Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Permission-based authorization utilizing Policies

Browse Source
This commit is contained in:
Shaun Walker
2019-08-27 17:14:41 -04:00
parent f037898c6e
commit 3ce7f1a227
54 changed files with 1104 additions and 388 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Oqtane.Client/Modules/Admin/Admin/Index.razor
View File

@ -2,6 +2,7 @@
@using Oqtane.Modules
@using Oqtane.Services
@using Oqtane.Models;
@using Oqtane.Security
@using Oqtane.Client.Modules.Controls
@inherits ModuleBase
@inject IPageService PageService
@ -10,7 +11,7 @@
<ul class="list-group">
@foreach (var p in pages)
{
if (p.IsNavigation && UserService.IsAuthorized(PageState.User, p.ViewPermissions))
if (p.IsNavigation && UserSecurity.IsAuthorized(PageState.User, "View", p.Permissions))
{
string url = NavigateUrl(p.Path);
<li class="list-group-item">

8
Oqtane.Client/Modules/Admin/ModuleSettings/Index.razor
View File

@ -3,6 +3,7 @@
@using Oqtane.Models
@using Oqtane.Modules
@using Oqtane.Shared
@using Oqtane.Security
@using Oqtane.Client.Modules.Controls
@inherits ModuleBase
@inject IUriHelper UriHelper
@ -89,8 +90,8 @@
title = ModuleState.Title;
containers = ThemeService.GetContainerTypes(await ThemeService.GetThemesAsync());
containertype = ModuleState.ContainerType;
viewpermissions = ModuleState.ViewPermissions;
editpermissions = ModuleState.EditPermissions;
viewpermissions = UserSecurity.GetPermissions("View", ModuleState.Permissions);
editpermissions = UserSecurity.GetPermissions("Edit", ModuleState.Permissions);
pageid = ModuleState.PageId.ToString();
DynamicComponent = builder =>
@ -108,8 +109,7 @@
private async Task SaveModule()
{
Module module = ModuleState;
module.ViewPermissions = viewpermissions;
module.EditPermissions = editpermissions;
module.Permissions = UserSecurity.SetPermissions("View", viewpermissions) + UserSecurity.SetPermissions("Edit", editpermissions);
await ModuleService.UpdateModuleAsync(module);
PageModule pagemodule = await PageModuleService.GetPageModuleAsync(ModuleState.PageModuleId);

12
Oqtane.Client/Modules/Admin/Pages/Add.razor
View File

@ -1,15 +1,16 @@
@using Microsoft.AspNetCore.Components.Routing
@using Oqtane.Client.Modules.Controls
@using Oqtane.Models
@using Oqtane.Services
@using Oqtane.Modules
@using Oqtane.Shared
@using Oqtane.Security
@inherits ModuleBase
@inject IUriHelper UriHelper
@inject IPageService PageService
@inject IThemeService ThemeService
@((MarkupString)message)
<ModuleMessage Message="@message" />
<table class="form-group">
<tr>
<td>
@ -144,7 +145,7 @@
}
catch (Exception ex)
{
message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
message = ex.Message;
}
}
@ -180,8 +181,7 @@
}
System.Reflection.PropertyInfo property = type.GetProperty("Panes");
page.Panes = (string)property.GetValue(Activator.CreateInstance(type), null);
page.ViewPermissions = viewpermissions;
page.EditPermissions = editpermissions;
page.Permissions = UserSecurity.SetPermissions("View", viewpermissions) + UserSecurity.SetPermissions("Edit", editpermissions);
await PageService.AddPageAsync(page);
PageState.Reload = Constants.ReloadSite;
@ -196,7 +196,7 @@
}
catch (Exception ex)
{
message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
message = ex.Message;
}
}
}

