Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Permission-based authorization utilizing Policies

Browse Source
This commit is contained in:
Shaun Walker
2019-08-27 17:14:41 -04:00
parent f037898c6e
commit 3ce7f1a227
54 changed files with 1104 additions and 388 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Oqtane.Client/Modules/Admin/Admin/Index.razor
View File

@ -2,6 +2,7 @@
@using Oqtane.Modules
@using Oqtane.Services
@using Oqtane.Models;
@using Oqtane.Security
@using Oqtane.Client.Modules.Controls
@inherits ModuleBase
@inject IPageService PageService
@ -10,7 +11,7 @@
<ul class="list-group">
@foreach (var p in pages)
{
if (p.IsNavigation && UserService.IsAuthorized(PageState.User, p.ViewPermissions))
if (p.IsNavigation && UserSecurity.IsAuthorized(PageState.User, "View", p.Permissions))
{
string url = NavigateUrl(p.Path);
<li class="list-group-item">

8
Oqtane.Client/Modules/Admin/ModuleSettings/Index.razor
View File

@ -3,6 +3,7 @@
@using Oqtane.Models
@using Oqtane.Modules
@using Oqtane.Shared
@using Oqtane.Security
@using Oqtane.Client.Modules.Controls
@inherits ModuleBase
@inject IUriHelper UriHelper
@ -89,8 +90,8 @@
title = ModuleState.Title;
containers = ThemeService.GetContainerTypes(await ThemeService.GetThemesAsync());
containertype = ModuleState.ContainerType;
viewpermissions = ModuleState.ViewPermissions;
editpermissions = ModuleState.EditPermissions;
viewpermissions = UserSecurity.GetPermissions("View", ModuleState.Permissions);
editpermissions = UserSecurity.GetPermissions("Edit", ModuleState.Permissions);
pageid = ModuleState.PageId.ToString();
DynamicComponent = builder =>
@ -108,8 +109,7 @@
private async Task SaveModule()
{
Module module = ModuleState;
module.ViewPermissions = viewpermissions;
module.EditPermissions = editpermissions;
module.Permissions = UserSecurity.SetPermissions("View", viewpermissions) + UserSecurity.SetPermissions("Edit", editpermissions);
await ModuleService.UpdateModuleAsync(module);
PageModule pagemodule = await PageModuleService.GetPageModuleAsync(ModuleState.PageModuleId);

12
Oqtane.Client/Modules/Admin/Pages/Add.razor
View File

@ -1,15 +1,16 @@
@using Microsoft.AspNetCore.Components.Routing
@using Oqtane.Client.Modules.Controls
@using Oqtane.Models
@using Oqtane.Services
@using Oqtane.Modules
@using Oqtane.Shared
@using Oqtane.Security
@inherits ModuleBase
@inject IUriHelper UriHelper
@inject IPageService PageService
@inject IThemeService ThemeService
@((MarkupString)message)
<ModuleMessage Message="@message" />
<table class="form-group">
<tr>
<td>
@ -144,7 +145,7 @@
}
catch (Exception ex)
{
message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
message = ex.Message;
}
}
@ -180,8 +181,7 @@
}
System.Reflection.PropertyInfo property = type.GetProperty("Panes");
page.Panes = (string)property.GetValue(Activator.CreateInstance(type), null);
page.ViewPermissions = viewpermissions;
page.EditPermissions = editpermissions;
page.Permissions = UserSecurity.SetPermissions("View", viewpermissions) + UserSecurity.SetPermissions("Edit", editpermissions);
await PageService.AddPageAsync(page);
PageState.Reload = Constants.ReloadSite;
@ -196,7 +196,7 @@
}
catch (Exception ex)
{
message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
message = ex.Message;
}
}
}

