diff --git a/Oqtane.Client/Modules/Controls/PermissionGrid.razor b/Oqtane.Client/Modules/Controls/PermissionGrid.razor index a1f6e094..2a883920 100644 --- a/Oqtane.Client/Modules/Controls/PermissionGrid.razor +++ b/Oqtane.Client/Modules/Controls/PermissionGrid.razor @@ -9,62 +9,26 @@ @if (_permissions != null) { -
-
-
- - - - - @foreach (var permissionname in _permissionnames) - { - - } - - @foreach (Role role in _roles) - { +
+
+
+
@Localizer["Role"]@((MarkupString)DisplayPermissionName(permissionname).Replace(" ", "
"))
+ - + @foreach (var permissionname in _permissionnames) { - + } - } - -
@role.Name@Localizer["Role"] - - @((MarkupString)DisplayPermissionName(permissionname).Replace(" ", "
"))
-
-
-
-
-
- @if (_users.Count != 0) - { -
-
-
-
- - - - - @foreach (var permissionname in _permissionnames) - { - - } - - - - @foreach (User user in _users) + @foreach (Role role in _roles) { - + @foreach (var permissionname in _permissionnames) { - } @@ -72,200 +36,242 @@
@Localizer["User"]@((MarkupString)DisplayPermissionName(permissionname).Replace(" ", "
"))
@user.DisplayName (@user.Username)@role.Name - + +

- } +
+
+
+
+ @if (_users.Count != 0) + { +
+
+
+
+ + + + + @foreach (var permissionname in _permissionnames) + { + + } + + + + @foreach (User user in _users) + { + + + @foreach (var permissionname in _permissionnames) + { + + } + + } + +
@Localizer["User"]@((MarkupString)DisplayPermissionName(permissionname).Replace(" ", "
"))
@user.DisplayName (@user.Username) + +
+
+ } +
+
+
+
+ +
+
+ +
+
+
+
+ +
-
-
- -
-
- -
-
-
-
- -
-
- } @code { - private List _permissionnames; - private List _permissions; - private List _roles; - private List _users = new List(); - private AutoComplete _user; - private string _message = string.Empty; + private List _permissionnames; + private List _permissions; + private List _roles; + private List _users = new List(); + private AutoComplete _user; + private string _message = string.Empty; - [Parameter] - public string EntityName { get; set; } + [Parameter] + public string EntityName { get; set; } - [Parameter] - public string PermissionNames { get; set; } + [Parameter] + public string PermissionNames { get; set; } - [Parameter] - public string Permissions { get; set; } // deprecated - use PermissionList instead + [Parameter] + public string Permissions { get; set; } // deprecated - use PermissionList instead - [Parameter] - public List PermissionList { get; set; } + [Parameter] + public List PermissionList { get; set; } protected override async Task OnInitializedAsync() - { - if (!string.IsNullOrEmpty(Permissions)) - { - PermissionList = JsonSerializer.Deserialize>(Permissions); - } + { + if (!string.IsNullOrEmpty(Permissions)) + { + PermissionList = JsonSerializer.Deserialize>(Permissions); + } - _roles = await RoleService.GetRolesAsync(ModuleState.SiteId, true); - if (!UserSecurity.IsAuthorized(PageState.User, RoleNames.Host)) - { - _roles.RemoveAll(item => item.Name == RoleNames.Host); - } + _roles = await RoleService.GetRolesAsync(ModuleState.SiteId, true); + _roles.RemoveAll(item => item.Name == RoleNames.Host); // remove host role - // get permission names - if (string.IsNullOrEmpty(PermissionNames)) - { - _permissionnames = new List(); - _permissionnames.Add(Shared.PermissionNames.View); - _permissionnames.Add(Shared.PermissionNames.Edit); - } - else - { - _permissionnames = PermissionNames.Split(',', StringSplitOptions.RemoveEmptyEntries).ToList(); - } + // get permission names + if (string.IsNullOrEmpty(PermissionNames)) + { + _permissionnames = new List(); + _permissionnames.Add(Shared.PermissionNames.View); + _permissionnames.Add(Shared.PermissionNames.Edit); + } + else + { + _permissionnames = PermissionNames.Split(',', StringSplitOptions.RemoveEmptyEntries).ToList(); + } - // initialize permissions - _permissions = new List(); - if (PermissionList != null && PermissionList.Any()) - { - foreach (var permission in PermissionList) - { - _permissions.Add(permission); - if (permission.UserId != null) - { - if (!