13
Oqtane.Client/Modules/Admin/Pages/Delete.razor
View File

@ -1,15 +1,16 @@
@using Microsoft.AspNetCore.Components.Routing
@using Oqtane.Client.Modules.Controls
@using Oqtane.Models
@using Oqtane.Services
@using Oqtane.Modules
@using Oqtane.Shared
@using Oqtane.Client.Modules.Controls
@using Oqtane.Security
@inherits ModuleBase
@inject IUriHelper UriHelper
@inject IPageService PageService
@inject IThemeService ThemeService
@((MarkupString)message)
<ModuleMessage Message="@message" />
<table class="form-group">
<tr>
@ -163,8 +164,8 @@
themetype = page.ThemeType;
layouttype = page.LayoutType;
icon = page.Icon;
viewpermissions = page.ViewPermissions;
editpermissions = page.EditPermissions;
viewpermissions = UserSecurity.GetPermissions("View", page.Permissions);
editpermissions = UserSecurity.GetPermissions("Edit", page.Permissions);
createdby = page.CreatedBy;
createdon = page.CreatedOn;
modifiedby = page.ModifiedBy;
@ -173,7 +174,7 @@
}
catch (Exception ex)
{
message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
message = ex.Message;
}
}
@ -194,7 +195,7 @@
}
catch (Exception ex)
{
message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
message = ex.Message;
}
}
}

16
Oqtane.Client/Modules/Admin/Pages/Edit.razor
View File

@ -1,15 +1,16 @@
@using Microsoft.AspNetCore.Components.Routing
@using Oqtane.Client.Modules.Controls
@using Oqtane.Models
@using Oqtane.Services
@using Oqtane.Modules
@using Oqtane.Shared
@using Oqtane.Client.Modules.Controls
@using Oqtane.Security
@inherits ModuleBase
@inject IUriHelper UriHelper
@inject IPageService PageService
@inject IThemeService ThemeService
@((MarkupString)message)
<ModuleMessage Message="@message" />
<table class="form-group">
<tr>
@ -170,8 +171,8 @@
themetype = page.ThemeType;
layouttype = page.LayoutType;
icon = page.Icon;
viewpermissions = page.ViewPermissions;
editpermissions = page.EditPermissions;
viewpermissions = UserSecurity.GetPermissions("View", page.Permissions);
editpermissions = UserSecurity.GetPermissions("Edit", page.Permissions);
createdby = page.CreatedBy;
createdon = page.CreatedOn;
modifiedby = page.ModifiedBy;
@ -180,7 +181,7 @@
}
catch (Exception ex)
{
message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
message = ex.Message;
}
}
@ -216,8 +217,7 @@
}
System.Reflection.PropertyInfo property = type.GetProperty("Panes");
page.Panes = (string)property.GetValue(Activator.CreateInstance(type), null);
page.ViewPermissions = viewpermissions;
page.EditPermissions = editpermissions;
page.Permissions = UserSecurity.SetPermissions("View", viewpermissions) + UserSecurity.SetPermissions("Edit", editpermissions);
await PageService.UpdatePageAsync(page);
PageState.Reload = Constants.ReloadSite;
@ -232,7 +232,7 @@
}
catch (Exception ex)
{
message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
message = ex.Message;
}
}
}

4
Oqtane.Client/Modules/Admin/Pages/Index.razor
View File

@ -1,7 +1,7 @@
@using Oqtane.Services
@using Oqtane.Client.Modules.Controls
@using Oqtane.Services
@using Oqtane.Models
@using Oqtane.Modules
@using Oqtane.Client.Modules.Controls
@inherits ModuleBase
@inject IPageService PageService

