only hosts should be allowed to view/edit SMTP settings

2025-08-07 14:42:24 -04:00
parent a37f07d20b
commit 3bd6767138
1 changed files with 36 additions and 30 deletions
--- a/Oqtane.Client/Modules/Admin/Site/Index.razor
+++ b/Oqtane.Client/Modules/Admin/Site/Index.razor
@ -202,7 +202,7 @@
                        </select>
                    </div>
                </div>
-                @if (_smtpenabled == "True")
+                @if (_smtpenabled == "True" && UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
                {
                    <div class="row mb-1 align-items-center">
                        <div class="col-sm-3">
@ -609,6 +609,8 @@

                // SMTP
                _smtpenabled = SettingService.GetSetting(settings, "SMTPEnabled", "False");
+                if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
+                {
                    _smtphost = SettingService.GetSetting(settings, "SMTPHost", string.Empty);
                    _smtpport = SettingService.GetSetting(settings, "SMTPPort", string.Empty);
                    _smtpssl = SettingService.GetSetting(settings, "SMTPSSL", "False");
@ -624,6 +626,7 @@
                    _smtpsender = SettingService.GetSetting(settings, "SMTPSender", string.Empty);
                    _smtprelay = SettingService.GetSetting(settings, "SMTPRelay", "False");
                    _retention = int.Parse(SettingService.GetSetting(settings, "NotificationRetention", "30"));
+                }

                // PWA
                _pwaisenabled = site.PwaIsEnabled.ToString();
@ -800,6 +803,9 @@

                        // SMTP
                        var settings = await SettingService.GetSiteSettingsAsync(site.SiteId);
+                        settings = SettingService.SetSetting(settings, "SMTPEnabled", _smtpenabled, true);
+                        if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
+                        {
                            settings = SettingService.SetSetting(settings, "SMTPHost", _smtphost, true);
                            settings = SettingService.SetSetting(settings, "SMTPPort", _smtpport, true);
                            settings = SettingService.SetSetting(settings, "SMTPSSL", _smtpssl, true);
@ -812,9 +818,8 @@
                            settings = SettingService.SetSetting(settings, "SMTPScopes", _smtpscopes, true);
                            settings = SettingService.SetSetting(settings, "SMTPSender", _smtpsender, true);
                            settings = SettingService.SetSetting(settings, "SMTPRelay", _smtprelay, true);
-                        settings = SettingService.SetSetting(settings, "SMTPEnabled", _smtpenabled, true);
-                        settings = SettingService.SetSetting(settings, "SiteGuid", _siteguid, true);
                            settings = SettingService.SetSetting(settings, "NotificationRetention", _retention.ToString(), true);
+                        }

                        //cookie consent
                        settings = SettingService.SetSetting(settings, "CookieConsent", _cookieconsent);
@ -822,6 +827,7 @@
                        // functionality
                        settings = SettingService.SetSetting(settings, "TextEditor", _textEditor);

+                        settings = SettingService.SetSetting(settings, "SiteGuid", _siteguid, true);
                        await SettingService.UpdateSiteSettingsAsync(settings, site.SiteId);

                        await logger.LogInformation("Site Settings Saved {Site}", site);