_users.Any(item => item.UserId == permission.UserId.Value)) - { - _users.Add(await UserService.GetUserAsync(permission.UserId.Value, ModuleState.SiteId)); - } - } - } - } - else - { - foreach (string permissionname in _permissionnames) - { - // permission names can be in the form of "EntityName:PermissionName:Roles" - if (permissionname.Contains(":")) - { - var segments = permissionname.Split(':'); - if (segments.Length == 3) - { - foreach (var role in segments[2].Split(';')) - { - _permissions.Add(new Permission(ModuleState.SiteId, segments[0], segments[1], role, null, true)); - } - // ensure admin access - if (!_permissions.Any(item => item.EntityName == segments[0] && item.PermissionName == segments[1] && item.RoleName == RoleNames.Admin)) - { - _permissions.Add(new Permission(ModuleState.SiteId, segments[0], segments[1], RoleNames.Admin, null, true)); - } - } - } - else - { - _permissions.Add(new Permission(ModuleState.SiteId, EntityName, permissionname, RoleNames.Admin, null, true)); - } - } - } - } + // initialize permissions + _permissions = new List(); + if (PermissionList != null && PermissionList.Any()) + { + foreach (var permission in PermissionList) + { + _permissions.Add(permission); + if (permission.UserId != null) + { + if (!_users.Any(item => item.UserId == permission.UserId.Value)) + { + _users.Add(await UserService.GetUserAsync(permission.UserId.Value, ModuleState.SiteId)); + } + } + } + } + else + { + foreach (string permissionname in _permissionnames) + { + // permission names can be in the form of "EntityName:PermissionName:Roles" + if (permissionname.Contains(":")) + { + var segments = permissionname.Split(':'); + if (segments.Length == 3) + { + foreach (var role in segments[2].Split(';')) + { + _permissions.Add(new Permission(ModuleState.SiteId, segments[0], segments[1], role, null, true)); + } + // ensure admin access + if (!_permissions.Any(item => item.EntityName == segments[0] && item.PermissionName == segments[1] && item.RoleName == RoleNames.Admin)) + { + _permissions.Add(new Permission(ModuleState.SiteId, segments[0], segments[1], RoleNames.Admin, null, true)); + } + } + } + else + { + _permissions.Add(new Permission(ModuleState.SiteId, EntityName, permissionname, RoleNames.Admin, null, true)); + } + } + } + } - private string GetPermissionName(string permissionName) - { - return (permissionName.Contains(":")) ? permissionName.Split(':')[1] : permissionName; - } + private string GetPermissionName(string permissionName) + { + return (permissionName.Contains(":")) ? permissionName.Split(':')[1] : permissionName; + } - private string GetEntityName(string permissionName) - { - return (permissionName.Contains(":")) ? permissionName.Split(':')[0] : EntityName; - } + private string GetEntityName(string permissionName) + { + return (permissionName.Contains(":")) ? permissionName.Split(':')[0] : EntityName; + } - private string DisplayPermissionName(string permissionName) - { - var name = Localizer[GetPermissionName(permissionName)].ToString(); - name += " " + Localizer[GetEntityName(permissionName)].ToString(); - return name; - } + private string DisplayPermissionName(string permissionName) + { + var name = Localizer[GetPermissionName(permissionName)].ToString(); + name += " " + Localizer[GetEntityName(permissionName)].ToString(); + return name; + } - private bool? GetPermissionValue(string permissionName, string roleName, int userId) - { - bool? isauthorized = null; - if (roleName != "") - { - var permission = _permissions.FirstOrDefault(item => item.EntityName == GetEntityName(permissionName) && item.PermissionName == GetPermissionName(permissionName) && item.RoleName == roleName); - if (permission != null) - { - isauthorized = permission.IsAuthorized; - } - } - else - { - var permission = _permissions.FirstOrDefault(item => item.EntityName == GetEntityName(permissionName) && item.PermissionName == GetPermissionName(permissionName) && item.UserId == userId); - if (permission != null) - { - isauthorized = permission.IsAuthorized; - } - } - return isauthorized; - } + private bool? GetPermissionValue(string permissionName, string roleName, int userId) + { + bool? isauthorized = null; + if (roleName != "") + { + var permission = _permissions.FirstOrDefault(item => item.EntityName == GetEntityName(permissionName) && item.PermissionName == GetPermissionName(permissionName) && item.RoleName == roleName); + if (permission != null) + { + isauthorized = permission.IsAuthorized; + } + } + else + { + var permission = _permissions.FirstOrDefault(item => item.EntityName == GetEntityName(permissionName) && item.PermissionName == GetPermissionName(permissionName) && item.UserId == userId); + if (permission != null) + { + isauthorized = permission.IsAuthorized; + } + } + return isauthorized; + } - private bool GetPermissionDisabled(string permissionName, string roleName) - { - if (roleName == RoleNames.Admin && !UserSecurity.IsAuthorized(PageState.User, RoleNames.Host)) - { - return true; - } - else - { - if (GetEntityName(permissionName) != EntityName && !UserSecurity.IsAuthorized(PageState.User, RoleNames.Admin)) - { - return true; - } - else - { - return false; - } - } - } + private bool GetPermissionDisabled(string permissionName, string roleName) + { + var disabled = false; - private void PermissionChanged(bool? value, string permissionName, string roleName, int userId) - { - if (roleName != "") - { - var permission = _permissions.FirstOrDefault(item => item.EntityName == GetEntityName(permissionName) && item.PermissionName == GetPermissionName(permissionName) && item.RoleName == roleName); - if (permission != null) - { - _permissions.Remove(permission); - } - if (value != null) - { - _permissions.Add(new Permission(ModuleState.SiteId, GetEntityName(permissionName), GetPermissionName(permissionName), roleName, null, value.Value)); - } - } - else - { - var permission = _permissions.FirstOrDefault(item => item.EntityName == GetEntityName(permissionName) && item.PermissionName == GetPermissionName(permissionName) && item.UserId == userId); - if (permission != null) - { - _permissions.Remove(permission); - } - if (value != null) - { - _permissions.Add(new Permission(ModuleState.SiteId, GetEntityName(permissionName), GetPermissionName(permissionName), null, userId, value.Value)); - } - } - } + // administrator role permissions can only be changed by a host + if (roleName == RoleNames.Admin && !UserSecurity.IsAuthorized(PageState.User, RoleNames.Host)) + { + disabled = true; + } + + // API permissions can only be changed by an administrator + if (GetEntityName(permissionName) != EntityName && !UserSecurity.IsAuthorized(PageState.User, RoleNames.Admin)) + { + disabled = true; + } + + return disabled; + } + + private bool? PermissionChanged(bool? value, string permissionName, string roleName, int userId) + { + if (roleName != "") + { + var permission = _permissions.FirstOrDefault(item => item.EntityName == GetEntityName(permissionName) && item.PermissionName == GetPermissionName(permissionName) && item.RoleName == roleName); + if (permission != null) + { + _permissions.Remove(permission); + } + + // system roles cannot be denied - only custom roles can be denied + var role = _roles.FirstOrDefault(item => item.Name == roleName); + if (value != null && !value.Value && role.IsSystem) + { + value = null; + } + + if (value != null) + { + _permissions.Add(new Permission(ModuleState.SiteId, GetEntityName(permissionName), GetPermissionName(permissionName), roleName, null, value.Value)); + } + } + else + { + var permission = _permissions.FirstOrDefault(item => item.EntityName == GetEntityName(permissionName) && item.PermissionName == GetPermissionName(permissionName) && item.UserId == userId); + if (permission != null) + { + _permissions.Remove(permission); + } + if (value != null) + { + _permissions.Add(new Permission(ModuleState.SiteId, GetEntityName(permissionName), GetPermissionName(permissionName), null, userId, value.Value)); + } + } + return