Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Server naming fixes and cleanup

Browse Source 
Server is now completely cleaned up and without warnings
This commit is contained in:
Pavel Vesely
2020-03-15 09:38:37 +01:00
parent ab3f0853a7
commit 5b3feaf26f
92 changed files with 1223 additions and 1273 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
Oqtane.Server/Controllers/AliasController.cs
View File

@ -1,14 +1,14 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using Oqtane.Infrastructure;
using System.Linq;
using System;
using System.Net;
using System.Globalization;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
namespace Oqtane.Controllers
{

51
Oqtane.Server/Controllers/FileController.cs
View File

@ -2,8 +2,6 @@
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Oqtane.Infrastructure;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using System;
@ -15,6 +13,10 @@ using Oqtane.Security;
using System.Linq;
using System.Drawing;
using System.Net;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
// ReSharper disable StringIndexOfIsCultureSpecific.1
namespace Oqtane.Controllers
{
@ -170,23 +172,23 @@ namespace Oqtane.Controllers
Folder folder = _folders.GetFolder(int.Parse(folderid));
if (folder != null && _userPermissions.IsAuthorized(User, PermissionNames.Edit, folder.Permissions))
{
string folderpath = GetFolderPath(folder);
CreateDirectory(folderpath);
string folderPath = GetFolderPath(folder);
CreateDirectory(folderPath);
string filename = url.Substring(url.LastIndexOf("/", StringComparison.Ordinal) + 1);
// check for allowable file extensions
if (Constants.UploadableFiles.Contains(Path.GetExtension(filename).Replace(".", "")))
{
try
{
var client = new System.Net.WebClient();
var client = new WebClient();
// remove file if it already exists
if (System.IO.File.Exists(folderpath + filename))
if (System.IO.File.Exists(folderPath + filename))
{
System.IO.File.Delete(folderpath + filename);
System.IO.File.Delete(folderPath + filename);
}
client.DownloadFile(url, folderpath + filename);
_files.AddFile(CreateFile(filename, folder.FolderId, folderpath + filename));
client.DownloadFile(url, folderPath + filename);
_files.AddFile(CreateFile(filename, folder.FolderId, folderPath + filename));
}
catch
{
@ -202,7 +204,6 @@ namespace Oqtane.Controllers
{
_logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Download File {Url} {FolderId}", url, folderid);
HttpContext.Response.StatusCode = 401;
file = null;
}
return file;
@ -214,36 +215,36 @@ namespace Oqtane.Controllers
{
if (file.Length > 0)
{
string folderpath = "";
int folderid = -1;
if (int.TryParse(folder, out folderid))
string folderPath = "";
if (int.TryParse(folder, out int folderId))
{
Folder Folder = _folders.GetFolder(folderid);
if (Folder != null && _userPermissions.IsAuthorized(User, PermissionNames.Edit, Folder.Permissions))
Folder virtualFolder = _folders.GetFolder(folderId);
if (virtualFolder != null && _userPermissions.IsAuthorized(User, PermissionNames.Edit, virtualFolder.Permissions))
{
folderpath = GetFolderPath(Folder);
folderPath = GetFolderPath(virtualFolder);
}
}
else
{
if (User.IsInRole(Constants.HostRole))
{
folderpath = GetFolderPath(folder);
folderPath = GetFolderPath(folder);
}
}
if (folderpath != "")
if (folderPath != "")
{
CreateDirectory(folderpath);
using (var stream = new FileStream(Path.Combine(folderpath, file.FileName), FileMode.Create))
CreateDirectory(folderPath);
using (var stream = new FileStream(Path.Combine(folderPath, file.FileName), FileMode.Create))
{
await file.CopyToAsync(stream);
}
string upload = await MergeFile(folderpath, file.FileName);
if (upload != "" && folderid != -1)
string upload = await MergeFile(folderPath, file.FileName);
if (upload != "" && folderId != -1)
{
_files.AddFile(CreateFile(upload, folderid, folderpath + upload));
_files.AddFile(CreateFile(upload, folderId, folderPath + upload));
}
}
else
@ -341,7 +342,7 @@ namespace Oqtane.Controllers
{
int attempts = 0;
bool locked = true;
while (attempts < 5 && locked == true)
while (attempts < 5 && locked)
{
try
{
@ -415,7 +416,7 @@ namespace Oqtane.Controllers
if (!Directory.Exists(folderpath))
{
string path = "";
string[] folders = folderpath.Split(new char[] {'\\'}, StringSplitOptions.RemoveEmptyEntries);
string[] folders = folderpath.Split(new[] {'\\'}, StringSplitOptions.RemoveEmptyEntries);
foreach (string folder in folders)
{
path += folder + "\\";

46
Oqtane.Server/Controllers/FolderController.cs
View File

@ -1,12 +1,12 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using System.Linq;
using System.Net;
using Oqtane.Infrastructure;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
using Oqtane.Security;
namespace Oqtane.Controllers
@ -86,14 +86,14 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize(Roles = Constants.RegisteredRole)]
public Folder Post([FromBody] Folder Folder)
public Folder Post([FromBody] Folder folder)
{
if (ModelState.IsValid)
{
string permissions;
if (Folder.ParentId != null)
if (folder.ParentId != null)
{
permissions = _folders.GetFolder(Folder.ParentId.Value).Permissions;
permissions = _folders.GetFolder(folder.ParentId.Value).Permissions;
}
else
{
@ -101,46 +101,46 @@ namespace Oqtane.Controllers
}
if (_userPermissions.IsAuthorized(User,PermissionNames.Edit, permissions))
{
if (string.IsNullOrEmpty(Folder.Path) && Folder.ParentId != null)
if (string.IsNullOrEmpty(folder.Path) && folder.ParentId != null)
{
Folder parent = _folders.GetFolder(Folder.ParentId.Value);
Folder.Path = parent.Path + Folder.Name + "\\";
Folder parent = _folders.GetFolder(folder.ParentId.Value);
folder.Path = parent.Path + folder.Name + "\\";
}
Folder = _folders.AddFolder(Folder);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Folder Added {Folder}", Folder);
folder = _folders.AddFolder(folder);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Folder Added {Folder}", folder);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Folder {Folder}", Folder);
_logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Folder {Folder}", folder);
HttpContext.Response.StatusCode = 401;
Folder = null;
folder = null;
}
}
return Folder;
return folder;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = Constants.RegisteredRole)]
public Folder Put(int id, [FromBody] Folder Folder)
public Folder Put(int id, [FromBody] Folder folder)
{
if (ModelState.IsValid && _userPermissions.IsAuthorized(User, EntityNames.Folder, Folder.FolderId, PermissionNames.Edit))
if (ModelState.IsValid && _userPermissions.IsAuthorized(User, EntityNames.Folder, folder.FolderId, PermissionNames.Edit))
{
if (string.IsNullOrEmpty(Folder.Path) && Folder.ParentId != null)
if (string.IsNullOrEmpty(folder.Path) && folder.ParentId != null)
{
Folder parent = _folders.GetFolder(Folder.ParentId.Value);
Folder.Path = parent.Path + Folder.Name + "\\";
Folder parent = _folders.GetFolder(folder.ParentId.Value);
folder.Path = parent.Path + folder.Name + "\\";
}
Folder = _folders.UpdateFolder(Folder);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Folder Updated {Folder}", Folder);
folder = _folders.UpdateFolder(folder);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Folder Updated {Folder}", folder);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Folder {Folder}", Folder);
_logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Folder {Folder}", folder);
HttpContext.Response.StatusCode = 401;
Folder = null;
folder = null;
}
return Folder;
return folder;
}
// PUT api/<controller>/?siteid=x&folderid=y&parentid=z

