From 51a1c19f995bc05fd0e3a04ae3a748d2ebdfed8c Mon Sep 17 00:00:00 2001 From: Andy Date: Thu, 18 Apr 2024 12:34:48 -0400 Subject: [PATCH 1/2] Use Permissions.ViewContent for GetEndpoint --- .../OrchardCore.Contents/Endpoints/Api/GetEndpoint.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/OrchardCore.Modules/OrchardCore.Contents/Endpoints/Api/GetEndpoint.cs b/src/OrchardCore.Modules/OrchardCore.Contents/Endpoints/Api/GetEndpoint.cs index faff9130759..6f326b301f8 100644 --- a/src/OrchardCore.Modules/OrchardCore.Contents/Endpoints/Api/GetEndpoint.cs +++ b/src/OrchardCore.Modules/OrchardCore.Contents/Endpoints/Api/GetEndpoint.cs @@ -26,7 +26,7 @@ private static async Task HandleAsync( IAuthorizationService authorizationService, HttpContext httpContext) { - if (!await authorizationService.AuthorizeAsync(httpContext.User, Permissions.AccessContentApi)) + if (!await authorizationService.AuthorizeAsync(httpContext.User, Permissions.ViewContent)) { return httpContext.ChallengeOrForbid("Api"); } From fa9833b3c2d3dd8a0ebc6c31ec8cc1b53f589cb9 Mon Sep 17 00:00:00 2001 From: Andy Date: Thu, 18 Apr 2024 13:01:39 -0400 Subject: [PATCH 2/2] allow Anonymous to Get Content --- .../OrchardCore.Contents/Endpoints/Api/GetEndpoint.cs | 5 ----- 1 file changed, 5 deletions(-) diff --git a/src/OrchardCore.Modules/OrchardCore.Contents/Endpoints/Api/GetEndpoint.cs b/src/OrchardCore.Modules/OrchardCore.Contents/Endpoints/Api/GetEndpoint.cs index 6f326b301f8..f522136a8c2 100644 --- a/src/OrchardCore.Modules/OrchardCore.Contents/Endpoints/Api/GetEndpoint.cs +++ b/src/OrchardCore.Modules/OrchardCore.Contents/Endpoints/Api/GetEndpoint.cs @@ -26,11 +26,6 @@ private static async Task HandleAsync( IAuthorizationService authorizationService, HttpContext httpContext) { - if (!await authorizationService.AuthorizeAsync(httpContext.User, Permissions.ViewContent)) - { - return httpContext.ChallengeOrForbid("Api"); - } - var contentItem = await contentManager.GetAsync(contentItemId); if (contentItem == null)