improvements for site groups
This commit is contained in:
sbwalker
@@ -1,13 +1,14 @@
|
||||
using System.Collections.Generic;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Oqtane.Enums;
|
||||
using Oqtane.Models;
|
||||
using Oqtane.Shared;
|
||||
using Oqtane.Infrastructure;
|
||||
using Oqtane.Repository;
|
||||
using System.Net;
|
||||
using System.Linq;
|
||||
using System.Net;
|
||||
using System.Security.Policy;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Oqtane.Enums;
|
||||
using Oqtane.Infrastructure;
|
||||
using Oqtane.Models;
|
||||
using Oqtane.Repository;
|
||||
using Oqtane.Shared;
|
||||
|
||||
namespace Oqtane.Controllers
|
||||
{
|
||||
@@ -27,12 +28,26 @@ namespace Oqtane.Controllers
|
||||
_alias = tenantManager.GetAlias();
|
||||
}
|
||||
|
||||
// GET: api/<controller>
|
||||
// GET: api/<controller>?siteid=x
|
||||
[HttpGet]
|
||||
[Authorize(Roles = RoleNames.Host)]
|
||||
public IEnumerable<SiteGroupDefinition> Get()
|
||||
[Authorize(Roles = RoleNames.Admin)]
|
||||
public IEnumerable<SiteGroupDefinition> Get(string siteid)
|
||||
{
|
||||
return _siteGroupDefinitionRepository.GetSiteGroupDefinitions().ToList();
|
||||
if (User.IsInRole(RoleNames.Host) || (int.TryParse(siteid, out int SiteId) && SiteId == _alias.SiteId))
|
||||
{
|
||||
var siteGroupDefinitions = _siteGroupDefinitionRepository.GetSiteGroupDefinitions();
|
||||
if (!User.IsInRole(RoleNames.Host))
|
||||
{
|
||||
siteGroupDefinitions = siteGroupDefinitions.Where(item => item.PrimarySiteId == _alias.SiteId);
|
||||
}
|
||||
return siteGroupDefinitions.ToList();
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Site Group Definition Get Attempt {SiteId}", siteid);
|
||||
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
|
||||
return null;
|
||||
}
|
||||
}
|
||||
|
||||
// GET api/<controller>/5
|
||||
@@ -74,11 +89,17 @@ namespace Oqtane.Controllers
|
||||
|
||||
// PUT api/<controller>/5
|
||||
[HttpPut("{id}")]
|
||||
[Authorize(Roles = RoleNames.Host)]
|
||||
[Authorize(Roles = RoleNames.Admin)]
|
||||
public SiteGroupDefinition Put(int id, [FromBody] SiteGroupDefinition siteGroupDefinition)
|
||||
{
|
||||
if (ModelState.IsValid && siteGroupDefinition.SiteGroupDefinitionId == id && _siteGroupDefinitionRepository.GetSiteGroupDefinition(siteGroupDefinition.SiteGroupDefinitionId, false) != null)
|
||||
if (ModelState.IsValid && siteGroupDefinition.SiteGroupDefinitionId == id)
|
||||
{
|
||||
if (!User.IsInRole(RoleNames.Host) && siteGroupDefinition.Synchronize)
|
||||
{
|
||||
// admins can only update the synchronize field
|
||||
siteGroupDefinition = _siteGroupDefinitionRepository.GetSiteGroupDefinition(siteGroupDefinition.SiteGroupDefinitionId, false);
|
||||
siteGroupDefinition.Synchronize = true;
|
||||
}
|
||||
siteGroupDefinition = _siteGroupDefinitionRepository.UpdateSiteGroupDefinition(siteGroupDefinition);
|
||||
_syncManager.AddSyncEvent(_alias, EntityNames.SiteGroupDefinition, siteGroupDefinition.SiteGroupDefinitionId, SyncEventActions.Update);
|
||||
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Site Group Definition Updated {Group}", siteGroupDefinition);
|
||||
|
||||
Reference in New Issue
Block a user