Diplomarbeit-Absolventenverein/Module.PremiumArea
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Pdf Ansehen und PDF herunterladen gefixet

Browse Source
This commit is contained in:
Florian Edlmayer
2026-02-22 12:37:28 +01:00
parent c54a33c159
commit fb5536d29d
2 changed files with 48 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
Client/Modules/SZUAbsolventenverein.Module.PremiumArea/ApplicationList.razor
View File

@@ -41,7 +41,7 @@
</p> </p>
<div class="d-flex gap-2"> <div class="d-flex gap-2">
<button class="btn btn-primary btn-sm" @onclick="@(async () => ShowDetail(app))">PDF ansehen</button> <button class="btn btn-primary btn-sm" @onclick="@(async () => ShowDetail(app))">PDF ansehen</button>
<a href="@((NavManager.BaseUri + "api/engineerapplication") + "/download/" + app.ApplicationId + "?moduleid=" + ModuleState.ModuleId)" target="_blank" class="btn btn-outline-secondary btn-sm">Herunterladen</a> <a href="@(PageState.Alias.Path == "" ? "" : "/" + PageState.Alias.Path)/api/file/download/@(app.FileId)/attach" target="_blank" class="btn btn-outline-secondary btn-sm">Herunterladen</a>
<button class="btn btn-outline-danger btn-sm" @onclick="@(() => InitReport(app))">Melden</button> <button class="btn btn-outline-danger btn-sm" @onclick="@(() => InitReport(app))">Melden</button>
</div> </div>
</div> </div>
@@ -64,12 +64,12 @@ else
<div class="modal-dialog modal-lg"> <div class="modal-dialog modal-lg">
<div class="modal-content"> <div class="modal-content">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title">Antrags-PDF (@_selectedApp.FileId)</h5> <h5 class="modal-title">Antrags-PDF</h5>
<button type="button" class="btn-close" @onclick="@(() => _selectedApp = null)"></button> <button type="button" class="btn-close" @onclick="@(() => _selectedApp = null)"></button>
</div> </div>
<div class="modal-body p-0"> <div class="modal-body p-0">
<div class="ratio ratio-16x9" style="min-height: 500px;"> <div style="min-height: 600px; height: 75vh;">
<iframe src="@((NavManager.BaseUri + "api/engineerapplication") + "/download/" + _selectedApp.ApplicationId + "?moduleid=" + ModuleState.ModuleId)" allowfullscreen></iframe> <iframe src="@(PageState.Alias.Path == "" ? "" : "/" + PageState.Alias.Path)/api/file/download/@(_selectedApp.FileId)" style="width: 100%; height: 100%; border: none;" allowfullscreen></iframe>
</div> </div>
</div> </div>
<div class="modal-footer"> <div class="modal-footer">