12
Oqtane.Client/Modules/Admin/Register/Index.razor
View File

@ -9,7 +9,7 @@
<div class="container">
<div class="form-group">
<label for="Username" class="control-label">Email: </label>
<input type="text" name="Username" class="form-control" placeholder="Username" @bind="@Username" />
<input type="text" name="Username" class="form-control" placeholder="Username" @bind="@Email" />
</div>
<div class="form-group">
<label for="Password" class="control-label">Password: </label>
@ -22,17 +22,17 @@
@code {
public override SecurityAccessLevel SecurityAccessLevel { get { return SecurityAccessLevel.Anonymous; } }
public string Username { get; set; } = "";
public string Email { get; set; } = "";
public string Password { get; set; } = "";
private async Task RegisterUser()
{
User user = new User();
user.SiteId = PageState.Site.SiteId;
user.Username = Username;
user.DisplayName = Username;
user.Roles = "Administrators;";
user.IsSuperUser = false;
user.Username = Email;
user.DisplayName = Email;
user.Email = Email;
user.IsHost = false;
user.Password = Password;
await UserService.AddUserAsync(user);
UriHelper.NavigateTo("");

5
Oqtane.Client/Modules/Admin/Sites/Add.razor
View File

@ -2,6 +2,8 @@
@using Oqtane.Models
@using Oqtane.Services
@using Oqtane.Modules
@using Oqtane.Shared
@using Oqtane.Security
@inherits ModuleBase
@inject IUriHelper UriHelper
@inject ITenantService TenantService
@ -102,8 +104,7 @@ else
Type type = Type.GetType(p.ThemeType);
System.Reflection.PropertyInfo property = type.GetProperty("Panes");
p.Panes = (string)property.GetValue(Activator.CreateInstance(type), null);
p.ViewPermissions = "All Users";
p.EditPermissions = "Administrators";
p.Permissions = UserSecurity.SetPermissions("View", Constants.AllUsersRole) + UserSecurity.SetPermissions("Edit", Constants.AdminRole);
await PageService.AddPageAsync(p);
UriHelper.NavigateTo(url, true);

12
Oqtane.Client/Modules/Controls/ActionLink.razor
View File

@ -2,6 +2,7 @@
@using Oqtane.Modules
@using Oqtane.Services
@using Oqtane.Shared
@using Oqtane.Security
@inherits ModuleBase
@inject IUserService UserService
@ -70,19 +71,16 @@
authorized = true;
break;
case SecurityAccessLevel.View:
authorized = UserService.IsAuthorized(PageState.User, ModuleState.ViewPermissions);
authorized = UserSecurity.IsAuthorized(PageState.User, "View", ModuleState.Permissions);
break;
case SecurityAccessLevel.Edit:
authorized = UserService.IsAuthorized(PageState.User, ModuleState.EditPermissions);
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions);
break;
case SecurityAccessLevel.Admin:
authorized = UserService.IsAuthorized(PageState.User, Constants.AdminRole);
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.AdminRole));
break;
case SecurityAccessLevel.Host:
if (PageState.User != null)
{
authorized = PageState.User.IsSuperUser;
}
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.HostRole));
break;
}
}

20
Oqtane.Client/Modules/Controls/ModuleMessage.razor
View File

@ -1,30 +1,22 @@
@using Oqtane.Modules
@inherits ModuleBase
@if (authorized)
@if (Message != "")
{
<div class="@type">
@Message
</div>
<div class="@type">@Message</div><br /><br />
}
@code {
[Parameter]
public MessageType Type { get; set; }
[Parameter]
public string Message { get; set; }
string type = "alert alert-success"; // optional
bool authorized = false;
[Parameter]
public MessageType Type { get; set; }
string type = "alert alert-danger";
protected override void OnInitialized()
{
if (PageState.User != null)
{
authorized = PageState.User.IsSuperUser;
}
switch (Type)
{
case MessageType.Success:

