diff --git a/Oqtane.Client/Modules/Admin/Modules/Settings.razor b/Oqtane.Client/Modules/Admin/Modules/Settings.razor index 5abb6fdf..31cedb01 100644 --- a/Oqtane.Client/Modules/Admin/Modules/Settings.razor +++ b/Oqtane.Client/Modules/Admin/Modules/Settings.razor @@ -63,7 +63,7 @@ } - @if (_containers != null) + @if (_permissions != null) { @@ -90,7 +90,7 @@ private string _containerType; private string _allPages = "false"; private string _permissionNames = ""; - private string _permissions; + private string _permissions = null; private string _pageId; private PermissionGrid _permissionGrid; private Type _settingsModuleType; diff --git a/Oqtane.Client/Modules/Admin/Pages/Edit.razor b/Oqtane.Client/Modules/Admin/Pages/Edit.razor index 305420d5..7373d36a 100644 --- a/Oqtane.Client/Modules/Admin/Pages/Edit.razor +++ b/Oqtane.Client/Modules/Admin/Pages/Edit.razor @@ -202,13 +202,16 @@ } -
- - - -
- -
+ @if (_permissions != null) + { + + + + +
+ +
+ } @@ -237,7 +240,7 @@ private string _layouttype = "-"; private string _containertype = "-"; private string _icon; - private string _permissions; + private string _permissions = null; private string _createdby; private DateTime _createdon; private string _modifiedby; diff --git a/Oqtane.Client/Modules/Admin/UserProfile/Add.razor b/Oqtane.Client/Modules/Admin/UserProfile/Add.razor index e6ae6b68..c413ec91 100644 --- a/Oqtane.Client/Modules/Admin/UserProfile/Add.razor +++ b/Oqtane.Client/Modules/Admin/UserProfile/Add.razor @@ -1,7 +1,7 @@ @namespace Oqtane.Modules.Admin.UserProfile @inherits ModuleBase @inject NavigationManager NavigationManager -@inject IUserRoleService UserRoleService +@inject IUserService UserService @inject INotificationService NotificationService @if (PageState.User != null) @@ -9,19 +9,10 @@ @@ -46,8 +37,7 @@ } @code { - private List userroles; - private string userid = "-1"; + private string username = ""; private string subject = ""; private string body = ""; @@ -55,41 +45,35 @@ public override string Title => "Send Notification"; - protected override async Task OnInitializedAsync() - { - try - { - userroles = await UserRoleService.GetUserRolesAsync(PageState.Site.SiteId); - userroles = userroles.Where(item => item.Role.Name == Constants.RegisteredRole || item.Role.Name == Constants.HostRole) - .OrderBy(item => item.User.DisplayName).ToList(); - } - catch (Exception ex) - { - await logger.LogError(ex, "Error Loading Users {Error}", ex.Message); - AddModuleMessage("Error Loading Users", MessageType.Error); - } - } - private async Task Send() { var notification = new Notification(); try { - notification.SiteId = PageState.Site.SiteId; - notification.FromUserId = PageState.User.UserId; - notification.ToUserId = int.Parse(userid); - notification.ToEmail = ""; - notification.Subject = subject; - notification.Body = body; - notification.ParentId = null; - notification.CreatedOn = DateTime.UtcNow; - notification.IsDelivered = false; - notification.DeliveredOn = null; - - notification = await NotificationService.AddNotificationAsync(notification); - - await logger.LogInformation("Notification Created {Notification}", notification); - NavigationManager.NavigateTo(NavigateUrl()); + var user = await UserService.GetUserAsync(username, PageState.Site.SiteId); + if (user != null) + { + notification.SiteId = PageState.Site.SiteId; + notification.FromUserId = PageState.User.UserId; + notification.FromDisplayName = PageState.User.DisplayName; + notification.FromEmail = PageState.User.Email; + notification.ToUserId = user.UserId; + notification.ToDisplayName = user.DisplayName; + notification.ToEmail = user.Email; + notification.Subject = subject; + notification.Body = body; + notification.ParentId = null; + notification.CreatedOn = DateTime.UtcNow; + notification.IsDelivered = false; + notification.DeliveredOn = null; + notification = await NotificationService.AddNotificationAsync(notification); + await logger.LogInformation("Notification Created {Notification}", notification); + NavigationManager.NavigateTo(NavigateUrl()); + } + else + { + AddModuleMessage("User Does Not Exist. Please Verify That The Username Provided Is Correct.", MessageType.Warning); + } } catch (Exception ex) { diff --git a/Oqtane.Client/Modules/Admin/UserProfile/Index.razor b/Oqtane.Client/Modules/Admin/UserProfile/Index.razor index fec53f62..b47eb3fe 100644 --- a/Oqtane.Client/Modules/Admin/UserProfile/Index.razor +++ b/Oqtane.Client/Modules/Admin/UserProfile/Index.razor @@ -120,7 +120,7 @@ else - + @@ -143,7 +143,7 @@ else - + diff --git a/Oqtane.Client/Modules/Admin/UserProfile/View.razor b/Oqtane.Client/Modules/Admin/UserProfile/View.razor index 07140f63..5d5a43f5 100644 --- a/Oqtane.Client/Modules/Admin/UserProfile/View.razor +++ b/Oqtane.Client/Modules/Admin/UserProfile/View.razor @@ -1,7 +1,7 @@ @namespace Oqtane.Modules.Admin.UserProfile @inherits ModuleBase @inject NavigationManager NavigationManager -@inject IUserRoleService UserRoleService +@inject IUserService UserService @inject INotificationService NotificationService @if (PageState.User != null) @@ -12,16 +12,7 @@ @@ -72,8 +63,7 @@ @code { private int notificationid; private string title = string.Empty; - private List userroles; - private string userid = "-1"; + private string username = ""; private string subject = string.Empty; private string createdon = string.Empty; private string body = string.Empty; @@ -86,20 +76,17 @@ { try { - userroles = await UserRoleService.GetUserRolesAsync(PageState.Site.SiteId); - userroles = userroles.Where(item => item.Role.Name == Constants.RegisteredRole || item.Role.Name == Constants.HostRole) - .OrderBy(item => item.User.DisplayName).ToList(); - notificationid = Int32.Parse(PageState.QueryString["id"]); Notification notification = await NotificationService.GetNotificationAsync(notificationid); if (notification != null) { + int userid = -1; if (notification.ToUserId == PageState.User.UserId) { title = "From"; if (notification.FromUserId != null) { - userid = notification.FromUserId.ToString(); + userid = notification.FromUserId.Value; } } else @@ -107,10 +94,21 @@ title = "To"; if (notification.ToUserId != null) { - userid = notification.ToUserId.ToString(); + userid = notification.ToUserId.Value; } } - + if (userid != -1) + { + var user = await UserService.GetUserAsync(userid, PageState.Site.SiteId); + if (user != null) + { + username = user.Username; + } + } + if (username == "") + { + username = "System"; + } subject = notification.Subject; createdon = notification.CreatedOn.ToString(); body = notification.Body; @@ -134,23 +132,32 @@ private async Task Send() { var notification = new Notification(); - notification.SiteId = PageState.Site.SiteId; - notification.FromUserId = PageState.User.UserId; - notification.ToUserId = int.Parse(userid); - notification.ToEmail = string.Empty; - notification.Subject = subject; - notification.Body = body; - notification.ParentId = notificationid; - notification.CreatedOn = DateTime.UtcNow; - notification.IsDelivered = false; - notification.DeliveredOn = null; - try { - notification = await NotificationService.AddNotificationAsync(notification); - - await logger.LogInformation("Notification Created {Notification}", notification); - NavigationManager.NavigateTo(NavigateUrl()); + var user = await UserService.GetUserAsync(username, PageState.Site.SiteId); + if (user != null) + { + notification.SiteId = PageState.Site.SiteId; + notification.FromUserId = PageState.User.UserId; + notification.FromDisplayName = PageState.User.DisplayName; + notification.FromEmail = PageState.User.Email; + notification.ToUserId = user.UserId; + notification.ToDisplayName = user.DisplayName; + notification.ToEmail = user.Email; + notification.Subject = subject; + notification.Body = body; + notification.ParentId = notificationid; + notification.CreatedOn = DateTime.UtcNow; + notification.IsDelivered = false; + notification.DeliveredOn = null; + notification = await NotificationService.AddNotificationAsync(notification); + await logger.LogInformation("Notification Created {Notification}", notification); + NavigationManager.NavigateTo(NavigateUrl()); + } + else + { + AddModuleMessage("User Does Not Exist. Please Verify That The Username Provided Is Correct.", MessageType.Warning); + } } catch (Exception ex) { diff --git a/Oqtane.Client/Themes/Controls/ControlPanel.razor b/Oqtane.Client/Themes/Controls/ControlPanel.razor index cff646ba..5c24be76 100644 --- a/Oqtane.Client/Themes/Controls/ControlPanel.razor +++ b/Oqtane.Client/Themes/Controls/ControlPanel.razor @@ -32,7 +32,7 @@ -
+
@@ -50,6 +50,21 @@
+
+
+ @if (UserSecurity.GetPermissionStrings(PageState.Page.Permissions).FirstOrDefault(item => item.PermissionName == PermissionNames.View).Permissions.Split(';').Contains(Constants.AllUsersRole)) + { +
+ +
+ } + else + { +
+ +
+ } +
} @if (_deleteConfirmation) @@ -74,7 +89,7 @@ } -
+
@@ -142,7 +157,7 @@
- +
@if (_pane.Length > 1) @@ -171,7 +186,7 @@
-
+
@((MarkupString) Message) @@ -448,7 +463,7 @@ switch (location) { case "Admin": - // get admin dashboard moduleid + // get admin dashboard moduleid module = PageState.Modules.FirstOrDefault(item => item.ModuleDefinitionName == Constants.AdminDashboardModule); if (module != null) @@ -460,7 +475,7 @@ case "Add": case "Edit": string url = ""; - // get page management moduleid + // get page management moduleid module = PageState.Modules.FirstOrDefault(item => item.ModuleDefinitionName == Constants.PageManagementModule); if (module != null) @@ -485,6 +500,61 @@ } } + private async void Publish(string action) + { + if (UserSecurity.IsAuthorized(PageState.User, PermissionNames.Edit, PageState.Page.Permissions)) + { + List permissions; + + if (action == "publish") + { + // publish all modules + foreach (var module in PageState.Modules.Where(item => item.PageId == PageState.Page.PageId)) + { + permissions = UserSecurity.GetPermissionStrings(module.Permissions); + foreach (var permissionstring in permissions) + { + if (permissionstring.PermissionName == PermissionNames.View) + { + List ids = permissionstring.Permissions.Split(';').ToList(); + if (!ids.Contains(Constants.AllUsersRole)) ids.Add(Constants.AllUsersRole); + if (!ids.Contains(Constants.RegisteredRole)) ids.Add(Constants.RegisteredRole); + permissionstring.Permissions = string.Join(";", ids.ToArray()); + } + } + module.Permissions = UserSecurity.SetPermissionStrings(permissions); + await ModuleService.UpdateModuleAsync(module); + } + } + + // publish