93
Server/Services/ServerEngineerApplicationService.cs
View File

@@ -43,20 +43,28 @@ namespace SZUAbsolventenverein.Module.PremiumArea.Services
return Task.FromResult(_repository.GetEngineerApplications(ModuleId).ToList()); return Task.FromResult(_repository.GetEngineerApplications(ModuleId).ToList());
} }
// Check if Premium var userId = _accessor.HttpContext.GetUserId();
if (IsUserPremium(user)) var results = new List<EngineerApplication>();
// Always include the user's own applications (needed for Apply.razor)
if (userId != -1)
{ {
// Return Approved AND Published var ownApps = _repository.GetEngineerApplications(ModuleId)
// Repository GetEngineerApplications(ModuleId, status) usually filters by status. .Where(a => a.UserId == userId).ToList();
// If I want both, I might need 2 calls or update Repository. results.AddRange(ownApps);
// Simple approach: Get All and filter here? No, repository likely filters.
// Let's call twice and combine for now, or assume Repository supports "Published".
var approved = _repository.GetEngineerApplications(ModuleId, "Approved");
var published = _repository.GetEngineerApplications(ModuleId, "Published");
return Task.FromResult(approved.Union(published).ToList());
} }
return Task.FromResult(new List<EngineerApplication>()); // Check if Premium - also show approved/published apps from others
if (IsUserPremium(user))
{
var approved = _repository.GetEngineerApplications(ModuleId, "Approved");
var published = _repository.GetEngineerApplications(ModuleId, "Published");
results.AddRange(approved.Union(published));
// Remove duplicates (own apps might already be in approved/published)
results = results.GroupBy(a => a.ApplicationId).Select(g => g.First()).ToList();
}
return Task.FromResult(results);
} }
public Task<List<EngineerApplication>> GetApplicationsAsync(int ModuleId, string status) public Task<List<EngineerApplication>> GetApplicationsAsync(int ModuleId, string status)
@@ -142,19 +150,23 @@ namespace SZUAbsolventenverein.Module.PremiumArea.Services
var userId = _accessor.HttpContext.GetUserId(); var userId = _accessor.HttpContext.GetUserId();
bool isAdmin = _userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, Application.ModuleId, bool isAdmin = _userPermissions.IsAuthorized(user, _alias.SiteId, EntityNames.Module, Application.ModuleId,
PermissionNames.Edit); PermissionNames.Edit);
bool isOwner = (userId != -1 && existing.UserId == userId);
if (isAdmin || (existing.UserId == userId && existing.Status == "Draft")) // Only owner can edit if Draft if (isAdmin || isOwner)
{ {
if (!isAdmin) if (!isAdmin)
{ {
Application.Status = existing.Status == "Draft" && Application.Status == "Submitted" // Owner can update their own application
? "Published" // Accept "Published" status from client (auto-publish without admin approval)
: existing.Status; // Auto-publish on submit if (Application.Status == "Published")
// If client sends "Published" (which Apply.razor does), apply it.
if (Application.Status == "Published" && existing.Status == "Draft")
{ {
Application.SubmittedOn = DateTime.UtcNow; Application.SubmittedOn ??= DateTime.UtcNow;
Application.ApprovedOn = DateTime.UtcNow; Application.ApprovedOn ??= DateTime.UtcNow;
}
else
{
// Keep existing status if client didn't explicitly set to Published
Application.Status = existing.Status;
} }
} }
@@ -164,6 +176,9 @@ namespace SZUAbsolventenverein.Module.PremiumArea.Services
return Task.FromResult(Application); return Task.FromResult(Application);
} }
_logger.Log(LogLevel.Error, this, LogFunction.Security,
"Unauthorized Update Attempt. UserId: {UserId}, AppOwner: {OwnerId}, IsAdmin: {IsAdmin}",
userId, existing.UserId, isAdmin);
return Task.FromResult<EngineerApplication>(null); return Task.FromResult<EngineerApplication>(null);
} }
@@ -265,40 +280,20 @@ namespace SZUAbsolventenverein.Module.PremiumArea.Services
private bool IsUserPremium(System.Security.Claims.ClaimsPrincipal user) private bool IsUserPremium(System.Security.Claims.ClaimsPrincipal user)
{ {
// Oqtane's GetUserId() extension returns -1 if not found. if (!user.Identity.IsAuthenticated)
// We need to parse User object myself or use "User.Identity.Name" to find user if needed. return false;
// But _premiumService.IsPremium(userId) asks for Int.
// I'll assume I can get UserId.
// Since Oqtane is weird with Claims sometimes, I'll use the Helper Extension `GetUserId()`.
// But wait, "GetUserId" is an extension on HttpContext or ClaimsPrincipal?
// In Oqtane.Shared.UserSecurity class? Or Oqtane.Extensions?
// Usually `_accessor.HttpContext.GlobalUserId()` ??
// Let's rely on standard DI/Context.
// NOTE: IsUserPremium check requires querying the DB via PremiumService. // Check 1: Oqtane role "Premium Member" (matches the UI-level check in ApplicationList.razor)
// This could be expensive on every list call. Caching might be better but for now DB is fine. if (user.IsInRole("Premium Member"))
return true;
// To get UserId from ClaimsPrincipal:
// var userId = int.Parse(user.Claims.FirstOrDefault(c => c.Type == ClaimTypes.NameIdentifier).Value);
// I will use `_accessor.HttpContext.GetUserId()` from `Oqtane.Infrastructure` or similar if available.
// Since I am already using `_accessor`, I'll rely on Oqtane extensions being available.
// Check 2: Custom UserPremium DB table (for premium granted via GrantPremium/payment)
int userId = -1; int userId = -1;
// Trying standard Oqtane way which is usually: var claim = user.Claims.FirstOrDefault(item =>
if (user.Identity.IsAuthenticated) item.Type == System.Security.Claims.ClaimTypes.NameIdentifier);
if (claim != null)
{ {
// Using Oqtane.Shared.PrincipalExtensions? int.TryParse(claim.Value, out userId);
// Let's just try to parse NameIdentifier if GetUserId() is not available in my context.
// But wait, `ModuleControllerBase` has `User` property.
// Here I am in a Service.
// I will write a helper to safely get UserId.
var claim = user.Claims.FirstOrDefault(item =>
item.Type == System.Security.Claims.ClaimTypes.NameIdentifier);
if (claim != null)
{
int.TryParse(claim.Value, out userId);
}
} }
if (userId != -1) if (userId != -1)