Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Use Permissions.ViewContent for GetEndpoint #15785

Closed
infofromca opened this issue Apr 18, 2024 · 1 comment
Closed

Use Permissions.ViewContent for GetEndpoint #15785

infofromca opened this issue Apr 18, 2024 · 1 comment
Labels
bug 🐛

Comments

@infofromca
Copy link
Contributor

Describe the bug

To Reproduce

Steps to reproduce the behavior:

  1. Go to 'Content GET API'

  2. See error
    DIFF PERMISSION in whole site

Expected behavior

tHIS GET API SHOULD HAVE THE SAME PERMISSION AS 👍 public async Task Display(string contentItemId, string jsonPath)
{
var contentItem = await _contentManager.GetAsync(contentItemId, jsonPath);

if (contentItem == null)
{
    return NotFound();
}

if (!await _authorizationService.AuthorizeAsync(User, **_CommonPermissions.ViewContent_**, contentItem))
{
    return this.ChallengeOrForbid();
}

var model = await _contentItemDisplayManager.BuildDisplayAsync(contentItem, this);

return View(model);

}
@infofromca infofromca mentioned this issue Apr 18, 2024
Closed
@MikeAlhayek
Copy link
Member

Not really. We use both permissions. First we make sure you have permission to access the API. Then we check to see if you have permission to view the requested content item.

This was referenced May 1, 2024
Closed
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug 🐛
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Use Permissions.ViewContent for GetEndpoint infofromca/OrchardCore
3 participants
@infofromca @Piedone @MikeAlhayek