Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Permission-based authorization utilizing Policies

Browse Source
This commit is contained in:
Shaun Walker
2019-08-27 17:14:41 -04:00
parent f037898c6e
commit 3ce7f1a227
54 changed files with 1104 additions and 388 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Oqtane.Server/Controllers/AliasController.cs
View File

@ -32,7 +32,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize]
[Authorize(Roles = "Administrators")]
public Alias Post([FromBody] Alias Alias)
{
if (ModelState.IsValid)
@ -44,7 +44,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public Alias Put(int id, [FromBody] Alias Alias)
{
if (ModelState.IsValid)
@ -55,8 +55,8 @@ namespace Oqtane.Controllers
}
// DELETE api/<controller>/5
[Authorize]
[HttpDelete("{id}")]
[Authorize(Roles = "Administrators")]
public void Delete(int id)
{
Aliases.DeleteAlias(id);

2
Oqtane.Server/Controllers/InstallationController.cs
View File

@ -4,9 +4,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Oqtane.Models;
using Oqtane.Repository;
using System;
using System.Collections.Generic;
using System.Data.SqlClient;
using System.IO;
using System.Linq;

6
Oqtane.Server/Controllers/ModuleController.cs
View File

@ -54,7 +54,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize]
[Authorize(Roles = "Administrators")]
public Module Post([FromBody] Module Module)
{
if (ModelState.IsValid)
@ -66,7 +66,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public Module Put(int id, [FromBody] Module Module)
{
if (ModelState.IsValid)
@ -78,7 +78,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public void Delete(int id)
{
Modules.DeleteModule(id);

6
Oqtane.Server/Controllers/PageModuleController.cs
View File

@ -32,7 +32,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize]
[Authorize(Roles = "Administrators")]
public PageModule Post([FromBody] PageModule PageModule)
{
if (ModelState.IsValid)
@ -44,7 +44,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public PageModule Put(int id, [FromBody] PageModule PageModule)
{
if (ModelState.IsValid)
@ -56,7 +56,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public void Delete(int id)
{
PageModules.DeletePageModule(id);

65
Oqtane.Server/Controllers/PermissionController.cs Normal file
View File

@ -0,0 +1,65 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
namespace Oqtane.Controllers
{
[Route("{site}/api/[controller]")]
public class PermissionController : Controller
{
private readonly IPermissionRepository Permissions;
public PermissionController(IPermissionRepository Permissions)
{
this.Permissions = Permissions;
}
// GET: api/<controller>
[HttpGet]
public IEnumerable<Permission> Get(string entityname, int entityid, string permissionname)
{
return Permissions.GetPermissions(entityname, entityid, permissionname);
}
// GET api/<controller>/5
[HttpGet("{id}")]
public Permission Get(int id)
{
return Permissions.GetPermission(id);
}
// POST api/<controller>
[HttpPost]
[Authorize(Roles = "Administrators")]
public Permission Post([FromBody] Permission Permission)
{
if (ModelState.IsValid)
{
Permission = Permissions.AddPermission(Permission);
}
return Permission;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = "Administrators")]
public Permission Put(int id, [FromBody] Permission Permission)
{
if (ModelState.IsValid)
{
Permission = Permissions.UpdatePermission(Permission);
}
return Permission;
}
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize(Roles = "Administrators")]
public void Delete(int id)
{
Permissions.DeletePermission(id);
}
}
}

6
Oqtane.Server/Controllers/RoleController.cs
View File

@ -39,7 +39,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize]
[Authorize(Roles = "Administrators")]
public Role Post([FromBody] Role Role)
{
if (ModelState.IsValid)
@ -51,7 +51,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public Role Put(int id, [FromBody] Role Role)
{
if (ModelState.IsValid)
@ -63,7 +63,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public void Delete(int id)
{
Roles.DeleteRole(id);