value; + } private async Task> GetUsers(string filter) { @@ -305,29 +311,20 @@ private void ValidatePermissions() { - // remove deny all users, unauthenticated, and registered users - var permissions = _permissions.Where(item => !item.IsAuthorized && - (item.RoleName == RoleNames.Everyone || item.RoleName == RoleNames.Unauthenticated || item.RoleName == RoleNames.Registered)).ToList(); - foreach (var permission in permissions) - { - _permissions.Remove(permission); - } if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host)) { - // remove deny administrators and host users - permissions = _permissions.Where(item => !item.IsAuthorized && - (item.RoleName == RoleNames.Admin || item.RoleName == RoleNames.Host)).ToList(); - foreach (var permission in permissions) + // remove host role permissions + var permissions = _permissions.Where(item => item.RoleName == RoleNames.Host).ToList(); + foreach (var permission in permissions) + { + _permissions.Remove(permission); + } + // add host role permissions if administrator role is not assigned (to prevent lockout) + foreach (var permissionname in _permissionnames) { - _permissions.Remove(permission); - } - foreach (var permissionname in _permissionnames) - { - // add administrators role if neither host or administrator is assigned - if (!_permissions.Any(item => item.EntityName == GetEntityName(permissionname) && item.PermissionName == GetPermissionName(permissionname) && - (item.RoleName == RoleNames.Admin || item.RoleName == RoleNames.Host))) + if (!_permissions.Any(item => item.EntityName == GetEntityName(permissionname) && item.PermissionName == GetPermissionName(permissionname) && item.RoleName == RoleNames.Admin)) { - _permissions.Add(new Permission(ModuleState.SiteId, GetEntityName(permissionname), GetPermissionName(permissionname), RoleNames.Admin, null, true)); + _permissions.Add(new Permission(ModuleState.SiteId, GetEntityName(permissionname), GetPermissionName(permissionname), RoleNames.Host, null, true)); } } } diff --git a/Oqtane.Client/Modules/Controls/TriStateCheckBox.razor b/Oqtane.Client/Modules/Controls/TriStateCheckBox.razor index 538aa3ae..e87c2874 100644 --- a/Oqtane.Client/Modules/Controls/TriStateCheckBox.razor +++ b/Oqtane.Client/Modules/Controls/TriStateCheckBox.razor @@ -16,7 +16,7 @@ public bool Disabled { get; set; } [Parameter] - public Action OnChange { get; set; } + public Func OnChange { get; set; } protected override void OnInitialized() { @@ -41,27 +41,35 @@ break; } + _value = OnChange(_value); SetImage(); - OnChange(_value); } } private void SetImage() { - switch (_value) + if (!Disabled) { - case true: - _src = "images/checked.png"; - _title = Localizer["PermissionGranted"]; - break; - case false: - _src = "images/unchecked.png"; - _title = Localizer["PermissionDenied"]; - break; - case null: - _src = "images/null.png"; - _title = string.Empty; - break; + switch (_value) + { + case true: + _src = "images/checked.png"; + _title = Localizer["PermissionGranted"]; + break; + case false: + _src = "images/unchecked.png"; + _title = Localizer["PermissionDenied"]; + break; + case null: + _src = "images/null.png"; + _title = string.Empty; + break; + } + } + else + { + _src = "images/disabled.png"; + _title = Localizer["PermissionDisabled"]; } StateHasChanged(); diff --git a/Oqtane.Client/Resources/Modules/Controls/TriStateCheckBox.resx b/Oqtane.Client/Resources/Modules/Controls/TriStateCheckBox.resx index 3def68ad..af745b24 100644 --- a/Oqtane.Client/Resources/Modules/Controls/TriStateCheckBox.resx +++ b/Oqtane.Client/Resources/Modules/Controls/TriStateCheckBox.resx @@ -123,4 +123,7 @@ Permission Denied + + Permission Disabled + \ No newline at end of file diff --git a/Oqtane.Server/wwwroot/images/disabled.png b/Oqtane.Server/wwwroot/images/disabled.png new file mode 100644 index 00000000..cc58ba2a Binary files /dev/null and b/Oqtane.Server/wwwroot/images/disabled.png differ