Diplomarbeit-Absolventenverein/oqtane.framework-not-mirrored
Archived
9
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Permission grid control, refactor permission string serialization

Browse Source
This commit is contained in:
Shaun Walker 2019-08-30 10:05:13 -04:00
parent 3ce7f1a227
commit 88a08c8863
27 changed files with 460 additions and 216 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

108
Oqtane.Client/Modules/Admin/ModuleSettings/Index.razor
View File

@ -11,59 +11,51 @@
@inject IModuleService ModuleService @inject IModuleService ModuleService
@inject IPageModuleService PageModuleService @inject IPageModuleService PageModuleService
<table class="form-group"> <table class="form-group">
<tr> <tr>
<td> <td>
<label for="Title" class="control-label">Title: </label> <label for="Title" class="control-label">Title: </label>
</td> </td>
<td> <td>
<input type="text" name="Title" class="form-control" @bind="@title" /> <input type="text" name="Title" class="form-control" @bind="@title" />
</td> </td>
</tr> </tr>
<tr> <tr>
<td> <td>
<label for="Container" class="control-label">Container: </label> <label for="Container" class="control-label">Container: </label>
</td> </td>
<td> <td>
<select class="form-control" @bind="@containertype"> <select class="form-control" @bind="@containertype">
<option value="">&lt;Select Container&gt;</option> <option value="">&lt;Select Container&gt;</option>
@foreach (KeyValuePair<string, string> container in containers) @foreach (KeyValuePair<string, string> container in containers)
{ {
<option value="@container.Key">@container.Value</option> <option value="@container.Key">@container.Value</option>
} }
</select> </select>
</td> </td>
</tr> </tr>
<tr> <tr>
<td> <td>
<label for="ViewPermissions" class="control-label">View Permissions: </label> <label for="Name" class="control-label">Permissions: </label>
</td> </td>
<td> <td>
<input type="text" name="ViewPermissions" class="form-control" @bind="@viewpermissions" /> <PermissionGrid EntityName="Module" Permissions="@permissions" @ref="permissiongrid" @ref:suppressField />
</td> </td>
</tr> </tr>
<tr> <tr>
<td> <td>
<label for="EditPermissions" class="control-label">Edit Permissions: </label> <label for="Page" class="control-label">Page: </label>
</td> </td>
<td> <td>
<input type="text" name="EditPermissions" class="form-control" @bind="@editpermissions" /> <select class="form-control" @bind="@pageid">
</td> @foreach (Page p in PageState.Pages)
</tr> {
<tr> <option value="@p.PageId">@p.Name</option>
<td> }
<label for="Page" class="control-label">Page: </label> </select>
</td> </td>
<td> </tr>
<select class="form-control" @bind="@pageid"> </table>
@foreach (Page p in PageState.Pages)
{
<option value="@p.PageId">@p.Name</option>
}
</select>
</td>
</tr>
</table>
@DynamicComponent @DynamicComponent
@ -78,10 +70,11 @@
Dictionary<string, string> containers = new Dictionary<string, string>(); Dictionary<string, string> containers = new Dictionary<string, string>();
string title; string title;
string containertype; string containertype;
string viewpermissions; string permissions;
string editpermissions;
string pageid; string pageid;
PermissionGrid permissiongrid;
RenderFragment DynamicComponent { get; set; } RenderFragment DynamicComponent { get; set; }
object settings; object settings;
@ -90,8 +83,7 @@
title = ModuleState.Title; title = ModuleState.Title;
containers = ThemeService.GetContainerTypes(await ThemeService.GetThemesAsync()); containers = ThemeService.GetContainerTypes(await ThemeService.GetThemesAsync());
containertype = ModuleState.ContainerType; containertype = ModuleState.ContainerType;
viewpermissions = UserSecurity.GetPermissions("View", ModuleState.Permissions); permissions = ModuleState.Permissions;
editpermissions = UserSecurity.GetPermissions("Edit", ModuleState.Permissions);
pageid = ModuleState.PageId.ToString(); pageid = ModuleState.PageId.ToString();
DynamicComponent = builder => DynamicComponent = builder =>
@ -109,7 +101,7 @@
private async Task SaveModule() private async Task SaveModule()
{ {
Module module = ModuleState; Module module = ModuleState;
module.Permissions = UserSecurity.SetPermissions("View", viewpermissions) + UserSecurity.SetPermissions("Edit", editpermissions); module.Permissions = permissiongrid.GetPermissions();
await ModuleService.UpdateModuleAsync(module); await ModuleService.UpdateModuleAsync(module);
PageModule pagemodule = await PageModuleService.GetPageModuleAsync(ModuleState.PageModuleId); PageModule pagemodule = await PageModuleService.GetPageModuleAsync(ModuleState.PageModuleId);