page + var page = PageState.Page; + permissions = UserSecurity.GetPermissionStrings(page.Permissions); + foreach (var permissionstring in permissions) + { + if (permissionstring.PermissionName == PermissionNames.View) + { + List ids = permissionstring.Permissions.Split(';').ToList(); + switch (action) + { + case "publish": + if (!ids.Contains(Constants.AllUsersRole)) ids.Add(Constants.AllUsersRole); + if (!ids.Contains(Constants.RegisteredRole)) ids.Add(Constants.RegisteredRole); + break; + case "unpublish": + ids.Remove(Constants.AllUsersRole); + ids.Remove(Constants.RegisteredRole); + break; + } + permissionstring.Permissions = string.Join(";", ids.ToArray()); + } + } + page.Permissions = UserSecurity.SetPermissionStrings(permissions); + await PageService.UpdatePageAsync(page); + NavigationManager.NavigateTo(NavigateUrl(PageState.Page.Path, "reload")); + } + } + private void ConfirmDelete() { _deleteConfirmation = !_deleteConfirmation; diff --git a/Oqtane.Client/Themes/Controls/ModuleActionsBase.cs b/Oqtane.Client/Themes/Controls/ModuleActionsBase.cs index 23b98814..58a7e3c4 100644 --- a/Oqtane.Client/Themes/Controls/ModuleActionsBase.cs +++ b/Oqtane.Client/Themes/Controls/ModuleActionsBase.cs @@ -1,5 +1,6 @@ using System; using System.Collections.Generic; +using System.Linq; using System.Threading.Tasks; using Microsoft.AspNetCore.Components; using Oqtane.Models; @@ -16,6 +17,7 @@ namespace Oqtane.Themes.Controls { [Inject] public NavigationManager NavigationManager { get; set; } [Inject] public IPageModuleService PageModuleService { get; set; } + [Inject] public IModuleService ModuleService { get; set; } protected List Actions; @@ -30,14 +32,23 @@ namespace Oqtane.Themes.Controls if (PageState.EditMode && UserSecurity.IsAuthorized(PageState.User, PermissionNames.Edit, ModuleState.Permissions)) { actionList.Add(new ActionViewModel {Name = "Manage Settings", Action = async (u, m) => await Settings(u, m)}); + if (UserSecurity.GetPermissionStrings(ModuleState.Permissions).FirstOrDefault(item => item.PermissionName == PermissionNames.View).Permissions.Split(';').Contains(Constants.AllUsersRole)) + { + actionList.Add(new ActionViewModel { Name = "Unpublish Module", Action = async (s, m) => await Unpublish(s, m) }); + } + else + { + actionList.Add(new ActionViewModel { Name = "Publish Module", Action = async (s, m) => await Publish(s, m) }); + } + actionList.Add(new ActionViewModel { Name = "Delete Module", Action = async (u, m) => await DeleteModule(u, m) }); if (ModuleState.ModuleDefinition != null && ModuleState.ModuleDefinition.ServerManagerType != "") { + actionList.Add(new ActionViewModel { Name = "" }); actionList.Add(new ActionViewModel {Name = "Import Content", Action = async (u, m) => await EditUrlAsync(u, m.ModuleId, "Import")}); actionList.Add(new ActionViewModel {Name = "Export Content", Action = async (u, m) => await EditUrlAsync(u, m.ModuleId, "Export")}); } - actionList.Add(new ActionViewModel {Name = "Delete Module", Action = async (u, m) => await DeleteModule(u, m)}); actionList.Add(new ActionViewModel {Name = ""}); if (ModuleState.PaneModuleIndex > 0) @@ -121,6 +132,42 @@ namespace Oqtane.Themes.Controls return url; } + private async Task Publish(string s, PageModule pagemodule) + { + var permissions = UserSecurity.GetPermissionStrings(pagemodule.Module.Permissions); + foreach (var permissionstring in permissions) + { + if (permissionstring.PermissionName == PermissionNames.View) + { + List