feat: Allow Member only posts

Author: linkdotnet

src/LinkDotNet.Blog.Domain/BlogPost.cs

@@ -36,6 +36,8 @@ public sealed partial class BlogPost : Entity
 
     public int ReadingTimeInMinutes { get; private set; }
 
+    public bool IsMembersOnly { get; private set; }
+
     public string Slug => GenerateSlug();
 
     private string GenerateSlug()
@@ -89,6 +91,7 @@ public static BlogPost Create(
         string content,
         string previewImageUrl,
         bool isPublished,
+        bool isMembersOnly,
         DateTime? updatedDate = null,
         DateTime? scheduledPublishDate = null,
         IEnumerable<string>? tags = null,
@@ -113,6 +116,7 @@ public static BlogPost Create(
             IsPublished = isPublished,
             Tags = tags?.Select(t => t.Trim()).ToImmutableArray() ?? [],
             ReadingTimeInMinutes = ReadingTimeCalculator.CalculateReadingTime(content),
+            IsMembersOnly = isMembersOnly,
         };
 
         return blogPost;
@@ -141,6 +145,7 @@ public void Update(BlogPost from)
         PreviewImageUrl = from.PreviewImageUrl;
         PreviewImageUrlFallback = from.PreviewImageUrlFallback;
         IsPublished = from.IsPublished;
+        IsMembersOnly = from.IsMembersOnly;
         Tags = from.Tags;
         ReadingTimeInMinutes = from.ReadingTimeInMinutes;
     }

src/LinkDotNet.Blog.Web/Authentication/OpenIdConnect/AuthExtensions.cs

@@ -53,6 +53,12 @@ public static void UseAuthentication(this IServiceCollection services)
             };
         });
 
+        services.AddAuthorization(options =>
+        {
+            options.AddPolicy("Admin", policy => policy.RequireRole("Admin"));
+            options.AddPolicy("Member", policy => policy.RequireRole("Member"));
+        });
+
         services.AddHttpContextAccessor();
         services.AddScoped<ILoginManager, AuthLoginManager>();
     }

src/LinkDotNet.Blog.Web/Features/AboutMe/AboutMePage.razor

@@ -30,7 +30,8 @@
 
     protected override async Task OnInitializedAsync()
     {
-        var userIdentity = (await AuthenticationStateProvider.GetAuthenticationStateAsync()).User.Identity;
-	    isAuthenticated = userIdentity?.IsAuthenticated ?? false;
+	    var principal = (await AuthenticationStateProvider.GetAuthenticationStateAsync()).User;
+	    var userIdentity = principal.Identity;
+	    isAuthenticated = (userIdentity?.IsAuthenticated ?? false) && principal.IsInRole("Admin");
     }
 }

src/LinkDotNet.Blog.Web/Features/Admin/BlogPostEditor/Components/CreateNewBlogPost.razor

@@ -80,10 +80,15 @@
 			<InputText type="text" class="form-control" id="tags" placeholder="Tags" @bind-Value="model.Tags"/>
 			<label for="tags">Tags</label>
 		</div>
+		<div class="form-check form-switch mb-3">
+			<InputCheckbox class="form-check-input" id="members-only"  @bind-Value="model.IsMembersOnly" />
+			<label class="form-check-label" for="members-only">Members only?</label><br/>
+			<small for="updatedate" class="form-text text-body-secondary">The blog post can only be read by members.</small>
+		</div>
 		@if (BlogPost is not null && !IsScheduled)
 		{
 		<div class="form-check form-switch mb-3">
-			<InputCheckbox class="form-check-input" id="updatedate"  @bind-Value="model.ShouldUpdateDate" />
+			<InputCheckbox class="form-check-input" id="updatedate" @bind-Value="model.ShouldUpdateDate" />
 			<label class="form-check-label" for="updatedate">Update Publish Date</label><br/>
 			<small for="updatedate" class="form-text text-body-secondary">If set the publish date is set to now,
 				otherwise its original date.</small>

src/LinkDotNet.Blog.Web/Features/Admin/BlogPostEditor/Components/CreateNewModel.cs

@@ -18,6 +18,7 @@ public sealed class CreateNewModel
     private string tags = string.Empty;
     private string previewImageUrlFallback = string.Empty;
     private DateTime? scheduledPublishDate;
+    private bool isMembersOnly;
 
     [Required]
     [MaxLength(256)]
@@ -64,6 +65,12 @@ public bool ShouldUpdateDate
         set => SetProperty(out shouldUpdateDate, value);
     }
 