27
Oqtane.Server/Controllers/InstallationController.cs
View File

@ -1,10 +1,8 @@
using DbUp;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Oqtane.Infrastructure;
using Oqtane.Models;
using Oqtane.Shared;
using System;
@ -13,6 +11,9 @@ using System.IO;
using System.Linq;
using System.Reflection;
using System.Threading;
using Oqtane.Infrastructure.Interfaces;
// ReSharper disable StringIndexOfIsCultureSpecific.1
namespace Oqtane.Controllers
{
@ -30,7 +31,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
public GenericResponse Post([FromBody] string connectionstring)
public GenericResponse Post([FromBody] string connectionString)
{
var response = new GenericResponse { Success = false, Message = "" };
@ -38,7 +39,7 @@ namespace Oqtane.Controllers
{
bool master = false;
string defaultconnectionstring = _config.GetConnectionString("DefaultConnection");
if (string.IsNullOrEmpty(defaultconnectionstring) || connectionstring == defaultconnectionstring)
if (string.IsNullOrEmpty(defaultconnectionstring) || connectionString == defaultconnectionstring)
{
master = true;
}
@ -52,9 +53,9 @@ namespace Oqtane.Controllers
if (!exists)
{
string datadirectory = AppDomain.CurrentDomain.GetData("DataDirectory").ToString();
connectionstring = connectionstring.Replace("|DataDirectory|", datadirectory);
connectionString = connectionString.Replace("|DataDirectory|", datadirectory);
SqlConnection connection = new SqlConnection(connectionstring);
SqlConnection connection = new SqlConnection(connectionString);
try
{
using (connection)
@ -73,7 +74,7 @@ namespace Oqtane.Controllers
{
string masterConnectionString = "";
string databaseName = "";
string[] fragments = connectionstring.Split(';', StringSplitOptions.RemoveEmptyEntries);
string[] fragments = connectionString.Split(';', StringSplitOptions.RemoveEmptyEntries);
foreach (string fragment in fragments)
{
if (fragment.ToLower().Contains("initial catalog=") || fragment.ToLower().Contains("database="))
@ -95,7 +96,7 @@ namespace Oqtane.Controllers
{
connection.Open();
SqlCommand command;
if (connectionstring.ToLower().Contains("attachdbfilename=")) // LocalDB
if (connectionString.ToLower().Contains("attachdbfilename=")) // LocalDB
{
command = new SqlCommand("CREATE DATABASE [" + databaseName + "] ON ( NAME = '" + databaseName + "', FILENAME = '" + datadirectory + "\\" + databaseName + ".mdf')", connection);
}
@ -126,11 +127,11 @@ namespace Oqtane.Controllers
{
initializationScript = reader.ReadToEnd();
}
initializationScript = initializationScript.Replace("{ConnectionString}", connectionstring.Replace(datadirectory, "|DataDirectory|"));
initializationScript = initializationScript.Replace("{ConnectionString}", connectionString.Replace(datadirectory, "|DataDirectory|"));
initializationScript = initializationScript.Replace("{Alias}", HttpContext.Request.Host.Value);
}
var dbUpgradeConfig = DeployChanges.To.SqlDatabase(connectionstring)
var dbUpgradeConfig = DeployChanges.To.SqlDatabase(connectionString)
.WithScript(new DbUp.Engine.SqlScript("Master.sql", initializationScript))
.WithScriptsEmbeddedInAssembly(Assembly.GetExecutingAssembly()); // tenant scripts should be added to /Scripts folder as Embedded Resources
var dbUpgrade = dbUpgradeConfig.Build();
@ -151,9 +152,9 @@ namespace Oqtane.Controllers
{
config = reader.ReadToEnd();
}
connectionstring = connectionstring.Replace(datadirectory, "|DataDirectory|");
connectionstring = connectionstring.Replace(@"\", @"\\");
config = config.Replace("DefaultConnection\": \"", "DefaultConnection\": \"" + connectionstring);
connectionString = connectionString.Replace(datadirectory, "|DataDirectory|");
connectionString = connectionString.Replace(@"\", @"\\");
config = config.Replace("DefaultConnection\": \"", "DefaultConnection\": \"" + connectionString);
using (StreamWriter writer = new StreamWriter(Directory.GetCurrentDirectory() + "\\appsettings.json"))
{
writer.WriteLine(config);

20
Oqtane.Server/Controllers/JobController.cs
View File

@ -1,13 +1,13 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using Oqtane.Infrastructure;
using System;
using Microsoft.Extensions.Hosting;
using Microsoft.Extensions.DependencyInjection;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
namespace Oqtane.Controllers
{
@ -44,27 +44,27 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize(Roles = Constants.HostRole)]
public Job Post([FromBody] Job Job)
public Job Post([FromBody] Job job)
{
if (ModelState.IsValid)
{
Job = _jobs.AddJob(Job);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Job Added {Job}", Job);
job = _jobs.AddJob(job);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Job Added {Job}", job);
}
return Job;
return job;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = Constants.HostRole)]
public Job Put(int id, [FromBody] Job Job)
public Job Put(int id, [FromBody] Job job)
{
if (ModelState.IsValid)
{
Job = _jobs.UpdateJob(Job);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Job Updated {Job}", Job);
job = _jobs.UpdateJob(job);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Job Updated {Job}", job);
}
return Job;
return job;
}
// DELETE api/<controller>/5

