Fixed uploads not being deleted for admin roles.

2023-08-02 14:16:22 +02:00 · 2021-11-13 21:12:36 -08:00 · 2021-11-13 21:12:36 -08:00 · d6c1548130
commit d6c1548130
parent 543df28eb7
1 changed files with 6 additions and 4 deletions
--- a/Teknik/Areas/Upload/Controllers/UploadController.cs
+++ b/Teknik/Areas/Upload/Controllers/UploadController.cs
@ -510,7 +510,8 @@ namespace Teknik.Areas.Upload.Controllers
            Models.Upload upload = _dbContext.Uploads.Where(up => up.Url == file).FirstOrDefault();
            if (upload != null)
            {
-                if (upload.User.Username == User.Identity.Name)
+                if (upload.User.Username == User.Identity.Name ||
+                    User.IsInRole("Admin"))
                {
                    string delKey = StringHelper.RandomString(_config.UploadConfig.DeleteKeyLength);
                    upload.DeleteKey = delKey;
@ -518,7 +519,7 @@ namespace Teknik.Areas.Upload.Controllers
                    _dbContext.SaveChanges();
                    return Json(new { result = new { url = Url.SubRouteUrl("u", "Upload.DeleteByKey", new { file = file, key = delKey }) } });
                }
-                return Json(new { error = new { message = "You do not own this upload" } });
+                return Json(new { error = new { message = "You do not have permission to delete this Upload" } });
            }
            return Json(new { error = new { message = "Invalid URL" } });
        }
@ -530,12 +531,13 @@ namespace Teknik.Areas.Upload.Controllers
            Models.Upload foundUpload = _dbContext.Uploads.Where(u => u.Url == id).FirstOrDefault();
            if (foundUpload != null)
            {
-                if (foundUpload.User.Username == User.Identity.Name)
+                if (foundUpload.User.Username == User.Identity.Name ||
+                    User.IsInRole("Admin"))
                {
                    UploadHelper.DeleteFile(_dbContext, _config, _logger, foundUpload);
                    return Json(new { result = true });
                }
-                return Json(new { error = new { message = "You do not have permission to edit this Paste" } });
+                return Json(new { error = new { message = "You do not have permission to delete this Upload" } });
            }
            return Json(new { error = new { message = "This Upload does not exist" } });
        }