Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

authorization changes

Browse Source
This commit is contained in:
Shaun Walker
2020-02-17 19:48:26 -05:00
parent 2fa7f852d5
commit 066c616eca
44 changed files with 880 additions and 529 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
Oqtane.Server/Controllers/FileController.cs
View File

@ -72,7 +72,17 @@ namespace Oqtane.Controllers
[HttpGet("{id}")]
public Models.File Get(int id)
{
return Files.GetFile(id);
Models.File file = Files.GetFile(id);
if (UserPermissions.IsAuthorized(User, "View", file.Folder.Permissions))
{
return file;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access File {File}", file);
HttpContext.Response.StatusCode = 401;
return null;
}
}
// PUT api/<controller>/5
@ -85,6 +95,12 @@ namespace Oqtane.Controllers
File = Files.UpdateFile(File);
logger.Log(LogLevel.Information, this, LogFunction.Update, "File Updated {File}", File);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update File {File}", File);
HttpContext.Response.StatusCode = 401;
File = null;
}
return File;
}
@ -105,6 +121,11 @@ namespace Oqtane.Controllers
}
logger.Log(LogLevel.Information, this, LogFunction.Delete, "File Deleted {File}", File);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete File {FileId}", id);
HttpContext.Response.StatusCode = 401;
}
}
// GET api/<controller>/upload?url=x&folderid=y
@ -130,6 +151,12 @@ namespace Oqtane.Controllers
logger.Log(LogLevel.Error, this, LogFunction.Create, "File Could Not Be Downloaded From Url {Url}", url);
}
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Download File {Url} {FolderId}", url, folderid);
HttpContext.Response.StatusCode = 401;
file = null;
}
return file;
}
@ -170,6 +197,11 @@ namespace Oqtane.Controllers
Files.AddFile(new Models.File { Name = upload, FolderId = folderid, Extension = fileinfo.Extension.Replace(".", ""), Size = (int)fileinfo.Length });
}
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Upload File {Folder} {File}", folder, file);
HttpContext.Response.StatusCode = 401;
}
}
}
@ -293,7 +325,9 @@ namespace Oqtane.Controllers
}
else
{
return NotFound();
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access File {FileId}", id);
HttpContext.Response.StatusCode = 401;
return null;
}
}