24
Oqtane.Client/Modules/Admin/Pages/Add.razor
View File

@ -99,18 +99,10 @@
</tr> </tr>
<tr> <tr>
<td> <td>
<label for="Name" class="control-label">View Permissions: </label> <label for="Name" class="control-label">Permissions: </label>
</td> </td>
<td> <td>
<input class="form-control" @bind="@viewpermissions" /> <PermissionGrid EntityName="Page" Permissions="@permissions" @ref="permissiongrid" @ref:suppressField />
</td>
</tr>
<tr>
<td>
<label for="Name" class="control-label">Edit Permissions: </label>
</td>
<td>
<input class="form-control" @bind="@editpermissions" />
</td> </td>
</tr> </tr>
</table> </table>
@ -133,8 +125,9 @@
string themetype; string themetype;
string layouttype = ""; string layouttype = "";
string icon = ""; string icon = "";
string viewpermissions = "All Users"; string permissions = ""; // need to set default permissions
string editpermissions = "Administrators";
PermissionGrid permissiongrid;
protected override void OnInitialized() protected override void OnInitialized()
{ {
@ -142,6 +135,11 @@
{ {
themes = ThemeService.GetThemeTypes(PageState.Themes); themes = ThemeService.GetThemeTypes(PageState.Themes);
panelayouts = ThemeService.GetPaneLayoutTypes(PageState.Themes); panelayouts = ThemeService.GetPaneLayoutTypes(PageState.Themes);
List<PermissionString> permissionstrings = new List<PermissionString>();
permissionstrings.Add(new PermissionString { PermissionName = "View", Permissions = Constants.AdminRole });
permissionstrings.Add(new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole });
permissions = UserSecurity.SetPermissionStrings(permissionstrings);
} }
catch (Exception ex) catch (Exception ex)
{ {
@ -181,7 +179,7 @@
} }
System.Reflection.PropertyInfo property = type.GetProperty("Panes"); System.Reflection.PropertyInfo property = type.GetProperty("Panes");
page.Panes = (string)property.GetValue(Activator.CreateInstance(type), null); page.Panes = (string)property.GetValue(Activator.CreateInstance(type), null);
page.Permissions = UserSecurity.SetPermissions("View", viewpermissions) + UserSecurity.SetPermissions("Edit", editpermissions); page.Permissions = permissiongrid.GetPermissions();
await PageService.AddPageAsync(page); await PageService.AddPageAsync(page);
PageState.Reload = Constants.ReloadSite; PageState.Reload = Constants.ReloadSite;

20
Oqtane.Client/Modules/Admin/Pages/Delete.razor
View File

@ -100,18 +100,10 @@
</tr> </tr>
<tr> <tr>
<td> <td>
<label for="Name" class="control-label">View Permissions: </label> <label for="Name" class="control-label">Permissions: </label>
</td> </td>
<td> <td>
<input class="form-control" @bind="@viewpermissions" readonly /> <PermissionGrid EntityName="Page" Permissions="@permissions" @ref="permissiongrid" @ref:suppressField />
</td>
</tr>
<tr>
<td>
<label for="Name" class="control-label">Edit Permissions: </label>
</td>
<td>
<input class="form-control" @bind="@editpermissions" readonly />
</td> </td>
</tr> </tr>
</table> </table>
@ -138,13 +130,14 @@
string themetype; string themetype;
string layouttype; string layouttype;
string icon; string icon;
string viewpermissions; string permissions;
string editpermissions;
string createdby; string createdby;
DateTime createdon; DateTime createdon;
string modifiedby; string modifiedby;
DateTime modifiedon; DateTime modifiedon;
PermissionGrid permissiongrid;
protected override void OnInitialized() protected override void OnInitialized()
{ {
try try
@ -164,8 +157,7 @@
themetype = page.ThemeType; themetype = page.ThemeType;
layouttype = page.LayoutType; layouttype = page.LayoutType;
icon = page.Icon; icon = page.Icon;
viewpermissions = UserSecurity.GetPermissions("View", page.Permissions); permissions = page.Permissions;
editpermissions = UserSecurity.GetPermissions("Edit", page.Permissions);
createdby = page.CreatedBy; createdby = page.CreatedBy;
createdon = page.CreatedOn; createdon = page.CreatedOn;
modifiedby = page.ModifiedBy; modifiedby = page.ModifiedBy;

22
Oqtane.Client/Modules/Admin/Pages/Edit.razor
View File

@ -100,18 +100,10 @@
</tr> </tr>
<tr> <tr>
<td> <td>
<label for="Name" class="control-label">View Permissions: </label> <label for="Name" class="control-label">Permissions: </label>
</td> </td>
<td> <td>
<input class="form-control" @bind="@viewpermissions" /> <PermissionGrid EntityName="Page" Permissions="@permissions" @ref="permissiongrid" @ref:suppressField />
</td>
</tr>
<tr>
<td>
<label for="Name" class="control-label">Edit Permissions: </label>
</td>
<td>
<input class="form-control" @bind="@editpermissions" />
</td> </td>
</tr> </tr>
</table> </table>
@ -138,13 +130,14 @@
string themetype; string themetype;
string layouttype; string layouttype;
string icon; string icon;
string viewpermissions; string permissions;
string editpermissions;
string createdby; string createdby;
DateTime createdon; DateTime createdon;
string modifiedby; string modifiedby;
DateTime modifiedon; DateTime modifiedon;
PermissionGrid permissiongrid;
protected override void OnInitialized() protected override void OnInitialized()
{ {
try try
@ -171,8 +164,7 @@
themetype = page.ThemeType; themetype = page.ThemeType;
layouttype = page.LayoutType; layouttype = page.LayoutType;
icon = page.Icon; icon = page.Icon;
viewpermissions = UserSecurity.GetPermissions("View", page.Permissions); permissions = page.Permissions;
editpermissions = UserSecurity.GetPermissions("Edit", page.Permissions);
createdby = page.CreatedBy; createdby = page.CreatedBy;
createdon = page.CreatedOn; createdon = page.CreatedOn;
modifiedby = page.ModifiedBy; modifiedby = page.ModifiedBy;
@ -217,7 +209,7 @@
} }
System.Reflection.PropertyInfo property = type.GetProperty("Panes"); System.Reflection.PropertyInfo property = type.GetProperty("Panes");
page.Panes = (string)property.GetValue(Activator.CreateInstance(type), null); page.Panes = (string)property.GetValue(Activator.CreateInstance(type), null);
page.Permissions = UserSecurity.SetPermissions("View", viewpermissions) + UserSecurity.SetPermissions("Edit", editpermissions); page.Permissions = permissiongrid.GetPermissions();
await PageService.UpdatePageAsync(page); await PageService.UpdatePageAsync(page);
PageState.Reload = Constants.ReloadSite; PageState.Reload = Constants.ReloadSite;

