Permission-based authorization utilizing Policies

This commit is contained in:
Shaun Walker
2019-08-27 17:14:41 -04:00
parent f037898c6e
commit 3ce7f1a227
54 changed files with 1104 additions and 388 deletions

View File

@ -3,6 +3,7 @@
@using Oqtane.Modules
@using Oqtane.Models
@using Oqtane.Shared
@using Oqtane.Security
@using System.Linq
@inject IUserService UserService
@inject IModuleService ModuleService
@ -27,7 +28,7 @@
protected override void OnInitialized()
{
if (UserService.IsAuthorized(PageState.User, PageState.Page.EditPermissions) && Name != Constants.AdminPane)
if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions) && Name != Constants.AdminPane)
{
paneadminborder = "pane-admin-border";
panetitle = "<div class=\"pane-admin-title\">" + Name + " Pane</div>";
@ -60,16 +61,16 @@
authorized = true;
break;
case SecurityAccessLevel.View:
authorized = UserService.IsAuthorized(PageState.User, module.ViewPermissions);
authorized = UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions);
break;
case SecurityAccessLevel.Edit:
authorized = UserService.IsAuthorized(PageState.User, module.EditPermissions);
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", module.Permissions);
break;
case SecurityAccessLevel.Admin:
authorized = UserService.IsAuthorized(PageState.User, Constants.AdminRole);
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.AdminRole));
break;
case SecurityAccessLevel.Host:
authorized = PageState.User.IsSuperUser;
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.HostRole));
break;
}
if (authorized)
@ -103,7 +104,7 @@
if (module != null && module.Pane == Name)
{
// check if user is authorized to view module
if (UserService.IsAuthorized(PageState.User, module.ViewPermissions))
if (UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions))
{
builder.OpenComponent(0, Type.GetType(Constants.DefaultContainer));
builder.AddAttribute(1, "Module", module);
@ -116,7 +117,7 @@
foreach (Module module in PageState.Modules.Where(item => item.Pane == Name).OrderBy(x => x.Order).ToArray())
{
// check if user is authorized to view module
if (UserService.IsAuthorized(PageState.User, module.ViewPermissions))
if (UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions))
{
builder.OpenComponent(0, Type.GetType(Constants.DefaultContainer));
builder.AddAttribute(1, "Module", module);