Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

PermissionNames constants

Browse Source 
Replace magic strings in authorisation calls
This commit is contained in:
Pavel Vesely
2020-03-14 09:21:26 +01:00
parent 52e31c42f6
commit 3e1c371be6
21 changed files with 79 additions and 49 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
Oqtane.Client/Modules/Admin/Dashboard/Index.razor
View File

@ -6,7 +6,7 @@
<div class="row">
@foreach (var p in pages)
{
if (UserSecurity.IsAuthorized(PageState.User, "View", p.Permissions))
if (UserSecurity.IsAuthorized(PageState.User, PermissionNames.View, p.Permissions))
{
string url = NavigateUrl(p.Path);
<div class="col-md-2 mx-auto text-center">

2
Oqtane.Client/Modules/Admin/Sites/Edit.razor
View File

@ -241,7 +241,7 @@
}
}
await Log(Alias, LogLevel.Information, "Edit", null, "Site Saved {Site}", site);
await Log(Alias, LogLevel.Information,PermissionNames.Edit, null, "Site Saved {Site}", site);
NavigationManager.NavigateTo(NavigateUrl());
}

2
Oqtane.Client/Modules/Admin/UserProfile/Index.razor
View File

@ -101,7 +101,7 @@
<label for="@p.Name" class="control-label">@p.Title: </label>
</td>
<td>
<input class="form-control" maxlength="@p.MaxLength" value="@GetProfileValue(p.Name, p.DefaultValue)" placeholder="@p.Description" @onchange="(e => ProfileChanged(e, p.Name))" />
<input class="form-control" maxlength="@p.MaxLength" value="@GetProfileValue(p.Name, p.DefaultValue)" placeholder="@p.Description" @onchange="@(e => ProfileChanged(e, p.Name))" />
</td>
</tr>
}

2
Oqtane.Client/Modules/Admin/Users/Add.razor
View File

@ -66,7 +66,7 @@
<label for="@p.Name" class="control-label">@p.Title: </label>
</td>
<td>
<input class="form-control" maxlength="@p.MaxLength" placeholder="@p.Description" @onchange="(e => ProfileChanged(e, p.Name))" />
<input class="form-control" maxlength="@p.MaxLength" placeholder="@p.Description" @onchange="@(e => ProfileChanged(e, p.Name))" />
</td>
</tr>
}

2
Oqtane.Client/Modules/Admin/Users/Edit.razor
View File

@ -82,7 +82,7 @@
<label for="@p.Name" class="control-label">@p.Title: </label>
</td>
<td>
<input class="form-control" maxlength="@p.MaxLength" value="@GetProfileValue(p.Name, p.DefaultValue)" placeholder="@p.Description" @onchange="(e => ProfileChanged(e, p.Name))" />
<input class="form-control" maxlength="@p.MaxLength" value="@GetProfileValue(p.Name, p.DefaultValue)" placeholder="@p.Description" @onchange="@(e => ProfileChanged(e, p.Name))" />
</td>
</tr>
}

4
Oqtane.Client/Modules/Controls/ActionDialog.razor
View File

@ -117,10 +117,10 @@
authorized = true;
break;
case SecurityAccessLevel.View:
authorized = UserSecurity.IsAuthorized(PageState.User, "View", ModuleState.Permissions);
authorized = UserSecurity.IsAuthorized(PageState.User,PermissionNames.View, ModuleState.Permissions);
break;
case SecurityAccessLevel.Edit:
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions);
authorized = UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, ModuleState.Permissions);
break;
case SecurityAccessLevel.Admin:
authorized = UserSecurity.IsAuthorized(PageState.User, Constants.AdminRole);

4
Oqtane.Client/Modules/Controls/ActionLink.razor
View File

@ -110,10 +110,10 @@
authorized = true;
break;
case SecurityAccessLevel.View:
authorized = UserSecurity.IsAuthorized(PageState.User, "View", ModuleState.Permissions);
authorized = UserSecurity.IsAuthorized(PageState.User,PermissionNames.View, ModuleState.Permissions);
break;
case SecurityAccessLevel.Edit:
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions);
authorized = UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, ModuleState.Permissions);
break;
case SecurityAccessLevel.Admin:
authorized = UserSecurity.IsAuthorized(PageState.User, Constants.AdminRole);

