diff --git a/src/Turnierplan.App/Endpoints/ApiKeys/DeleteApiKeyEndpoint.cs b/src/Turnierplan.App/Endpoints/ApiKeys/DeleteApiKeyEndpoint.cs index 7d31d642..c5da061b 100644 --- a/src/Turnierplan.App/Endpoints/ApiKeys/DeleteApiKeyEndpoint.cs +++ b/src/Turnierplan.App/Endpoints/ApiKeys/DeleteApiKeyEndpoint.cs @@ -26,7 +26,7 @@ private static async Task Handle( return Results.NotFound(); } - if (!accessValidator.IsActionAllowed(apiKey.Organization, Actions.GenericWrite)) + if (!accessValidator.IsActionAllowed(apiKey, Actions.GenericWrite)) { return Results.Forbid(); } diff --git a/src/Turnierplan.App/Endpoints/ApiKeys/GetApiKeyUsageEndpoint.cs b/src/Turnierplan.App/Endpoints/ApiKeys/GetApiKeyUsageEndpoint.cs index a892789b..d8db8b39 100644 --- a/src/Turnierplan.App/Endpoints/ApiKeys/GetApiKeyUsageEndpoint.cs +++ b/src/Turnierplan.App/Endpoints/ApiKeys/GetApiKeyUsageEndpoint.cs @@ -32,7 +32,7 @@ private static async Task Handle( return Results.NotFound(); } - if (!accessValidator.IsActionAllowed(apiKey.Organization, Actions.GenericRead)) + if (!accessValidator.IsActionAllowed(apiKey, Actions.GenericRead)) { return Results.Forbid(); } diff --git a/src/Turnierplan.App/Endpoints/ApiKeys/SetApiKeyStatusEndpoint.cs b/src/Turnierplan.App/Endpoints/ApiKeys/SetApiKeyStatusEndpoint.cs index 1f9cb117..02666f1f 100644 --- a/src/Turnierplan.App/Endpoints/ApiKeys/SetApiKeyStatusEndpoint.cs +++ b/src/Turnierplan.App/Endpoints/ApiKeys/SetApiKeyStatusEndpoint.cs @@ -27,7 +27,7 @@ private static async Task Handle( return Results.NotFound(); } - if (!accessValidator.IsActionAllowed(apiKey.Organization, Actions.GenericWrite)) + if (!accessValidator.IsActionAllowed(apiKey, Actions.GenericWrite)) { return Results.Forbid(); } diff --git a/src/Turnierplan.App/Endpoints/Organizations/DeleteOrganizationEndpoint.cs b/src/Turnierplan.App/Endpoints/Organizations/DeleteOrganizationEndpoint.cs index e558a23f..70f54d33 100644 --- a/src/Turnierplan.App/Endpoints/Organizations/DeleteOrganizationEndpoint.cs +++ b/src/Turnierplan.App/Endpoints/Organizations/DeleteOrganizationEndpoint.cs @@ -28,7 +28,7 @@ private static async Task Handle( return Results.NotFound(); } - if (!accessValidator.IsActionAllowed(organization, Actions.GenericWrite)) + if (!accessValidator.IsActionAllowed(organization, Actions.PrivilegedDelete)) { return Results.Forbid(); } diff --git a/src/Turnierplan.App/Security/Actions.cs b/src/Turnierplan.App/Security/Actions.cs index 0603851e..5a85b255 100644 --- a/src/Turnierplan.App/Security/Actions.cs +++ b/src/Turnierplan.App/Security/Actions.cs @@ -9,6 +9,11 @@ internal static class Actions /// public static readonly Action ReadOrWriteRoleAssignments = new(Role.Owner); + /// + /// A special kind of delete action which shall require the role on the target entity. + /// + public static readonly Action PrivilegedDelete = new(Role.Owner); + /// /// Any action that modifies some entity. ///