9
Oqtane.Client/Modules/Admin/Sites/Add.razor
View File

@ -98,13 +98,18 @@ else
p.Path = ""; p.Path = "";
p.Order = 1; p.Order = 1;
p.IsNavigation = true; p.IsNavigation = true;
p.ThemeType = "Oqtane.Client.Themes.Theme1.Theme1, Oqtane.Client"; p.ThemeType = "Oqtane.Client.Themes.Theme1.Theme1, Oqtane.Client"; // TODO: should not hardcode
p.LayoutType = ""; p.LayoutType = "";
p.Icon = ""; p.Icon = "";
Type type = Type.GetType(p.ThemeType); Type type = Type.GetType(p.ThemeType);
System.Reflection.PropertyInfo property = type.GetProperty("Panes"); System.Reflection.PropertyInfo property = type.GetProperty("Panes");
p.Panes = (string)property.GetValue(Activator.CreateInstance(type), null); p.Panes = (string)property.GetValue(Activator.CreateInstance(type), null);
p.Permissions = UserSecurity.SetPermissions("View", Constants.AllUsersRole) + UserSecurity.SetPermissions("Edit", Constants.AdminRole);
List<PermissionString> permissionstrings = new List<PermissionString>();
permissionstrings.Add(new PermissionString { PermissionName = "View", Permissions = Constants.AllUsersRole });
permissionstrings.Add(new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole });
p.Permissions = UserSecurity.SetPermissionStrings(permissionstrings);
await PageService.AddPageAsync(p); await PageService.AddPageAsync(p);
UriHelper.NavigateTo(url, true); UriHelper.NavigateTo(url, true);

4
Oqtane.Client/Modules/Controls/ActionLink.razor
View File

@ -77,10 +77,10 @@
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions); authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions);
break; break;
case SecurityAccessLevel.Admin: case SecurityAccessLevel.Admin:
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.AdminRole)); authorized = UserSecurity.IsAuthorized(PageState.User, Constants.AdminRole);
break; break;
case SecurityAccessLevel.Host: case SecurityAccessLevel.Host:
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.HostRole)); authorized = UserSecurity.IsAuthorized(PageState.User, Constants.HostRole);
break; break;
} }
} }

196
Oqtane.Client/Modules/Controls/PermissionGrid.razor Normal file
View File

@ -0,0 +1,196 @@
@using Oqtane.Services
@using Oqtane.Modules
@using Oqtane.Models
@using Oqtane.Security
@using Oqtane.Shared
@inherits ModuleBase
@inject IRoleService RoleService
@inject IUserService UserService
@if (roles != null)
{
<br />
<div class="container">
<div class="form-group">
<table class="table">
<tbody>
<tr>
<th>Role</th>
@foreach (PermissionString permission in permissions)
{
<th>@permission.PermissionName @EntityName</th>
}
</tr>
@foreach (Role role in roles)
{
<tr>
<td>@role.Name</td>
@foreach (PermissionString permission in permissions)
{
var p = permission;
<td align="center"><input type="checkbox" class="form-check-input" checked=@GetPermissionValue(p.Permissions, role.Name) disabled=@GetPermissionDisabled(role.Name) @onchange="@(e => PermissionChanged(e, p.PermissionName, role.Name))" /></td>
}
</tr>
}
</tbody>
</table>
</div>
@if (@users.Count != 0)
{
<div class="form-group">
<table class="table">
<thead>
<tr>
<th>User</th>
@foreach (PermissionString permission in permissions)
{
<th>@permission.PermissionName @EntityName</th>
}
</tr>
</thead>
<tbody>
@foreach (User user in users)
{
<tr>
<td>@user.DisplayName</td>
@foreach (PermissionString permission in permissions)
{
var p = permission;
<td align="center"><input type="checkbox" class="form-check-input" checked=@GetPermissionValue(p.Permissions, "[" + user.UserId.ToString() + "]") @onchange="@(e => PermissionChanged(e, p.PermissionName, "[" + user.UserId.ToString() + "]"))" /></td>
}
</tr>
}
</tbody>
</table>
</div>
}
<div style="white-space:nowrap;">
<label for="Username" class="control-label" style="display:inline-block;">User: </label>
<input type="text" name="Username" class="form-control" style="display:inline-block; width: auto !important;" placeholder="Enter Username" @bind="@username" />
<button type="button" class="btn btn-primary" style="display:inline-block;" @onclick="@AddUser">Add</button>
</div>
<br />
<ModuleMessage Type="MessageType.Error" Message="@message" />
</div>
}
@code {
[Parameter]
public string EntityName { get; set; }
[Parameter]
public string Permissions { get; set; }
[Parameter]
public string PermissionNames { get; set; } // optional - can be used to specify permissions order or add custom permissions
List<Role> roles;
List<PermissionString> permissions = new List<PermissionString>();
List<User> users = new List<User>();
string username = "";
string message = "";
protected override async Task OnInitializedAsync()
{
if (string.IsNullOrEmpty(PermissionNames))
{
PermissionNames = "View,Edit";
}
roles = await RoleService.GetRolesAsync(ModuleState.SiteId);
roles.Insert(0, new Role { Name = Constants.AllUsersRole });
foreach (string permissionname in PermissionNames.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
{
permissions.Add(new PermissionString { PermissionName = permissionname, Permissions = "" });
}
foreach (PermissionString permissionstring in UserSecurity.GetPermissionStrings(Permissions))
{
if (permissions.Find(item => item.PermissionName == permissionstring.PermissionName) != null)
{
permissions[permissions.FindIndex(item => item.PermissionName == permissionstring.PermissionName)].Permissions = permissionstring.Permissions;
}
if (permissionstring.Permissions.Contains("["))
{
foreach (string user in permissionstring.Permissions.Split(new char[] { '[' }, StringSplitOptions.RemoveEmptyEntries))
{
if (user.Contains("]"))
{
int userid = int.Parse(user.Substring(0, user.IndexOf("]")));
if (users.Where(item => item.UserId == userid).FirstOrDefault() == null)
{
users.Add(await UserService.GetUserAsync(userid, ModuleState.SiteId));
}
}
}
}
}
}
private bool GetPermissionValue(string Permissions, string SecurityKey)
{
if ((";" + Permissions + ";").Contains(";" + SecurityKey + ";"))
{
return true;
}
else
{
return false;
}
}
private bool GetPermissionDisabled(string RoleName)
{
if (RoleName == Constants.AdminRole)
{
return true;
}
else
{
return false;
}
}
private async Task AddUser()
{
if (users.Where(item => item.Username == username).FirstOrDefault() == null)
{
try
{
User user = await UserService.GetUserAsync(username, ModuleState.SiteId);
if (user != null)
{
users.Add(user);
}
}
catch
{
message = "Username Does Not Exist";
}
}
username = "";
}
private void PermissionChanged(UIChangeEventArgs e, string PermissionName, string SecurityId)
{
bool selected = (bool)e.Value;
PermissionString permission = permissions.Find(item => item.PermissionName == PermissionName);
if (permission != null)
{
List<string> ids = permission.Permissions.Split(';').ToList();
if (selected)
{
ids.Add(SecurityId);
}
else
{
ids.Remove(SecurityId);
}
permissions[permissions.FindIndex(item => item.PermissionName == PermissionName)].Permissions = string.Join(";", ids.ToArray());
}
}
public string GetPermissions()
{
return UserSecurity.SetPermissionStrings(permissions);
}
}

