Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

authorization changes

Browse Source
This commit is contained in:
Shaun Walker
2020-02-17 19:48:26 -05:00
parent 2fa7f852d5
commit 066c616eca
44 changed files with 880 additions and 529 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
Oqtane.Server/Controllers/FolderController.cs
View File

@ -28,21 +28,32 @@ namespace Oqtane.Controllers
[HttpGet]
public IEnumerable<Folder> Get(string siteid)
{
if (siteid == "")
List<Folder> folders = new List<Folder>();
foreach(Folder folder in Folders.GetFolders(int.Parse(siteid)))
{
return Folders.GetFolders();
}
else
{
return Folders.GetFolders(int.Parse(siteid));
if (UserPermissions.IsAuthorized(User, "Browse", folder.Permissions))
{
folders.Add(folder);
}
}
return folders;
}
// GET api/<controller>/5
[HttpGet("{id}")]
public Folder Get(int id)
{
return Folders.GetFolder(id);
Folder folder = Folders.GetFolder(id);
if (UserPermissions.IsAuthorized(User, "Browse", folder.Permissions))
{
return folder;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Folder {Folder}", folder);
HttpContext.Response.StatusCode = 401;
return null;
}
}
// POST api/<controller>
@ -50,16 +61,33 @@ namespace Oqtane.Controllers
[Authorize(Roles = Constants.RegisteredRole)]
public Folder Post([FromBody] Folder Folder)
{
if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Edit", Folder.Permissions))
if (ModelState.IsValid)
{
Folder.Path = "";
if (string.IsNullOrEmpty(Folder.Path) && Folder.ParentId != null)
string permissions;
if (Folder.ParentId != null)
{
Folder parent = Folders.GetFolder(Folder.ParentId.Value);
Folder.Path = parent.Path + Folder.Name + "\\";
permissions = Folders.GetFolder(Folder.ParentId.Value).Permissions;
}
else
{
permissions = UserSecurity.SetPermissionStrings(new List<PermissionString> { new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole } });
}
if (UserPermissions.IsAuthorized(User, "Edit", permissions))
{
if (string.IsNullOrEmpty(Folder.Path) && Folder.ParentId != null)
{
Folder parent = Folders.GetFolder(Folder.ParentId.Value);
Folder.Path = parent.Path + Folder.Name + "\\";
}
Folder = Folders.AddFolder(Folder);
logger.Log(LogLevel.Information, this, LogFunction.Create, "Folder Added {Folder}", Folder);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Folder {Folder}", Folder);
HttpContext.Response.StatusCode = 401;
Folder = null;
}
Folder = Folders.AddFolder(Folder);
logger.Log(LogLevel.Information, this, LogFunction.Create, "Folder Added {Folder}", Folder);
}
return Folder;
}
@ -71,7 +99,6 @@ namespace Oqtane.Controllers
{
if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Folder", Folder.FolderId, "Edit"))
{
Folder.Path = "";
if (string.IsNullOrEmpty(Folder.Path) && Folder.ParentId != null)
{
Folder parent = Folders.GetFolder(Folder.ParentId.Value);
@ -80,6 +107,12 @@ namespace Oqtane.Controllers
Folder = Folders.UpdateFolder(Folder);
logger.Log(LogLevel.Information, this, LogFunction.Update, "Folder Updated {Folder}", Folder);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Folder {Folder}", Folder);
HttpContext.Response.StatusCode = 401;
Folder = null;
}
return Folder;
}
@ -103,6 +136,11 @@ namespace Oqtane.Controllers
}
logger.Log(LogLevel.Information, this, LogFunction.Update, "Folder Order Updated {SiteId} {FolderId} {ParentId}", siteid, folderid, parentid);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Folder Order {SiteId} {FolderId} {ParentId}", siteid, folderid, parentid);
HttpContext.Response.StatusCode = 401;
}
}
// DELETE api/<controller>/5
@ -115,6 +153,11 @@ namespace Oqtane.Controllers
Folders.DeleteFolder(id);
logger.Log(LogLevel.Information, this, LogFunction.Delete, "Folder Deleted {FolderId}", id);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete Folder {FolderId}", id);
HttpContext.Response.StatusCode = 401;
}
}
}
}