20
Oqtane.Server/Controllers/JobLogController.cs
View File

@ -1,10 +1,10 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using Oqtane.Infrastructure;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
namespace Oqtane.Controllers
{
@ -39,27 +39,27 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize(Roles = Constants.HostRole)]
public JobLog Post([FromBody] JobLog JobLog)
public JobLog Post([FromBody] JobLog jobLog)
{
if (ModelState.IsValid)
{
JobLog = _jobLogs.AddJobLog(JobLog);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Job Log Added {JobLog}", JobLog);
jobLog = _jobLogs.AddJobLog(jobLog);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Job Log Added {JobLog}", jobLog);
}
return JobLog;
return jobLog;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = Constants.HostRole)]
public JobLog Put(int id, [FromBody] JobLog JobLog)
public JobLog Put(int id, [FromBody] JobLog jobLog)
{
if (ModelState.IsValid)
{
JobLog = _jobLogs.UpdateJobLog(JobLog);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Job Log Updated {JobLog}", JobLog);
jobLog = _jobLogs.UpdateJobLog(jobLog);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Job Log Updated {JobLog}", jobLog);
}
return JobLog;
return jobLog;
}
// DELETE api/<controller>/5

8
Oqtane.Server/Controllers/LogController.cs
View File

@ -1,9 +1,9 @@
using Microsoft.AspNetCore.Mvc;
using Oqtane.Models;
using System.Collections.Generic;
using Oqtane.Repository;
using Oqtane.Infrastructure;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
using Oqtane.Shared;
namespace Oqtane.Controllers
@ -39,11 +39,11 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
public void Post([FromBody] Log Log)
public void Post([FromBody] Log log)
{
if (ModelState.IsValid)
{
_logger.Log(Log);
_logger.Log(log);
}
}
}

47
Oqtane.Server/Controllers/ModuleController.cs
View File

@ -1,12 +1,11 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using System.Linq;
using System.Reflection;
using Oqtane.Infrastructure;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
using Oqtane.Security;
namespace Oqtane.Controllers
@ -31,15 +30,15 @@ namespace Oqtane.Controllers
// GET: api/<controller>?siteid=x
[HttpGet]
public IEnumerable<Models.Module> Get(string siteid)
public IEnumerable<Module> Get(string siteid)
{
List<ModuleDefinition> moduledefinitions = _moduleDefinitions.GetModuleDefinitions(int.Parse(siteid)).ToList();
List<Models.Module> modules = new List<Models.Module>();
List<Module> modules = new List<Module>();
foreach (PageModule pagemodule in _pageModules.GetPageModules(int.Parse(siteid)))
{
if (_userPermissions.IsAuthorized(User,PermissionNames.View, pagemodule.Module.Permissions))
{
Models.Module module = new Models.Module();
Module module = new Module();
module.SiteId = pagemodule.Module.SiteId;
module.ModuleDefinitionName = pagemodule.Module.ModuleDefinitionName;
module.Permissions = pagemodule.Module.Permissions;
@ -67,9 +66,9 @@ namespace Oqtane.Controllers
// GET api/<controller>/5
[HttpGet("{id}")]
public Models.Module Get(int id)
public Module Get(int id)
{
Models.Module module = _modules.GetModule(id);
Module module = _modules.GetModule(id);
if (_userPermissions.IsAuthorized(User,PermissionNames.View, module.Permissions))
{
List<ModuleDefinition> moduledefinitions = _moduleDefinitions.GetModuleDefinitions(module.SiteId).ToList();
@ -87,39 +86,39 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize(Roles = Constants.RegisteredRole)]
public Models.Module Post([FromBody] Models.Module Module)
public Module Post([FromBody] Module module)
{
if (ModelState.IsValid && _userPermissions.IsAuthorized(User, EntityNames.Page, Module.PageId, PermissionNames.Edit))
if (ModelState.IsValid && _userPermissions.IsAuthorized(User, EntityNames.Page, module.PageId, PermissionNames.Edit))
{
Module = _modules.AddModule(Module);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Module Added {Module}", Module);
module = _modules.AddModule(module);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Module Added {Module}", module);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Module {Module}", Module);
_logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Module {Module}", module);
HttpContext.Response.StatusCode = 401;
Module = null;
module = null;
}
return Module;
return module;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = Constants.RegisteredRole)]
public Models.Module Put(int id, [FromBody] Models.Module Module)
public Module Put(int id, [FromBody] Module module)
{
if (ModelState.IsValid && _userPermissions.IsAuthorized(User, EntityNames.Module, Module.ModuleId, PermissionNames.Edit))
if (ModelState.IsValid && _userPermissions.IsAuthorized(User, EntityNames.Module, module.ModuleId, PermissionNames.Edit))
{
Module = _modules.UpdateModule(Module);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Module Updated {Module}", Module);
module = _modules.UpdateModule(module);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Module Updated {Module}", module);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Module {Module}", Module);
_logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Module {Module}", module);
HttpContext.Response.StatusCode = 401;
Module = null;
module = null;
}
return Module;
return module;
}
// DELETE api/<controller>/5
@ -160,12 +159,12 @@ namespace Oqtane.Controllers
// POST api/<controller>/import?moduleid=x
[HttpPost("import")]
[Authorize(Roles = Constants.RegisteredRole)]
public bool Import(int moduleid, [FromBody] string Content)
public bool Import(int moduleid, [FromBody] string content)
{
bool success = false;
if (ModelState.IsValid && _userPermissions.IsAuthorized(User, EntityNames.Module, moduleid, PermissionNames.Edit))
{
success = _modules.ImportModule(moduleid, Content);
success = _modules.ImportModule(moduleid, content);
}
else
{

11
Oqtane.Server/Controllers/ModuleDefinitionController.cs
View File

@ -1,15 +1,16 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Infrastructure;
using System.IO;
using System.Reflection;
using System.Linq;
using Microsoft.AspNetCore.Hosting;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
using Oqtane.Security;
// ReSharper disable StringIndexOfIsCultureSpecific.1
namespace Oqtane.Controllers
{
@ -66,12 +67,12 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = Constants.AdminRole)]
public void Put(int id, [FromBody] ModuleDefinition ModuleDefinition)
public void Put(int id, [FromBody] ModuleDefinition moduleDefinition)
{
if (ModelState.IsValid)
{
_moduleDefinitions.UpdateModuleDefinition(ModuleDefinition);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Module Definition Updated {ModuleDefinition}", ModuleDefinition);
_moduleDefinitions.UpdateModuleDefinition(moduleDefinition);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Module Definition Updated {ModuleDefinition}", moduleDefinition);
}
}