2
Oqtane.Client/Modules/Controls/FileManager.razor
View File

@ -181,7 +181,7 @@
Folder folder = folders.Where(item => item.FolderId == folderid).FirstOrDefault();
if (folder != null)
{
haseditpermission = UserSecurity.IsAuthorized(PageState.User, "Edit", folder.Permissions);
haseditpermission = UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, folder.Permissions);
files = await FileService.GetFilesAsync(folderid);
}
else

18
Oqtane.Client/Themes/Controls/ControlPanel.razor
View File

@ -9,7 +9,7 @@
@inject IPageModuleService PageModuleService
@inject ILogService logger
@if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions))
@if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, PageState.Page.Permissions))
{
<div class="app-controlpanel" style="@_display">
@ -96,7 +96,7 @@
<option value="-">&lt;Select Module&gt;</option>
@foreach (var moduledefinition in _moduleDefinitions)
{
if (UserSecurity.IsAuthorized(PageState.User, "Utilize", moduledefinition.Permissions))
if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.Utilize, moduledefinition.Permissions))
{
<option value="@moduledefinition.ModuleDefinitionName">@moduledefinition.Name</option>
}
@ -162,7 +162,7 @@
</div>
}
@if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions) || (PageState.Page.IsPersonalizable && PageState.User != null))
@if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, PageState.Page.Permissions) || (PageState.Page.IsPersonalizable && PageState.User != null))
{
@if (PageState.Page.EditMode)
{
@ -187,7 +187,7 @@
}
}
@if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions))
@if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, PageState.Page.Permissions))
{
<button type="button" class="btn @ButtonClass" @onclick="ShowControlPanel">
<span class="oi oi-menu"></span>
@ -244,7 +244,7 @@
BodyClass = "card-body";
}
if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions))
if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, PageState.Page.Permissions))
{
_pages?.Clear();
@ -265,7 +265,7 @@
_moduleDefinitions = _allModuleDefinitions.Where(item => item.Categories == "").ToList();
foreach (Page p in PageState.Pages)
{
if (UserSecurity.IsAuthorized(PageState.User, "View", p.Permissions))
if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.View, p.Permissions))
{
_pages.Add(p);
}
@ -301,7 +301,7 @@
{
foreach (Module module in PageState.Modules.Where(item => item.PageId == int.Parse(_pageId) && !item.IsDeleted))
{
if (UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions))
if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.View, module.Permissions))
{
_modules.Add(module);
}
@ -313,7 +313,7 @@
private async Task AddModule()
{
if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions))
if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, PageState.Page.Permissions))
{
if ((_moduleType == "new" && _moduleDefinitionName != "-") || (_moduleType != "new" && _moduleId != "-"))
{
@ -381,7 +381,7 @@
private async Task ToggleEditMode(bool EditMode)
{
if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions))
if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, PageState.Page.Permissions))
{
if (EditMode)
{

4
Oqtane.Client/Themes/Controls/Menu.razor
View File

@ -36,7 +36,7 @@
foreach (Page p in PageState.Pages.Where(item => item.IsNavigation && !item.IsDeleted))
{
if (UserSecurity.IsAuthorized(PageState.User, "View", p.Permissions) && p.Level <= securitylevel)
if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.View, p.Permissions) && p.Level <= securitylevel)
{
securitylevel = int.MaxValue;
@ -74,7 +74,7 @@
menu += "<ul class=\"navbar-nav mr-auto\">";
foreach (Page p in PageState.Pages.Where(item => item.IsNavigation && !item.IsDeleted))
{
if (UserSecurity.IsAuthorized(PageState.User, "View", p.Permissions) && p.ParentId == PageState.Page.ParentId && p.Level == PageState.Page.Level)
if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.View, p.Permissions) && p.ParentId == PageState.Page.ParentId && p.Level == PageState.Page.Level)
{
if (p.PageId == PageState.Page.PageId)
{