4
Oqtane.Client/Shared/Pane.razor
View File

@ -67,10 +67,10 @@
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", module.Permissions); authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", module.Permissions);
break; break;
case SecurityAccessLevel.Admin: case SecurityAccessLevel.Admin:
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.AdminRole)); authorized = UserSecurity.IsAuthorized(PageState.User, Constants.AdminRole);
break; break;
case SecurityAccessLevel.Host: case SecurityAccessLevel.Host:
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.HostRole)); authorized = UserSecurity.IsAuthorized(PageState.User, Constants.HostRole);
break; break;
} }
if (authorized) if (authorized)

7
Oqtane.Server/Controllers/AliasController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository; using Oqtane.Repository;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -32,7 +33,7 @@ namespace Oqtane.Controllers
// POST api/<controller> // POST api/<controller>
[HttpPost] [HttpPost]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public Alias Post([FromBody] Alias Alias) public Alias Post([FromBody] Alias Alias)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -44,7 +45,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5 // PUT api/<controller>/5
[HttpPut("{id}")] [HttpPut("{id}")]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public Alias Put(int id, [FromBody] Alias Alias) public Alias Put(int id, [FromBody] Alias Alias)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -56,7 +57,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5 // DELETE api/<controller>/5
[HttpDelete("{id}")] [HttpDelete("{id}")]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public void Delete(int id) public void Delete(int id)
{ {
Aliases.DeleteAlias(id); Aliases.DeleteAlias(id);

7
Oqtane.Server/Controllers/ModuleController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository; using Oqtane.Repository;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -54,7 +55,7 @@ namespace Oqtane.Controllers
// POST api/<controller> // POST api/<controller>
[HttpPost] [HttpPost]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public Module Post([FromBody] Module Module) public Module Post([FromBody] Module Module)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -66,7 +67,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5 // PUT api/<controller>/5
[HttpPut("{id}")] [HttpPut("{id}")]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public Module Put(int id, [FromBody] Module Module) public Module Put(int id, [FromBody] Module Module)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -78,7 +79,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5 // DELETE api/<controller>/5
[HttpDelete("{id}")] [HttpDelete("{id}")]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public void Delete(int id) public void Delete(int id)
{ {
Modules.DeleteModule(id); Modules.DeleteModule(id);

7
Oqtane.Server/Controllers/PageController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository; using Oqtane.Repository;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -39,7 +40,7 @@ namespace Oqtane.Controllers
// POST api/<controller> // POST api/<controller>
[HttpPost] [HttpPost]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public Page Post([FromBody] Page Page) public Page Post([FromBody] Page Page)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -51,7 +52,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5 // PUT api/<controller>/5
[HttpPut("{id}")] [HttpPut("{id}")]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public Page Put(int id, [FromBody] Page Page) public Page Put(int id, [FromBody] Page Page)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -63,7 +64,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5 // DELETE api/<controller>/5
[HttpDelete("{id}")] [HttpDelete("{id}")]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public void Delete(int id) public void Delete(int id)
{ {
Pages.DeletePage(id); Pages.DeletePage(id);