+    public bool IsMembersOnly
+    {
+        get => isMembersOnly;
+        set => SetProperty(out isMembersOnly, value);
+    }
+
     [FutureDateValidation]
     public DateTime? ScheduledPublishDate
     {
@@ -128,6 +135,7 @@ public BlogPost ToBlogPost()
             Content,
             PreviewImageUrl,
             IsPublished,
+            IsMembersOnly,
             updatedDate,
             scheduledPublishDate,
             tagList,

src/LinkDotNet.Blog.Web/Features/Admin/BlogPostEditor/CreateBlogPost.razor

@@ -1,5 +1,5 @@
 @page "/create"
-@attribute [Authorize]
+@attribute [Authorize(Roles = "Admin")]
 @using LinkDotNet.Blog.Domain
 @using LinkDotNet.Blog.Infrastructure.Persistence
 @using LinkDotNet.Blog.Web.Features.Admin.BlogPostEditor.Components

src/LinkDotNet.Blog.Web/Features/Admin/Sitemap/SitemapPage.razor

@@ -1,7 +1,7 @@
 @page "/Sitemap"
 @using LinkDotNet.Blog.Web.Features.Admin.Sitemap.Services
 @inject ISitemapService SitemapService
-@attribute [Authorize]
+@attribute [Authorize(Roles = "Admin")]
 <div class="container">
 	<h3>Sitemap</h3>
 	<div class="row px-2">
@@ -11,12 +11,12 @@
 			If you get a 404 there is currently no sitemap.xml</p>
 		<button class="btn btn-primary" @onclick="CreateSitemap" disabled="@isGenerating">Create Sitemap</button>
 
-		@if (isGenerating)
-		{
-			<Loading></Loading>
-		}
-		@if (sitemapUrlSet is not null)
-		{
+			@if (isGenerating)
+			{
+				<Loading></Loading>
+			}
+			@if (sitemapUrlSet is not null)
+			{
 			<table class="table table-striped table-hover h-50">
 				<thead>
 				<tr>

src/LinkDotNet.Blog.Web/Features/Components/ShortBlogPost.razor

@@ -1,7 +1,7 @@
 @using LinkDotNet.Blog.Domain
 
 <article>
-	<div class="blog-card @AltCssClass">
+	<div class="blog-card @AltCssClass @(BlogPost.IsMembersOnly ? "border border-warning" : "")">
 		<div class="meta">
 			<div class="photo">
 				<PreviewImage PreviewImageUrl="@BlogPost.PreviewImageUrl"
@@ -37,7 +37,7 @@
 			<h2></h2>
 			<p>@MarkdownConverter.ToMarkupString(BlogPost.ShortDescription)</p>
 			<p class="read-more">
-                <a href="/blogPost/@BlogPost.Id/@BlogPost.Slug" aria-label="@BlogPost.Title">Read the whole article</a>
+				<a href="/blogPost/@BlogPost.Id/@BlogPost.Slug" aria-label="@BlogPost.Title">Read the whole article</a>
 			</p>
 		</div>
 	</div>