10
Oqtane.Client/Modules/HtmlText/Services/HtmlTextService.cs
View File

@ -29,22 +29,22 @@ namespace Oqtane.Client.Modules.HtmlText.Services
public async Task<HtmlTextInfo> GetHtmlTextAsync(int ModuleId)
{
return await http.GetJsonAsync<HtmlTextInfo>(apiurl + "/" + ModuleId.ToString());
return await http.GetJsonAsync<HtmlTextInfo>(apiurl + "/" + ModuleId.ToString() + "?entityid=" + ModuleId.ToString());
}
public async Task AddHtmlTextAsync(HtmlTextInfo htmltext)
{
await http.PostJsonAsync(apiurl, htmltext);
await http.PostJsonAsync(apiurl + "?entityid=" + htmltext.ModuleId.ToString(), htmltext);
}
public async Task UpdateHtmlTextAsync(HtmlTextInfo htmltext)
{
await http.PutJsonAsync(apiurl + "/" + htmltext.HtmlTextId.ToString(), htmltext);
await http.PutJsonAsync(apiurl + "/" + htmltext.HtmlTextId.ToString() + "?entityid=" + htmltext.ModuleId.ToString(), htmltext);
}
public async Task DeleteHtmlTextAsync(int HtmlTextId)
public async Task DeleteHtmlTextAsync(int ModuleId)
{
await http.DeleteAsync(apiurl + "/" + HtmlTextId.ToString());
await http.DeleteAsync(apiurl + "/" + ModuleId.ToString() + "?entityid=" + ModuleId.ToString());
}
}
}

2
Oqtane.Client/Modules/HtmlText/Services/IHtmlTextService.cs
View File

@ -12,6 +12,6 @@ namespace Oqtane.Client.Modules.HtmlText.Services
Task UpdateHtmlTextAsync(HtmlTextInfo htmltext);
Task DeleteHtmlTextAsync(int HtmlTextId);
Task DeleteHtmlTextAsync(int ModuleId);
}
}

3
Oqtane.Client/Providers/IdentityAuthenticationStateProvider.cs
View File

@ -32,7 +32,8 @@ namespace Oqtane.Providers
{
identity = new ClaimsIdentity("Identity.Application");
identity.AddClaim(new Claim(ClaimTypes.Name, user.Username));
foreach(string role in user.Roles.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
identity.AddClaim(new Claim(ClaimTypes.PrimarySid, user.UserId.ToString()));
foreach (string role in user.Roles.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
{
identity.AddClaim(new Claim(ClaimTypes.Role, role));
}

2
Oqtane.Client/Services/Interfaces/IUserService.cs
View File

@ -21,7 +21,5 @@ namespace Oqtane.Services
Task<User> LoginUserAsync(User User, bool SetCookie, bool IsPersistent);
Task LogoutUserAsync();
bool IsAuthorized(User User, string AccessControlList);
}
}

73
Oqtane.Client/Services/UserService.cs
View File

@ -67,78 +67,5 @@ namespace Oqtane.Services
// best practices recommend post is preferrable to get for logout
await http.PostJsonAsync(apiurl + "/logout", null);
}
// ACLs are stored in the format "!rolename1;![userid1];rolename2;rolename3;[userid2];[userid3]" where "!" designates Deny permissions
public bool IsAuthorized(User User, string AccessControlList)
{
bool isAllowed = false;
if (User != null)
{
// super user always has full access
isAllowed = User.IsSuperUser;
}
if (!isAllowed)
{
if (AccessControlList != null)
{
foreach (string permission in AccessControlList.Split(new[] { ';' }))
{
bool? allowed = VerifyPermission(User, permission);
if (allowed.HasValue)
{
isAllowed = allowed.Value;
break;
}
}
}
}
return isAllowed;
}
private bool? VerifyPermission(User user, string permission)
{
bool? allowed = null;
//permissions strings are encoded with deny permissions at the beginning and grant permissions at the end for optimal performance
if (!String.IsNullOrEmpty(permission))
{
// deny permission
if (permission.StartsWith("!"))
{
string denyRole = permission.Replace("!", "");
if (denyRole == Constants.AllUsersRole || IsAllowed(user, denyRole))
{
allowed = false;
}
}
else // grant permission
{
if (permission == Constants.AllUsersRole || IsAllowed(user, permission))
{
allowed = true;
}
}
}
return allowed;
}
private bool IsAllowed(User user, string permission)
{
if (user != null)
{
if ("[" + user.UserId + "]" == permission)
{
return true;
}
var roles = user.Roles;
if (roles != null)
{
return roles.IndexOf(";" + permission + ";") != -1;
}
}
return false;
}
}
}

