Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

authorization changes

Browse Source
This commit is contained in:
Shaun Walker
2020-02-17 19:48:26 -05:00
parent 2fa7f852d5
commit 066c616eca
44 changed files with 880 additions and 529 deletions
Download Patch File Download Diff File Expand all files Collapse all files

137
Oqtane.Server/Controllers/PageController.cs
View File

@ -14,12 +14,16 @@ namespace Oqtane.Controllers
public class PageController : Controller
{
private readonly IPageRepository Pages;
private readonly IModuleRepository Modules;
private readonly IPageModuleRepository PageModules;
private readonly IUserPermissions UserPermissions;
private readonly ILogManager logger;
public PageController(IPageRepository Pages, IUserPermissions UserPermissions, ILogManager logger)
public PageController(IPageRepository Pages, IModuleRepository Modules, IPageModuleRepository PageModules, IUserPermissions UserPermissions, ILogManager logger)
{
this.Pages = Pages;
this.Modules = Modules;
this.PageModules = PageModules;
this.UserPermissions = UserPermissions;
this.logger = logger;
}
@ -28,27 +32,39 @@ namespace Oqtane.Controllers
[HttpGet]
public IEnumerable<Page> Get(string siteid)
{
if (siteid == "")
List<Page> pages = new List<Page>();
foreach (Page page in Pages.GetPages(int.Parse(siteid)))
{
return Pages.GetPages();
}
else
{
return Pages.GetPages(int.Parse(siteid));
if (UserPermissions.IsAuthorized(User, "View", page.Permissions))
{
pages.Add(page);
}
}
return pages;
}
// GET api/<controller>/5?userid=x
[HttpGet("{id}")]
public Page Get(int id, string userid)
{
Page page;
if (string.IsNullOrEmpty(userid))
{
return Pages.GetPage(id);
page = Pages.GetPage(id);
}
else
{
return Pages.GetPage(id, int.Parse(userid));
page = Pages.GetPage(id, int.Parse(userid));
}
if (UserPermissions.IsAuthorized(User, "View", page.Permissions))
{
return page;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Page {Page}", page);
HttpContext.Response.StatusCode = 401;
return null;
}
}
@ -57,14 +73,95 @@ namespace Oqtane.Controllers
[Authorize(Roles = Constants.RegisteredRole)]
public Page Post([FromBody] Page Page)
{
if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Edit", Page.Permissions))
if (ModelState.IsValid)
{
Page = Pages.AddPage(Page);
logger.Log(LogLevel.Information, this, LogFunction.Create, "Page Added {Page}", Page);
string permissions;
if (Page.ParentId != null)
{
permissions = Pages.GetPage(Page.ParentId.Value).Permissions;
}
else
{
permissions = UserSecurity.SetPermissionStrings(new List<PermissionString> { new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole } });
}
if (UserPermissions.IsAuthorized(User, "Edit", permissions))
{
Page = Pages.AddPage(Page);
logger.Log(LogLevel.Information, this, LogFunction.Create, "Page Added {Page}", Page);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Page {Page}", Page);
HttpContext.Response.StatusCode = 401;
Page = null;
}
}
return Page;
}
// POST api/<controller>/5?userid=x
[HttpPost("{id}")]
[Authorize(Roles = Constants.RegisteredRole)]
public Page Post(int id, string userid)
{
Page page = null;
Page parent = Pages.GetPage(id);
if (parent != null && parent.IsPersonalizable && !string.IsNullOrEmpty(userid))
{
page = new Page();
page.SiteId = parent.SiteId;
page.Name = parent.Name;
page.Path = parent.Path;
page.ParentId = parent.PageId;
page.Order = 0;
page.IsNavigation = false;
page.EditMode = false;
page.ThemeType = parent.ThemeType;
page.LayoutType = parent.LayoutType;
page.Icon = parent.Icon;
List<PermissionString> permissions = new List<PermissionString>();
permissions.Add(new PermissionString { PermissionName = "View", Permissions = "[" + userid + "]" });
permissions.Add(new PermissionString { PermissionName = "Edit", Permissions = "[" + userid + "]" });
page.Permissions = UserSecurity.SetPermissionStrings(permissions);
page.IsPersonalizable = false;
page.UserId = int.Parse(userid);
page = Pages.AddPage(page);
// copy modules
List<PageModule> pagemodules = PageModules.GetPageModules(page.SiteId).ToList();
foreach (PageModule pm in pagemodules.Where(item => item.PageId == parent.PageId && !item.IsDeleted))
{
Module module = new Module();
module.SiteId = page.SiteId;
module.PageId = page.PageId;
module.ModuleDefinitionName = pm.Module.ModuleDefinitionName;
permissions = new List<PermissionString>();
permissions.Add(new PermissionString { PermissionName = "View", Permissions = "[" + userid + "]" });
permissions.Add(new PermissionString { PermissionName = "Edit", Permissions = "[" + userid + "]" });
module.Permissions = UserSecurity.SetPermissionStrings(permissions);
module = Modules.AddModule(module);
string content = Modules.ExportModule(pm.ModuleId);
if (content != "")
{
Modules.ImportModule(module.ModuleId, content);
}
PageModule pagemodule = new PageModule();
pagemodule.PageId = page.PageId;
pagemodule.ModuleId = module.ModuleId;
pagemodule.Title = pm.Title;
pagemodule.Pane = pm.Pane;
pagemodule.Order = pm.Order;
pagemodule.ContainerType = pm.ContainerType;
PageModules.AddPageModule(pagemodule);
}
}
return page;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = Constants.RegisteredRole)]
@ -75,6 +172,12 @@ namespace Oqtane.Controllers
Page = Pages.UpdatePage(Page);
logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Updated {Page}", Page);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Page {Page}", Page);
HttpContext.Response.StatusCode = 401;
Page = null;
}
return Page;
}
@ -98,6 +201,11 @@ namespace Oqtane.Controllers
}
logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Order Updated {SiteId} {PageId} {ParentId}", siteid, pageid, parentid);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Page Order {SiteId} {PageId} {ParentId}", siteid, pageid, parentid);
HttpContext.Response.StatusCode = 401;
}
}
// DELETE api/<controller>/5
@ -110,6 +218,11 @@ namespace Oqtane.Controllers
Pages.DeletePage(id);
logger.Log(LogLevel.Information, this, LogFunction.Delete, "Page Deleted {PageId}", id);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete Page {PageId}", id);
HttpContext.Response.StatusCode = 401;
}
}
}
}