Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Permission grid control, refactor permission string serialization

Browse Source
This commit is contained in:
Shaun Walker
2019-08-30 10:05:13 -04:00
parent 3ce7f1a227
commit 88a08c8863
27 changed files with 460 additions and 216 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Oqtane.Server/Controllers/AliasController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Controllers
{
@ -32,7 +33,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public Alias Post([FromBody] Alias Alias)
{
if (ModelState.IsValid)
@ -44,7 +45,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public Alias Put(int id, [FromBody] Alias Alias)
{
if (ModelState.IsValid)
@ -56,7 +57,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public void Delete(int id)
{
Aliases.DeleteAlias(id);

7
Oqtane.Server/Controllers/ModuleController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Controllers
{
@ -54,7 +55,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public Module Post([FromBody] Module Module)
{
if (ModelState.IsValid)
@ -66,7 +67,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public Module Put(int id, [FromBody] Module Module)
{
if (ModelState.IsValid)
@ -78,7 +79,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public void Delete(int id)
{
Modules.DeleteModule(id);

7
Oqtane.Server/Controllers/PageController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Controllers
{
@ -39,7 +40,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public Page Post([FromBody] Page Page)
{
if (ModelState.IsValid)
@ -51,7 +52,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public Page Put(int id, [FromBody] Page Page)
{
if (ModelState.IsValid)
@ -63,7 +64,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public void Delete(int id)
{
Pages.DeletePage(id);

7
Oqtane.Server/Controllers/PageModuleController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Controllers
{
@ -32,7 +33,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public PageModule Post([FromBody] PageModule PageModule)
{
if (ModelState.IsValid)
@ -44,7 +45,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public PageModule Put(int id, [FromBody] PageModule PageModule)
{
if (ModelState.IsValid)
@ -56,7 +57,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public void Delete(int id)
{
PageModules.DeletePageModule(id);

7
Oqtane.Server/Controllers/PermissionController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Controllers
{
@ -32,7 +33,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public Permission Post([FromBody] Permission Permission)
{
if (ModelState.IsValid)
@ -44,7 +45,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public Permission Put(int id, [FromBody] Permission Permission)
{
if (ModelState.IsValid)
@ -56,7 +57,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public void Delete(int id)
{
Permissions.DeletePermission(id);

7
Oqtane.Server/Controllers/RoleController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Controllers
{
@ -39,7 +40,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public Role Post([FromBody] Role Role)
{
if (ModelState.IsValid)
@ -51,7 +52,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public Role Put(int id, [FromBody] Role Role)
{
if (ModelState.IsValid)
@ -63,7 +64,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public void Delete(int id)
{
Roles.DeleteRole(id);

7
Oqtane.Server/Controllers/SettingController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Controllers
{
@ -32,7 +33,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize]
[Authorize(Roles = Constants.AdminRole)]
public Setting Post([FromBody] Setting Setting)
{
if (ModelState.IsValid)
@ -44,7 +45,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize]
[Authorize(Roles = Constants.AdminRole)]
public Setting Put(int id, [FromBody] Setting Setting)
{
if (ModelState.IsValid)
@ -56,7 +57,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize]
[Authorize(Roles = Constants.AdminRole)]
public void Delete(int id)
{
Settings.DeleteSetting(id);

7
Oqtane.Server/Controllers/SiteController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Controllers
{
@ -32,7 +33,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize]
[Authorize(Roles = Constants.HostRole)]
public Site Post([FromBody] Site Site)
{
if (ModelState.IsValid)
@ -44,7 +45,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize]
[Authorize(Roles = Constants.HostRole)]
public Site Put(int id, [FromBody] Site Site)
{
if (ModelState.IsValid)
@ -56,7 +57,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize]
[Authorize(Roles = Constants.HostRole)]
public void Delete(int id)
{
Sites.DeleteSite(id);

7
Oqtane.Server/Controllers/TenantController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using System.Collections.Generic;
using Oqtane.Shared;
namespace Oqtane.Controllers
{
@ -32,7 +33,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize]
[Authorize(Roles = Constants.HostRole)]
public Tenant Post([FromBody] Tenant Tenant)
{
if (ModelState.IsValid)
@ -44,7 +45,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize]
[Authorize(Roles = Constants.HostRole)]
public Tenant Put(int id, [FromBody] Tenant Tenant)
{
if (ModelState.IsValid)
@ -56,7 +57,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize]
[Authorize(Roles = Constants.HostRole)]
public void Delete(int id)
{
Tenants.DeleteTenant(id);

4
Oqtane.Server/Controllers/UserController.cs
View File

@ -178,7 +178,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public User Put(int id, [FromBody] User User)
{
if (ModelState.IsValid)
@ -190,7 +190,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5?siteid=x
[HttpDelete("{id}")]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public void Delete(int id, string siteid)
{
SiteUser siteuser = SiteUsers.GetSiteUser(id, int.Parse(siteid));