22
Oqtane.Client/Shared/Constants.cs
View File

@ -1,22 +0,0 @@
namespace Oqtane.Shared
{
public class Constants
{
public const string DefaultPage = "Oqtane.Client.Shared.Theme, Oqtane.Client";
public const string DefaultContainer = "Oqtane.Client.Shared.Container, Oqtane.Client";
public const string DefaultAdminContainer = "Oqtane.Client.Themes.AdminContainer, Oqtane.Client";
public const string DefaultSettingsControl = "Oqtane.Client.Modules.Admin.ModuleSettings.Index, Oqtane.Client";
public const string PageManagementModule = "Oqtane.Client.Modules.Admin.Pages, Oqtane.Client";
public const string ModuleMessageControl = "Oqtane.Client.Modules.Controls.ModuleMessage, Oqtane.Client";
public const string DefaultControl = "Index";
public const string AdminPane = "Admin";
public const string AllUsersRole = "All Users";
public const string AdminRole = "Administrators";
public const int ReloadApplication = 3;
public const int ReloadSite = 2;
public const int ReloadPage = 1;
}
}

3
Oqtane.Client/Shared/Container.razor
View File

@ -34,8 +34,7 @@
{
// container does not exist with type specified
builder.OpenComponent(0, Type.GetType(Constants.ModuleMessageControl));
builder.AddAttribute(1, "Type", MessageType.Error);
builder.AddAttribute(2, "Message", "Error Loading Module Container " + container);
builder.AddAttribute(1, "Message", "Error Loading Module Container " + container);
builder.CloseComponent();
}
}

14
Oqtane.Client/Shared/Installer.razor
View File

@ -82,10 +82,10 @@
<tbody>
<tr>
<td>
<label for="Title" class="control-label" style="font-weight: bold">Username: </label>
<label for="Title" class="control-label" style="font-weight: bold">Email: </label>
</td>
<td>
<input type="text" id="Email" class="form-control" @bind="@HostUsername" />
<input type="text" id="Email" class="form-control" @bind="@Email" />
</td>
</tr>
<tr>
@ -115,7 +115,7 @@
private string DatabaseName = "Oqtane-" + DateTime.Now.ToString("yyyyMMddHHmm");
private string Username = "";
private string Password = "";
private string HostUsername = "host";
private string Email = "";
private string HostPassword = "";
private string Message = "";
@ -164,11 +164,11 @@
{
User user = new User();
user.SiteId = 1;
user.Username = HostUsername;
user.DisplayName = HostUsername;
user.Username = Email;
user.DisplayName = Email;
user.Email = Email;
user.Password = HostPassword;
user.IsSuperUser = true;
user.Roles = "";
user.IsHost = true;
user = await UserService.AddUserAsync(user);
UriHelper.NavigateTo("", true);

3
Oqtane.Client/Shared/ModuleInstance.razor
View File

@ -36,8 +36,7 @@
{
// module does not exist with typename specified
builder.OpenComponent(0, Type.GetType(Constants.ModuleMessageControl));
builder.AddAttribute(1, "Type", MessageType.Error);
builder.AddAttribute(2, "Message", "Error Loading Component For Module " + ModuleState.ModuleDefinitionName);
builder.AddAttribute(1, "Message", "Error Loading Component For Module " + ModuleState.ModuleDefinitionName);
builder.CloseComponent();
}
};

