调整活动权限

TEAMModelOS/Controllers/Common/SurveyController.cs

@@ -71,7 +71,7 @@ namespace TEAMModelOS.Controllers
         /// <returns></returns>
         [ProducesDefaultResponseType]
         [HttpPost("upsert")]
-        [AuthToken(Roles = "teacher,admin")]
+        [AuthToken(Roles = "teacher,admin", Permissions = "schoolAc-upd")]
         public async Task<IActionResult> Upsert(Survey request) {
             try {
                 var client = _azureCosmos.GetCosmosClient();
@@ -195,7 +195,7 @@ namespace TEAMModelOS.Controllers
         /// <returns></returns>
         [ProducesDefaultResponseType]
         [HttpPost("find")]
-        [AuthToken(Roles = "teacher,admin")]
+        [AuthToken(Roles = "teacher,admin,student", Permissions = "schoolAc-read,schoolAc-upd")]
         public async Task<IActionResult> Find(JsonElement requert)
         {
             try {
@@ -315,7 +315,7 @@ namespace TEAMModelOS.Controllers
         /// <returns></returns>
         [ProducesDefaultResponseType]
         [HttpPost("find-id")]
-        [AuthToken(Roles = "teacher,admin,student")]
+        [AuthToken(Roles = "teacher,admin,student", Permissions = "schoolAc-read,schoolAc-upd")]
         public async Task<IActionResult> FindById(JsonElement requert)
         {
             Survey survey = null;
@@ -353,7 +353,7 @@ namespace TEAMModelOS.Controllers
         /// <returns></returns>
         [ProducesDefaultResponseType]
         [HttpPost("delete")]
-        [AuthToken(Roles = "admin,teacher")]
+        [AuthToken(Roles = "teacher,admin", Permissions = "schoolAc-upd")]
         public async Task<IActionResult> Delete(JsonElement request)
         {
             try
@@ -422,7 +422,7 @@ namespace TEAMModelOS.Controllers
         /// </returns>
         [ProducesDefaultResponseType]
         [HttpPost("answer")]
-        [AuthToken(Roles = "teacher,student")]
+        [AuthToken(Roles = "teacher,admin,student", Permissions = "schoolAc-upd,schoolAc-read")]
         public async Task<IActionResult> Answer(JsonElement request)
         {
             var (userid, _, _, school) = HttpContext.GetAuthTokenInfo();
@@ -449,7 +449,8 @@ namespace TEAMModelOS.Controllers
         /// </returns>
         [ProducesDefaultResponseType]
         [HttpPost("answered-list")]
-        [AuthToken(Roles = "teacher,student")]
+       
+        [AuthToken(Roles = "teacher,admin,student", Permissions = "schoolAc-upd,schoolAc-read")]
         public async Task<IActionResult> AnsweredList(JsonElement request)
         {
             //  var (userid, _, _, _) = HttpContext.GetAuthTokenInfo();
@@ -487,8 +488,8 @@ namespace TEAMModelOS.Controllers
         /// msgid=0投票失败，1提交成功，2不在时间范围内，3不在发布范围内，6未设置投票项
         /// </returns>
         [ProducesDefaultResponseType]
-        [HttpPost("answered")]
-        [AuthToken(Roles = "teacher,student")]
+        [HttpPost("answered")] 
+        [AuthToken(Roles = "teacher,admin,student", Permissions = "schoolAc-upd,schoolAc-read")]
         public async Task<IActionResult> Answered(JsonElement request)
         {
              var (userid, _, _, _) = HttpContext.GetAuthTokenInfo();
@@ -523,7 +524,7 @@ namespace TEAMModelOS.Controllers
         /// </returns>
         [ProducesDefaultResponseType]
         [HttpPost("record")]
-        [AuthToken(Roles = "admin,teacher,student")]
+        [AuthToken(Roles = "teacher,admin,student", Permissions = "schoolAc-upd,schoolAc-read")]
         public async Task<IActionResult> Record(JsonElement request)
         {
             if (!request.TryGetProperty("id", out JsonElement id))

TEAMModelOS/Controllers/Common/VoteController.cs

@@ -67,7 +67,7 @@ namespace TEAMModelOS.Controllers.Learn
         /// <returns></returns>
         [ProducesDefaultResponseType]
         [HttpPost("upsert")]
-        [AuthToken(Roles = "teacher,admin")]
+        [AuthToken(Roles = "teacher,admin",Permissions = "schoolAc-upd")]
         public async Task<IActionResult> Upsert(Vote request)
         {
             try
@@ -196,7 +196,7 @@ namespace TEAMModelOS.Controllers.Learn
         /// <returns></returns>
         [ProducesDefaultResponseType]
         [HttpPost("find")]
-        [AuthToken(Roles = "teacher,admin")]
+        [AuthToken(Roles = "teacher,admin", Permissions = "schoolAc-read,schoolAc-upd")]
         public async Task<IActionResult> Find(JsonElement requert)
         {
             try
@@ -299,7 +299,7 @@ namespace TEAMModelOS.Controllers.Learn
         /// <returns></returns>
         [ProducesDefaultResponseType]
         [HttpPost("find-id")]
-        [AuthToken(Roles = "teacher,admin,student")]
+        [AuthToken(Roles = "teacher,admin,student", Permissions = "schoolAc-read,schoolAc-upd")]
         public async Task<IActionResult> FindById(JsonElement requert)
         {
             Vote vote = null;
@@ -337,7 +337,8 @@ namespace TEAMModelOS.Controllers.Learn
         /// <returns></returns>
         [ProducesDefaultResponseType]
         [HttpPost("delete")]
-        [AuthToken(Roles = "admin,teacher")]
+ 
+        [AuthToken(Roles = "teacher,admin", Permissions = "schoolAc-upd")]
         public async Task<IActionResult> Delete(JsonElement request)
         {
             try
@@ -406,8 +407,8 @@ namespace TEAMModelOS.Controllers.Learn
         /// <returns>
         /// </returns>
         [ProducesDefaultResponseType]
-        [HttpPost("record")]
-        [AuthToken(Roles = "teacher,admin,student")]
+        [HttpPost("record")] 
+        [AuthToken(Roles = "teacher,admin,student", Permissions = "schoolAc-read,schoolAc-upd")]
         public async Task<IActionResult> Record(JsonElement request)
         {
             if (!request.TryGetProperty("id", out JsonElement id))
@@ -447,7 +448,7 @@ namespace TEAMModelOS.Controllers.Learn
         /// <returns></returns>
         [ProducesDefaultResponseType]
         [HttpPost("decided")]
-        [AuthToken(Roles = "teacher,student")]
+        [AuthToken(Roles = "teacher,admin,student", Permissions = "schoolAc-read,schoolAc-upd")]
         public async Task<IActionResult> Decided(JsonElement request)
         {
             var (userid, _, _, _) = HttpContext.GetAuthTokenInfo();
@@ -490,7 +491,7 @@ namespace TEAMModelOS.Controllers.Learn
         /// </returns>
         [ProducesDefaultResponseType]
         [HttpPost("decide")]
-        [AuthToken(Roles = "teacher,student")]
+        [AuthToken(Roles = "teacher,admin,student", Permissions = "schoolAc-read,schoolAc-upd")]
         public async Task<IActionResult> Decide(JsonElement request)
         {
             var (userid, _, _, school) = HttpContext.GetAuthTokenInfo();