7
Oqtane.Server/Controllers/PageModuleController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository; using Oqtane.Repository;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -32,7 +33,7 @@ namespace Oqtane.Controllers
// POST api/<controller> // POST api/<controller>
[HttpPost] [HttpPost]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public PageModule Post([FromBody] PageModule PageModule) public PageModule Post([FromBody] PageModule PageModule)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -44,7 +45,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5 // PUT api/<controller>/5
[HttpPut("{id}")] [HttpPut("{id}")]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public PageModule Put(int id, [FromBody] PageModule PageModule) public PageModule Put(int id, [FromBody] PageModule PageModule)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -56,7 +57,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5 // DELETE api/<controller>/5
[HttpDelete("{id}")] [HttpDelete("{id}")]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public void Delete(int id) public void Delete(int id)
{ {
PageModules.DeletePageModule(id); PageModules.DeletePageModule(id);

7
Oqtane.Server/Controllers/PermissionController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository; using Oqtane.Repository;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -32,7 +33,7 @@ namespace Oqtane.Controllers
// POST api/<controller> // POST api/<controller>
[HttpPost] [HttpPost]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public Permission Post([FromBody] Permission Permission) public Permission Post([FromBody] Permission Permission)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -44,7 +45,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5 // PUT api/<controller>/5
[HttpPut("{id}")] [HttpPut("{id}")]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public Permission Put(int id, [FromBody] Permission Permission) public Permission Put(int id, [FromBody] Permission Permission)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -56,7 +57,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5 // DELETE api/<controller>/5
[HttpDelete("{id}")] [HttpDelete("{id}")]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public void Delete(int id) public void Delete(int id)
{ {
Permissions.DeletePermission(id); Permissions.DeletePermission(id);

7
Oqtane.Server/Controllers/RoleController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository; using Oqtane.Repository;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -39,7 +40,7 @@ namespace Oqtane.Controllers
// POST api/<controller> // POST api/<controller>
[HttpPost] [HttpPost]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public Role Post([FromBody] Role Role) public Role Post([FromBody] Role Role)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -51,7 +52,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5 // PUT api/<controller>/5
[HttpPut("{id}")] [HttpPut("{id}")]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public Role Put(int id, [FromBody] Role Role) public Role Put(int id, [FromBody] Role Role)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -63,7 +64,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5 // DELETE api/<controller>/5
[HttpDelete("{id}")] [HttpDelete("{id}")]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public void Delete(int id) public void Delete(int id)
{ {
Roles.DeleteRole(id); Roles.DeleteRole(id);

7
Oqtane.Server/Controllers/SettingController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository; using Oqtane.Repository;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -32,7 +33,7 @@ namespace Oqtane.Controllers
// POST api/<controller> // POST api/<controller>
[HttpPost] [HttpPost]
[Authorize] [Authorize(Roles = Constants.AdminRole)]
public Setting Post([FromBody] Setting Setting) public Setting Post([FromBody] Setting Setting)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -44,7 +45,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5 // PUT api/<controller>/5
[HttpPut("{id}")] [HttpPut("{id}")]
[Authorize] [Authorize(Roles = Constants.AdminRole)]
public Setting Put(int id, [FromBody] Setting Setting) public Setting Put(int id, [FromBody] Setting Setting)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -56,7 +57,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5 // DELETE api/<controller>/5
[HttpDelete("{id}")] [HttpDelete("{id}")]
[Authorize] [Authorize(Roles = Constants.AdminRole)]
public void Delete(int id) public void Delete(int id)
{ {
Settings.DeleteSetting(id); Settings.DeleteSetting(id);

7
Oqtane.Server/Controllers/SiteController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository; using Oqtane.Repository;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -32,7 +33,7 @@ namespace Oqtane.Controllers
// POST api/<controller> // POST api/<controller>
[HttpPost] [HttpPost]
[Authorize] [Authorize(Roles = Constants.HostRole)]
public Site Post([FromBody] Site Site) public Site Post([FromBody] Site Site)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -44,7 +45,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5 // PUT api/<controller>/5
[HttpPut("{id}")] [HttpPut("{id}")]
[Authorize] [Authorize(Roles = Constants.HostRole)]
public Site Put(int id, [FromBody] Site Site) public Site Put(int id, [FromBody] Site Site)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -56,7 +57,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5 // DELETE api/<controller>/5
[HttpDelete("{id}")] [HttpDelete("{id}")]
[Authorize] [Authorize(Roles = Constants.HostRole)]
public void Delete(int id) public void Delete(int id)
{ {
Sites.DeleteSite(id); Sites.DeleteSite(id);

7
Oqtane.Server/Controllers/TenantController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository; using Oqtane.Repository;
using Oqtane.Models; using Oqtane.Models;
using System.Collections.Generic; using System.Collections.Generic;
using Oqtane.Shared;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -32,7 +33,7 @@ namespace Oqtane.Controllers
// POST api/<controller> // POST api/<controller>
[HttpPost] [HttpPost]
[Authorize] [Authorize(Roles = Constants.HostRole)]
public Tenant Post([FromBody] Tenant Tenant) public Tenant Post([FromBody] Tenant Tenant)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -44,7 +45,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5 // PUT api/<controller>/5
[HttpPut("{id}")] [HttpPut("{id}")]
[Authorize] [Authorize(Roles = Constants.HostRole)]
public Tenant Put(int id, [FromBody] Tenant Tenant) public Tenant Put(int id, [FromBody] Tenant Tenant)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -56,7 +57,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5 // DELETE api/<controller>/5
[HttpDelete("{id}")] [HttpDelete("{id}")]
[Authorize] [Authorize(Roles = Constants.HostRole)]
public void Delete(int id) public void Delete(int id)
{ {
Tenants.DeleteTenant(id); Tenants.DeleteTenant(id);