37
Oqtane.Server/Controllers/NotificationController.cs
View File

@ -1,11 +1,10 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using Oqtane.Infrastructure;
using Microsoft.AspNetCore.Http;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
using Oqtane.Security;
namespace Oqtane.Controllers
@ -49,38 +48,38 @@ namespace Oqtane.Controllers
[Authorize(Roles = Constants.RegisteredRole)]
public Notification Get(int id)
{
Notification Notification = _notifications.GetNotification(id);
if (!(IsAuthorized(Notification.FromUserId) || IsAuthorized(Notification.ToUserId)))
Notification notification = _notifications.GetNotification(id);
if (!(IsAuthorized(notification.FromUserId) || IsAuthorized(notification.ToUserId)))
{
Notification = null;
notification = null;
}
return Notification;
return notification;
}
// POST api/<controller>
[HttpPost]
[Authorize(Roles = Constants.RegisteredRole)]
public Notification Post([FromBody] Notification Notification)
public Notification Post([FromBody] Notification notification)
{
if (IsAuthorized(Notification.FromUserId))
if (IsAuthorized(notification.FromUserId))
{
Notification = _notifications.AddNotification(Notification);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Notification Added {Notification}", Notification);
notification = _notifications.AddNotification(notification);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Notification Added {Notification}", notification);
}
return Notification;
return notification;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = Constants.RegisteredRole)]
public Notification Put(int id, [FromBody] Notification Notification)
public Notification Put(int id, [FromBody] Notification notification)
{
if (IsAuthorized(Notification.FromUserId))
if (IsAuthorized(notification.FromUserId))
{
Notification = _notifications.UpdateNotification(Notification);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Notification Updated {Folder}", Notification);
notification = _notifications.UpdateNotification(notification);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Notification Updated {Folder}", notification);
}
return Notification;
return notification;
}
// DELETE api/<controller>/5
@ -88,8 +87,8 @@ namespace Oqtane.Controllers
[Authorize(Roles = Constants.RegisteredRole)]
public void Delete(int id)
{
Notification Notification = _notifications.GetNotification(id);
if (IsAuthorized(Notification.FromUserId) || IsAuthorized(Notification.ToUserId))
Notification notification = _notifications.GetNotification(id);
if (IsAuthorized(notification.FromUserId) || IsAuthorized(notification.ToUserId))
{
_notifications.DeleteNotification(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Notification Deleted {NotificationId}", id);

1
Oqtane.Server/Controllers/PackageController.cs
View File

@ -11,6 +11,7 @@ using System.Linq;
using Microsoft.AspNetCore.Hosting;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Shared;
// ReSharper disable PartialTypeWithSinglePart
namespace Oqtane.Controllers
{

38
Oqtane.Server/Controllers/PageController.cs
View File

@ -1,13 +1,13 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using System.Linq;
using Oqtane.Infrastructure;
using Oqtane.Security;
using System.Net;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
namespace Oqtane.Controllers
{
@ -99,14 +99,14 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize(Roles = Constants.RegisteredRole)]
public Page Post([FromBody] Page Page)
public Page Post([FromBody] Page page)
{
if (ModelState.IsValid)
{
string permissions;
if (Page.ParentId != null)
if (page.ParentId != null)
{
permissions = _pages.GetPage(Page.ParentId.Value).Permissions;
permissions = _pages.GetPage(page.ParentId.Value).Permissions;
}
else
{
@ -115,18 +115,18 @@ namespace Oqtane.Controllers
if (_userPermissions.IsAuthorized(User,PermissionNames.Edit, permissions))
{
Page = _pages.AddPage(Page);
_syncManager.AddSyncEvent(EntityNames.Site, Page.SiteId);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Page Added {Page}", Page);
page = _pages.AddPage(page);
_syncManager.AddSyncEvent(EntityNames.Site, page.SiteId);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Page Added {Page}", page);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Page {Page}", Page);
_logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Page {Page}", page);
HttpContext.Response.StatusCode = 401;
Page = null;
page = null;
}
}
return Page;
return page;
}
// POST api/<controller>/5?userid=x
@ -195,21 +195,21 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = Constants.RegisteredRole)]
public Page Put(int id, [FromBody] Page Page)
public Page Put(int id, [FromBody] Page page)
{
if (ModelState.IsValid && _userPermissions.IsAuthorized(User, EntityNames.Page, Page.PageId, PermissionNames.Edit))
if (ModelState.IsValid && _userPermissions.IsAuthorized(User, EntityNames.Page, page.PageId, PermissionNames.Edit))
{
Page = _pages.UpdatePage(Page);
_syncManager.AddSyncEvent(EntityNames.Site, Page.SiteId);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Updated {Page}", Page);
page = _pages.UpdatePage(page);
_syncManager.AddSyncEvent(EntityNames.Site, page.SiteId);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Updated {Page}", page);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Page {Page}", Page);
_logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Page {Page}", page);
HttpContext.Response.StatusCode = 401;
Page = null;
page = null;
}
return Page;
return page;
}
// PUT api/<controller>/?siteid=x&pageid=y&parentid=z

40
Oqtane.Server/Controllers/PageModuleController.cs
View File

@ -1,11 +1,11 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using System.Linq;
using Oqtane.Infrastructure;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
using Oqtane.Security;
namespace Oqtane.Controllers
@ -14,15 +14,13 @@ namespace Oqtane.Controllers
public class PageModuleController : Controller
{
private readonly IPageModuleRepository _pageModules;
private readonly IModuleRepository _modules;
private readonly IUserPermissions _userPermissions;
private readonly ISyncManager _syncManager;
private readonly ILogManager _logger;
public PageModuleController(IPageModuleRepository pageModules, IModuleRepository modules, IUserPermissions userPermissions, ISyncManager syncManager, ILogManager logger)
public PageModuleController(IPageModuleRepository pageModules, IUserPermissions userPermissions, ISyncManager syncManager, ILogManager logger)
{
_pageModules = pageModules;
_modules = modules;
_userPermissions = userPermissions;
_syncManager = syncManager;
_logger = logger;
@ -65,41 +63,41 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize(Roles = Constants.RegisteredRole)]
public PageModule Post([FromBody] PageModule PageModule)
public PageModule Post([FromBody] PageModule pageModule)
{
if (ModelState.IsValid && _userPermissions.IsAuthorized(User, EntityNames.Page, PageModule.PageId, PermissionNames.Edit))
if (ModelState.IsValid && _userPermissions.IsAuthorized(User, EntityNames.Page, pageModule.PageId, PermissionNames.Edit))
{
PageModule = _pageModules.AddPageModule(PageModule);
_syncManager.AddSyncEvent(EntityNames.Page, PageModule.PageId);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Page Module Added {PageModule}", PageModule);
pageModule = _pageModules.AddPageModule(pageModule);
_syncManager.AddSyncEvent(EntityNames.Page, pageModule.PageId);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Page Module Added {PageModule}", pageModule);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add PageModule {PageModule}", PageModule);
_logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add PageModule {PageModule}", pageModule);
HttpContext.Response.StatusCode = 401;
PageModule = null;
pageModule = null;
}
return PageModule;
return pageModule;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = Constants.RegisteredRole)]
public PageModule Put(int id, [FromBody] PageModule PageModule)
public PageModule Put(int id, [FromBody] PageModule pageModule)
{
if (ModelState.IsValid && _userPermissions.IsAuthorized(User, EntityNames.Module, PageModule.ModuleId, PermissionNames.Edit))
if (ModelState.IsValid && _userPermissions.IsAuthorized(User, EntityNames.Module, pageModule.ModuleId, PermissionNames.Edit))
{
PageModule = _pageModules.UpdatePageModule(PageModule);
_syncManager.AddSyncEvent(EntityNames.Page, PageModule.PageId);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Module Updated {PageModule}", PageModule);
pageModule = _pageModules.UpdatePageModule(pageModule);
_syncManager.AddSyncEvent(EntityNames.Page, pageModule.PageId);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Module Updated {PageModule}", pageModule);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update PageModule {PageModule}", PageModule);
_logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update PageModule {PageModule}", pageModule);
HttpContext.Response.StatusCode = 401;
PageModule = null;
pageModule = null;
}
return PageModule;
return pageModule;
}
// PUT api/<controller>/?pageid=x&pane=y