15
Oqtane.Client/Shared/Pane.razor
View File

@ -3,6 +3,7 @@
@using Oqtane.Modules
@using Oqtane.Models
@using Oqtane.Shared
@using Oqtane.Security
@using System.Linq
@inject IUserService UserService
@inject IModuleService ModuleService
@ -27,7 +28,7 @@
protected override void OnInitialized()
{
if (UserService.IsAuthorized(PageState.User, PageState.Page.EditPermissions) && Name != Constants.AdminPane)
if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions) && Name != Constants.AdminPane)
{
paneadminborder = "pane-admin-border";
panetitle = "<div class=\"pane-admin-title\">" + Name + " Pane</div>";
@ -60,16 +61,16 @@
authorized = true;
break;
case SecurityAccessLevel.View:
authorized = UserService.IsAuthorized(PageState.User, module.ViewPermissions);
authorized = UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions);
break;
case SecurityAccessLevel.Edit:
authorized = UserService.IsAuthorized(PageState.User, module.EditPermissions);
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", module.Permissions);
break;
case SecurityAccessLevel.Admin:
authorized = UserService.IsAuthorized(PageState.User, Constants.AdminRole);
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.AdminRole));
break;
case SecurityAccessLevel.Host:
authorized = PageState.User.IsSuperUser;
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.HostRole));
break;
}
if (authorized)
@ -103,7 +104,7 @@
if (module != null && module.Pane == Name)
{
// check if user is authorized to view module
if (UserService.IsAuthorized(PageState.User, module.ViewPermissions))
if (UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions))
{
builder.OpenComponent(0, Type.GetType(Constants.DefaultContainer));
builder.AddAttribute(1, "Module", module);
@ -116,7 +117,7 @@
foreach (Module module in PageState.Modules.Where(item => item.Pane == Name).OrderBy(x => x.Order).ToArray())
{
// check if user is authorized to view module
if (UserService.IsAuthorized(PageState.User, module.ViewPermissions))
if (UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions))
{
builder.OpenComponent(0, Type.GetType(Constants.DefaultContainer));
builder.AddAttribute(1, "Module", module);

13
Oqtane.Client/Shared/SiteRouter.razor
View File

@ -4,6 +4,7 @@
@using System.Linq
@using System.Collections.Generic
@using Oqtane.Shared
@using Oqtane.Security
@using Microsoft.AspNetCore.Components.Routing
@inject AuthenticationStateProvider AuthenticationStateProvider
@inject SiteState SiteState
@ -153,12 +154,12 @@
}
// extract admin route elements from path
string[] segments = path.Split('/');
string[] segments = path.Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries);
int result;
if (segments.Length >= 3 && int.TryParse(segments[segments.Length - 3], out result))
if (segments.Length >= 2 && int.TryParse(segments[segments.Length - 2], out result))
{
// path has moduleid and control specification ie. page/moduleid/control/
control = segments[segments.Length - 2];
control = segments[segments.Length - 1];
moduleid = result;
path = path.Replace(moduleid.ToString() + "/" + control + "/", "");
}
@ -206,7 +207,7 @@
if (page != null)
{
// check if user is authorized to view page
if (UserService.IsAuthorized(user, page.ViewPermissions))
if (UserSecurity.IsAuthorized(user, "View", page.Permissions))
{
pagestate = new PageState();
pagestate.ModuleDefinitions = moduledefinitions;
@ -278,7 +279,7 @@
Dictionary<string, string> querystring = new Dictionary<string, string>();
if (path.IndexOf("?") != -1)
{
foreach (string kvp in path.Substring(path.IndexOf("?") + 1).Split('&'))
foreach (string kvp in path.Substring(path.IndexOf("?") + 1).Split(new[] { '&' }, StringSplitOptions.RemoveEmptyEntries))
{
if (kvp != "")
{
@ -316,7 +317,7 @@
string typename = moduledefinition.ControlTypeTemplate;
if (moduledefinition.ControlTypeRoutes != "")
{
foreach (string route in moduledefinition.ControlTypeRoutes.Split(';'))
foreach (string route in moduledefinition.ControlTypeRoutes.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
{
if (route.StartsWith(control + "="))
{

