From 3e1c371be63c3b212257ac6e617cc5196129b065 Mon Sep 17 00:00:00 2001
From: Pavel Vesely <pavel@vesely.dev>
Date: Sat, 14 Mar 2020 09:21:26 +0100
Subject: [PATCH 1/3] PermissionNames constants Replace magic strings in
 authorisation calls

---
 .../Modules/Admin/Dashboard/Index.razor       |  2 +-
 Oqtane.Client/Modules/Admin/Sites/Edit.razor  |  2 +-
 .../Modules/Admin/UserProfile/Index.razor     |  2 +-
 Oqtane.Client/Modules/Admin/Users/Add.razor   |  2 +-
 Oqtane.Client/Modules/Admin/Users/Edit.razor  |  2 +-
 .../Modules/Controls/ActionDialog.razor       |  4 ++--
 .../Modules/Controls/ActionLink.razor         |  4 ++--
 .../Modules/Controls/FileManager.razor        |  2 +-
 .../Themes/Controls/ControlPanel.razor        | 18 ++++++++---------
 Oqtane.Client/Themes/Controls/Menu.razor      |  4 ++--
 .../Themes/Controls/ModuleActions.razor       |  8 ++++----
 Oqtane.Client/UI/Pane.razor                   | 14 ++++++-------
 Oqtane.Client/UI/SiteRouter.razor             |  4 ++--
 Oqtane.Server/Controllers/FileController.cs   |  8 ++++----
 Oqtane.Server/Controllers/FolderController.cs |  2 +-
 Oqtane.Server/Controllers/ModuleController.cs |  4 ++--
 .../Controllers/ModuleDefinitionController.cs |  4 ++--
 Oqtane.Server/Controllers/PageController.cs   |  8 ++++----
 .../Controllers/PageModuleController.cs       |  4 ++--
 Oqtane.Shared/Shared/PermissionNames.cs       | 10 ++++++++++
 Oqtane.Test/Oqtane.Test.csproj                | 20 +++++++++++++++++++
 21 files changed, 79 insertions(+), 49 deletions(-)
 create mode 100644 Oqtane.Shared/Shared/PermissionNames.cs

diff --git a/Oqtane.Client/Modules/Admin/Dashboard/Index.razor b/Oqtane.Client/Modules/Admin/Dashboard/Index.razor
index a0ad0257..7f7bfd60 100644
--- a/Oqtane.Client/Modules/Admin/Dashboard/Index.razor
+++ b/Oqtane.Client/Modules/Admin/Dashboard/Index.razor
@@ -6,7 +6,7 @@
 <div class="row">
     @foreach (var p in pages)
     {
-        if (UserSecurity.IsAuthorized(PageState.User, "View", p.Permissions))
+        if (UserSecurity.IsAuthorized(PageState.User, PermissionNames.View, p.Permissions))
         {
             string url = NavigateUrl(p.Path);
             <div class="col-md-2 mx-auto text-center">
diff --git a/Oqtane.Client/Modules/Admin/Sites/Edit.razor b/Oqtane.Client/Modules/Admin/Sites/Edit.razor
index edd6359f..c55e689e 100644
--- a/Oqtane.Client/Modules/Admin/Sites/Edit.razor
+++ b/Oqtane.Client/Modules/Admin/Sites/Edit.razor
@@ -241,7 +241,7 @@
                             }
                         }
 
-                        await Log(Alias, LogLevel.Information, "Edit", null, "Site Saved {Site}", site);
+                        await Log(Alias, LogLevel.Information,PermissionNames.Edit, null, "Site Saved {Site}", site);
 
                         NavigationManager.NavigateTo(NavigateUrl());
                     }
diff --git a/Oqtane.Client/Modules/Admin/UserProfile/Index.razor b/Oqtane.Client/Modules/Admin/UserProfile/Index.razor
index e0d8cedd..00c22dbd 100644
--- a/Oqtane.Client/Modules/Admin/UserProfile/Index.razor
+++ b/Oqtane.Client/Modules/Admin/UserProfile/Index.razor
@@ -101,7 +101,7 @@
                                 <label for="@p.Name" class="control-label">@p.Title: </label>
                             </td>
                             <td>
-                                <input class="form-control" maxlength="@p.MaxLength" value="@GetProfileValue(p.Name, p.DefaultValue)" placeholder="@p.Description" @onchange="(e => ProfileChanged(e, p.Name))" />
+                                <input class="form-control" maxlength="@p.MaxLength" value="@GetProfileValue(p.Name, p.DefaultValue)" placeholder="@p.Description" @onchange="@(e => ProfileChanged(e, p.Name))" />
                             </td>
                         </tr>
                     }
diff --git a/Oqtane.Client/Modules/Admin/Users/Add.razor b/Oqtane.Client/Modules/Admin/Users/Add.razor
index 11b8b1b9..a035b620 100644
--- a/Oqtane.Client/Modules/Admin/Users/Add.razor
+++ b/Oqtane.Client/Modules/Admin/Users/Add.razor
@@ -66,7 +66,7 @@
                     <label for="@p.Name" class="control-label">@p.Title: </label>
                 </td>
                 <td>
-                    <input class="form-control" maxlength="@p.MaxLength" placeholder="@p.Description" @onchange="(e => ProfileChanged(e, p.Name))" />
+                    <input class="form-control" maxlength="@p.MaxLength" placeholder="@p.Description" @onchange="@(e => ProfileChanged(e, p.Name))" />
                 </td>
             </tr>
         }
diff --git a/Oqtane.Client/Modules/Admin/Users/Edit.razor b/Oqtane.Client/Modules/Admin/Users/Edit.razor
index e8c40d2d..88eb815c 100644
--- a/Oqtane.Client/Modules/Admin/Users/Edit.razor
+++ b/Oqtane.Client/Modules/Admin/Users/Edit.razor
@@ -82,7 +82,7 @@
                     <label for="@p.Name" class="control-label">@p.Title: </label>
                 </td>
                 <td>
-                    <input class="form-control" maxlength="@p.MaxLength" value="@GetProfileValue(p.Name, p.DefaultValue)" placeholder="@p.Description" @onchange="(e => ProfileChanged(e, p.Name))" />
+                    <input class="form-control" maxlength="@p.MaxLength" value="@GetProfileValue(p.Name, p.DefaultValue)" placeholder="@p.Description" @onchange="@(e => ProfileChanged(e, p.Name))" />
                 </td>
             </tr>
         }
diff --git a/Oqtane.Client/Modules/Controls/ActionDialog.razor b/Oqtane.Client/Modules/Controls/ActionDialog.razor
index aaffa1f7..9b781360 100644
--- a/Oqtane.Client/Modules/Controls/ActionDialog.razor
+++ b/Oqtane.Client/Modules/Controls/ActionDialog.razor
@@ -117,10 +117,10 @@
                     authorized = true;
                     break;
                 case SecurityAccessLevel.View:
-                    authorized = UserSecurity.IsAuthorized(PageState.User, "View", ModuleState.Permissions);
+                    authorized = UserSecurity.IsAuthorized(PageState.User,PermissionNames.View, ModuleState.Permissions);
                     break;
                 case SecurityAccessLevel.Edit:
-                    authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions);
+                    authorized = UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, ModuleState.Permissions);
                     break;
                 case SecurityAccessLevel.Admin:
                     authorized = UserSecurity.IsAuthorized(PageState.User, Constants.AdminRole);
diff --git a/Oqtane.Client/Modules/Controls/ActionLink.razor b/Oqtane.Client/Modules/Controls/ActionLink.razor
index 2ed9c3e7..8b12c8cc 100644
--- a/Oqtane.Client/Modules/Controls/ActionLink.razor
+++ b/Oqtane.Client/Modules/Controls/ActionLink.razor
@@ -110,10 +110,10 @@
                     authorized = true;
                     break;
                 case SecurityAccessLevel.View:
-                    authorized = UserSecurity.IsAuthorized(PageState.User, "View", ModuleState.Permissions);
+                    authorized = UserSecurity.IsAuthorized(PageState.User,PermissionNames.View, ModuleState.Permissions);
                     break;
                 case SecurityAccessLevel.Edit:
-                    authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions);
+                    authorized = UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, ModuleState.Permissions);
                     break;
                 case SecurityAccessLevel.Admin:
                     authorized = UserSecurity.IsAuthorized(PageState.User, Constants.AdminRole);
diff --git a/Oqtane.Client/Modules/Controls/FileManager.razor b/Oqtane.Client/Modules/Controls/FileManager.razor
index 185d6bd5..49abc7d0 100644
--- a/Oqtane.Client/Modules/Controls/FileManager.razor
+++ b/Oqtane.Client/Modules/Controls/FileManager.razor
@@ -181,7 +181,7 @@
             Folder folder = folders.Where(item => item.FolderId == folderid).FirstOrDefault();
             if (folder != null)
             {
-                haseditpermission = UserSecurity.IsAuthorized(PageState.User, "Edit", folder.Permissions);
+                haseditpermission = UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, folder.Permissions);
                 files = await FileService.GetFilesAsync(folderid);
             }
             else
diff --git a/Oqtane.Client/Themes/Controls/ControlPanel.razor b/Oqtane.Client/Themes/Controls/ControlPanel.razor
index f30d2435..685a11ef 100644
--- a/Oqtane.Client/Themes/Controls/ControlPanel.razor
+++ b/Oqtane.Client/Themes/Controls/ControlPanel.razor
@@ -9,7 +9,7 @@
 @inject IPageModuleService PageModuleService
 @inject ILogService logger
 