8
Oqtane.Client/Themes/Controls/ModuleActions.razor
View File

@ -4,7 +4,7 @@
@inject IUserService UserService
@inject IPageModuleService PageModuleService
@if (PageState.EditMode && !PageState.Page.EditMode && UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions))
@if (PageState.EditMode && !PageState.Page.EditMode && UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, ModuleState.Permissions))
{
<a class="nav-link dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false"></a>
<div class="dropdown-menu" x-placement="bottom-start" style="position: absolute; will-change: transform; top: 0px; left: 0px; transform: translate3d(0px, 37px, 0px);">
@ -27,7 +27,7 @@
protected override void OnParametersSet()
{
if (PageState.EditMode && UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions))
if (PageState.EditMode && UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, ModuleState.Permissions))
{
actions = new List<ActionViewModel>();
actions.Add(new ActionViewModel { Action = "settings", Name = "Manage Settings" });
@ -66,7 +66,7 @@
protected async Task ModuleAction(string action)
{
if (PageState.EditMode && UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions))
if (PageState.EditMode && UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, ModuleState.Permissions))
{
PageModule pagemodule = await PageModuleService.GetPageModuleAsync(ModuleState.PageModuleId);
@ -125,4 +125,4 @@
public string Action { set; get; }
public string Name { set; get; }
}
}
}

14
Oqtane.Client/UI/Pane.razor
View File

@ -25,7 +25,7 @@
protected override void OnParametersSet()
{
if (PageState.EditMode && !PageState.Page.EditMode && UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions) && Name != Constants.AdminPane)
if (PageState.EditMode && !PageState.Page.EditMode && UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, PageState.Page.Permissions) && Name != Constants.AdminPane)
{
paneadminborder = "app-pane-admin-border";
panetitle = "<div class=\"app-pane-admin-title\">" + Name + " Pane</div>";
@ -57,7 +57,7 @@
bool authorized = false;
if (Constants.DefaultModuleActions.Contains(PageState.Action))
{
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions);
authorized = UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, PageState.Page.Permissions);
}
else
{
@ -68,10 +68,10 @@
authorized = true;
break;
case SecurityAccessLevel.View:
authorized = UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions);
authorized = UserSecurity.IsAuthorized(PageState.User,PermissionNames.View, module.Permissions);
break;
case SecurityAccessLevel.Edit:
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", module.Permissions);
authorized = UserSecurity.IsAuthorized(PageState.User,PermissionNames.Edit, module.Permissions);
break;
case SecurityAccessLevel.Admin:
authorized = UserSecurity.IsAuthorized(PageState.User, Constants.AdminRole);
@ -107,7 +107,7 @@
if (module != null && module.Pane.ToLower() == Name.ToLower())
{
// check if user is authorized to view module
if (UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions))
if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.View, module.Permissions))
{
builder.OpenComponent(0, Type.GetType(Constants.ContainerComponent));
builder.AddAttribute(1, "Module", module);
@ -120,7 +120,7 @@
foreach (Module module in PageState.Modules.Where(item => item.PageId == PageState.Page.PageId && item.Pane.ToLower() == Name.ToLower() && !item.IsDeleted).OrderBy(x => x.Order).ToArray())
{
// check if user is authorized to view module
if (UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions))
if (UserSecurity.IsAuthorized(PageState.User,PermissionNames.View, module.Permissions))
{
builder.OpenComponent(0, Type.GetType(Constants.ContainerComponent));
builder.AddAttribute(1, "Module", module);
@ -132,4 +132,4 @@
};
};
}
}
}

4
Oqtane.Client/UI/SiteRouter.razor
View File

@ -231,7 +231,7 @@
}
// check if user is authorized to view page
if (UserSecurity.IsAuthorized(user, "View", page.Permissions))
if (UserSecurity.IsAuthorized(user,PermissionNames.View, page.Permissions))
{
page = await ProcessPage(page, site, user);
@ -453,4 +453,4 @@
return modules;
}
}
}