13
Oqtane.Client/Modules/Admin/Pages/Delete.razor
View File

@ -1,15 +1,16 @@
@using Microsoft.AspNetCore.Components.Routing
@using Oqtane.Client.Modules.Controls
@using Oqtane.Models
@using Oqtane.Services
@using Oqtane.Modules
@using Oqtane.Shared
@using Oqtane.Client.Modules.Controls
@using Oqtane.Security
@inherits ModuleBase
@inject IUriHelper UriHelper
@inject IPageService PageService
@inject IThemeService ThemeService
@((MarkupString)message)
<ModuleMessage Message="@message" />
<table class="form-group">
<tr>
@ -163,8 +164,8 @@
themetype = page.ThemeType;
layouttype = page.LayoutType;
icon = page.Icon;
viewpermissions = page.ViewPermissions;
editpermissions = page.EditPermissions;
viewpermissions = UserSecurity.GetPermissions("View", page.Permissions);
editpermissions = UserSecurity.GetPermissions("Edit", page.Permissions);
createdby = page.CreatedBy;
createdon = page.CreatedOn;
modifiedby = page.ModifiedBy;
@ -173,7 +174,7 @@
}
catch (Exception ex)
{
message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
message = ex.Message;
}
}
@ -194,7 +195,7 @@
}
catch (Exception ex)
{
message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
message = ex.Message;
}
}
}

16
Oqtane.Client/Modules/Admin/Pages/Edit.razor
View File

@ -1,15 +1,16 @@
@using Microsoft.AspNetCore.Components.Routing
@using Oqtane.Client.Modules.Controls
@using Oqtane.Models
@using Oqtane.Services
@using Oqtane.Modules
@using Oqtane.Shared
@using Oqtane.Client.Modules.Controls
@using Oqtane.Security
@inherits ModuleBase
@inject IUriHelper UriHelper
@inject IPageService PageService
@inject IThemeService ThemeService
@((MarkupString)message)
<ModuleMessage Message="@message" />
<table class="form-group">
<tr>
@ -170,8 +171,8 @@
themetype = page.ThemeType;
layouttype = page.LayoutType;
icon = page.Icon;
viewpermissions = page.ViewPermissions;
editpermissions = page.EditPermissions;
viewpermissions = UserSecurity.GetPermissions("View", page.Permissions);
editpermissions = UserSecurity.GetPermissions("Edit", page.Permissions);
createdby = page.CreatedBy;
createdon = page.CreatedOn;
modifiedby = page.ModifiedBy;
@ -180,7 +181,7 @@
}
catch (Exception ex)
{
message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
message = ex.Message;
}
}
@ -216,8 +217,7 @@
}
System.Reflection.PropertyInfo property = type.GetProperty("Panes");
page.Panes = (string)property.GetValue(Activator.CreateInstance(type), null);
page.ViewPermissions = viewpermissions;
page.EditPermissions = editpermissions;
page.Permissions = UserSecurity.SetPermissions("View", viewpermissions) + UserSecurity.SetPermissions("Edit", editpermissions);
await PageService.UpdatePageAsync(page);
PageState.Reload = Constants.ReloadSite;
@ -232,7 +232,7 @@
}
catch (Exception ex)
{
message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
message = ex.Message;
}
}
}

4
Oqtane.Client/Modules/Admin/Pages/Index.razor
View File

@ -1,7 +1,7 @@
@using Oqtane.Services
@using Oqtane.Client.Modules.Controls
@using Oqtane.Services
@using Oqtane.Models
@using Oqtane.Modules
@using Oqtane.Client.Modules.Controls
@inherits ModuleBase
@inject IPageService PageService

12
Oqtane.Client/Modules/Admin/Register/Index.razor
View File

@ -9,7 +9,7 @@
<div class="container">
<div class="form-group">
<label for="Username" class="control-label">Email: </label>
<input type="text" name="Username" class="form-control" placeholder="Username" @bind="@Username" />
<input type="text" name="Username" class="form-control" placeholder="Username" @bind="@Email" />
</div>
<div class="form-group">
<label for="Password" class="control-label">Password: </label>
@ -22,17 +22,17 @@
@code {
public override SecurityAccessLevel SecurityAccessLevel { get { return SecurityAccessLevel.Anonymous; } }
public string Username { get; set; } = "";
public string Email { get; set; } = "";
public string Password { get; set; } = "";
private async Task RegisterUser()
{
User user = new User();
user.SiteId = PageState.Site.SiteId;
user.Username = Username;
user.DisplayName = Username;
user.Roles = "Administrators;";
user.IsSuperUser = false;
user.Username = Email;
user.DisplayName = Email;
user.Email = Email;
user.IsHost = false;
user.Password = Password;
await UserService.AddUserAsync(user);
UriHelper.NavigateTo("");