-@if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions))
+@if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, PageState.Page.Permissions))
 {
     <div class="app-controlpanel" style="@_display">
 
@@ -96,7 +96,7 @@
                                     <option value="-">&lt;Select Module&gt;</option>
                                     @foreach (var moduledefinition in _moduleDefinitions)
                                     {
-                                        if (UserSecurity.IsAuthorized(PageState.User, "Utilize", moduledefinition.Permissions))
+                                        if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.Utilize, moduledefinition.Permissions))
                                         {
                                             <option value="@moduledefinition.ModuleDefinitionName">@moduledefinition.Name</option>
                                         }
@@ -162,7 +162,7 @@
     </div>
 }
 
-@if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions) || (PageState.Page.IsPersonalizable && PageState.User != null))
+@if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, PageState.Page.Permissions) || (PageState.Page.IsPersonalizable && PageState.User != null))
 {
     @if (PageState.Page.EditMode)
     {
@@ -187,7 +187,7 @@
     }
 }
 
-@if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions))
+@if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, PageState.Page.Permissions))
 {
     <button type="button" class="btn @ButtonClass" @onclick="ShowControlPanel">
         <span class="oi oi-menu"></span>
@@ -244,7 +244,7 @@
             BodyClass = "card-body";
         }
 
-        if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions))
+        if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, PageState.Page.Permissions))
         {
             _pages?.Clear();
 
@@ -265,7 +265,7 @@
             _moduleDefinitions = _allModuleDefinitions.Where(item => item.Categories == "").ToList();
             foreach (Page p in PageState.Pages)
             {
-                if (UserSecurity.IsAuthorized(PageState.User, "View", p.Permissions))
+                if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.View, p.Permissions))
                 {
                     _pages.Add(p);
                 }
@@ -301,7 +301,7 @@
         {
             foreach (Module module in PageState.Modules.Where(item => item.PageId == int.Parse(_pageId) && !item.IsDeleted))
             {
-                if (UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions))
+                if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.View, module.Permissions))
                 {
                     _modules.Add(module);
                 }
@@ -313,7 +313,7 @@
 
     private async Task AddModule()
     {
-        if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions))
+        if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, PageState.Page.Permissions))
         {
             if ((_moduleType == "new" && _moduleDefinitionName != "-") || (_moduleType != "new" && _moduleId != "-"))
             {
@@ -381,7 +381,7 @@
 
     private async Task ToggleEditMode(bool EditMode)
     {
-        if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions))
+        if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, PageState.Page.Permissions))
         {
             if (EditMode)
             {
diff --git a/Oqtane.Client/Themes/Controls/Menu.razor b/Oqtane.Client/Themes/Controls/Menu.razor
index 9bd8f818..07e09d34 100644
--- a/Oqtane.Client/Themes/Controls/Menu.razor
+++ b/Oqtane.Client/Themes/Controls/Menu.razor
@@ -36,7 +36,7 @@
 
         foreach (Page p in PageState.Pages.Where(item => item.IsNavigation && !item.IsDeleted))
         {
-            if (UserSecurity.IsAuthorized(PageState.User, "View", p.Permissions) && p.Level <= securitylevel)
+            if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.View, p.Permissions) && p.Level <= securitylevel)
             {
                 securitylevel = int.MaxValue;
 
@@ -74,7 +74,7 @@
         menu += "<ul class=\"navbar-nav mr-auto\">";
         foreach (Page p in PageState.Pages.Where(item => item.IsNavigation && !item.IsDeleted))
         {
-            if (UserSecurity.IsAuthorized(PageState.User, "View", p.Permissions) && p.ParentId == PageState.Page.ParentId && p.Level == PageState.Page.Level)
+            if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.View, p.Permissions) && p.ParentId == PageState.Page.ParentId && p.Level == PageState.Page.Level)
             {
                 if (p.PageId == PageState.Page.PageId)
                 {
diff --git a/Oqtane.Client/Themes/Controls/ModuleActions.razor b/Oqtane.Client/Themes/Controls/ModuleActions.razor
index 09355535..c0be940a 100644
--- a/Oqtane.Client/Themes/Controls/ModuleActions.razor
+++ b/Oqtane.Client/Themes/Controls/ModuleActions.razor
@@ -4,7 +4,7 @@
 @inject IUserService UserService
 @inject IPageModuleService PageModuleService
 
