Merge pull request #1387 from sbwalker/dev

fix #1367 - provides support for multiple entities in auth policy and makes parameter names more intuitive - backward compatible with entityid
2021-05-23 10:25:17 -04:00
parent fc3ba14d0f 3f48c1f8fe
commit 35aaf476d0
7 changed files with 126 additions and 42 deletions
--- a/Oqtane.Client/Modules/HtmlText/Services/HtmlTextService.cs
+++ b/Oqtane.Client/Modules/HtmlText/Services/HtmlTextService.cs
@ -2,7 +2,6 @@ using System.Collections.Generic;
 using System.Linq;
 using System.Net.Http;
 using System.Threading.Tasks;
-using Oqtane.Modules.HtmlText.Models;
 using Oqtane.Services;
 using Oqtane.Shared;

@ -21,23 +20,23 @@ namespace Oqtane.Modules.HtmlText.Services

        public async Task<Models.HtmlText> GetHtmlTextAsync(int moduleId)
        {
-            var htmltext = await GetJsonAsync<List<Models.HtmlText>>(CreateAuthorizationPolicyUrl($"{ApiUrl}/{moduleId}", moduleId));
+            var htmltext = await GetJsonAsync<List<Models.HtmlText>>(CreateAuthorizationPolicyUrl($"{ApiUrl}/{moduleId}", new Dictionary<string, int>() { { EntityNames.Module, moduleId } }));
            return htmltext.FirstOrDefault();
        }

        public async Task AddHtmlTextAsync(Models.HtmlText htmlText)
        {
-            await PostJsonAsync(CreateAuthorizationPolicyUrl($"{ApiUrl}", htmlText.ModuleId), htmlText);
+            await PostJsonAsync(CreateAuthorizationPolicyUrl($"{ApiUrl}", new Dictionary<string, int>() { { EntityNames.Module, htmlText.ModuleId } }), htmlText);
        }

        public async Task UpdateHtmlTextAsync(Models.HtmlText htmlText)
        {
-            await PutJsonAsync(CreateAuthorizationPolicyUrl($"{ApiUrl}/{htmlText.HtmlTextId}", htmlText.ModuleId), htmlText);
+            await PutJsonAsync(CreateAuthorizationPolicyUrl($"{ApiUrl}/{htmlText.HtmlTextId}", new Dictionary<string, int>() { { EntityNames.Module, htmlText.ModuleId } }), htmlText);
        }

        public async Task DeleteHtmlTextAsync(int moduleId)
        {
-            await DeleteAsync(CreateAuthorizationPolicyUrl($"{ApiUrl}/{moduleId}", moduleId));
+            await DeleteAsync(CreateAuthorizationPolicyUrl($"{ApiUrl}/{moduleId}", new Dictionary<string, int>() { { EntityNames.Module, moduleId } }));
        }
    }
 }
--- a/Oqtane.Client/Services/ServiceBase.cs
+++ b/Oqtane.Client/Services/ServiceBase.cs
@ -1,4 +1,5 @@
 using System;
+using System.Collections.Generic;
 using System.Net;
 using System.Net.Http;
 using System.Net.Http.Json;
@ -54,10 +55,15 @@ namespace Oqtane.Services
            return apiurl;
        }

-        // add entityid parameter to url for custom authorization policy
-        public string CreateAuthorizationPolicyUrl(string url, int entityId)
+        // add authentityid parameters to url for custom authorization policy - args in form of entityname = entityid
+        public string CreateAuthorizationPolicyUrl(string url, Dictionary<string, int> args)
        {
-            string qs = "entityid=" + entityId.ToString();
+            string qs = "";
+            foreach (KeyValuePair<string, int> kvp in args)
+            {
+                qs += (qs != "") ? "&" : "";
+                qs += "auth" + kvp.Key.ToLower() + "id=" + kvp.Value.ToString();
+            }

            if (url.Contains("?"))
            {
@ -204,5 +210,20 @@ namespace Oqtane.Services
        {
            return CreateApiUrl(serviceName, alias, ControllerRoutes.Default);
        }
+
+        [Obsolete("This method is obsolete. Use CreateAuthorizationPolicyUrl(string url, Dictionary<string, int> args) instead - in conjunction with _authEntityId in Server Controller.", false)]
+        public string CreateAuthorizationPolicyUrl(string url, int entityId)
+        {
+            string qs = "entityid=" + entityId.ToString();
+
+            if (url.Contains("?"))
+            {
+                return url + "&" + qs;
+            }
+            else
+            {
+                return url + "?" + qs;
+            }
+        }
    }
 }
--- a/Oqtane.Client/Themes/Controls/Theme/ControlPanel.razor
+++ b/Oqtane.Client/Themes/Controls/Theme/ControlPanel.razor
@ -513,28 +513,7 @@
        {
            List<PermissionString> permissions;

-            if (action == "publish")
-            {
-                // publish all modules
-                foreach (var module in PageState.Modules.Where(item => item.PageId == PageState.Page.PageId))
-                {
-                    permissions = UserSecurity.GetPermissionStrings(module.Permissions);
-                    foreach (var permissionstring in permissions)
-                    {
-                        if (permissionstring.PermissionName == PermissionNames.View)
-                        {
-                            List<string> ids = permissionstring.Permissions.Split(';').ToList();
-                            if (!ids.Contains(RoleNames.Everyone)) ids.Add(RoleNames.Everyone);
-                            if (!ids.Contains(RoleNames.Registered)) ids.Add(RoleNames.Registered);
-                            permissionstring.Permissions = string.Join(";", ids.ToArray());
-                        }
-                    }
-                    module.Permissions = UserSecurity.SetPermissionStrings(permissions);
-                    await ModuleService.UpdateModuleAsync(module);
-                }
-            }
-
-            // publish page
+            // publish/unpublish page
            var page = PageState.Page;
            permissions = UserSecurity.GetPermissionStrings(page.Permissions);
            foreach (var permissionstring in permissions)