5
Oqtane.Client/Modules/Admin/Sites/Add.razor
View File

@ -2,6 +2,8 @@
@using Oqtane.Models
@using Oqtane.Services
@using Oqtane.Modules
@using Oqtane.Shared
@using Oqtane.Security
@inherits ModuleBase
@inject IUriHelper UriHelper
@inject ITenantService TenantService
@ -102,8 +104,7 @@ else
Type type = Type.GetType(p.ThemeType);
System.Reflection.PropertyInfo property = type.GetProperty("Panes");
p.Panes = (string)property.GetValue(Activator.CreateInstance(type), null);
p.ViewPermissions = "All Users";
p.EditPermissions = "Administrators";
p.Permissions = UserSecurity.SetPermissions("View", Constants.AllUsersRole) + UserSecurity.SetPermissions("Edit", Constants.AdminRole);
await PageService.AddPageAsync(p);
UriHelper.NavigateTo(url, true);

12
Oqtane.Client/Modules/Controls/ActionLink.razor
View File

@ -2,6 +2,7 @@
@using Oqtane.Modules
@using Oqtane.Services
@using Oqtane.Shared
@using Oqtane.Security
@inherits ModuleBase
@inject IUserService UserService
@ -70,19 +71,16 @@
authorized = true;
break;
case SecurityAccessLevel.View:
authorized = UserService.IsAuthorized(PageState.User, ModuleState.ViewPermissions);
authorized = UserSecurity.IsAuthorized(PageState.User, "View", ModuleState.Permissions);
break;
case SecurityAccessLevel.Edit:
authorized = UserService.IsAuthorized(PageState.User, ModuleState.EditPermissions);
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions);
break;
case SecurityAccessLevel.Admin:
authorized = UserService.IsAuthorized(PageState.User, Constants.AdminRole);
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.AdminRole));
break;
case SecurityAccessLevel.Host:
if (PageState.User != null)
{
authorized = PageState.User.IsSuperUser;
}
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.HostRole));
break;
}
}

20
Oqtane.Client/Modules/Controls/ModuleMessage.razor
View File

@ -1,30 +1,22 @@
@using Oqtane.Modules
@inherits ModuleBase
@if (authorized)
@if (Message != "")
{
<div class="@type">
@Message
</div>
<div class="@type">@Message</div><br /><br />
}
@code {
[Parameter]
public MessageType Type { get; set; }
[Parameter]
public string Message { get; set; }
string type = "alert alert-success"; // optional
bool authorized = false;
[Parameter]
public MessageType Type { get; set; }
string type = "alert alert-danger";
protected override void OnInitialized()
{
if (PageState.User != null)
{
authorized = PageState.User.IsSuperUser;
}
switch (Type)
{
case MessageType.Success:

10
Oqtane.Client/Modules/HtmlText/Services/HtmlTextService.cs
View File

@ -29,22 +29,22 @@ namespace Oqtane.Client.Modules.HtmlText.Services
public async Task<HtmlTextInfo> GetHtmlTextAsync(int ModuleId)
{
return await http.GetJsonAsync<HtmlTextInfo>(apiurl + "/" + ModuleId.ToString());
return await http.GetJsonAsync<HtmlTextInfo>(apiurl + "/" + ModuleId.ToString() + "?entityid=" + ModuleId.ToString());
}
public async Task AddHtmlTextAsync(HtmlTextInfo htmltext)
{
await http.PostJsonAsync(apiurl, htmltext);
await http.PostJsonAsync(apiurl + "?entityid=" + htmltext.ModuleId.ToString(), htmltext);
}
public async Task UpdateHtmlTextAsync(HtmlTextInfo htmltext)
{
await http.PutJsonAsync(apiurl + "/" + htmltext.HtmlTextId.ToString(), htmltext);
await http.PutJsonAsync(apiurl + "/" + htmltext.HtmlTextId.ToString() + "?entityid=" + htmltext.ModuleId.ToString(), htmltext);
}
public async Task DeleteHtmlTextAsync(int HtmlTextId)
public async Task DeleteHtmlTextAsync(int ModuleId)
{
await http.DeleteAsync(apiurl + "/" + HtmlTextId.ToString());
await http.DeleteAsync(apiurl + "/" + ModuleId.ToString() + "?entityid=" + ModuleId.ToString());
}
}
}

2
Oqtane.Client/Modules/HtmlText/Services/IHtmlTextService.cs
View File

@ -12,6 +12,6 @@ namespace Oqtane.Client.Modules.HtmlText.Services
Task UpdateHtmlTextAsync(HtmlTextInfo htmltext);
Task DeleteHtmlTextAsync(int HtmlTextId);
Task DeleteHtmlTextAsync(int ModuleId);
}
}