20
Oqtane.Server/Controllers/ProfileController.cs
View File

@ -1,10 +1,10 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using Oqtane.Infrastructure;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
namespace Oqtane.Controllers
{
@ -37,27 +37,27 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize(Roles = Constants.AdminRole)]
public Profile Post([FromBody] Profile Profile)
public Profile Post([FromBody] Profile profile)
{
if (ModelState.IsValid)
{
Profile = _profiles.AddProfile(Profile);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Profile Added {Profile}", Profile);
profile = _profiles.AddProfile(profile);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Profile Added {Profile}", profile);
}
return Profile;
return profile;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = Constants.AdminRole)]
public Profile Put(int id, [FromBody] Profile Profile)
public Profile Put(int id, [FromBody] Profile profile)
{
if (ModelState.IsValid)
{
Profile = _profiles.UpdateProfile(Profile);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Profile Updated {Profile}", Profile);
profile = _profiles.UpdateProfile(profile);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Profile Updated {Profile}", profile);
}
return Profile;
return profile;
}
// DELETE api/<controller>/5

20
Oqtane.Server/Controllers/RoleController.cs
View File

@ -1,10 +1,10 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using Oqtane.Infrastructure;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
namespace Oqtane.Controllers
{
@ -39,27 +39,27 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize(Roles = Constants.AdminRole)]
public Role Post([FromBody] Role Role)
public Role Post([FromBody] Role role)
{
if (ModelState.IsValid)
{
Role = _roles.AddRole(Role);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Role Added {Role}", Role);
role = _roles.AddRole(role);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Role Added {Role}", role);
}
return Role;
return role;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = Constants.AdminRole)]
public Role Put(int id, [FromBody] Role Role)
public Role Put(int id, [FromBody] Role role)
{
if (ModelState.IsValid)
{
Role = _roles.UpdateRole(Role);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Role Updated {Role}", Role);
role = _roles.UpdateRole(role);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Role Updated {Role}", role);
}
return Role;
return role;
}
// DELETE api/<controller>/5

49
Oqtane.Server/Controllers/SettingController.cs
View File

@ -1,12 +1,11 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using Oqtane.Security;
using Oqtane.Infrastructure;
using System.Linq;
using Microsoft.AspNetCore.Http;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
namespace Oqtane.Controllers
{
@ -62,38 +61,38 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
public Setting Post([FromBody] Setting Setting)
public Setting Post([FromBody] Setting setting)
{
if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId, PermissionNames.Edit))
if (ModelState.IsValid && IsAuthorized(setting.EntityName, setting.EntityId, PermissionNames.Edit))
{
Setting = _settings.AddSetting(Setting);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Setting Added {Setting}", Setting);
setting = _settings.AddSetting(setting);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Setting Added {Setting}", setting);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Setting {Setting}", Setting);
_logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Setting {Setting}", setting);
HttpContext.Response.StatusCode = 401;
Setting = null;
setting = null;
}
return Setting;
return setting;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
public Setting Put(int id, [FromBody] Setting Setting)
public Setting Put(int id, [FromBody] Setting setting)
{
if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId, PermissionNames.Edit))
if (ModelState.IsValid && IsAuthorized(setting.EntityName, setting.EntityId, PermissionNames.Edit))
{
Setting = _settings.UpdateSetting(Setting);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Setting Updated {Setting}", Setting);
setting = _settings.UpdateSetting(setting);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Setting Updated {Setting}", setting);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Setting {Setting}", Setting);
_logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Setting {Setting}", setting);
HttpContext.Response.StatusCode = 401;
Setting = null;
setting = null;
}
return Setting;
return setting;
}
// DELETE api/<controller>/5
@ -113,15 +112,15 @@ namespace Oqtane.Controllers
}
}
private bool IsAuthorized(string EntityName, int EntityId, string PermissionName)
private bool IsAuthorized(string entityName, int entityId, string permissionName)
{
bool authorized = false;
if (EntityName == EntityNames.PageModule)
if (entityName == EntityNames.PageModule)
{
EntityName = EntityNames.Module;
EntityId = _pageModules.GetPageModule(EntityId).ModuleId;
entityName = EntityNames.Module;
entityId = _pageModules.GetPageModule(entityId).ModuleId;
}
switch (EntityName)
switch (entityName)
{
case EntityNames.Host:
authorized = User.IsInRole(Constants.HostRole);
@ -132,13 +131,13 @@ namespace Oqtane.Controllers
case EntityNames.Page:
case EntityNames.Module:
case EntityNames.Folder:
authorized = _userPermissions.IsAuthorized(User, EntityName, EntityId, PermissionName);
authorized = _userPermissions.IsAuthorized(User, entityName, entityId, permissionName);
break;
case EntityNames.User:
authorized = true;
if (PermissionName == PermissionNames.Edit)
if (permissionName == PermissionNames.Edit)
{
authorized = User.IsInRole(Constants.AdminRole) || (_userPermissions.GetUser(User).UserId == EntityId);
authorized = User.IsInRole(Constants.AdminRole) || (_userPermissions.GetUser(User).UserId == entityId);
}
break;
}

