public async Task <IActionResult> OnGetAsync(int id) { Änderung = await Context.Änderung.FirstOrDefaultAsync( m => m.ÄnderungId == id); if (Änderung == null) { return(NotFound()); } var isAuthorized = await AuthorizationService.AuthorizeAsync( User, Änderung, ContactOperations.Update); if (!isAuthorized.Succeeded) { return(Forbid()); } return(Page()); }
public async Task <IActionResult> OnGetAsync(int id) { Änderung = await Context.Änderung.FirstOrDefaultAsync(m => m.ÄnderungId == id); if (Änderung == null) { return(NotFound()); } var isAuthorized = User.IsInRole(Constants.DekanRole); var currentUserId = UserManager.GetUserId(User); if (!isAuthorized // && currentUserId != Änderung.OwnerID /* && Änderung.Status != ÄndernStatus.Approved*/) { return(Forbid()); } return(Page()); }