src/LinkDotNet.Blog.Web/Features/Home/Components/AccessControl.razor

@@ -1,31 +1,33 @@
-<AuthorizeView>
-    <Authorized>
-        <li class="nav-item dropdown">
-            <a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-bs-toggle="dropdown"
-               aria-expanded="false">
-                <i class="user-tie"></i> Admin
-            </a>
-            <ul class="dropdown-menu ps-0" aria-labelledby="navbarDropdown">
-                <li><h6 class="dropdown-header">Blog posts</h6></li>
-                <li><a class="dropdown-item" href="create">Create new</a></li>
-                <li><a class="dropdown-item" href="draft">Show drafts</a></li>
-                <li><a class="dropdown-item" href="settings">Show settings</a></li>
-                <li><hr class="dropdown-divider"></li>
-                <li><h6 class="dropdown-header">Analytics</h6></li>
-                <li><a class="dropdown-item" href="dashboard">Dashboard</a></li>
-                <li><hr class="dropdown-divider"></li>
-                <li><h6 class="dropdown-header">Others</h6></li>
-                <li><a class="dropdown-item" href="short-codes">Shortcodes</a></li>
-                <li><a class="dropdown-item" href="Sitemap">Sitemap</a></li>
-                <li><hr class="dropdown-divider"></li>
-	            <li><a class="dropdown-item" target="_blank" href="https://github.com/linkdotnet/Blog/releases" rel="noreferrer">Releases</a></li>
-            </ul>
-        </li>
-        <li class="nav-item"><a class="nav-link" href="logout?redirectUri=@CurrentUri"><i class="lock"></i> Log out</a></li>
-    </Authorized>
-    <NotAuthorized>
-        <li class="nav-item"><a class="nav-link" href="login?redirectUri=@CurrentUri" rel="nofollow"><i class="unlocked"></i> Log in</a></li>
-    </NotAuthorized>
+<AuthorizeView Roles="Admin,Member">
+	<Authorized>
+		<AuthorizeView Roles="Admin" Context="AdminContext">
+			<li class="nav-item dropdown" id="admin-actions">
+				<a class="nav-link dropdown-toggle" href="#" id="navbarDropdown" role="button" data-bs-toggle="dropdown"
+				   aria-expanded="false">
+					<i class="user-tie"></i> Admin
+				</a>
+				<ul class="dropdown-menu ps-0" aria-labelledby="navbarDropdown">
+					<li><h6 class="dropdown-header">Blog posts</h6></li>
+					<li><a class="dropdown-item" href="create">Create new</a></li>
+					<li><a class="dropdown-item" href="draft">Show drafts</a></li>
+					<li><a class="dropdown-item" href="settings">Show settings</a></li>
+					<li><hr class="dropdown-divider"></li>
+					<li><h6 class="dropdown-header">Analytics</h6></li>
+					<li><a class="dropdown-item" href="dashboard">Dashboard</a></li>
+					<li><hr class="dropdown-divider"></li>
+					<li><h6 class="dropdown-header">Others</h6></li>
+					<li><a class="dropdown-item" href="short-codes">Shortcodes</a></li>
+					<li><a class="dropdown-item" href="Sitemap">Sitemap</a></li>
+					<li><hr class="dropdown-divider"></li>
+					<li><a class="dropdown-item" target="_blank" href="https://github.com/linkdotnet/Blog/releases" rel="noreferrer">Releases</a></li>
+				</ul>
+			</li>
+		</AuthorizeView>
+		<li class="nav-item"><a class="nav-link" href="logout?redirectUri=@CurrentUri"><i class="lock"></i> Log out</a></li>
+	</Authorized>
+	<NotAuthorized>
+		<li class="nav-item"><a class="nav-link" href="login?redirectUri=@CurrentUri" rel="nofollow"><i class="unlocked"></i> Log in</a></li>
+	</NotAuthorized>
 </AuthorizeView>
 
 @code {

src/LinkDotNet.Blog.Web/Features/Home/Index.razor

@@ -19,7 +19,7 @@
         AbsolutePreviewImageUrl="@ImageUrl"
         Description="@(Markdown.ToPlainText(Introduction.Value.Description))"></OgData>
 <section>
-    <IntroductionCard></IntroductionCard>
+	<IntroductionCard></IntroductionCard>
 </section>
 
 <section>

src/LinkDotNet.Blog.Web/Features/ShowBlogPost/Components/BlogPostAdminActions.razor

@@ -6,7 +6,7 @@
 @inject IRepository<BlogPost> BlogPostRepository
 @inject IInstantJobRegistry InstantJobRegistry
 
-<AuthorizeView>
+<AuthorizeView Roles="Admin">
 	<div class="d-flex justify-content-start gap-2">
 		<a id="edit-blogpost" type="button" class="btn btn-primary d-flex align-items-center gap-2" href="update/@BlogPostId" aria-label="edit">
 			<i class="pencil"></i>

src/LinkDotNet.Blog.Web/Features/ShowBlogPost/ShowBlogPostPage.razor

@@ -14,6 +14,7 @@
 @inject IOptions<ApplicationConfiguration> AppConfiguration
 @inject IOptions<ProfileInformation> ProfileInformation
 @inject IOptions<SupportMeConfiguration> SupportConfiguration
+@inject AuthenticationStateProvider AuthenticationStateProvider
 
 @if (isLoading)
 {
@@ -45,6 +46,8 @@ else if (BlogPost is not null)
 