30
Oqtane.Server/Controllers/SiteController.cs
View File

@ -1,13 +1,11 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using System.Linq;
using System.IO;
using Microsoft.AspNetCore.Hosting;
using Oqtane.Infrastructure;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
namespace Oqtane.Controllers
{
@ -16,15 +14,13 @@ namespace Oqtane.Controllers
{
private readonly ISiteRepository _sites;
private readonly ITenantResolver _tenants;
private readonly IWebHostEnvironment _environment;
private readonly ISyncManager _syncManager;
private readonly ILogManager _logger;
public SiteController(ISiteRepository sites, ITenantResolver tenants, IWebHostEnvironment environment, ISyncManager syncManager, ILogManager logger)
public SiteController(ISiteRepository sites, ITenantResolver tenants, ISyncManager syncManager, ILogManager logger)
{
_sites = sites;
_tenants = tenants;
_environment = environment;
_syncManager = syncManager;
_logger = logger;
}
@ -46,7 +42,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
public Site Post([FromBody] Site Site)
public Site Post([FromBody] Site site)
{
if (ModelState.IsValid)
{
@ -56,7 +52,7 @@ namespace Oqtane.Controllers
// provision initial site during installation
authorized = true;
Tenant tenant = _tenants.GetTenant();
Site.TenantId = tenant.TenantId;
site.TenantId = tenant.TenantId;
}
else
{
@ -64,25 +60,25 @@ namespace Oqtane.Controllers
}
if (authorized)
{
Site = _sites.AddSite(Site);
_logger.Log(Site.SiteId, LogLevel.Information, this, LogFunction.Create, "Site Added {Site}", Site);
site = _sites.AddSite(site);
_logger.Log(site.SiteId, LogLevel.Information, this, LogFunction.Create, "Site Added {Site}", site);
}
}
return Site;
return site;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = Constants.HostRole)]
public Site Put(int id, [FromBody] Site Site)
public Site Put(int id, [FromBody] Site site)
{
if (ModelState.IsValid)
{
Site = _sites.UpdateSite(Site);
_syncManager.AddSyncEvent(EntityNames.Site, Site.SiteId);
_logger.Log(Site.SiteId, LogLevel.Information, this, LogFunction.Update, "Site Updated {Site}", Site);
site = _sites.UpdateSite(site);
_syncManager.AddSyncEvent(EntityNames.Site, site.SiteId);
_logger.Log(site.SiteId, LogLevel.Information, this, LogFunction.Update, "Site Updated {Site}", site);
}
return Site;
return site;
}
// DELETE api/<controller>/5

20
Oqtane.Server/Controllers/TenantController.cs
View File

@ -1,10 +1,10 @@
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using System.Collections.Generic;
using Oqtane.Shared;
using Oqtane.Infrastructure;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
namespace Oqtane.Controllers
{
@ -39,27 +39,27 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize(Roles = Constants.HostRole)]
public Tenant Post([FromBody] Tenant Tenant)
public Tenant Post([FromBody] Tenant tenant)
{
if (ModelState.IsValid)
{
Tenant = _tenants.AddTenant(Tenant);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Tenant Added {TenantId}", Tenant.TenantId);
tenant = _tenants.AddTenant(tenant);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Tenant Added {TenantId}", tenant.TenantId);
}
return Tenant;
return tenant;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = Constants.HostRole)]
public Tenant Put(int id, [FromBody] Tenant Tenant)
public Tenant Put(int id, [FromBody] Tenant tenant)
{
if (ModelState.IsValid)
{
Tenant = _tenants.UpdateTenant(Tenant);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Tenant Updated {TenantId}", Tenant.TenantId);
tenant = _tenants.UpdateTenant(tenant);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "Tenant Updated {TenantId}", tenant.TenantId);
}
return Tenant;
return tenant;
}
// DELETE api/<controller>/5

6
Oqtane.Server/Controllers/ThemeController.cs
View File

@ -1,14 +1,16 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Oqtane.Repository;
using Oqtane.Models;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Shared;
using Oqtane.Infrastructure;
using System.IO;
using System.Reflection;
using System.Linq;
using Microsoft.AspNetCore.Hosting;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
// ReSharper disable StringIndexOfIsCultureSpecific.1
namespace Oqtane.Controllers
{

