIFa1UO-ObsE=21G%3Db7u|S2->A5%G8T>N<
z?M+G3*oPl>r)l!Dq@m$gL;~+MsM-cTjTu_TS1?jygahA@I73Z?9VG5GjR6x_;5Ukx
zIW7=;FZK9s%u~}uV;cydhn-9tXaE}^qT7jI@M)~4DHa||t7&gbFe7Pj4efRTr((K?
zV`$KgSug+pv|P%c5HwclTP);(+lN)&%(XFG4GqgL^!|W{ST<;ASfi}#8~9&s2gKJj
z`C=WrSL~<j>{TX8_@SCC0{ScG2$zG0Tn1r=P#KhxXKzdF%)!6<xbE)|@**m19sUoL
C3W5Rv

delta 76
zcmdn!@mx#KSkGL~gv%n$Jk`>`)G*Z~&Dbo>Bqb@uEGf+>CDF{($i&<t)xgXo%`zp)
gD0QNqIwSkWux6pjSqh>|PE4B{6`YtR|4}vt08NV)BLDyZ

diff --git a/src/Yavsc/wwwroot/css/site.css b/src/Yavsc/wwwroot/css/site.css
index 7681dba1..faf983f2 100644
--- a/src/Yavsc/wwwroot/css/site.css
+++ b/src/Yavsc/wwwroot/css/site.css
@@ -14,21 +14,13 @@
   background-image: url("data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' viewBox='0 0 30 30'%3e%3cpath stroke='rgba%28255, 255, 255, 0.55%29' stroke-linecap='round' stroke-miterlimit='10' stroke-width='2' d='M4 7h22M4 15h22M4 23h22'/%3e%3c/svg%3e"); }
 
 /* bootstrap.css | http://localhost:5000/lib/bootstrap/css/bootstrap.css */
-.nav-link {
-  /* background-color: var(--bs-nav-tabs-link-active-bg); */
-  background-color: black; }
-
-.dropdown-item {
-  /* background-color: transparent; */
-  background-color: black; }
-
-.dropdown-menu {
-  /* background-color: var(--bs-dropdown-bg); */
-  background-color: black; }
-
 div.carousel-inner > div.item > div.carousel-caption-s {
   margin: .5em;
   background-color: rgba(0, 0, 0, 0.6);
   color: #ffffc8;
   font-weight: bold;
   padding: .5em; }
+
+img.blogphoto {
+  max-width: 100%;
+  max-height: 100%; }
diff --git a/src/Yavsc/wwwroot/css/site.scss b/src/Yavsc/wwwroot/css/site.scss
index 93a8d9d7..e5b502b4 100644
--- a/src/Yavsc/wwwroot/css/site.scss
+++ b/src/Yavsc/wwwroot/css/site.scss
@@ -26,20 +26,6 @@
 
 /* bootstrap.css | http://localhost:5000/lib/bootstrap/css/bootstrap.css */
 
-.nav-link {
-  /* background-color: var(--bs-nav-tabs-link-active-bg); */
-  background-color: black;
-}
-
-.dropdown-item {
-  /* background-color: transparent; */
-  background-color: black;
-}
-
-.dropdown-menu {
-  /* background-color: var(--bs-dropdown-bg); */
-  background-color: black;
-}
 
 div.carousel-inner > div.item > div.carousel-caption-s {
   margin: .5em;
@@ -48,3 +34,8 @@ div.carousel-inner > div.item > div.carousel-caption-s {
   font-weight: bold;
   padding: .5em;
 }
+
+img.blogphoto {
+  max-width: 100%;
+  max-height: 100%;
+}
diff --git a/test/yavscTests/Startup.cs b/test/yavscTests/Startup.cs
index c4082e7f..c37acbba 100644
--- a/test/yavscTests/Startup.cs
+++ b/test/yavscTests/Startup.cs
@@ -615,14 +615,14 @@ namespace yavscTests
 
             Environment.SetEnvironmentVariable("GOOGLE_APPLICATION_CREDENTIALS", "google-secret.json");
 
-            /* TODO
+          
 
             ConfigureFileServerApp(app, SiteSetup, env, authorizationService);
 
             app.UseRequestLocalization(localizationOptions.Value, (RequestCulture)new RequestCulture((string)"en-US"));
 
             ConfigureWorkflow();
-            */
+           
 
             app.UseMvc(routes =>
             {