ability for non-administrators to edit page settings

2023-06-05 14:33:05 -04:00
parent 9f93476167
commit 10a754642a
10 changed files with 582 additions and 414 deletions
--- a/Oqtane.Server/Controllers/PageController.cs
+++ b/Oqtane.Server/Controllers/PageController.cs
@ -10,6 +10,8 @@ using Oqtane.Enums;
 using Oqtane.Extensions;
 using Oqtane.Infrastructure;
 using Oqtane.Repository;
+using Oqtane.Modules.Admin.Users;
+using System.IO;

 namespace Oqtane.Controllers
 {
@ -73,6 +75,26 @@ namespace Oqtane.Controllers
            return pages;
        }

+        // GET api/<controller>/5
+        [HttpGet("{id}")]
+        public Page Get(int id)
+        {
+            var page = _pages.GetPage(id);
+            if (page != null && page.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, page.PermissionList))
+            {
+                page.Settings = _settings.GetSettings(EntityNames.Page, page.PageId)
+                    .Where(item => !item.IsPrivate || _userPermissions.IsAuthorized(User, PermissionNames.Edit, page.PermissionList))
+                    .ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
+                return page;
+            }
+            else
+            {
+                _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Page Get Attempt {PageId}", id);
+                HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
+                return null;
+            }
+        }
+
        // GET api/<controller>/path/x?path=y
        [HttpGet("path/{siteid}")]
        public Page Get(string path, int siteid)
--- a/Oqtane.Server/Infrastructure/SiteTemplates/DefaultSiteTemplate.cs
+++ b/Oqtane.Server/Infrastructure/SiteTemplates/DefaultSiteTemplate.cs
@ -141,7 +141,7 @@ namespace Oqtane.SiteTemplates
                Path = "develop",
                Icon = "oi oi-wrench",
                IsNavigation = true,
-                IsPersonalizable = true,
+                IsPersonalizable = false,
                PermissionList = new List<Permission> {
                    new Permission(PermissionNames.View, RoleNames.Host, true),
                    new Permission(PermissionNames.Edit, RoleNames.Host, true)
--- a/Oqtane.Server/Repository/SiteRepository.cs
+++ b/Oqtane.Server/Repository/SiteRepository.cs
@ -694,6 +694,7 @@ namespace Oqtane.Repository
                PermissionList = new List<Permission>
                {
                    new Permission(PermissionNames.View, RoleNames.Admin, true),
+                    new Permission(PermissionNames.View, RoleNames.Registered, true),
                    new Permission(PermissionNames.Edit, RoleNames.Admin, true)
                },
                PageTemplateModules = new List<PageTemplateModule>
--- a/Oqtane.Server/Repository/ThemeRepository.cs
+++ b/Oqtane.Server/Repository/ThemeRepository.cs
@ -87,6 +87,8 @@ namespace Oqtane.Repository
                Theme.Resources = theme.Resources;
                Theme.Themes = theme.Themes;
                Theme.Containers = theme.Containers;
+                Theme.ThemeSettingsType = theme.ThemeSettingsType;
+                Theme.ContainerSettingsType = theme.ContainerSettingsType;
                Themes.Add(Theme);
            }