Fixes for authorization

* Team / My Team is again visibible for team managers
* Add missing "using League.MultiTenancy" in razor views
+ Bump version to v6.1.1

Directory.Build.props

@@ -7,7 +7,7 @@
         <Copyright>Copyright 2011-$(CurrentYear) axuno gGmbH</Copyright>
         <RepositoryUrl>https://github.com/axuno/Volleyball-League</RepositoryUrl>
         <PublishRepositoryUrl>true</PublishRepositoryUrl>
-        <Version>6.1.0</Version>
+        <Version>6.1.1</Version>
         <FileVersion>6.1.0</FileVersion>
         <AssemblyVersion>6.0.0.0</AssemblyVersion> <!--only update AssemblyVersion with major releases -->
         <LangVersion>latest</LangVersion>

League/Authorization/PolicyName.cs

@@ -11,11 +11,11 @@ public static class PolicyName
     /// </summary>
     public const string SeeTeamContactsPolicy = nameof(SeeTeamContactsPolicy);
     /// <summary>
-    /// Policy for "my team" views
+    /// Policy for "my team" views, primarily for team managers and players.
     /// </summary>
     public const string MyTeamPolicy = nameof(MyTeamPolicy);
     /// <summary>
     /// Admin policy for "my team" views, so that admin can show any team as "my team"
     /// </summary>
     public const string MyTeamAdminPolicy = nameof(MyTeamAdminPolicy);
-}
+}

League/Authorization/TeamAuthorizationHandler.cs

@@ -11,10 +11,8 @@ public static class TeamOperations
     public static readonly OperationAuthorizationRequirement ChangePhoto = new() { Name = nameof(ChangePhoto) };
     public static readonly OperationAuthorizationRequirement EditTeam = new() { Name = nameof(EditTeam) };
     public static readonly OperationAuthorizationRequirement AddTeamMember = new() { Name = nameof(AddTeamMember) };
-    public static readonly OperationAuthorizationRequirement RemoveTeamMember =
-        new() { Name = nameof(RemoveTeamMember) };
-    public static readonly OperationAuthorizationRequirement SignUpForSeason =
-        new() { Name = nameof(SignUpForSeason) };
+    public static readonly OperationAuthorizationRequirement RemoveTeamMember = new() { Name = nameof(RemoveTeamMember) };
+    public static readonly OperationAuthorizationRequirement SignUpForSeason = new() { Name = nameof(SignUpForSeason) };
 }
 
 public class TeamAuthorizationHandler : AuthorizationHandler<OperationAuthorizationRequirement, TeamEntity>

League/Components/MainNavigationNodeBuilder.cs

@@ -173,7 +173,8 @@ protected virtual async Task CreateStandardNavigationNodes()
                 Key = "Teams_MyTeam",
                 Text = Localizer["My team"],
                 Url = TenantLink.Action(nameof(Team.MyTeam), nameof(Team)),
-                IsVisible = (await AuthorizationService.AuthorizeAsync(UserClaimsPrincipal, PolicyName.MyTeamAdminPolicy)).Succeeded
+                IsVisible = (await AuthorizationService.AuthorizeAsync(UserClaimsPrincipal, PolicyName.MyTeamPolicy)).Succeeded
+                    || (await AuthorizationService.AuthorizeAsync(UserClaimsPrincipal, PolicyName.MyTeamAdminPolicy)).Succeeded
             },
             new MainNavigationComponentModel.NavigationNode
             {

League/Views/Manage/Index.cshtml

@@ -2,6 +2,7 @@
 @using League.Helpers
 @using Microsoft.AspNetCore.Mvc.Localization
 @using TournamentManager.MultiTenancy
+@using League.MultiTenancy @* don't remove *@
 @inject IViewLocalizer Localizer
 @inject ITenantContext TenantContext
 @inject MetaDataHelper Metadata

League/Views/Team/MyTeam.cshtml

@@ -6,6 +6,7 @@
 @using TournamentManager.DI
 @using TournamentManager.MultiTenancy
 @using TournamentManager.DAL.EntityClasses
+@using League.MultiTenancy @* don't remove *@
 @inject IViewLocalizer Localizer
 @inject ITenantContext TenantContext
 @inject TenantLink TenantLink