8
Oqtane.Server/Controllers/FileController.cs
View File

@ -103,7 +103,7 @@ namespace Oqtane.Controllers
public Models.File Get(int id)
{
Models.File file = _files.GetFile(id);
if (_userPermissions.IsAuthorized(User, "View", file.Folder.Permissions))
if (_userPermissions.IsAuthorized(User,PermissionNames.View, file.Folder.Permissions))
{
return file;
}
@ -164,7 +164,7 @@ namespace Oqtane.Controllers
{
Models.File file = null;
Folder folder = _folders.GetFolder(int.Parse(folderid));
if (folder != null && _userPermissions.IsAuthorized(User, "Edit", folder.Permissions))
if (folder != null && _userPermissions.IsAuthorized(User,PermissionNames.Edit, folder.Permissions))
{
string folderpath = GetFolderPath(folder);
CreateDirectory(folderpath);
@ -213,7 +213,7 @@ namespace Oqtane.Controllers
if (int.TryParse(folder, out folderid))
{
Folder Folder = _folders.GetFolder(folderid);
if (Folder != null && _userPermissions.IsAuthorized(User, "Edit", Folder.Permissions))
if (Folder != null && _userPermissions.IsAuthorized(User,PermissionNames.Edit, Folder.Permissions))
{
folderpath = GetFolderPath(Folder);
}
@ -364,7 +364,7 @@ namespace Oqtane.Controllers
public IActionResult Download(int id)
{
Models.File file = _files.GetFile(id);
if (file != null && _userPermissions.IsAuthorized(User, "View", file.Folder.Permissions))
if (file != null && _userPermissions.IsAuthorized(User,PermissionNames.View, file.Folder.Permissions))
{
string filepath = GetFolderPath(file.Folder) + file.Name;
if (System.IO.File.Exists(filepath))

2
Oqtane.Server/Controllers/FolderController.cs
View File

@ -99,7 +99,7 @@ namespace Oqtane.Controllers
{
permissions = UserSecurity.SetPermissionStrings(new List<PermissionString> { new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole } });
}
if (_userPermissions.IsAuthorized(User, "Edit", permissions))
if (_userPermissions.IsAuthorized(User,PermissionNames.Edit, permissions))
{
if (string.IsNullOrEmpty(Folder.Path) && Folder.ParentId != null)
{

4
Oqtane.Server/Controllers/ModuleController.cs
View File

@ -37,7 +37,7 @@ namespace Oqtane.Controllers
List<Models.Module> modules = new List<Models.Module>();
foreach (PageModule pagemodule in _pageModules.GetPageModules(int.Parse(siteid)))
{
if (_userPermissions.IsAuthorized(User, "View", pagemodule.Module.Permissions))
if (_userPermissions.IsAuthorized(User,PermissionNames.View, pagemodule.Module.Permissions))
{
Models.Module module = new Models.Module();
module.SiteId = pagemodule.Module.SiteId;
@ -70,7 +70,7 @@ namespace Oqtane.Controllers
public Models.Module Get(int id)
{
Models.Module module = _modules.GetModule(id);
if (_userPermissions.IsAuthorized(User, "View", module.Permissions))
if (_userPermissions.IsAuthorized(User,PermissionNames.View, module.Permissions))
{
List<ModuleDefinition> moduledefinitions = _moduleDefinitions.GetModuleDefinitions(module.SiteId).ToList();
module.ModuleDefinition = moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName);

4
Oqtane.Server/Controllers/ModuleDefinitionController.cs
View File

@ -38,7 +38,7 @@ namespace Oqtane.Controllers
List<ModuleDefinition> moduledefinitions = new List<ModuleDefinition>();
foreach(ModuleDefinition moduledefinition in _moduleDefinitions.GetModuleDefinitions(int.Parse(siteid)))
{
if (_userPermissions.IsAuthorized(User, "Utilize", moduledefinition.Permissions))
if (_userPermissions.IsAuthorized(User,PermissionNames.Utilize, moduledefinition.Permissions))
{
moduledefinitions.Add(moduledefinition);
}
@ -51,7 +51,7 @@ namespace Oqtane.Controllers
public ModuleDefinition Get(int id, string siteid)
{
ModuleDefinition moduledefinition = _moduleDefinitions.GetModuleDefinition(id, int.Parse(siteid));
if (_userPermissions.IsAuthorized(User, "Utilize", moduledefinition.Permissions))
if (_userPermissions.IsAuthorized(User,PermissionNames.Utilize, moduledefinition.Permissions))
{
return moduledefinition;
}

