New FileUpload authorization policy #8
Description
We are adding a new policy for file uploads. This is a breaking change for existing sites if you upgrade to the latest nuget packages.
In the Config/Authorization.cs you will need to add the new policy like this, otherwise an error will occur due to the missing policy:
options.AddPolicy(
"FileUploadPolicy",
authBuilder =>
{
authBuilder.RequireRole("Administrators", "Content Administrators");
});
Rationale
Previously the DropFile method on the FileManagerController used the "FileManagerPolicy", but going forward it will use the new "FileUploadPolicy".
The reason for the change is to support the scenario where you want to allow users to upload images in specific scenarios without giving them full access to the file manager, ie you don't want them to be able to browse files on the server, you just want them to be able to drag/drop an image file and have it be automatically uploaded.
For example we are building a new comment system product to replace disqus, and we want the option to allow authenticated users to add images in comments but we don't want to allow them to browse the server unless they are administrators or meet the full FileManagerPolicy.
The new policy has been added to the latest cloudscribe project template so new projects made with the latest template will have this new policy, but existing projects need to be updated with this new policy.