Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

fix page management

Browse Source
This commit is contained in:
Shaun Walker
2020-02-18 17:49:36 -05:00
parent 066c616eca
commit 05eaf12003
8 changed files with 197 additions and 170 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
Oqtane.Server/Controllers/NotificationController.cs
View File

@ -5,8 +5,8 @@ using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using Oqtane.Infrastructure;
using System.Security.Claims;
using Microsoft.AspNetCore.Http;
using Oqtane.Security;
namespace Oqtane.Controllers
{
@ -14,13 +14,13 @@ namespace Oqtane.Controllers
public class NotificationController : Controller
{
private readonly INotificationRepository Notifications;
private readonly IHttpContextAccessor Accessor;
private readonly IUserPermissions UserPermissions;
private readonly ILogManager logger;
public NotificationController(INotificationRepository Notifications, IHttpContextAccessor Accessor, ILogManager logger)
public NotificationController(INotificationRepository Notifications, IUserPermissions UserPermissions, ILogManager logger)
{
this.Notifications = Notifications;
this.Accessor = Accessor;
this.UserPermissions = UserPermissions;
this.logger = logger;
}
@ -101,7 +101,7 @@ namespace Oqtane.Controllers
bool authorized = true;
if (userid != null)
{
authorized = (int.Parse(Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid).Value) == userid);
authorized = (UserPermissions.GetUser(User).UserId == userid);
}
return authorized;
}

2
Oqtane.Server/Controllers/PageController.cs
View File

@ -107,7 +107,7 @@ namespace Oqtane.Controllers
{
Page page = null;
Page parent = Pages.GetPage(id);
if (parent != null && parent.IsPersonalizable && !string.IsNullOrEmpty(userid))
if (parent != null && parent.IsPersonalizable && UserPermissions.GetUser(User).UserId == int.Parse(userid))
{
page = new Page();
page.SiteId = parent.SiteId;

7
Oqtane.Server/Controllers/SettingController.cs
View File

@ -6,7 +6,6 @@ using Oqtane.Shared;
using Oqtane.Security;
using Oqtane.Infrastructure;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNetCore.Http;
namespace Oqtane.Controllers
@ -17,15 +16,13 @@ namespace Oqtane.Controllers
private readonly ISettingRepository Settings;
private readonly IPageModuleRepository PageModules;
private readonly IUserPermissions UserPermissions;
private readonly IHttpContextAccessor Accessor;
private readonly ILogManager logger;
public SettingController(ISettingRepository Settings, IPageModuleRepository PageModules, IUserPermissions UserPermissions, IHttpContextAccessor Accessor, ILogManager logger)
public SettingController(ISettingRepository Settings, IPageModuleRepository PageModules, IUserPermissions UserPermissions, ILogManager logger)
{
this.Settings = Settings;
this.PageModules = PageModules;
this.UserPermissions = UserPermissions;
this.Accessor = Accessor;
this.logger = logger;
}
@ -141,7 +138,7 @@ namespace Oqtane.Controllers
authorized = true;
if (PermissionName == "Edit")
{
authorized = User.IsInRole(Constants.AdminRole) || (int.Parse(Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid).Value) == EntityId);
authorized = User.IsInRole(Constants.AdminRole) || (UserPermissions.GetUser(User).UserId == EntityId);
}
break;
}