8
Oqtane.Server/Controllers/PageController.cs
View File

@ -38,7 +38,7 @@ namespace Oqtane.Controllers
List<Page> pages = new List<Page>();
foreach (Page page in _pages.GetPages(int.Parse(siteid)))
{
if (_userPermissions.IsAuthorized(User, "View", page.Permissions))
if (_userPermissions.IsAuthorized(User,PermissionNames.View, page.Permissions))
{
pages.Add(page);
}
@ -59,7 +59,7 @@ namespace Oqtane.Controllers
{
page = _pages.GetPage(id, int.Parse(userid));
}
if (_userPermissions.IsAuthorized(User, "View", page.Permissions))
if (_userPermissions.IsAuthorized(User,PermissionNames.View, page.Permissions))
{
return page;
}
@ -78,7 +78,7 @@ namespace Oqtane.Controllers
Page page = _pages.GetPage(WebUtility.UrlDecode(path), siteid);
if (page != null)
{
if (_userPermissions.IsAuthorized(User, "View", page.Permissions))
if (_userPermissions.IsAuthorized(User,PermissionNames.View, page.Permissions))
{
return page;
}
@ -113,7 +113,7 @@ namespace Oqtane.Controllers
permissions = UserSecurity.SetPermissionStrings(new List<PermissionString> { new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole } });
}
if (_userPermissions.IsAuthorized(User, "Edit", permissions))
if (_userPermissions.IsAuthorized(User,PermissionNames.Edit, permissions))
{
Page = _pages.AddPage(Page);
_syncManager.AddSyncEvent("Site", Page.SiteId);

4
Oqtane.Server/Controllers/PageModuleController.cs
View File

@ -33,7 +33,7 @@ namespace Oqtane.Controllers
public PageModule Get(int id)
{
PageModule pagemodule = _pageModules.GetPageModule(id);
if (_userPermissions.IsAuthorized(User, "View", pagemodule.Module.Permissions))
if (_userPermissions.IsAuthorized(User,PermissionNames.View, pagemodule.Module.Permissions))
{
return pagemodule;
}
@ -50,7 +50,7 @@ namespace Oqtane.Controllers
public PageModule Get(int pageid, int moduleid)
{
PageModule pagemodule = _pageModules.GetPageModule(pageid, moduleid);
if (_userPermissions.IsAuthorized(User, "View", pagemodule.Module.Permissions))
if (_userPermissions.IsAuthorized(User,PermissionNames.View, pagemodule.Module.Permissions))
{
return pagemodule;
}

10
Oqtane.Shared/Shared/PermissionNames.cs Normal file
View File

@ -0,0 +1,10 @@
namespace Oqtane.Shared
{
public class PermissionNames
{
public const string View = "View";
public const string Edit = "Edit";
public const string Delete = "Delete";
public const string Utilize = "Utilize";
}
}

20
Oqtane.Test/Oqtane.Test.csproj
View File

@ -22,4 +22,24 @@
<ProjectReference Include="..\Oqtane.Shared\Oqtane.Shared.csproj" />
</ItemGroup>
<ItemGroup>
<Compile Remove="Repository\**" />
<Compile Remove="Security\**" />
</ItemGroup>
<ItemGroup>
<EmbeddedResource Remove="Repository\**" />
<EmbeddedResource Remove="Security\**" />
</ItemGroup>
<ItemGroup>
<None Remove="Repository\**" />
<None Remove="Security\**" />
</ItemGroup>
<ItemGroup>
<Content Remove="Repository\**" />
<Content Remove="Security\**" />
</ItemGroup>
</Project>