 	<div class="d-flex justify-content-center pt-2 blog-outer-box">
 		<div class="blog-container">
+			@if (hasPermission)
+			{
 			<div class="blog-inner-content">
 				<header class="text-center">
 					<h1 class="fw-bold">@BlogPost.Title</h1></header>
@@ -79,6 +82,13 @@ else if (BlogPost is not null)
 					@(EnrichWithShortCodes(BlogPost.Content))
 				</div>
 			</div>
+			}
+			else
+			{
+				<div class="alert alert-warning text-center" role="alert">
+					<h1 class="fs-3">This content is only available for members.</h1>
+				</div>
+			}
 			<div class="d-flex justify-content-between py-2 border-top border-bottom align-items-center">
 				<Like BlogPost="@BlogPost" OnBlogPostLiked="@UpdateLikes"></Like>
 				<ShareBlogPost></ShareBlogPost>
@@ -89,9 +99,58 @@ else if (BlogPost is not null)
             }
             @if (AppConfiguration.Value.ShowSimilarPosts)
 			{
-				<SimilarBlogPostSection BlogPost="@BlogPost" />
+				<div class="blog-inner-content">
+					<header class="text-center">
+						<h1 class="fw-bold">@BlogPost.Title</h1></header>
+					<div class="text-dark-emphasis d-flex flex-wrap gap-2">
+						<div class="me-2">
+							<span class="date"></span>
+							<span class="ms-1">@BlogPost.UpdatedDate.ToShortDateString()</span>
+						</div>
+						@if (BlogPost.Tags is not null && BlogPost.Tags.Any())
+						{
+							<div class="d-flex align-items-center">
+								<span class="blogpost-tag me-2"></span>
+								<div class="d-flex flex-wrap gap-2">
+									@foreach (var tag in BlogPost.Tags)
+									{
+										<a class="goto-tag badge bg-primary rounded-pill text-decoration-none" href="/searchByTag/@(Uri.EscapeDataString(tag))">@tag</a>
+									}
+								</div>
+							</div>
+						}
+					</div>
+
+					<div class="pt-2">
+						<BlogPostAdminActions BlogPostId="@BlogPostId"></BlogPostAdminActions>
+					</div>
+
+					<div class="pt-2">
+						<TableOfContents Content="@BlogPost.Content" CurrentUri="@NavigationManager.Uri"></TableOfContents>
+					</div>
+
+					<div class="blogpost-content">
+						@(EnrichWithShortCodes(BlogPost.Content))
+					</div>
+				</div>
+				<div class="d-flex justify-content-between py-2 border-top border-bottom align-items-center">
+					<Like BlogPost="@BlogPost" OnBlogPostLiked="@UpdateLikes"></Like>
+					<ShareBlogPost></ShareBlogPost>
+				</div>
+				<DonationSection></DonationSection>
+				@if (AppConfiguration.Value.ShowSimilarPosts)
+				{
+					<SimilarBlogPostSection BlogPost="@BlogPost"/>
+				}
+
+				<CommentSection></CommentSection>
+			}
+			else
+			{
+				<div class="alert alert-warning text-center" role="alert">
+					<h1 class="fs-3">This content is only available for members.</h1>
+				</div>
 			}
-			<CommentSection></CommentSection>
 		</div>
 	</div>
 
@@ -113,6 +172,7 @@ else if (BlogPost is not null)
 	private string OgDataImage => BlogPost!.PreviewImageUrlFallback ?? BlogPost.PreviewImageUrl;
 	private string BlogPostCanoncialUrl => $"blogPost/{BlogPost?.Id}";
 	private IReadOnlyCollection<ShortCode> shortCodes = [];
+	private bool hasPermission;
 
 	private BlogPost? BlogPost { get; set; }
 
@@ -125,6 +185,15 @@ else if (BlogPost is not null)
     {
 	    isLoading = true;
 	    BlogPost = await BlogPostRepository.GetByIdAsync(BlogPostId);
+	    if (BlogPost?.IsMembersOnly ?? false)
+	    {
+		    var state = await AuthenticationStateProvider.GetAuthenticationStateAsync();
+		    hasPermission = state.User.IsInRole("Admin") || state.User.IsInRole("Member");
+	    }
+	    else
+	    {
+		    hasPermission = true;
+	    }
 	    isLoading = false;
     }
 

src/LinkDotNet.Blog.Web/Program.cs

@@ -37,7 +37,7 @@ private static void RegisterServices(WebApplicationBuilder builder)
             .AddResponseCompression()
             .AddHealthCheckSetup();
 
-        if (builder.Environment.IsDevelopment())
+        if (!builder.Environment.IsDevelopment())
         {
             builder.Services.UseDummyAuthentication();
         }