-@if (PageState.EditMode && !PageState.Page.EditMode && UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions))
+@if (PageState.EditMode && !PageState.Page.EditMode && UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, ModuleState.Permissions))
 {
     <a class="nav-link dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false"></a>
     <div class="dropdown-menu" x-placement="bottom-start" style="position: absolute; will-change: transform; top: 0px; left: 0px; transform: translate3d(0px, 37px, 0px);">
@@ -27,7 +27,7 @@
 
     protected override void OnParametersSet()
     {
-        if (PageState.EditMode && UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions))
+        if (PageState.EditMode && UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, ModuleState.Permissions))
         {
             actions = new List<ActionViewModel>();
             actions.Add(new ActionViewModel { Action = "settings", Name = "Manage Settings" });
@@ -66,7 +66,7 @@
 
     protected async Task ModuleAction(string action)
     {
-        if (PageState.EditMode && UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions))
+        if (PageState.EditMode && UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, ModuleState.Permissions))
         {
             PageModule pagemodule = await PageModuleService.GetPageModuleAsync(ModuleState.PageModuleId);
 
@@ -125,4 +125,4 @@
         public string Action { set; get; }
         public string Name { set; get; }
     }
-}
\ No newline at end of file
+}
diff --git a/Oqtane.Client/UI/Pane.razor b/Oqtane.Client/UI/Pane.razor
index 755d7417..d2be8b2b 100644
--- a/Oqtane.Client/UI/Pane.razor
+++ b/Oqtane.Client/UI/Pane.razor
@@ -25,7 +25,7 @@
 
     protected override void OnParametersSet()
     {
-        if (PageState.EditMode && !PageState.Page.EditMode && UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions) && Name != Constants.AdminPane)
+        if (PageState.EditMode && !PageState.Page.EditMode && UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, PageState.Page.Permissions) && Name != Constants.AdminPane)
         {
             paneadminborder = "app-pane-admin-border";
             panetitle = "<div class=\"app-pane-admin-title\">" + Name + " Pane</div>";
@@ -57,7 +57,7 @@
                             bool authorized = false;
                             if (Constants.DefaultModuleActions.Contains(PageState.Action))
                             {
-                                authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions);
+                                authorized = UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, PageState.Page.Permissions);
                             }
                             else
                             {
@@ -68,10 +68,10 @@
                                         authorized = true;
                                         break;
                                     case SecurityAccessLevel.View:
-                                        authorized = UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions);
+                                        authorized = UserSecurity.IsAuthorized(PageState.User,PermissionNames.View, module.Permissions);
                                         break;
                                     case SecurityAccessLevel.Edit:
-                                        authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", module.Permissions);
+                                        authorized = UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, module.Permissions);
                                         break;
                                     case SecurityAccessLevel.Admin:
                                         authorized = UserSecurity.IsAuthorized(PageState.User, Constants.AdminRole);
@@ -107,7 +107,7 @@
                     if (module != null && module.Pane.ToLower() == Name.ToLower())
                     {
                         // check if user is authorized to view module
-                        if (UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions))
+                        if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.View, module.Permissions))
                         {
                             builder.OpenComponent(0, Type.GetType(Constants.ContainerComponent));
                             builder.AddAttribute(1, "Module", module);
@@ -120,7 +120,7 @@
                     foreach (Module module in PageState.Modules.Where(item => item.PageId == PageState.Page.PageId && item.Pane.ToLower() == Name.ToLower() && !item.IsDeleted).OrderBy(x => x.Order).ToArray())
                     {
                         // check if user is authorized to view module
-                        if (UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions))
+                        if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.View, module.Permissions))
                         {
                             builder.OpenComponent(0, Type.GetType(Constants.ContainerComponent));
                             builder.AddAttribute(1, "Module", module);
@@ -132,4 +132,4 @@
             };
         };
     }
-}
\ No newline at end of file
+}
diff --git a/Oqtane.Client/UI/SiteRouter.razor b/Oqtane.Client/UI/SiteRouter.razor
index e4221263..c9b63239 100644
--- a/Oqtane.Client/UI/SiteRouter.razor
+++ b/Oqtane.Client/UI/SiteRouter.razor
@@ -231,7 +231,7 @@
                 }
 
                 // check if user is authorized to view page
-                if (UserSecurity.IsAuthorized(user, "View", page.Permissions))
+                if (UserSecurity.IsAuthorized(user,PermissionNames.View, page.Permissions))
                 {
                     page = await ProcessPage(page, site, user);
 