4
Oqtane.Server/Controllers/UserController.cs
View File

@ -178,7 +178,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5 // PUT api/<controller>/5
[HttpPut("{id}")] [HttpPut("{id}")]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public User Put(int id, [FromBody] User User) public User Put(int id, [FromBody] User User)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -190,7 +190,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5?siteid=x // DELETE api/<controller>/5?siteid=x
[HttpDelete("{id}")] [HttpDelete("{id}")]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public void Delete(int id, string siteid) public void Delete(int id, string siteid)
{ {
SiteUser siteuser = SiteUsers.GetSiteUser(id, int.Parse(siteid)); SiteUser siteuser = SiteUsers.GetSiteUser(id, int.Parse(siteid));

7
Oqtane.Server/Controllers/UserRoleController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository; using Oqtane.Repository;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -39,7 +40,7 @@ namespace Oqtane.Controllers
// POST api/<controller> // POST api/<controller>
[HttpPost] [HttpPost]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public UserRole Post([FromBody] UserRole UserRole) public UserRole Post([FromBody] UserRole UserRole)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -51,7 +52,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5 // PUT api/<controller>/5
[HttpPut("{id}")] [HttpPut("{id}")]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public UserRole Put(int id, [FromBody] UserRole UserRole) public UserRole Put(int id, [FromBody] UserRole UserRole)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
@ -63,7 +64,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5 // DELETE api/<controller>/5
[HttpDelete("{id}")] [HttpDelete("{id}")]
[Authorize(Roles = "Administrators")] [Authorize(Roles = Constants.AdminRole)]
public void Delete(int id) public void Delete(int id)
{ {
UserRoles.DeleteUserRole(id); UserRoles.DeleteUserRole(id);

67
Oqtane.Server/Repository/PermissionRepository.cs
View File

@ -4,6 +4,8 @@ using System.Linq;
using Oqtane.Models; using Oqtane.Models;
using System.Text; using System.Text;
using System; using System;
using System.Text.Json;
using System.Text.Json.Serialization;
namespace Oqtane.Repository namespace Oqtane.Repository
{ {
@ -136,18 +138,22 @@ namespace Oqtane.Repository
// permissions are stored in the format "{permissionname:!rolename1;![userid1];rolename2;rolename3;[userid2];[userid3]}" where "!" designates Deny permissions // permissions are stored in the format "{permissionname:!rolename1;![userid1];rolename2;rolename3;[userid2];[userid3]}" where "!" designates Deny permissions
public string EncodePermissions(int EntityId, List<Permission> Permissions) public string EncodePermissions(int EntityId, List<Permission> Permissions)
{ {
string permissions = ""; List<PermissionString> permissionstrings = new List<PermissionString>();
string permissionname = ""; string permissionname = "";
string permissions = "";
StringBuilder permissionsbuilder = new StringBuilder(); StringBuilder permissionsbuilder = new StringBuilder();
string perm = ""; string securityid = "";
foreach (Permission permission in Permissions.Where(item => item.EntityId == EntityId).OrderBy(item => item.PermissionName)) foreach (Permission permission in Permissions.Where(item => item.EntityId == EntityId).OrderBy(item => item.PermissionName))
{ {
// permission collections are grouped by permissionname // permission collections are grouped by permissionname
if (permissionname != permission.PermissionName) if (permissionname != permission.PermissionName)
{ {
permissions = permissionsbuilder.ToString();
if (permissions != "")
{
permissionstrings.Add(new PermissionString { PermissionName = permissionname, Permissions = permissions.Substring(0, permissions.Length - 1) });
}
permissionname = permission.PermissionName; permissionname = permission.PermissionName;
permissions += permissionsbuilder.ToString();
permissions += ((permissions != "") ? "}" : "") + "{" + permissionname + ":";
permissionsbuilder = new StringBuilder(); permissionsbuilder = new StringBuilder();
} }
@ -157,77 +163,76 @@ namespace Oqtane.Repository
// encode permission // encode permission
if (permission.UserId == null) if (permission.UserId == null)
{ {
perm = prefix + permission.Role.Name + ";"; securityid = prefix + permission.Role.Name + ";";
} }
else else
{ {
perm = prefix + "[" + permission.UserId.ToString() + "];"; securityid = prefix + "[" + permission.UserId.ToString() + "];";
} }
// insert Deny permissions at the beginning and append Grant permissions at the end // insert deny permissions at the beginning and append grant permissions at the end
if (prefix == "!") if (prefix == "!")
{ {
permissionsbuilder.Insert(0, perm); permissionsbuilder.Insert(0, securityid);
} }
else else
{ {
permissionsbuilder.Append(perm); permissionsbuilder.Append(securityid);
} }
} }
if (permissionsbuilder.ToString() != "") permissions = permissionsbuilder.ToString();
if (permissions != "")
{ {
permissions += permissionsbuilder.ToString() + "}"; permissionstrings.Add(new PermissionString { PermissionName = permissionname, Permissions = permissions.Substring(0, permissions.Length - 1) });
} }
return JsonSerializer.Serialize(permissionstrings);
return permissions;
} }
public List<Permission> DecodePermissions(string Permissions, int SiteId, string EntityName, int EntityId) public List<Permission> DecodePermissions(string PermissionStrings, int SiteId, string EntityName, int EntityId)
{ {
List<Role> roles = Roles.GetRoles(SiteId).ToList();
List<Permission> permissions = new List<Permission>(); List<Permission> permissions = new List<Permission>();
string perm = ""; List<Role> roles = Roles.GetRoles(SiteId).ToList();
string permissionname; string securityid = "";
string permissionstring; foreach (PermissionString permissionstring in JsonSerializer.Deserialize<List<PermissionString>>(PermissionStrings))
foreach (string PermissionString in Permissions.Split(new char[] { '{' }, StringSplitOptions.RemoveEmptyEntries))
{ {
permissionname = PermissionString.Substring(0, PermissionString.IndexOf(":")); foreach (string id in permissionstring.Permissions.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
permissionstring = PermissionString.Replace(permissionname + ":", "").Replace("}", "");
foreach (string Perm in permissionstring.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
{ {
perm = Perm; securityid = id;
Permission permission = new Permission(); Permission permission = new Permission();
permission.SiteId = SiteId; permission.SiteId = SiteId;
permission.EntityName = EntityName; permission.EntityName = EntityName;
permission.EntityId = EntityId; permission.EntityId = EntityId;
permission.PermissionName = permissionname; permission.PermissionName = permissionstring.PermissionName;
permission.RoleId = null; permission.RoleId = null;
permission.UserId = null; permission.UserId = null;
permission.IsAuthorized = true; permission.IsAuthorized = true;
if (perm.StartsWith("!")) if (securityid.StartsWith("!"))
{ {
// deny permission // deny permission
perm.Replace("!", ""); securityid.Replace("!", "");
permission.IsAuthorized = false; permission.IsAuthorized = false;
} }
if (perm.StartsWith("[") && perm.EndsWith("]")) if (securityid.StartsWith("[") && securityid.EndsWith("]"))
{ {
// user id // user id
perm = perm.Replace("[", "").Replace("]", ""); securityid = securityid.Replace("[", "").Replace("]", "");
permission.UserId = int.Parse(perm); permission.UserId = int.Parse(securityid);
} }
else else
{ {
// role name // role name
Role role = roles.Where(item => item.Name == perm).SingleOrDefault(); Role role = roles.Where(item => item.Name == securityid).SingleOrDefault();
if (role != null) if (role != null)
{ {
permission.RoleId = role.RoleId; permission.RoleId = role.RoleId;
} }
} }
permissions.Add(permission); if (permission.UserId != null || permission.RoleId != null)
{
permissions.Add(permission);
}
} }
} }
return permissions; return permissions;