3
Oqtane.Client/Shared/Theme.razor
View File

@ -22,8 +22,7 @@
{
// theme does not exist with type specified
builder.OpenComponent(0, Type.GetType(Constants.ModuleMessageControl));
builder.AddAttribute(1, "Type", MessageType.Error);
builder.AddAttribute(2, "Message", "Error Loading Page Theme " + PageState.Page.ThemeType);
builder.AddAttribute(1, "Message", "Error Loading Page Theme " + PageState.Page.ThemeType);
builder.CloseComponent();
}
};

1
Oqtane.Client/Shared/Utilities.cs
View File

@ -35,6 +35,7 @@ namespace Oqtane.Shared
public static string EditUrl(string alias, string path, int moduleid, string action, string parameters)
{
string url = NavigateUrl(alias, path, "");
if (url == "/") url = "";
if (moduleid != -1)
{
url += "/" + moduleid.ToString();

8
Oqtane.Client/Themes/Controls/ControlPanel.razor
View File

@ -3,6 +3,7 @@
@using Oqtane.Models
@using Oqtane.Themes
@using Oqtane.Shared
@using Oqtane.Security
@inherits ThemeObjectBase
@inject IUriHelper UriHelper
@inject IUserService UserService
@ -44,7 +45,7 @@
<label for="Pane" class="control-label" style="color: white !important;">Pane: </label>
<select class="form-control" @bind="@pane">
<option value="">&lt;Select Pane&gt;</option>
@foreach (string pane in PageState.Page.Panes.Split(';'))
@foreach (string pane in PageState.Page.Panes.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
{
<option value="@pane">@pane Pane</option>
}
@ -89,7 +90,7 @@
{
pagemanagementmoduleid = modules.FirstOrDefault().ModuleId;
}
if (UserService.IsAuthorized(PageState.User, PageState.Page.EditPermissions))
if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions))
{
display = "display: inline";
}
@ -100,8 +101,7 @@
Module module = new Module();
module.SiteId = PageState.Site.SiteId;
module.ModuleDefinitionName = moduledefinitionname;
module.ViewPermissions = PageState.Page.ViewPermissions;
module.EditPermissions = PageState.Page.EditPermissions;
module.Permissions = PageState.Page.Permissions;
await ModuleService.AddModuleAsync(module);
List<Module> modules = await ModuleService.GetModulesAsync(PageState.Site.SiteId, moduledefinitionname);

3
Oqtane.Client/Themes/Controls/Menu.razor
View File

@ -2,6 +2,7 @@
@using Oqtane.Themes
@using Oqtane.Services
@using Oqtane.Models;
@using Oqtane.Security
@inherits ThemeObjectBase
@inject IPageService PageService
@inject IUserService UserService
@ -18,7 +19,7 @@
}
@foreach (var p in pages)
{
if (p.IsNavigation && UserService.IsAuthorized(PageState.User, p.ViewPermissions))
if (p.IsNavigation && UserSecurity.IsAuthorized(PageState.User, "View", p.Permissions))
{
string url = NavigateUrl(p.Path);
<li class="nav-item px-3">

5
Oqtane.Client/Themes/Controls/ModuleActions.razor
View File

@ -2,6 +2,7 @@
@using Oqtane.Services
@using Oqtane.Models
@using Oqtane.Shared
@using Oqtane.Security
@inherits ContainerBase
@inject IUriHelper UriHelper
@inject IUserService UserService
@ -32,7 +33,7 @@
{
actions.Add(new ActionViewModel { Action = "down", Name = "Move Down" });
}
foreach (string pane in PageState.Page.Panes.Split(';'))
foreach (string pane in PageState.Page.Panes.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
{
if (pane != ModuleState.Pane)
{
@ -42,7 +43,7 @@
actions.Add(new ActionViewModel { Action = "settings", Name = "Settings" });
actions.Add(new ActionViewModel { Action = "delete", Name = "Delete" });
if (UserService.IsAuthorized(PageState.User, ModuleState.EditPermissions))
if (UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions))
{
display = "display: inline";
}