@@ -453,4 +453,4 @@
         return modules;
     }
 
-}
\ No newline at end of file
+}
diff --git a/Oqtane.Server/Controllers/FileController.cs b/Oqtane.Server/Controllers/FileController.cs
index 0cd6925f..5f0b507a 100644
--- a/Oqtane.Server/Controllers/FileController.cs
+++ b/Oqtane.Server/Controllers/FileController.cs
@@ -103,7 +103,7 @@ namespace Oqtane.Controllers
         public Models.File Get(int id)
         {
             Models.File file = _files.GetFile(id);
-            if (_userPermissions.IsAuthorized(User, "View", file.Folder.Permissions))
+            if (_userPermissions.IsAuthorized(User,PermissionNames.View, file.Folder.Permissions))
             {
                 return file;
             }
@@ -164,7 +164,7 @@ namespace Oqtane.Controllers
         {
             Models.File file = null;
             Folder folder = _folders.GetFolder(int.Parse(folderid));
-            if (folder != null && _userPermissions.IsAuthorized(User, "Edit", folder.Permissions))
+            if (folder != null && _userPermissions.IsAuthorized(User,PermissionNames.Edit, folder.Permissions))
             {
                 string folderpath = GetFolderPath(folder);
                 CreateDirectory(folderpath);
@@ -213,7 +213,7 @@ namespace Oqtane.Controllers
                 if (int.TryParse(folder, out folderid))
                 {
                     Folder Folder = _folders.GetFolder(folderid);
-                    if (Folder != null && _userPermissions.IsAuthorized(User, "Edit", Folder.Permissions))
+                    if (Folder != null && _userPermissions.IsAuthorized(User,PermissionNames.Edit, Folder.Permissions))
                     {
                         folderpath = GetFolderPath(Folder); 
                     }
@@ -364,7 +364,7 @@ namespace Oqtane.Controllers
         public IActionResult Download(int id)
         {
             Models.File file = _files.GetFile(id);
-            if (file != null && _userPermissions.IsAuthorized(User, "View", file.Folder.Permissions))
+            if (file != null && _userPermissions.IsAuthorized(User,PermissionNames.View, file.Folder.Permissions))
             {
                 string filepath = GetFolderPath(file.Folder) + file.Name;
                 if (System.IO.File.Exists(filepath))
diff --git a/Oqtane.Server/Controllers/FolderController.cs b/Oqtane.Server/Controllers/FolderController.cs
index 4b076e7f..94ea087d 100644
--- a/Oqtane.Server/Controllers/FolderController.cs
+++ b/Oqtane.Server/Controllers/FolderController.cs
@@ -99,7 +99,7 @@ namespace Oqtane.Controllers
                 {
                     permissions = UserSecurity.SetPermissionStrings(new List<PermissionString> { new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole } });
                 }
-                if (_userPermissions.IsAuthorized(User, "Edit", permissions))
+                if (_userPermissions.IsAuthorized(User,PermissionNames.Edit, permissions))
                 {
                     if (string.IsNullOrEmpty(Folder.Path) && Folder.ParentId != null)
                     {
diff --git a/Oqtane.Server/Controllers/ModuleController.cs b/Oqtane.Server/Controllers/ModuleController.cs
index d2697ce1..98e4d109 100644
--- a/Oqtane.Server/Controllers/ModuleController.cs
+++ b/Oqtane.Server/Controllers/ModuleController.cs
@@ -37,7 +37,7 @@ namespace Oqtane.Controllers
             List<Models.Module> modules = new List<Models.Module>();
             foreach (PageModule pagemodule in _pageModules.GetPageModules(int.Parse(siteid)))
             {
-                if (_userPermissions.IsAuthorized(User, "View", pagemodule.Module.Permissions))
+                if (_userPermissions.IsAuthorized(User,PermissionNames.View, pagemodule.Module.Permissions))
                 {
                     Models.Module module = new Models.Module();
                     module.SiteId = pagemodule.Module.SiteId;
@@ -70,7 +70,7 @@ namespace Oqtane.Controllers
         public Models.Module Get(int id)
         {
             Models.Module module = _modules.GetModule(id);
-            if (_userPermissions.IsAuthorized(User, "View", module.Permissions))
+            if (_userPermissions.IsAuthorized(User,PermissionNames.View, module.Permissions))
             {
                 List<ModuleDefinition> moduledefinitions = _moduleDefinitions.GetModuleDefinitions(module.SiteId).ToList();
                 module.ModuleDefinition = moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName);
diff --git a/Oqtane.Server/Controllers/ModuleDefinitionController.cs b/Oqtane.Server/Controllers/ModuleDefinitionController.cs
index 51832744..10bd92e7 100644
--- a/Oqtane.Server/Controllers/ModuleDefinitionController.cs
+++ b/Oqtane.Server/Controllers/ModuleDefinitionController.cs
@@ -38,7 +38,7 @@ namespace Oqtane.Controllers
             List<ModuleDefinition> moduledefinitions = new List<ModuleDefinition>();
             foreach(ModuleDefinition moduledefinition in _moduleDefinitions.GetModuleDefinitions(int.Parse(siteid)))
             {
-                if (_userPermissions.IsAuthorized(User, "Utilize", moduledefinition.Permissions))
+                if (_userPermissions.IsAuthorized(User,PermissionNames.Utilize, moduledefinition.Permissions))
                 {
                     moduledefinitions.Add(moduledefinition);
                 }
@@ -51,7 +51,7 @@ namespace Oqtane.Controllers
         public ModuleDefinition Get(int id, string siteid)
         {
             ModuleDefinition moduledefinition = _moduleDefinitions.GetModuleDefinition(id, int.Parse(siteid));
-            if (_userPermissions.IsAuthorized(User, "Utilize", moduledefinition.Permissions))
+            if (_userPermissions.IsAuthorized(User,PermissionNames.Utilize, moduledefinition.Permissions))
             {
                 return moduledefinition;
             }
diff --git a/Oqtane.Server/Controllers/PageController.cs b/Oqtane.Server/Controllers/PageController.cs
index b797e4a1..7fb3221d 100644
--- a/Oqtane.Server/Controllers/PageController.cs
+++ b/Oqtane.Server/Controllers/PageController.cs
@@ -38,7 +38,7 @@ namespace Oqtane.Controllers
             List<Page> pages = new List<Page>();
             foreach (Page page in _pages.GetPages(int.Parse(siteid)))
             {
-                if (_userPermissions.IsAuthorized(User, "View", page.Permissions))
+                if (_userPermissions.IsAuthorized(User,PermissionNames.View, page.Permissions))
                 {
                     pages.Add(page);
                 }
@@ -59,7 +59,7 @@ namespace Oqtane.Controllers
             {
                 page = _pages.GetPage(id, int.Parse(userid));
             }
-            if (_userPermissions.IsAuthorized(User, "View", page.Permissions))
+            if (_userPermissions.IsAuthorized(User,PermissionNames.View, page.Permissions))
             {
                 return page;
             }
@@ -78,7 +78,7 @@ namespace Oqtane.Controllers
             Page page = _pages.GetPage(WebUtility.UrlDecode(path), siteid);
             if (page != null)
             {
-                if (_userPermissions.IsAuthorized(User, "View", page.Permissions))
+                if (_userPermissions.IsAuthorized(User,PermissionNames.View, page.Permissions))
                 {
                     return page;
                 }
@@ -113,7 +113,7 @@ namespace Oqtane.Controllers
                     permissions = UserSecurity.SetPermissionStrings(new List<PermissionString> { new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole } });
                 }
             
