fix #1367 - provides support for multiple entities in auth policy and makes parameter names more intuitive - backward compatible with entityid

2021-05-23 10:29:05 -04:00
parent 6f123c0fff
commit 3f48c1f8fe
7 changed files with 126 additions and 42 deletions
--- a/Oqtane.Server/Controllers/PageController.cs
+++ b/Oqtane.Server/Controllers/PageController.cs
@ -19,17 +19,19 @@ namespace Oqtane.Controllers
        private readonly IPageRepository _pages;
        private readonly IModuleRepository _modules;
        private readonly IPageModuleRepository _pageModules;
+        private readonly IPermissionRepository _permissionRepository;
        private readonly ISettingRepository _settings;
        private readonly IUserPermissions _userPermissions;
        private readonly ISyncManager _syncManager;
        private readonly ILogManager _logger;
        private readonly Alias _alias;

-        public PageController(IPageRepository pages, IModuleRepository modules, IPageModuleRepository pageModules, ISettingRepository settings, IUserPermissions userPermissions, ITenantManager tenantManager, ISyncManager syncManager, ILogManager logger)
+        public PageController(IPageRepository pages, IModuleRepository modules, IPageModuleRepository pageModules, IPermissionRepository permissionRepository, ISettingRepository settings, IUserPermissions userPermissions, ITenantManager tenantManager, ISyncManager syncManager, ILogManager logger)
        {
            _pages = pages;
            _modules = modules;
            _pageModules = pageModules;
+            _permissionRepository = permissionRepository;
            _settings = settings;
            _userPermissions = userPermissions;
            _syncManager = syncManager;
@ -227,7 +229,54 @@ namespace Oqtane.Controllers
        {
            if (ModelState.IsValid && _userPermissions.IsAuthorized(User, EntityNames.Page, page.PageId, PermissionNames.Edit))
            {
+                // preserve page permissions
+                var oldPermissions = _permissionRepository.GetPermissions(EntityNames.Page, page.PageId).ToList();
+
                page = _pages.UpdatePage(page);
+
+                // get differences between old and new page permissions
+                var newPermissions = _permissionRepository.DecodePermissions(page.Permissions, page.SiteId, EntityNames.Page, page.PageId).ToList();
+                var added = GetPermissionsDifferences(newPermissions, oldPermissions);
+                var removed = GetPermissionsDifferences(oldPermissions, newPermissions);
+
+                // synchronize module permissions
+                if (added.Count > 0 || removed.Count > 0)
+                {
+                    foreach (PageModule pageModule in _pageModules.GetPageModules(page.PageId, "").ToList())
+                    {
+                        var modulePermissions = _permissionRepository.GetPermissions(EntityNames.Module, pageModule.Module.ModuleId).ToList();
+                        //var modulePermissions = _permissionRepository.DecodePermissions(pageModule.Module.Permissions, page.SiteId, EntityNames.Module, pageModule.ModuleId).ToList();
+                        // permissions added
+                        foreach(Permission permission in added)
+                        {
+                            if (!modulePermissions.Any(item => item.PermissionName == permission.PermissionName
+                              && item.RoleId == permission.RoleId && item.UserId == permission.UserId && item.IsAuthorized == permission.IsAuthorized))
+                            {
+                                _permissionRepository.AddPermission(new Permission
+                                {
+                                    SiteId = page.SiteId,
+                                    EntityName = EntityNames.Module,
+                                    EntityId = pageModule.ModuleId,
+                                    PermissionName = permission.PermissionName,
+                                    RoleId = permission.RoleId,
+                                    UserId = permission.UserId,
+                                    IsAuthorized = permission.IsAuthorized
+                                });
+                            }
+                        }
+                        // permissions removed
+                        foreach (Permission permission in removed)
+                        {
+                            var modulePermission = modulePermissions.FirstOrDefault(item => item.PermissionName == permission.PermissionName
+                              && item.RoleId == permission.RoleId && item.UserId == permission.UserId && item.IsAuthorized == permission.IsAuthorized);
+                            if (modulePermission != null)
+                            {
+                                _permissionRepository.DeletePermission(modulePermission.PermissionId);
+                            }
+                        }
+                    }
+                }
+
                _syncManager.AddSyncEvent(_alias.TenantId, EntityNames.Site, page.SiteId);
                _logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Updated {Page}", page);
            }
@ -240,6 +289,19 @@ namespace Oqtane.Controllers
            return page;
        }

+        private List<Permission> GetPermissionsDifferences(List<Permission> permissions1, List<Permission> permissions2)
+        {
+            var differences = new List<Permission>();
+            foreach (Permission p in permissions1)
+            {
+                if (!permissions2.Any(item => item.PermissionName == p.PermissionName && item.RoleId == p.RoleId && item.UserId == p.UserId && item.IsAuthorized == p.IsAuthorized))
+                {
+                    differences.Add(p);
+                }
+            }
+            return differences;
+        }
+
        // PUT api/<controller>/?siteid=x&pageid=y&parentid=z
        [HttpPut]
        [Authorize(Roles = RoleNames.Registered)]
@ -287,4 +349,5 @@ namespace Oqtane.Controllers
            }
        }
    }
+
 }