9
Oqtane.Server/Security/IUserPermissions.cs Normal file
View File

@ -0,0 +1,9 @@
using System.Security.Claims;
namespace Oqtane.Security
{
public interface IUserPermissions
{
bool IsAuthorized(ClaimsPrincipal User, string EntityName, int EntityId, string PermissionName);
}
}

35
Oqtane.Server/Security/PermissionHandler.cs
View File

@ -1,22 +1,19 @@
using System.Linq; using System.Threading.Tasks;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Oqtane.Models;
using Oqtane.Repository;
namespace Oqtane.Security namespace Oqtane.Security
{ {
public class PermissionHandler : AuthorizationHandler<PermissionRequirement> public class PermissionHandler : AuthorizationHandler<PermissionRequirement>
{ {
private readonly IHttpContextAccessor HttpContextAccessor; private readonly IHttpContextAccessor HttpContextAccessor;
private readonly IPermissionRepository Permissions; private readonly IUserPermissions UserPermissions;
public PermissionHandler(IHttpContextAccessor HttpContextAccessor, IPermissionRepository Permissions) public PermissionHandler(IHttpContextAccessor HttpContextAccessor, IUserPermissions UserPermissions)
{ {
this.HttpContextAccessor = HttpContextAccessor; this.HttpContextAccessor = HttpContextAccessor;
this.Permissions = Permissions; this.UserPermissions = UserPermissions;
} }
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement) protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement)
@ -26,27 +23,7 @@ namespace Oqtane.Security
if (ctx != null && ctx.Request.Query.ContainsKey("entityid")) if (ctx != null && ctx.Request.Query.ContainsKey("entityid"))
{ {
int EntityId = int.Parse(ctx.Request.Query["entityid"]); int EntityId = int.Parse(ctx.Request.Query["entityid"]);
string permissions = Permissions.EncodePermissions(EntityId, Permissions.GetPermissions(requirement.EntityName, EntityId, requirement.PermissionName).ToList()); if (UserPermissions.IsAuthorized(context.User, requirement.EntityName, EntityId, requirement.PermissionName))
User user = new User();
user.UserId = -1;
user.Roles = "";
if (context.User != null)
{
var idclaim = context.User.Claims.Where(item => item.Type == ClaimTypes.PrimarySid).FirstOrDefault();
if (idclaim != null)
{
user.UserId = int.Parse(idclaim.Value);
foreach (var claim in context.User.Claims.Where(item => item.Type == ClaimTypes.Role))
{
user.Roles += claim.Value + ";";
}
if (user.Roles != "") user.Roles = ";" + user.Roles;
}
}
if (UserSecurity.IsAuthorized(user, requirement.PermissionName, permissions))
{ {
context.Succeed(requirement); context.Succeed(requirement);
} }

42
Oqtane.Server/Security/UserPermissions.cs Normal file
View File

@ -0,0 +1,42 @@
using Oqtane.Models;
using Oqtane.Repository;
using System.Linq;
using System.Security.Claims;
namespace Oqtane.Security
{
public class UserPermissions : IUserPermissions
{
private readonly IPermissionRepository Permissions;
public UserPermissions(IPermissionRepository Permissions)
{
this.Permissions = Permissions;
}
public bool IsAuthorized(ClaimsPrincipal User, string EntityName, int EntityId, string PermissionName)
{
string permissionstrings = Permissions.EncodePermissions(EntityId, Permissions.GetPermissions(EntityName, EntityId, PermissionName).ToList());
User user = new User();
user.UserId = -1;
user.Roles = "";
if (User != null)
{
var idclaim = User.Claims.Where(item => item.Type == ClaimTypes.PrimarySid).FirstOrDefault();
if (idclaim != null)
{
user.UserId = int.Parse(idclaim.Value);
foreach (var claim in User.Claims.Where(item => item.Type == ClaimTypes.Role))
{
user.Roles += claim.Value + ";";
}
if (user.Roles != "") user.Roles = ";" + user.Roles;
}
}
return UserSecurity.IsAuthorized(user, PermissionName, permissionstrings);
}
}
}