-                if (_userPermissions.IsAuthorized(User, "Edit", permissions))
+                if (_userPermissions.IsAuthorized(User,PermissionNames.Edit, permissions))
                 {
                     Page = _pages.AddPage(Page);
                     _syncManager.AddSyncEvent("Site", Page.SiteId);
diff --git a/Oqtane.Server/Controllers/PageModuleController.cs b/Oqtane.Server/Controllers/PageModuleController.cs
index 1e2222cd..a9278747 100644
--- a/Oqtane.Server/Controllers/PageModuleController.cs
+++ b/Oqtane.Server/Controllers/PageModuleController.cs
@@ -33,7 +33,7 @@ namespace Oqtane.Controllers
         public PageModule Get(int id)
         {
             PageModule pagemodule = _pageModules.GetPageModule(id);
-            if (_userPermissions.IsAuthorized(User, "View", pagemodule.Module.Permissions))
+            if (_userPermissions.IsAuthorized(User,PermissionNames.View, pagemodule.Module.Permissions))
             {
                 return pagemodule;
             }
@@ -50,7 +50,7 @@ namespace Oqtane.Controllers
         public PageModule Get(int pageid, int moduleid)
         {
             PageModule pagemodule = _pageModules.GetPageModule(pageid, moduleid);
-            if (_userPermissions.IsAuthorized(User, "View", pagemodule.Module.Permissions))
+            if (_userPermissions.IsAuthorized(User,PermissionNames.View, pagemodule.Module.Permissions))
             {
                 return pagemodule;
             }
diff --git a/Oqtane.Shared/Shared/PermissionNames.cs b/Oqtane.Shared/Shared/PermissionNames.cs
new file mode 100644
index 00000000..4c77542f
--- /dev/null
+++ b/Oqtane.Shared/Shared/PermissionNames.cs
@@ -0,0 +1,10 @@
+namespace Oqtane.Shared
+{
+    public class PermissionNames
+    {
+        public const string View = "View";
+        public const string Edit = "Edit";
+        public const string Delete = "Delete";
+        public const string Utilize = "Utilize";
+    }
+}
diff --git a/Oqtane.Test/Oqtane.Test.csproj b/Oqtane.Test/Oqtane.Test.csproj
index 80574616..b8e24038 100644
--- a/Oqtane.Test/Oqtane.Test.csproj
+++ b/Oqtane.Test/Oqtane.Test.csproj
@@ -22,4 +22,24 @@
     <ProjectReference Include="..\Oqtane.Shared\Oqtane.Shared.csproj" />
   </ItemGroup>
 
+  <ItemGroup>
+    <Compile Remove="Repository\**" />
+    <Compile Remove="Security\**" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <EmbeddedResource Remove="Repository\**" />
+    <EmbeddedResource Remove="Security\**" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <None Remove="Repository\**" />
+    <None Remove="Security\**" />
+  </ItemGroup>
+
+  <ItemGroup>
+    <Content Remove="Repository\**" />
+    <Content Remove="Security\**" />
+  </ItemGroup>
+
 </Project>

From b4d3903517872ed9eec84330ae1a88bad1160ed7 Mon Sep 17 00:00:00 2001
From: Pavel Vesely <pavel@vesely.dev>
Date: Sat, 14 Mar 2020 10:12:07 +0100
Subject: [PATCH 2/3] Replace magic strings in other places

---
 Oqtane.Client/Modules/Admin/Files/Edit.razor  |  6 +++---
 .../Admin/ModuleDefinitions/Edit.razor        |  2 +-
 Oqtane.Client/Modules/Admin/Pages/Add.razor   |  4 ++--
 Oqtane.Server/Controllers/FileController.cs   |  8 ++++----
 Oqtane.Server/Controllers/FolderController.cs | 14 ++++++-------
 Oqtane.Server/Controllers/ModuleController.cs | 10 +++++-----
 Oqtane.Server/Controllers/PageController.cs   | 16 +++++++--------
 .../Controllers/PageModuleController.cs       |  8 ++++----
 .../Controllers/SettingController.cs          | 12 +++++------
 Oqtane.Server/Startup.cs                      | 20 +++++++++----------
 Oqtane.Shared/Shared/PermissionNames.cs       |  1 +
 11 files changed, 51 insertions(+), 50 deletions(-)

diff --git a/Oqtane.Client/Modules/Admin/Files/Edit.razor b/Oqtane.Client/Modules/Admin/Files/Edit.razor
index 360ac6b6..234dd684 100644
--- a/Oqtane.Client/Modules/Admin/Files/Edit.razor
+++ b/Oqtane.Client/Modules/Admin/Files/Edit.razor
@@ -100,9 +100,9 @@
             {
                 parentid = folders[0].FolderId;
                 List<PermissionString> permissionstrings = new List<PermissionString>();
-                permissionstrings.Add(new PermissionString { PermissionName = "Browse", Permissions = Constants.AdminRole });
-                permissionstrings.Add(new PermissionString { PermissionName = "View", Permissions = Constants.AdminRole });
-                permissionstrings.Add(new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole });
+                permissionstrings.Add(new PermissionString { PermissionName = PermissionNames.Browse, Permissions = Constants.AdminRole });
+                permissionstrings.Add(new PermissionString { PermissionName = PermissionNames.View, Permissions = Constants.AdminRole });
+                permissionstrings.Add(new PermissionString { PermissionName = PermissionNames.Edit, Permissions = Constants.AdminRole });
                 permissions = UserSecurity.SetPermissionStrings(permissionstrings);
             }
         }
diff --git a/Oqtane.Client/Modules/Admin/ModuleDefinitions/Edit.razor b/Oqtane.Client/Modules/Admin/ModuleDefinitions/Edit.razor
index f767c33b..36032ce9 100644
--- a/Oqtane.Client/Modules/Admin/ModuleDefinitions/Edit.razor
+++ b/Oqtane.Client/Modules/Admin/ModuleDefinitions/Edit.razor
@@ -17,7 +17,7 @@
             <label for="Name" class="control-label">Permissions: </label>
         </td>
         <td>
-            <PermissionGrid EntityName="ModuleDefinition" PermissionNames="Utilize" Permissions="@permissions" @ref="permissiongrid" />
+            <PermissionGrid EntityName="ModuleDefinition" PermissionNames=PermissionNames.Utilize Permissions="@permissions" @ref="permissiongrid" />
         </td>
     </tr>
 </table>
diff --git a/Oqtane.Client/Modules/Admin/Pages/Add.razor b/Oqtane.Client/Modules/Admin/Pages/Add.razor
index 46543bca..17a785dc 100644
--- a/Oqtane.Client/Modules/Admin/Pages/Add.razor
+++ b/Oqtane.Client/Modules/Admin/Pages/Add.razor
@@ -184,8 +184,8 @@
             layouttype = PageState.Site.DefaultLayoutType;
 
