Merge remote-tracking branch 'upstream/dev' into dev
This commit is contained in:
Leigh Pointer
@@ -28,7 +28,7 @@
|
||||
@foreach (var permissionname in _permissionnames)
|
||||
{
|
||||
<td style="text-align: center;">
|
||||
<TriStateCheckBox Value=@GetPermissionValue(permissionname, role.Name, -1) Disabled="@GetPermissionDisabled(permissionname, role.Name)" OnChange="@(e => PermissionChanged(e, permissionname, role.Name, -1))" />
|
||||
<TriStateCheckBox Value="@GetPermissionValue(permissionname, role.Name, -1)" Disabled="@GetPermissionDisabled(permissionname, role.Name)" OnChange="@(e => PermissionChanged(e, permissionname, role.Name, -1))" />
|
||||
</td>
|
||||
}
|
||||
</tr>
|
||||
@@ -64,7 +64,7 @@
|
||||
@foreach (var permissionname in _permissionnames)
|
||||
{
|
||||
<td style="text-align: center; width: 1px;">
|
||||
<TriStateCheckBox Value=@GetPermissionValue(permissionname, "", user.UserId) Disabled="@GetPermissionDisabled(permissionname, "")" OnChange="@(e => PermissionChanged(e, permissionname, "", user.UserId))" />
|
||||
<TriStateCheckBox Value="@GetPermissionValue(permissionname, "", user.UserId)" Disabled="@GetPermissionDisabled(permissionname, "")" OnChange="@(e => PermissionChanged(e, permissionname, "", user.UserId))" />
|
||||
</td>
|
||||
}
|
||||
</tr>
|
||||
@@ -119,10 +119,7 @@
|
||||
}
|
||||
|
||||
_roles = await RoleService.GetRolesAsync(ModuleState.SiteId, true);
|
||||
if (!UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
|
||||
{
|
||||
_roles.RemoveAll(item => item.Name == RoleNames.Host);
|
||||
}
|
||||
_roles.RemoveAll(item => item.Name == RoleNames.Host); // remove host role
|
||||
|
||||
// get permission names
|
||||
if (string.IsNullOrEmpty(PermissionNames))
|
||||
@@ -222,24 +219,24 @@
|
||||
|
||||
private bool GetPermissionDisabled(string permissionName, string roleName)
|
||||
{
|
||||
var disabled = false;
|
||||
|
||||
// administrator role permissions can only be changed by a host
|
||||
if (roleName == RoleNames.Admin && !UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
if (GetEntityName(permissionName) != EntityName && !UserSecurity.IsAuthorized(PageState.User, RoleNames.Admin))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
else
|
||||
{
|
||||
return false;
|
||||
}
|
||||
}
|
||||
disabled = true;
|
||||
}
|
||||
|
||||
private void PermissionChanged(bool? value, string permissionName, string roleName, int userId)
|
||||
// API permissions can only be changed by an administrator
|
||||
if (GetEntityName(permissionName) != EntityName && !UserSecurity.IsAuthorized(PageState.User, RoleNames.Admin))
|
||||
{
|
||||
disabled = true;
|
||||
}
|
||||
|
||||
return disabled;
|
||||
}
|
||||
|
||||
private bool? PermissionChanged(bool? value, string permissionName, string roleName, int userId)
|
||||
{
|
||||
if (roleName != "")
|
||||
{
|
||||
@@ -248,6 +245,14 @@
|
||||
{
|
||||
_permissions.Remove(permission);
|
||||
}
|
||||
|
||||
// system roles cannot be denied - only custom roles can be denied
|
||||
var role = _roles.FirstOrDefault(item => item.Name == roleName);
|
||||
if (value != null && !value.Value && role.IsSystem)
|
||||
{
|
||||
value = null;
|
||||
}
|
||||
|
||||
if (value != null)
|
||||
{
|
||||
_permissions.Add(new Permission(ModuleState.SiteId, GetEntityName(permissionName), GetPermissionName(permissionName), roleName, null, value.Value));
|
||||
@@ -265,6 +270,7 @@
|
||||
_permissions.Add(new Permission(ModuleState.SiteId, GetEntityName(permissionName), GetPermissionName(permissionName), null, userId, value.Value));
|
||||
}
|
||||
}
|
||||
return value;
|
||||
}
|
||||
|
||||
private async Task<Dictionary<string, string>> GetUsers(string filter)
|
||||
@@ -305,29 +311,20 @@
|
||||
|
||||
private void ValidatePermissions()
|
||||
{
|
||||
// remove deny all users, unauthenticated, and registered users
|
||||
var permissions = _permissions.Where(item => !item.IsAuthorized &&
|
||||
(item.RoleName == RoleNames.Everyone || item.RoleName == RoleNames.Unauthenticated || item.RoleName == RoleNames.Registered)).ToList();
|
||||
foreach (var permission in permissions)
|
||||
{
|
||||
_permissions.Remove(permission);
|
||||
}
|
||||
if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
|
||||
{
|
||||
// remove deny administrators and host users
|
||||
permissions = _permissions.Where(item => !item.IsAuthorized &&
|
||||
(item.RoleName == RoleNames.Admin || item.RoleName == RoleNames.Host)).ToList();
|
||||
// remove host role permissions
|
||||
var permissions = _permissions.Where(item => item.RoleName == RoleNames.Host).ToList();
|
||||
foreach (var permission in permissions)
|
||||
{
|
||||
_permissions.Remove(permission);
|
||||
}
|
||||