187
Oqtane.Server/Controllers/UserController.cs
View File

@ -2,17 +2,16 @@
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Microsoft.AspNetCore.Identity;
using System.Threading.Tasks;
using System.Linq;
using System.Security.Claims;
using Oqtane.Shared;
using Oqtane.Infrastructure;
using System;
using Microsoft.AspNetCore.Http;
using System.Net;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
namespace Oqtane.Controllers
{
@ -73,43 +72,39 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
public async Task<User> Post([FromBody] User User)
public async Task<User> Post([FromBody] User user)
{
User user = null;
User newUser = null;
if (ModelState.IsValid)
{
bool verified = true;
// users created by non-administrators must be verified
if (!base.User.IsInRole(Constants.AdminRole) && User.Username != Constants.HostUser)
{
verified = false;
}
// users created by non-administrators must be verified
bool verified = !(!User.IsInRole(Constants.AdminRole) && user.Username != Constants.HostUser);
IdentityUser identityuser = await _identityUserManager.FindByNameAsync(User.Username);
IdentityUser identityuser = await _identityUserManager.FindByNameAsync(user.Username);
if (identityuser == null)
{
identityuser = new IdentityUser();
identityuser.UserName = User.Username;
identityuser.Email = User.Email;
identityuser.UserName = user.Username;
identityuser.Email = user.Email;
identityuser.EmailConfirmed = verified;
var result = await _identityUserManager.CreateAsync(identityuser, User.Password);
var result = await _identityUserManager.CreateAsync(identityuser, user.Password);
if (result.Succeeded)
{
User.LastLoginOn = null;
User.LastIPAddress = "";
user = _users.AddUser(User);
user.LastLoginOn = null;
user.LastIPAddress = "";
newUser = _users.AddUser(user);
if (!verified)
{
Notification notification = new Notification();
notification.SiteId = User.SiteId;
notification.SiteId = user.SiteId;
notification.FromUserId = null;
notification.ToUserId = user.UserId;
notification.ToUserId = newUser.UserId;
notification.ToEmail = "";
notification.Subject = "User Account Verification";
string token = await _identityUserManager.GenerateEmailConfirmationTokenAsync(identityuser);
string url = HttpContext.Request.Scheme + "://" + _tenants.GetAlias().Name + "/login?name=" + User.Username + "&token=" + WebUtility.UrlEncode(token);
notification.Body = "Dear " + User.DisplayName + ",\n\nIn Order To Complete The Registration Of Your User Account Please Click The Link Displayed Below:\n\n" + url + "\n\nThank You!";
string url = HttpContext.Request.Scheme + "://" + _tenants.GetAlias().Name + "/login?name=" + user.Username + "&token=" + WebUtility.UrlEncode(token);
notification.Body = "Dear " + user.DisplayName + ",\n\nIn Order To Complete The Registration Of Your User Account Please Click The Link Displayed Below:\n\n" + url + "\n\nThank You!";
notification.ParentId = null;
notification.CreatedOn = DateTime.UtcNow;
notification.IsDelivered = false;
@ -118,11 +113,11 @@ namespace Oqtane.Controllers
}
// assign to host role if this is the host user ( initial installation )
if (User.Username == Constants.HostUser)
if (user.Username == Constants.HostUser)
{
int hostroleid = _roles.GetRoles(User.SiteId, true).Where(item => item.Name == Constants.HostRole).FirstOrDefault().RoleId;
int hostroleid = _roles.GetRoles(user.SiteId, true).Where(item => item.Name == Constants.HostRole).FirstOrDefault().RoleId;
UserRole userrole = new UserRole();
userrole.UserId = user.UserId;
userrole.UserId = newUser.UserId;
userrole.RoleId = hostroleid;
userrole.EffectiveDate = null;
userrole.ExpiryDate = null;
@ -130,75 +125,79 @@ namespace Oqtane.Controllers
}
// add folder for user
Folder folder = _folders.GetFolder(User.SiteId, "Users\\");
Folder folder = _folders.GetFolder(user.SiteId, "Users\\");
if (folder != null)
{
_folders.AddFolder(new Folder { SiteId = folder.SiteId, ParentId = folder.FolderId, Name = "My Folder", Path = folder.Path + user.UserId.ToString() + "\\", Order = 1, IsSystem = true,
Permissions = "[{\"PermissionName\":\"Browse\",\"Permissions\":\"[" + user.UserId.ToString() + "]\"},{\"PermissionName\":\"View\",\"Permissions\":\"All Users\"},{\"PermissionName\":\"Edit\",\"Permissions\":\"[" + user.UserId.ToString() + "]\"}]" });
_folders.AddFolder(new Folder { SiteId = folder.SiteId, ParentId = folder.FolderId, Name = "My Folder", Path = folder.Path + newUser.UserId.ToString() + "\\", Order = 1, IsSystem = true,
Permissions = "[{\"PermissionName\":\"Browse\",\"Permissions\":\"[" + newUser.UserId.ToString() + "]\"},{\"PermissionName\":\"View\",\"Permissions\":\"All Users\"},{\"PermissionName\":\"Edit\",\"Permissions\":\"[" + newUser.UserId.ToString() + "]\"}]" });
}
}
}
else
{
var result = await _identitySignInManager.CheckPasswordSignInAsync(identityuser, User.Password, false);
var result = await _identitySignInManager.CheckPasswordSignInAsync(identityuser, user.Password, false);
if (result.Succeeded)
{
user = _users.GetUser(User.Username);
newUser = _users.GetUser(user.Username);
}
}
if (user != null && User.Username != Constants.HostUser)
if (newUser != null && user.Username != Constants.HostUser)
{
// add auto assigned roles to user for site
List<Role> roles = _roles.GetRoles(User.SiteId).Where(item => item.IsAutoAssigned == true).ToList();
List<Role> roles = _roles.GetRoles(user.SiteId).Where(item => item.IsAutoAssigned).ToList();
foreach (Role role in roles)
{
UserRole userrole = new UserRole();
userrole.UserId = user.UserId;
userrole.UserId = newUser.UserId;
userrole.RoleId = role.RoleId;
userrole.EffectiveDate = null;
userrole.ExpiryDate = null;
_userRoles.AddUserRole(userrole);
}
}
user.Password = ""; // remove sensitive information
_logger.Log(User.SiteId, LogLevel.Information, this, LogFunction.Create, "User Added {User}", user);
if (newUser != null)
{
newUser.Password = ""; // remove sensitive information
_logger.Log(user.SiteId, LogLevel.Information, this, LogFunction.Create, "User Added {User}", newUser);
}
}
return user;
return newUser;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize]
public async Task<User> Put(int id, [FromBody] User User)
public async Task<User> Put(int id, [FromBody] User user)
{
if (ModelState.IsValid)
{
if (base.User.IsInRole(Constants.AdminRole) || base.User.Identity.Name == User.Username)
if (User.IsInRole(Constants.AdminRole) || User.Identity.Name == user.Username)
{
if (User.Password != "")
if (user.Password != "")
{
IdentityUser identityuser = await _identityUserManager.FindByNameAsync(User.Username);
IdentityUser identityuser = await _identityUserManager.FindByNameAsync(user.Username);
if (identityuser != null)
{
identityuser.PasswordHash = _identityUserManager.PasswordHasher.HashPassword(identityuser, User.Password);
identityuser.PasswordHash = _identityUserManager.PasswordHasher.HashPassword(identityuser, user.Password);
await _identityUserManager.UpdateAsync(identityuser);
}
}
User = _users.UpdateUser(User);
_syncManager.AddSyncEvent(EntityNames.User, User.UserId);
User.Password = ""; // remove sensitive information
_logger.Log(LogLevel.Information, this, LogFunction.Update, "User Updated {User}", User);
user = _users.UpdateUser(user);
_syncManager.AddSyncEvent(EntityNames.User, user.UserId);
user.Password = ""; // remove sensitive information
_logger.Log(LogLevel.Information, this, LogFunction.Update, "User Updated {User}", user);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update User {User}", User);
_logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update User {User}", user);
HttpContext.Response.StatusCode = 401;
User = null;
user = null;
}
}
return User;
return user;
}
// DELETE api/<controller>/5?siteid=x
@ -222,147 +221,147 @@ namespace Oqtane.Controllers
// POST api/<controller>/login
[HttpPost("login")]
public async Task<User> Login([FromBody] User User, bool SetCookie, bool IsPersistent)
public async Task<User> Login([FromBody] User user, bool setCookie, bool isPersistent)
{
User user = new Models.User { Username = User.Username, IsAuthenticated = false };
User loginUser = new User { Username = user.Username, IsAuthenticated = false };
if (ModelState.IsValid)
{
IdentityUser identityuser = await _identityUserManager.FindByNameAsync(User.Username);
IdentityUser identityuser = await _identityUserManager.FindByNameAsync(user.Username);
if (identityuser != null)
{
var result = await _identitySignInManager.CheckPasswordSignInAsync(identityuser, User.Password, false);
var result = await _identitySignInManager.CheckPasswordSignInAsync(identityuser, user.Password, false);
if (result.Succeeded)
{
user = _users.GetUser(identityuser.UserName);
if (user != null)
loginUser = _users.GetUser(identityuser.UserName);
if (loginUser != null)
{
if (identityuser.EmailConfirmed)
{
user.IsAuthenticated = true;
user.LastLoginOn = DateTime.UtcNow;
user.LastIPAddress = HttpContext.Connection.RemoteIpAddress.ToString();
_users.UpdateUser(user);
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Login Successful {Username}", User.Username);
if (SetCookie)
loginUser.IsAuthenticated = true;
loginUser.LastLoginOn = DateTime.UtcNow;
loginUser.LastIPAddress = HttpContext.Connection.RemoteIpAddress.ToString();
_users.UpdateUser(loginUser);
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Login Successful {Username}", user.Username);
if (setCookie)
{
await _identitySignInManager.SignInAsync(identityuser, IsPersistent);
await _identitySignInManager.SignInAsync(identityuser, isPersistent);
}
}
else
{
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Not Verified {Username}", User.Username);
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Not Verified {Username}", user.Username);
}
}
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "User Login Failed {Username}", User.Username);
_logger.Log(LogLevel.Error, this, LogFunction.Security, "User Login Failed {Username}", user.Username);
}
}
}
return user;
return loginUser;
}
// POST api/<controller>/logout
[HttpPost("logout")]
[Authorize]
public async Task Logout([FromBody] User User)
public async Task Logout([FromBody] User user)
{
await HttpContext.SignOutAsync(IdentityConstants.ApplicationScheme);
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Logout {Username}", User.Username);
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Logout {Username}", user.Username);
}
// POST api/<controller>/verify
[HttpPost("verify")]
public async Task<User> Verify([FromBody] User User, string token)
public async Task<User> Verify([FromBody] User user, string token)
{
if (ModelState.IsValid)
{
IdentityUser identityuser = await _identityUserManager.FindByNameAsync(User.Username);
IdentityUser identityuser = await _identityUserManager.FindByNameAsync(user.Username);
if (identityuser != null)
{
var result = await _identityUserManager.ConfirmEmailAsync(identityuser, token);
if (result.Succeeded)
{
_logger.Log(LogLevel.Information, this, LogFunction.Security, "Email Verified For {Username}", User.Username);
_logger.Log(LogLevel.Information, this, LogFunction.Security, "Email Verified For {Username}", user.Username);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Email Verification Failed For {Username}", User.Username);
User = null;
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Email Verification Failed For {Username}", user.Username);
user = null;
}
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Email Verification Failed For {Username}", User.Username);
User = null;
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Email Verification Failed For {Username}", user.Username);
user = null;
}
}
return User;
return user;
}
// POST api/<controller>/forgot
[HttpPost("forgot")]
public async Task Forgot([FromBody] User User)
public async Task Forgot([FromBody] User user)
{
if (ModelState.IsValid)
{
IdentityUser identityuser = await _identityUserManager.FindByNameAsync(User.Username);
IdentityUser identityuser = await _identityUserManager.FindByNameAsync(user.Username);
if (identityuser != null)
{
Notification notification = new Notification();
notification.SiteId = User.SiteId;
notification.SiteId = user.SiteId;
notification.FromUserId = null;
notification.ToUserId = User.UserId;
notification.ToUserId = user.UserId;
notification.ToEmail = "";
notification.Subject = "User Password Reset";
string token = await _identityUserManager.GeneratePasswordResetTokenAsync(identityuser);
string url = HttpContext.Request.Scheme + "://" + _tenants.GetAlias().Name + "/reset?name=" + User.Username + "&token=" + WebUtility.UrlEncode(token);
notification.Body = "Dear " + User.DisplayName + ",\n\nPlease Click The Link Displayed Below To Reset Your Password:\n\n" + url + "\n\nThank You!";
string url = HttpContext.Request.Scheme + "://" + _tenants.GetAlias().Name + "/reset?name=" + user.Username + "&token=" + WebUtility.UrlEncode(token);
notification.Body = "Dear " + user.DisplayName + ",\n\nPlease Click The Link Displayed Below To Reset Your Password:\n\n" + url + "\n\nThank You!";
notification.ParentId = null;
notification.CreatedOn = DateTime.UtcNow;
notification.IsDelivered = false;
notification.DeliveredOn = null;
_notifications.AddNotification(notification);
_logger.Log(LogLevel.Information, this, LogFunction.Security, "Password Reset Notification Sent For {Username}", User.Username);
_logger.Log(LogLevel.Information, this, LogFunction.Security, "Password Reset Notification Sent For {Username}", user.Username);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Password Reset Notification Failed For {Username}", User.Username);
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Password Reset Notification Failed For {Username}", user.Username);
}
}
}
// POST api/<controller>/reset
[HttpPost("reset")]
public async Task<User> Reset([FromBody] User User, string token)
public async Task<User> Reset([FromBody] User user, string token)
{
if (ModelState.IsValid)
{
IdentityUser identityuser = await _identityUserManager.FindByNameAsync(User.Username);
IdentityUser identityuser = await _identityUserManager.FindByNameAsync(user.Username);
if (identityuser != null && !string.IsNullOrEmpty(token))
{
var result = await _identityUserManager.ResetPasswordAsync(identityuser, token, User.Password);
var result = await _identityUserManager.ResetPasswordAsync(identityuser, token, user.Password);
if (result.Succeeded)
{
_logger.Log(LogLevel.Information, this, LogFunction.Security, "Password Reset For {Username}", User.Username);
User.Password = "";
_logger.Log(LogLevel.Information, this, LogFunction.Security, "Password Reset For {Username}", user.Username);
user.Password = "";
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Password Reset Failed For {Username}", User.Username);
User = null;
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Password Reset Failed For {Username}", user.Username);
user = null;
}
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Password Reset Failed For {Username}", User.Username);
User = null;
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Password Reset Failed For {Username}", user.Username);
user = null;
}
}
return User;
return user;
}
// GET api/<controller>/current
@ -382,10 +381,10 @@ namespace Oqtane.Controllers
return user;
}
private string GetUserRoles(int UserId, int SiteId)
private string GetUserRoles(int userId, int siteId)
{
string roles = "";
List<UserRole> userroles = _userRoles.GetUserRoles(UserId, SiteId).ToList();
List<UserRole> userroles = _userRoles.GetUserRoles(userId, siteId).ToList();
foreach (UserRole userrole in userroles)
{
roles += userrole.Role.Name + ";";