             List<PermissionString> permissionstrings = new List<PermissionString>();
-            permissionstrings.Add(new PermissionString { PermissionName = "View", Permissions = Constants.AdminRole });
-            permissionstrings.Add(new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole });
+            permissionstrings.Add(new PermissionString { PermissionName = PermissionNames.View, Permissions = Constants.AdminRole });
+            permissionstrings.Add(new PermissionString { PermissionName = PermissionNames.Edit, Permissions = Constants.AdminRole });
             permissions = UserSecurity.SetPermissionStrings(permissionstrings);
         }
         catch (Exception ex)
diff --git a/Oqtane.Server/Controllers/FileController.cs b/Oqtane.Server/Controllers/FileController.cs
index 5f0b507a..aed3deb6 100644
--- a/Oqtane.Server/Controllers/FileController.cs
+++ b/Oqtane.Server/Controllers/FileController.cs
@@ -47,7 +47,7 @@ namespace Oqtane.Controllers
             if (int.TryParse(folder, out folderid))
             {
                 Folder f = _folders.GetFolder(folderid);
-                if (f != null && _userPermissions.IsAuthorized(User, "Browse", f.Permissions))
+                if (f != null && _userPermissions.IsAuthorized(User, PermissionNames.Browse, f.Permissions))
                 {
                     files = _files.GetFiles(folderid).ToList();
                 }
@@ -77,7 +77,7 @@ namespace Oqtane.Controllers
             Folder folder = _folders.GetFolder(siteId, folderPath);
             List<Models.File> files;
             if (folder != null)
-                if (_userPermissions.IsAuthorized(User, "Browse", folder.Permissions))
+                if (_userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.Permissions))
                 {
                     files = _files.GetFiles(folder.FolderId).ToList();
                 }
@@ -120,7 +120,7 @@ namespace Oqtane.Controllers
         [Authorize(Roles = Constants.RegisteredRole)]
         public Models.File Put(int id, [FromBody] Models.File File)
         {
-            if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Folder", File.Folder.FolderId, "Edit"))
+            if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Folder", File.Folder.FolderId, PermissionNames.Edit))
             {
                 File = _files.UpdateFile(File);
                 _logger.Log(LogLevel.Information, this, LogFunction.Update, "File Updated {File}", File);
@@ -140,7 +140,7 @@ namespace Oqtane.Controllers
         public void Delete(int id)
         {
             Models.File file = _files.GetFile(id);
-            if (_userPermissions.IsAuthorized(User, "Folder", file.Folder.FolderId, "Edit"))
+            if (_userPermissions.IsAuthorized(User, "Folder", file.Folder.FolderId, PermissionNames.Edit))
             {
                 _files.DeleteFile(id);
 
diff --git a/Oqtane.Server/Controllers/FolderController.cs b/Oqtane.Server/Controllers/FolderController.cs
index 94ea087d..54c5eba9 100644
--- a/Oqtane.Server/Controllers/FolderController.cs
+++ b/Oqtane.Server/Controllers/FolderController.cs
@@ -32,7 +32,7 @@ namespace Oqtane.Controllers
             List<Folder> folders = new List<Folder>();
             foreach(Folder folder in _folders.GetFolders(int.Parse(siteid)))
             {
-                if (_userPermissions.IsAuthorized(User, "Browse", folder.Permissions))
+                if (_userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.Permissions))
                 {
                     folders.Add(folder);
                 }
@@ -45,7 +45,7 @@ namespace Oqtane.Controllers
         public Folder Get(int id)
         {
             Folder folder = _folders.GetFolder(id);
-            if (_userPermissions.IsAuthorized(User, "Browse", folder.Permissions))
+            if (_userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.Permissions))
             {
                 return folder;
             }
@@ -63,7 +63,7 @@ namespace Oqtane.Controllers
             var folderPath = WebUtility.UrlDecode(path);
             Folder folder = _folders.GetFolder(siteId, folderPath);
             if (folder != null)
-                if (_userPermissions.IsAuthorized(User, "Browse", folder.Permissions))
+                if (_userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.Permissions))
                 {
                     return folder;
                 }
@@ -97,7 +97,7 @@ namespace Oqtane.Controllers
                 }
                 else
                 {
-                    permissions = UserSecurity.SetPermissionStrings(new List<PermissionString> { new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole } });
+                    permissions = UserSecurity.SetPermissionStrings(new List<PermissionString> { new PermissionString { PermissionName = PermissionNames.Edit, Permissions = Constants.AdminRole } });
                 }
                 if (_userPermissions.IsAuthorized(User,PermissionNames.Edit, permissions))
                 {
@@ -124,7 +124,7 @@ namespace Oqtane.Controllers
         [Authorize(Roles = Constants.RegisteredRole)]
         public Folder Put(int id, [FromBody] Folder Folder)
         {
-            if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Folder", Folder.FolderId, "Edit"))
+            if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Folder", Folder.FolderId, PermissionNames.Edit))
             {
                 if (string.IsNullOrEmpty(Folder.Path) && Folder.ParentId != null)
                 {
@@ -148,7 +148,7 @@ namespace Oqtane.Controllers
         [Authorize(Roles = Constants.RegisteredRole)]
         public void Put(int siteid, int folderid, int? parentid)
         {
-            if (_userPermissions.IsAuthorized(User, "Folder", folderid, "Edit"))
+            if (_userPermissions.IsAuthorized(User, "Folder", folderid, PermissionNames.Edit))
             {
                 int order = 1;
                 List<Folder> folders = _folders.GetFolders(siteid).ToList();
@@ -175,7 +175,7 @@ namespace Oqtane.Controllers
         [Authorize(Roles = Constants.RegisteredRole)]
         public void Delete(int id)
         {
-            if (_userPermissions.IsAuthorized(User, "Folder", id, "Edit"))
+            if (_userPermissions.IsAuthorized(User, "Folder", id, PermissionNames.Edit))
             {
                 _folders.DeleteFolder(id);
                 _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Folder Deleted {FolderId}", id);
diff --git a/Oqtane.Server/Controllers/ModuleController.cs b/Oqtane.Server/Controllers/ModuleController.cs
index 98e4d109..431167d3 100644
--- a/Oqtane.Server/Controllers/ModuleController.cs
+++ b/Oqtane.Server/Controllers/ModuleController.cs
@@ -89,7 +89,7 @@ namespace Oqtane.Controllers
         [Authorize(Roles = Constants.RegisteredRole)]
         public Models.Module Post([FromBody] Models.Module Module)
         {
-            if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Page", Module.PageId, "Edit"))
+            if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Page", Module.PageId, PermissionNames.Edit))
             {
                 Module = _modules.AddModule(Module);
                 _logger.Log(LogLevel.Information, this, LogFunction.Create, "Module Added {Module}", Module);
@@ -108,7 +108,7 @@ namespace Oqtane.Controllers
         [Authorize(Roles = Constants.RegisteredRole)]
         public Models.Module Put(int id, [FromBody] Models.Module Module)
         {
-            if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Module", Module.ModuleId, "Edit"))
+            if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Module", Module.ModuleId, PermissionNames.Edit))
             {
                 Module = _modules.UpdateModule(Module);
                 _logger.Log(LogLevel.Information, this, LogFunction.Update, "Module Updated {Module}", Module);
@@ -127,7 +127,7 @@ namespace Oqtane.Controllers
         [Authorize(Roles = Constants.RegisteredRole)]
         public void Delete(int id)
         {
-            if (_userPermissions.IsAuthorized(User, "Module", id, "Edit"))
+            if (_userPermissions.IsAuthorized(User, "Module", id, PermissionNames.Edit))
             {
                 _modules.DeleteModule(id);
                 _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Module Deleted {ModuleId}", id);
@@ -145,7 +145,7 @@ namespace Oqtane.Controllers
         public string Export(int moduleid)
         {
             string content = "";
-            if (_userPermissions.IsAuthorized(User, "Module", moduleid, "Edit"))
+            if (_userPermissions.IsAuthorized(User, "Module", moduleid, PermissionNames.Edit))
             {
                 content = _modules.ExportModule(moduleid);
             }
@@ -163,7 +163,7 @@ namespace Oqtane.Controllers
         public bool Import(int moduleid, [FromBody] string Content)
         {
             bool success = false;
-            if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Module", moduleid, "Edit"))
+            if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Module", moduleid, PermissionNames.Edit))
             {
                 success = _modules.ImportModule(moduleid, Content);
             }
diff --git a/Oqtane.Server/Controllers/PageController.cs b/Oqtane.Server/Controllers/PageController.cs
index 7fb3221d..371c15d6 100644
--- a/Oqtane.Server/Controllers/PageController.cs
+++ b/Oqtane.Server/Controllers/PageController.cs
@@ -110,7 +110,7 @@ namespace Oqtane.Controllers
                 }
                 else
                 {
-                    permissions = UserSecurity.SetPermissionStrings(new List<PermissionString> { new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole } });
+                    permissions = UserSecurity.SetPermissionStrings(new List<PermissionString> { new PermissionString { PermissionName = PermissionNames.Edit, Permissions = Constants.AdminRole } });
                 }
             