// add host role permissions if administrator role is not assigned (to prevent lockout)
|
||||
foreach (var permissionname in _permissionnames)
|
||||
{
|
||||
// add administrators role if neither host or administrator is assigned
|
||||
if (!_permissions.Any(item => item.EntityName == GetEntityName(permissionname) && item.PermissionName == GetPermissionName(permissionname) &&
|
||||
(item.RoleName == RoleNames.Admin || item.RoleName == RoleNames.Host)))
|
||||
if (!_permissions.Any(item => item.EntityName == GetEntityName(permissionname) && item.PermissionName == GetPermissionName(permissionname) && item.RoleName == RoleNames.Admin))
|
||||
{
|
||||
_permissions.Add(new Permission(ModuleState.SiteId, GetEntityName(permissionname), GetPermissionName(permissionname), RoleNames.Admin, null, true));
|
||||
_permissions.Add(new Permission(ModuleState.SiteId, GetEntityName(permissionname), GetPermissionName(permissionname), RoleNames.Host, null, true));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
public bool Disabled { get; set; }
|
||||
|
||||
[Parameter]
|
||||
public Action<bool?> OnChange { get; set; }
|
||||
public Func<bool?, bool?> OnChange { get; set; }
|
||||
|
||||
protected override void OnInitialized()
|
||||
{
|
||||
@@ -41,12 +41,14 @@
|
||||
break;
|
||||
}
|
||||
|
||||
_value = OnChange(_value);
|
||||
SetImage();
|
||||
OnChange(_value);
|
||||
}
|
||||
}
|
||||
|
||||
private void SetImage()
|
||||
{
|
||||
if (!Disabled)
|
||||
{
|
||||
switch (_value)
|
||||
{
|
||||
@@ -63,6 +65,12 @@
|
||||
_title = string.Empty;
|
||||
break;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
_src = "images/disabled.png";
|
||||
_title = Localizer["PermissionDisabled"];
|
||||
}
|
||||
|
||||
StateHasChanged();
|
||||
}
|
||||
|
||||
@@ -123,4 +123,7 @@
|
||||
<data name="PermissionDenied" xml:space="preserve">
|
||||
<value>Permission Denied</value>
|
||||
</data>
|
||||
<data name="PermissionDisabled" xml:space="preserve">
|
||||
<value>Permission Disabled</value>
|
||||
</data>
|
||||
</root>
|
||||
@@ -433,6 +433,8 @@
|
||||
private List<Permission> GenerateDefaultPermissions(int siteId, string moduleDefinitionName)
|
||||
{
|
||||
var permissions = new List<Permission>();
|
||||
|
||||
// set module view permissions
|
||||
if (_visibility == "view")
|
||||
{
|
||||
// set module view permissions to page view permissions
|
||||
@@ -444,18 +446,18 @@
|
||||
permissions = SetPermissions(permissions, siteId, PermissionNames.View, PermissionNames.Edit);
|
||||
}
|
||||
|
||||
// get module permissions
|
||||
var permissionNames = $"{PermissionNames.View},{PermissionNames.Edit}";
|
||||
// set remaining module permissions
|
||||
var permissionNames = PermissionNames.Edit;
|
||||
var moduleDefinition = _allModuleDefinitions.FirstOrDefault(item => item.ModuleDefinitionName == moduleDefinitionName);
|
||||
if (moduleDefinition != null && !string.IsNullOrEmpty(moduleDefinition.PermissionNames))
|
||||
{
|
||||
permissionNames = moduleDefinition.PermissionNames;
|
||||
permissionNames = moduleDefinition.PermissionNames; // custom module permissions
|
||||
}
|
||||
foreach (var permission in permissionNames.Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries))
|
||||
{
|
||||
if (permission != PermissionNames.View)
|
||||
{
|
||||
// set remaining module permissions to page edit permissions
|
||||
// set module permissions to page edit permissions
|
||||
permissions = SetPermissions(permissions, siteId, permission, PermissionNames.Edit);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -33,7 +33,7 @@
|
||||
</PropertyGroup>
|
||||
|
||||
<ItemGroup>
|
||||
<PackageReference Include="MySql.Data" Version="9.3.0" />
|
||||
<PackageReference Include="MySql.Data" Version="9.4.0" />
|
||||
<PackageReference Include="Pomelo.EntityFrameworkCore.MySql" Version="9.0.0-preview.3.efcore.9.0.0" />
|
||||
</ItemGroup>
|
||||
|
||||
|
||||
@@ -47,7 +47,7 @@
|
||||
<PackageReference Include="Microsoft.Data.Sqlite.Core" Version="9.0.7" />
|
||||
<PackageReference Include="SQLitePCLRaw.bundle_e_sqlite3" Version="2.1.11" />
|
||||
<PackageReference Include="SixLabors.ImageSharp" Version="3.1.10" />
|
||||
<PackageReference Include="HtmlAgilityPack" Version="1.12.1" />
|
||||
<PackageReference Include="HtmlAgilityPack" Version="1.12.2" />
|
||||
<PackageReference Include="Swashbuckle.AspNetCore" Version="9.0.3" />
|
||||
<PackageReference Include="MailKit" Version="4.13.0" />
|
||||
</ItemGroup>
|
||||
|
||||
BIN
Oqtane.Server/wwwroot/images/disabled.png
Normal file
BIN
Oqtane.Server/wwwroot/images/disabled.png
Normal file
Binary file not shown.
|
After Width: | Height: | Size: 875 B |
Reference in New Issue
Block a user