2
Oqtane.Server/Startup.cs
View File

@ -169,6 +169,7 @@ namespace Oqtane.Server
services.AddSingleton<IThemeRepository, ThemeRepository>(); services.AddSingleton<IThemeRepository, ThemeRepository>();
// register transient scoped core services // register transient scoped core services
services.AddTransient<IUserPermissions, UserPermissions>();
services.AddTransient<ITenantResolver, TenantResolver>(); services.AddTransient<ITenantResolver, TenantResolver>();
services.AddTransient<IAliasRepository, AliasRepository>(); services.AddTransient<IAliasRepository, AliasRepository>();
services.AddTransient<ITenantRepository, TenantRepository>(); services.AddTransient<ITenantRepository, TenantRepository>();
@ -334,6 +335,7 @@ namespace Oqtane.Server
services.AddSingleton<IThemeRepository, ThemeRepository>(); services.AddSingleton<IThemeRepository, ThemeRepository>();
// register transient scoped core services // register transient scoped core services
services.AddTransient<IUserPermissions, UserPermissions>();
services.AddTransient<ITenantResolver, TenantResolver>(); services.AddTransient<ITenantResolver, TenantResolver>();
services.AddTransient<IAliasRepository, AliasRepository>(); services.AddTransient<IAliasRepository, AliasRepository>();
services.AddTransient<ITenantRepository, TenantRepository>(); services.AddTransient<ITenantRepository, TenantRepository>();

8
Oqtane.Shared/Models/PermissionString.cs Normal file
View File

@ -0,0 +1,8 @@
namespace Oqtane.Models
{
public class PermissionString
{
public string PermissionName { get; set; }
public string Permissions { get; set; }
}
}

1
Oqtane.Shared/Oqtane.Shared.csproj
View File

@ -22,6 +22,7 @@
<ItemGroup> <ItemGroup>
<PackageReference Include="System.ComponentModel.Annotations" Version="4.5.0" /> <PackageReference Include="System.ComponentModel.Annotations" Version="4.5.0" />
<PackageReference Include="System.Text.Json" Version="4.6.0-preview8.19405.3" />
</ItemGroup> </ItemGroup>
</Project> </Project>

51
Oqtane.Shared/Security/UserSecurity.cs
View File

@ -1,4 +1,7 @@
using System; using System;
using System.Collections.Generic;
using System.Linq;
using System.Text.Json;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Shared; using Oqtane.Shared;
@ -6,38 +9,50 @@ namespace Oqtane.Security
{ {
public class UserSecurity public class UserSecurity
{ {
// permission collections are stored in format {permissionname1:permissions}{permissionname2:permissions}... public static List<PermissionString> GetPermissionStrings(string PermissionStrings)
public static string GetPermissions(string PermissionName, string Permissions) {
return JsonSerializer.Deserialize<List<PermissionString>>(PermissionStrings);
}
public static string SetPermissionStrings(List<PermissionString> PermissionStrings)
{
return JsonSerializer.Serialize(PermissionStrings);
}
public static string GetPermissions(string PermissionName, string PermissionStrings)
{ {
string permissions = ""; string permissions = "";
foreach(string permission in Permissions.Split(new char[] { '{' }, StringSplitOptions.RemoveEmptyEntries)) List<PermissionString> permissionstrings = JsonSerializer.Deserialize<List<PermissionString>>(PermissionStrings);
PermissionString permissionstring = permissionstrings.Where(item => item.PermissionName == PermissionName).FirstOrDefault();
if (permissionstring != null)
{ {
if (permission.StartsWith(PermissionName + ":")) permissions = permissionstring.Permissions;
{
permissions = permission.Replace(PermissionName + ":", "").Replace("}", "");
break;
}
} }
return permissions; return permissions;
} }
public static string SetPermissions(string PermissionName, string Permissions) public static bool IsAuthorized(User User, string PermissionName, string PermissionStrings)
{ {
return "{" + PermissionName + ":" + Permissions + "}"; return IsAuthorized(User, GetPermissions(PermissionName, PermissionStrings));
} }
// permissions are stored in the format "!rolename1;![userid1];rolename2;rolename3;[userid2];[userid3]" where "!" designates Deny permissions // permissions are stored in the format "!rolename1;![userid1];rolename2;rolename3;[userid2];[userid3]" where "!" designates Deny permissions
public static bool IsAuthorized(User User, string PermissionName, string Permissions) public static bool IsAuthorized(User User, string Permissions)
{ {
Permissions = GetPermissions(PermissionName, Permissions); bool authorized = false;
if (User == null) if (Permissions != "")
{ {
return IsAuthorized(-1, "", Permissions); // user is not authenticated but may have access to resource if (User == null)
} {
else authorized = IsAuthorized(-1, "", Permissions); // user is not authenticated but may have access to resource
{ }
return IsAuthorized(User.UserId, User.Roles, Permissions); else
{
authorized = IsAuthorized(User.UserId, User.Roles, Permissions);
}
} }
return authorized;
} }
private static bool IsAuthorized(int UserId, string Roles, string Permissions) private static bool IsAuthorized(int UserId, string Roles, string Permissions)