                 if (_userPermissions.IsAuthorized(User,PermissionNames.Edit, permissions))
@@ -150,8 +150,8 @@ namespace Oqtane.Controllers
                 page.LayoutType = parent.LayoutType;
                 page.Icon = parent.Icon;
                 List<PermissionString> permissions = new List<PermissionString>();
-                permissions.Add(new PermissionString { PermissionName = "View", Permissions = "[" + userid + "]" });
-                permissions.Add(new PermissionString { PermissionName = "Edit", Permissions = "[" + userid + "]" });
+                permissions.Add(new PermissionString { PermissionName = PermissionNames.View, Permissions = "[" + userid + "]" });
+                permissions.Add(new PermissionString { PermissionName = PermissionNames.Edit, Permissions = "[" + userid + "]" });
                 page.Permissions = UserSecurity.SetPermissionStrings(permissions);
                 page.IsPersonalizable = false;
                 page.UserId = int.Parse(userid);
@@ -167,8 +167,8 @@ namespace Oqtane.Controllers
                     module.PageId = page.PageId;
                     module.ModuleDefinitionName = pm.Module.ModuleDefinitionName;
                     permissions = new List<PermissionString>();
-                    permissions.Add(new PermissionString { PermissionName = "View", Permissions = "[" + userid + "]" });
-                    permissions.Add(new PermissionString { PermissionName = "Edit", Permissions = "[" + userid + "]" });
+                    permissions.Add(new PermissionString { PermissionName = PermissionNames.View, Permissions = "[" + userid + "]" });
+                    permissions.Add(new PermissionString { PermissionName = PermissionNames.Edit, Permissions = "[" + userid + "]" });
                     module.Permissions = UserSecurity.SetPermissionStrings(permissions);
                     module = _modules.AddModule(module);
 