7
Oqtane.Server/Controllers/UserRoleController.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Controllers
{
@ -39,7 +40,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public UserRole Post([FromBody] UserRole UserRole)
{
if (ModelState.IsValid)
@ -51,7 +52,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public UserRole Put(int id, [FromBody] UserRole UserRole)
{
if (ModelState.IsValid)
@ -63,7 +64,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize(Roles = "Administrators")]
[Authorize(Roles = Constants.AdminRole)]
public void Delete(int id)
{
UserRoles.DeleteUserRole(id);

67
Oqtane.Server/Repository/PermissionRepository.cs
View File

@ -4,6 +4,8 @@ using System.Linq;
using Oqtane.Models;
using System.Text;
using System;
using System.Text.Json;
using System.Text.Json.Serialization;
namespace Oqtane.Repository
{
@ -136,18 +138,22 @@ namespace Oqtane.Repository
// permissions are stored in the format "{permissionname:!rolename1;![userid1];rolename2;rolename3;[userid2];[userid3]}" where "!" designates Deny permissions
public string EncodePermissions(int EntityId, List<Permission> Permissions)
{
string permissions = "";
List<PermissionString> permissionstrings = new List<PermissionString>();
string permissionname = "";
string permissions = "";
StringBuilder permissionsbuilder = new StringBuilder();
string perm = "";
string securityid = "";
foreach (Permission permission in Permissions.Where(item => item.EntityId == EntityId).OrderBy(item => item.PermissionName))
{
// permission collections are grouped by permissionname
if (permissionname != permission.PermissionName)
{
permissions = permissionsbuilder.ToString();
if (permissions != "")
{
permissionstrings.Add(new PermissionString { PermissionName = permissionname, Permissions = permissions.Substring(0, permissions.Length - 1) });
}
permissionname = permission.PermissionName;
permissions += permissionsbuilder.ToString();
permissions += ((permissions != "") ? "}" : "") + "{" + permissionname + ":";
permissionsbuilder = new StringBuilder();
}
@ -157,77 +163,76 @@ namespace Oqtane.Repository
// encode permission
if (permission.UserId == null)
{
perm = prefix + permission.Role.Name + ";";
securityid = prefix + permission.Role.Name + ";";
}
else
{
perm = prefix + "[" + permission.UserId.ToString() + "];";
securityid = prefix + "[" + permission.UserId.ToString() + "];";
}
// insert Deny permissions at the beginning and append Grant permissions at the end
// insert deny permissions at the beginning and append grant permissions at the end
if (prefix == "!")
{
permissionsbuilder.Insert(0, perm);
permissionsbuilder.Insert(0, securityid);
}
else
{
permissionsbuilder.Append(perm);
permissionsbuilder.Append(securityid);
}
}
if (permissionsbuilder.ToString() != "")
permissions = permissionsbuilder.ToString();
if (permissions != "")
{
permissions += permissionsbuilder.ToString() + "}";
permissionstrings.Add(new PermissionString { PermissionName = permissionname, Permissions = permissions.Substring(0, permissions.Length - 1) });
}
return permissions;
return JsonSerializer.Serialize(permissionstrings);
}
public List<Permission> DecodePermissions(string Permissions, int SiteId, string EntityName, int EntityId)
public List<Permission> DecodePermissions(string PermissionStrings, int SiteId, string EntityName, int EntityId)
{
List<Role> roles = Roles.GetRoles(SiteId).ToList();
List<Permission> permissions = new List<Permission>();
string perm = "";
string permissionname;
string permissionstring;
foreach (string PermissionString in Permissions.Split(new char[] { '{' }, StringSplitOptions.RemoveEmptyEntries))
List<Role> roles = Roles.GetRoles(SiteId).ToList();
string securityid = "";
foreach (PermissionString permissionstring in JsonSerializer.Deserialize<List<PermissionString>>(PermissionStrings))
{
permissionname = PermissionString.Substring(0, PermissionString.IndexOf(":"));
permissionstring = PermissionString.Replace(permissionname + ":", "").Replace("}", "");
foreach (string Perm in permissionstring.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
foreach (string id in permissionstring.Permissions.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
{
perm = Perm;
securityid = id;
Permission permission = new Permission();
permission.SiteId = SiteId;
permission.EntityName = EntityName;
permission.EntityId = EntityId;
permission.PermissionName = permissionname;
permission.PermissionName = permissionstring.PermissionName;
permission.RoleId = null;
permission.UserId = null;
permission.IsAuthorized = true;
if (perm.StartsWith("!"))
if (securityid.StartsWith("!"))
{
// deny permission
perm.Replace("!", "");
securityid.Replace("!", "");
permission.IsAuthorized = false;
}
if (perm.StartsWith("[") && perm.EndsWith("]"))
if (securityid.StartsWith("[") && securityid.EndsWith("]"))
{
// user id
perm = perm.Replace("[", "").Replace("]", "");
permission.UserId = int.Parse(perm);
securityid = securityid.Replace("[", "").Replace("]", "");
permission.UserId = int.Parse(securityid);
}
else
{
// role name
Role role = roles.Where(item => item.Name == perm).SingleOrDefault();
Role role = roles.Where(item => item.Name == securityid).SingleOrDefault();
if (role != null)
{
permission.RoleId = role.RoleId;
}
}
permissions.Add(permission);
if (permission.UserId != null || permission.RoleId != null)
{
permissions.Add(permission);
}
}
}
return permissions;