24
Oqtane.Server/Controllers/UserRoleController.cs
View File

@ -1,10 +1,10 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using Oqtane.Infrastructure;
using Oqtane.Infrastructure.Interfaces;
using Oqtane.Repository;
namespace Oqtane.Controllers
{
@ -41,29 +41,29 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize(Roles = Constants.AdminRole)]
public UserRole Post([FromBody] UserRole UserRole)
public UserRole Post([FromBody] UserRole userRole)
{
if (ModelState.IsValid)
{
UserRole = _userRoles.AddUserRole(UserRole);
_syncManager.AddSyncEvent(EntityNames.User, UserRole.UserId);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "User Role Added {UserRole}", UserRole);
userRole = _userRoles.AddUserRole(userRole);
_syncManager.AddSyncEvent(EntityNames.User, userRole.UserId);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "User Role Added {UserRole}", userRole);
}
return UserRole;
return userRole;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = Constants.AdminRole)]
public UserRole Put(int id, [FromBody] UserRole UserRole)
public UserRole Put(int id, [FromBody] UserRole userRole)
{
if (ModelState.IsValid)
{
UserRole = _userRoles.UpdateUserRole(UserRole);
_syncManager.AddSyncEvent(EntityNames.User, UserRole.UserId);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "User Role Updated {UserRole}", UserRole);
userRole = _userRoles.UpdateUserRole(userRole);
_syncManager.AddSyncEvent(EntityNames.User, userRole.UserId);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "User Role Updated {UserRole}", userRole);
}
return UserRole;
return userRole;
}
// DELETE api/<controller>/5