@@ -197,7 +197,7 @@ namespace Oqtane.Controllers
         [Authorize(Roles = Constants.RegisteredRole)]
         public Page Put(int id, [FromBody] Page Page)
         {
-            if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Page", Page.PageId, "Edit"))
+            if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Page", Page.PageId, PermissionNames.Edit))
             {
                 Page = _pages.UpdatePage(Page);
                 _syncManager.AddSyncEvent("Site", Page.SiteId);
@@ -217,7 +217,7 @@ namespace Oqtane.Controllers
         [Authorize(Roles = Constants.RegisteredRole)]
         public void Put(int siteid, int pageid, int? parentid)
         {
-            if (_userPermissions.IsAuthorized(User, "Page", pageid, "Edit"))
+            if (_userPermissions.IsAuthorized(User, "Page", pageid, PermissionNames.Edit))
             {
                 int order = 1;
                 List<Page> pages = _pages.GetPages(siteid).ToList();
@@ -246,7 +246,7 @@ namespace Oqtane.Controllers
         public void Delete(int id)
         {
             Page page = _pages.GetPage(id);
-            if (_userPermissions.IsAuthorized(User, "Page", page.PageId, "Edit"))
+            if (_userPermissions.IsAuthorized(User, "Page", page.PageId, PermissionNames.Edit))
             {
                 _pages.DeletePage(page.PageId);
                 _syncManager.AddSyncEvent("Site", page.SiteId);
diff --git a/Oqtane.Server/Controllers/PageModuleController.cs b/Oqtane.Server/Controllers/PageModuleController.cs
index a9278747..71fdaeaf 100644
--- a/Oqtane.Server/Controllers/PageModuleController.cs
+++ b/Oqtane.Server/Controllers/PageModuleController.cs
@@ -67,7 +67,7 @@ namespace Oqtane.Controllers
         [Authorize(Roles = Constants.RegisteredRole)]
         public PageModule Post([FromBody] PageModule PageModule)
         {
-            if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Page", PageModule.PageId, "Edit"))
+            if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Page", PageModule.PageId, PermissionNames.Edit))
             {
                 PageModule = _pageModules.AddPageModule(PageModule);
                 _syncManager.AddSyncEvent("Page", PageModule.PageId);
@@ -87,7 +87,7 @@ namespace Oqtane.Controllers
         [Authorize(Roles = Constants.RegisteredRole)]
         public PageModule Put(int id, [FromBody] PageModule PageModule)
         {
-            if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Module", PageModule.ModuleId, "Edit"))
+            if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Module", PageModule.ModuleId, PermissionNames.Edit))
             {
                 PageModule = _pageModules.UpdatePageModule(PageModule);
                 _syncManager.AddSyncEvent("Page", PageModule.PageId);
@@ -107,7 +107,7 @@ namespace Oqtane.Controllers
         [Authorize(Roles = Constants.RegisteredRole)]
         public void Put(int pageid, string pane)
         {
-            if (_userPermissions.IsAuthorized(User, "Page", pageid, "Edit"))
+            if (_userPermissions.IsAuthorized(User, "Page", pageid, PermissionNames.Edit))
             {
                 int order = 1;
                 List<PageModule> pagemodules = _pageModules.GetPageModules(pageid, pane).OrderBy(item => item.Order).ToList();
@@ -136,7 +136,7 @@ namespace Oqtane.Controllers
         public void Delete(int id)
         {
             PageModule pagemodule = _pageModules.GetPageModule(id);
-            if (_userPermissions.IsAuthorized(User, "Page", pagemodule.PageId, "Edit"))
+            if (_userPermissions.IsAuthorized(User, "Page", pagemodule.PageId, PermissionNames.Edit))
             {
                 _pageModules.DeletePageModule(id);
                 _syncManager.AddSyncEvent("Page", pagemodule.PageId);
diff --git a/Oqtane.Server/Controllers/SettingController.cs b/Oqtane.Server/Controllers/SettingController.cs
index 5fcd65c4..e0a95d4e 100644
--- a/Oqtane.Server/Controllers/SettingController.cs
+++ b/Oqtane.Server/Controllers/SettingController.cs
@@ -31,7 +31,7 @@ namespace Oqtane.Controllers
         public IEnumerable<Setting> Get(string entityname, int entityid)
         {
             List<Setting> settings = new List<Setting>();
-            if (IsAuthorized(entityname, entityid, "View"))
+            if (IsAuthorized(entityname, entityid, PermissionNames.View))
             {
                 settings = _settings.GetSettings(entityname, entityid).ToList();
             }
@@ -48,7 +48,7 @@ namespace Oqtane.Controllers
         public Setting Get(int id)
         {
             Setting setting = _settings.GetSetting(id);
-            if (IsAuthorized(setting.EntityName, setting.EntityId, "View"))
+            if (IsAuthorized(setting.EntityName, setting.EntityId, PermissionNames.View))
             {
                 return setting;
             }
@@ -64,7 +64,7 @@ namespace Oqtane.Controllers
         [HttpPost]
         public Setting Post([FromBody] Setting Setting)
         {
-            if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId, "Edit"))
+            if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId, PermissionNames.Edit))
             {
                 Setting = _settings.AddSetting(Setting);
                 _logger.Log(LogLevel.Information, this, LogFunction.Create, "Setting Added {Setting}", Setting);
@@ -82,7 +82,7 @@ namespace Oqtane.Controllers
         [HttpPut("{id}")]
         public Setting Put(int id, [FromBody] Setting Setting)
         {
-            if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId, "Edit"))
+            if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId, PermissionNames.Edit))
             {
                 Setting = _settings.UpdateSetting(Setting);
                 _logger.Log(LogLevel.Information, this, LogFunction.Update, "Setting Updated {Setting}", Setting);
@@ -101,7 +101,7 @@ namespace Oqtane.Controllers
         public void Delete(int id)
         {
             Setting setting = _settings.GetSetting(id);
-            if (IsAuthorized(setting.EntityName, setting.EntityId, "Edit"))
+            if (IsAuthorized(setting.EntityName, setting.EntityId, PermissionNames.Edit))
             {
                 _settings.DeleteSetting(id);
                 _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Setting Deleted {Setting}", setting);
@@ -136,7 +136,7 @@ namespace Oqtane.Controllers
                     break;
                 case "User":
                     authorized = true;
-                    if (PermissionName == "Edit")
+                    if (PermissionName == PermissionNames.Edit)
                     {
                         authorized = User.IsInRole(Constants.AdminRole) || (_userPermissions.GetUser(User).UserId == EntityId);
                     }
diff --git a/Oqtane.Server/Startup.cs b/Oqtane.Server/Startup.cs
index 55e2391a..acb3b811 100644
--- a/Oqtane.Server/Startup.cs
+++ b/Oqtane.Server/Startup.cs
@@ -78,12 +78,12 @@ namespace Oqtane.Server
             // register authorization services
             services.AddAuthorizationCore(options =>
             {
-                options.AddPolicy("ViewPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", "View")));
-                options.AddPolicy("EditPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", "Edit")));
-                options.AddPolicy("ViewModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", "View")));
-                options.AddPolicy("EditModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", "Edit")));
-                options.AddPolicy("ViewFolder", policy => policy.Requirements.Add(new PermissionRequirement("Folder", "View")));
-                options.AddPolicy("EditFolder", policy => policy.Requirements.Add(new PermissionRequirement("Folder", "Edit")));
+                options.AddPolicy("ViewPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", PermissionNames.View)));
+                options.AddPolicy("EditPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", PermissionNames.Edit)));
+                options.AddPolicy("ViewModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", PermissionNames.View)));
+                options.AddPolicy("EditModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", PermissionNames.Edit)));
+                options.AddPolicy("ViewFolder", policy => policy.Requirements.Add(new PermissionRequirement("Folder", PermissionNames.View)));
+                options.AddPolicy("EditFolder", policy => policy.Requirements.Add(new PermissionRequirement("Folder", PermissionNames.Edit)));
                 options.AddPolicy("ListFolder", policy => policy.Requirements.Add(new PermissionRequirement("Folder", "List")));
             });
 
@@ -253,10 +253,10 @@ namespace Oqtane.Server
             // register authorization services
             services.AddAuthorizationCore(options =>
             {
-                options.AddPolicy("ViewPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", "View")));
-                options.AddPolicy("EditPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", "Edit")));
-                options.AddPolicy("ViewModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", "View")));
-                options.AddPolicy("EditModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", "Edit")));
+                options.AddPolicy("ViewPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", PermissionNames.View)));
+                options.AddPolicy("EditPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", PermissionNames.Edit)));
+                options.AddPolicy("ViewModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", PermissionNames.View)));
+                options.AddPolicy("EditModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", PermissionNames.Edit)));
             });
 
             // register scoped core services
diff --git a/Oqtane.Shared/Shared/PermissionNames.cs b/Oqtane.Shared/Shared/PermissionNames.cs
index 4c77542f..a157199b 100644
--- a/Oqtane.Shared/Shared/PermissionNames.cs
+++ b/Oqtane.Shared/Shared/PermissionNames.cs
@@ -2,6 +2,7 @@
 {
     public class PermissionNames
     {
+        public const string Browse = "Browse";
         public const string View = "View";
         public const string Edit = "Edit";
         public const string Delete = "Delete";

From 4546354ecb7b0ae72bf6da8be329b3ebfad62be4 Mon Sep 17 00:00:00 2001
From: Pavel Vesely <pavel@vesely.dev>
Date: Sat, 14 Mar 2020 17:06:39 +0100
Subject: [PATCH 3/3] Delete permission removed

---
 Oqtane.Shared/Shared/PermissionNames.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Oqtane.Shared/Shared/PermissionNames.cs b/Oqtane.Shared/Shared/PermissionNames.cs
index a157199b..a0ec3c93 100644
--- a/Oqtane.Shared/Shared/PermissionNames.cs
+++ b/Oqtane.Shared/Shared/PermissionNames.cs
@@ -5,7 +5,7 @@
         public const string Browse = "Browse";
         public const string View = "View";
         public const string Edit = "Edit";
-        public const string Delete = "Delete";
         public const string Utilize = "Utilize";
+
     }
 }