fix #4284 - handle user role effective and expiry date

2024-07-22 21:09:35 -04:00
parent 8b2e55a969
commit 8ca2f0a49f
11 changed files with 153 additions and 74 deletions
--- a/Oqtane.Server/Security/UserPermissions.cs
+++ b/Oqtane.Server/Security/UserPermissions.cs
@ -7,6 +7,7 @@ using Oqtane.Extensions;
 using System;
 using System.Collections.Generic;
 using System.Text.Json;
+using Oqtane.Shared;

 namespace Oqtane.Security
 {
@ -26,11 +27,13 @@ namespace Oqtane.Security
    public class UserPermissions : IUserPermissions
    {
        private readonly IPermissionRepository _permissions;
+        private readonly IUserRoleRepository _userRoles;
        private readonly IHttpContextAccessor _accessor;

-        public UserPermissions(IPermissionRepository permissions, IHttpContextAccessor accessor)
+        public UserPermissions(IPermissionRepository permissions, IUserRoleRepository userRoles, IHttpContextAccessor accessor)
        {
            _permissions = permissions;
+            _userRoles = userRoles;
            _accessor = accessor;
        }

@ -71,13 +74,24 @@ namespace Oqtane.Security
            if (user.IsAuthenticated)
            {
                user.Username = principal.Identity.Name;
-                if (principal.Claims.Any(item => item.Type == ClaimTypes.NameIdentifier))
+                user.UserId = principal.UserId();
+
+                // include roles
+                var userRoles = _userRoles.GetUserRoles(user.UserId, principal.SiteId()).ToList();
+                foreach (var roleName in principal.Roles())
                {
-                    user.UserId = int.Parse(principal.Claims.First(item => item.Type == ClaimTypes.NameIdentifier).Value);
-                }
-                foreach (var claim in principal.Claims.Where(item => item.Type == ClaimTypes.Role))
-                {
-                    user.Roles += claim.Value + ";";
+                    var role = userRoles.FirstOrDefault(item => item.Role.Name == roleName);
+                    if (role != null)
+                    {
+                        if (Utilities.IsEffectiveOrExpired(role.EffectiveDate,role.ExpiryDate))
+                        {
+                            user.Roles += roleName + ";";
+                        }
+                    }
+                    else
+                    {
+                        user.Roles += roleName + ";";
+                    }
                }
                if (user.Roles != "") user.Roles = ";" + user.Roles;
            }