111
Oqtane.Server/Controllers/UserController.cs
View File

@ -8,6 +8,7 @@ using Microsoft.AspNetCore.Identity;
using System.Threading.Tasks;
using System.Linq;
using System.Security.Claims;
using Oqtane.Shared;
namespace Oqtane.Controllers
{
@ -54,7 +55,7 @@ namespace Oqtane.Controllers
if (user != null)
{
user.SiteId = int.Parse(siteid);
if (!user.IsSuperUser) // super users are part of every site by default
if (!user.IsHost) // host users are part of every site by default
{
SiteUser siteuser = SiteUsers.GetSiteUser(user.SiteId, id);
if (siteuser != null)
@ -62,6 +63,10 @@ namespace Oqtane.Controllers
user.Roles = GetUserRoles(user.UserId, user.SiteId);
}
}
else
{
user.Roles = ";" + Constants.HostRole + ";" + Constants.AdminRole + ";";
}
}
return user;
}
@ -74,7 +79,7 @@ namespace Oqtane.Controllers
if (user != null)
{
user.SiteId = int.Parse(siteid);
if (!user.IsSuperUser) // super users are part of every site by default
if (!user.IsHost) // host users are part of every site by default
{
SiteUser siteuser = SiteUsers.GetSiteUser(user.SiteId, user.UserId);
if (siteuser != null)
@ -86,6 +91,10 @@ namespace Oqtane.Controllers
user = null;
}
}
else
{
user.Roles = ";" + Constants.HostRole + ";" + Constants.AdminRole + ";";
}
}
return user;
}
@ -98,58 +107,66 @@ namespace Oqtane.Controllers
if (ModelState.IsValid)
{
IdentityUser identityuser = await IdentityUserManager.FindByNameAsync(User.Username);
if (identityuser == null)
bool authorized = HttpContext.User.IsInRole(Constants.AdminRole);
if (!authorized && !Users.GetUsers().Any())
{
identityuser = new IdentityUser();
identityuser.UserName = User.Username;
identityuser.Email = User.Username;
var result = await IdentityUserManager.CreateAsync(identityuser, User.Password);
if (result.Succeeded)
authorized = true; // during initial installation we need to be able to create the host user
}
if (authorized)
{
IdentityUser identityuser = await IdentityUserManager.FindByNameAsync(User.Username);
if (identityuser == null)
{
user = Users.AddUser(User);
if (!user.IsSuperUser)
identityuser = new IdentityUser();
identityuser.UserName = User.Username;
identityuser.Email = User.Username;
var result = await IdentityUserManager.CreateAsync(identityuser, User.Password);
if (result.Succeeded)
{
SiteUser siteuser = new SiteUser();
siteuser.SiteId = User.SiteId;
siteuser.UserId = user.UserId;
SiteUsers.AddSiteUser(siteuser);
List<Role> roles = Roles.GetRoles(user.SiteId).Where(item => item.IsAutoAssigned == true).ToList();
foreach (Role role in roles)
user = Users.AddUser(User);
if (!user.IsHost) // host users are part of every site by default
{
UserRole userrole = new UserRole();
userrole.UserId = user.UserId;
userrole.RoleId = role.RoleId;
userrole.EffectiveDate = null;
userrole.ExpiryDate = null;
UserRoles.AddUserRole(userrole);
SiteUser siteuser = new SiteUser();
siteuser.SiteId = User.SiteId;
siteuser.UserId = user.UserId;
SiteUsers.AddSiteUser(siteuser);
List<Role> roles = Roles.GetRoles(user.SiteId).Where(item => item.IsAutoAssigned == true).ToList();
foreach (Role role in roles)
{
UserRole userrole = new UserRole();
userrole.UserId = user.UserId;
userrole.RoleId = role.RoleId;
userrole.EffectiveDate = null;
userrole.ExpiryDate = null;
UserRoles.AddUserRole(userrole);
}
}
}
}
}
else
{
user = Users.GetUser(User.Username);
SiteUser siteuser = SiteUsers.GetSiteUser(User.SiteId, user.UserId);
if (siteuser == null)
else
{
if (!user.IsSuperUser)
user = Users.GetUser(User.Username);
SiteUser siteuser = SiteUsers.GetSiteUser(User.SiteId, user.UserId);
if (siteuser == null)
{
siteuser = new SiteUser();
siteuser.SiteId = User.SiteId;
siteuser.UserId = user.UserId;
SiteUsers.AddSiteUser(siteuser);
List<Role> roles = Roles.GetRoles(User.SiteId).Where(item => item.IsAutoAssigned == true).ToList();
foreach (Role role in roles)
if (!user.IsHost) // host users are part of every site by default
{
UserRole userrole = new UserRole();
userrole.UserId = user.UserId;
userrole.RoleId = role.RoleId;
userrole.EffectiveDate = null;
userrole.ExpiryDate = null;
UserRoles.AddUserRole(userrole);
siteuser = new SiteUser();
siteuser.SiteId = User.SiteId;
siteuser.UserId = user.UserId;
SiteUsers.AddSiteUser(siteuser);
List<Role> roles = Roles.GetRoles(User.SiteId).Where(item => item.IsAutoAssigned == true).ToList();
foreach (Role role in roles)
{
UserRole userrole = new UserRole();
userrole.UserId = user.UserId;
userrole.RoleId = role.RoleId;
userrole.EffectiveDate = null;
userrole.ExpiryDate = null;
UserRoles.AddUserRole(userrole);
}
}
}
}
@ -161,7 +178,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public User Put(int id, [FromBody] User User)
{
if (ModelState.IsValid)
@ -173,7 +190,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5?siteid=x
[HttpDelete("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public void Delete(int id, string siteid)
{
SiteUser siteuser = SiteUsers.GetSiteUser(id, int.Parse(siteid));
@ -200,7 +217,7 @@ namespace Oqtane.Controllers
user = Users.GetUser(identityuser.UserName);
if (user != null)
{
if (!user.IsSuperUser) // super users are part of every site by default
if (!user.IsHost) // host users are part of every site by default
{
SiteUser siteuser = SiteUsers.GetSiteUser(User.SiteId, user.UserId);
if (siteuser != null)

6
Oqtane.Server/Controllers/UserRoleController.cs
View File

@ -39,7 +39,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize]
[Authorize(Roles = "Administrators")]
public UserRole Post([FromBody] UserRole UserRole)
{
if (ModelState.IsValid)
@ -51,7 +51,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public UserRole Put(int id, [FromBody] UserRole UserRole)
{
if (ModelState.IsValid)
@ -63,7 +63,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public void Delete(int id)
{
UserRoles.DeleteUserRole(id);