9
Oqtane.Server/Security/IUserPermissions.cs Normal file
View File

@ -0,0 +1,9 @@
using System.Security.Claims;
namespace Oqtane.Security
{
public interface IUserPermissions
{
bool IsAuthorized(ClaimsPrincipal User, string EntityName, int EntityId, string PermissionName);
}
}

35
Oqtane.Server/Security/PermissionHandler.cs
View File

@ -1,22 +1,19 @@
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Oqtane.Models;
using Oqtane.Repository;
namespace Oqtane.Security
{
public class PermissionHandler : AuthorizationHandler<PermissionRequirement>
{
private readonly IHttpContextAccessor HttpContextAccessor;
private readonly IPermissionRepository Permissions;
private readonly IUserPermissions UserPermissions;
public PermissionHandler(IHttpContextAccessor HttpContextAccessor, IPermissionRepository Permissions)
public PermissionHandler(IHttpContextAccessor HttpContextAccessor, IUserPermissions UserPermissions)
{
this.HttpContextAccessor = HttpContextAccessor;
this.Permissions = Permissions;
this.UserPermissions = UserPermissions;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement)
@ -26,27 +23,7 @@ namespace Oqtane.Security
if (ctx != null && ctx.Request.Query.ContainsKey("entityid"))
{
int EntityId = int.Parse(ctx.Request.Query["entityid"]);
string permissions = Permissions.EncodePermissions(EntityId, Permissions.GetPermissions(requirement.EntityName, EntityId, requirement.PermissionName).ToList());
User user = new User();
user.UserId = -1;
user.Roles = "";
if (context.User != null)
{
var idclaim = context.User.Claims.Where(item => item.Type == ClaimTypes.PrimarySid).FirstOrDefault();
if (idclaim != null)
{
user.UserId = int.Parse(idclaim.Value);
foreach (var claim in context.User.Claims.Where(item => item.Type == ClaimTypes.Role))
{
user.Roles += claim.Value + ";";
}
if (user.Roles != "") user.Roles = ";" + user.Roles;
}
}
if (UserSecurity.IsAuthorized(user, requirement.PermissionName, permissions))
if (UserPermissions.IsAuthorized(context.User, requirement.EntityName, EntityId, requirement.PermissionName))
{
context.Succeed(requirement);
}

42
Oqtane.Server/Security/UserPermissions.cs Normal file
View File

@ -0,0 +1,42 @@
using Oqtane.Models;
using Oqtane.Repository;
using System.Linq;
using System.Security.Claims;
namespace Oqtane.Security
{
public class UserPermissions : IUserPermissions
{
private readonly IPermissionRepository Permissions;
public UserPermissions(IPermissionRepository Permissions)
{
this.Permissions = Permissions;
}
public bool IsAuthorized(ClaimsPrincipal User, string EntityName, int EntityId, string PermissionName)
{
string permissionstrings = Permissions.EncodePermissions(EntityId, Permissions.GetPermissions(EntityName, EntityId, PermissionName).ToList());
User user = new User();
user.UserId = -1;
user.Roles = "";
if (User != null)
{
var idclaim = User.Claims.Where(item => item.Type == ClaimTypes.PrimarySid).FirstOrDefault();
if (idclaim != null)
{
user.UserId = int.Parse(idclaim.Value);
foreach (var claim in User.Claims.Where(item => item.Type == ClaimTypes.Role))
{
user.Roles += claim.Value + ";";
}
if (user.Roles != "") user.Roles = ";" + user.Roles;
}
}
return UserSecurity.IsAuthorized(user, PermissionName, permissionstrings);
}
}
}

2
Oqtane.Server/Startup.cs
View File

@ -169,6 +169,7 @@ namespace Oqtane.Server
services.AddSingleton<IThemeRepository, ThemeRepository>();
// register transient scoped core services
services.AddTransient<IUserPermissions, UserPermissions>();
services.AddTransient<ITenantResolver, TenantResolver>();
services.AddTransient<IAliasRepository, AliasRepository>();
services.AddTransient<ITenantRepository, TenantRepository>();
@ -334,6 +335,7 @@ namespace Oqtane.Server
services.AddSingleton<IThemeRepository, ThemeRepository>();
// register transient scoped core services
services.AddTransient<IUserPermissions, UserPermissions>();
services.AddTransient<ITenantResolver, TenantResolver>();
services.AddTransient<IAliasRepository, AliasRepository>();
services.AddTransient<ITenantRepository, TenantRepository>();