ids = permissionstring.Permissions.Split(';').ToList(); + if (!ids.Contains(Constants.AllUsersRole)) ids.Add(Constants.AllUsersRole); + if (!ids.Contains(Constants.RegisteredRole)) ids.Add(Constants.RegisteredRole); + permissionstring.Permissions = string.Join(";", ids.ToArray()); + } + } + pagemodule.Module.Permissions = UserSecurity.SetPermissionStrings(permissions); + await ModuleService.UpdateModuleAsync(pagemodule.Module); + return NavigateUrl(s, "reload"); + } + + private async Task Unpublish(string s, PageModule pagemodule) + { + var permissions = UserSecurity.GetPermissionStrings(pagemodule.Module.Permissions); + foreach (var permissionstring in permissions) + { + if (permissionstring.PermissionName == PermissionNames.View) + { + List ids = permissionstring.Permissions.Split(';').ToList(); + ids.Remove(Constants.AllUsersRole); + ids.Remove(Constants.RegisteredRole); + permissionstring.Permissions = string.Join(";", ids.ToArray()); + } + } + pagemodule.Module.Permissions = UserSecurity.SetPermissionStrings(permissions); + await ModuleService.UpdateModuleAsync(pagemodule.Module); + return NavigateUrl(s, "reload"); + } + private async Task MoveTop(string s, PageModule pagemodule) { pagemodule.Order = 0; diff --git a/Oqtane.Client/UI/SiteRouter.razor b/Oqtane.Client/UI/SiteRouter.razor index f602b83c..429ff29f 100644 --- a/Oqtane.Client/UI/SiteRouter.razor +++ b/Oqtane.Client/UI/SiteRouter.razor @@ -90,7 +90,7 @@ // parse querystring var querystring = ParseQueryString(uri.Query); - // the reload parameter is used during user login/logout + // the reload parameter is used to reload the PageState if (querystring.ContainsKey("reload")) { reload = Reload.Site; diff --git a/Oqtane.Server/Controllers/UserController.cs b/Oqtane.Server/Controllers/UserController.cs index fce08020..b0dc919c 100644 --- a/Oqtane.Server/Controllers/UserController.cs +++ b/Oqtane.Server/Controllers/UserController.cs @@ -57,7 +57,7 @@ namespace Oqtane.Controllers user.SiteId = int.Parse(siteid); user.Roles = GetUserRoles(user.UserId, user.SiteId); } - return user; + return Filter(user); } // GET api//name/x?siteid=x @@ -70,6 +70,29 @@ namespace Oqtane.Controllers user.SiteId = int.Parse(siteid); user.Roles = GetUserRoles(user.UserId, user.SiteId); } + return Filter(user); + } + + private User Filter(User user) + { + if (user != null && !User.IsInRole(Constants.AdminRole) && User.Identity.Name != user.Username) + { + user.DisplayName = ""; + user.Email = ""; + user.PhotoFileId = null; + user.LastLoginOn = DateTime.MinValue; + user.LastIPAddress = ""; + user.Roles = ""; + user.CreatedBy = ""; + user.CreatedOn = DateTime.MinValue; + user.ModifiedBy = ""; + user.ModifiedOn = DateTime.MinValue; + user.DeletedBy = ""; + user.DeletedOn = DateTime.MinValue; + user.IsDeleted = false; + user.Password = ""; + user.IsAuthenticated = false; + } return user; } diff --git a/Oqtane.Server/Controllers/UserRoleController.cs b/Oqtane.Server/Controllers/UserRoleController.cs index b4398aa9..50b6d957 100644 --- a/Oqtane.Server/Controllers/UserRoleController.cs +++ b/Oqtane.Server/Controllers/UserRoleController.cs @@ -25,9 +25,9 @@ namespace Oqtane.Controllers _logger = logger; } - // GET: api/?userid=x + // GET: api/?siteid=x [HttpGet] - [Authorize] + [Authorize(Roles = Constants.AdminRole)] public IEnumerable Get(string siteid) { return _userRoles.GetUserRoles(int.Parse(siteid)); @@ -35,7 +35,7 @@ namespace Oqtane.Controllers // GET api//5 [HttpGet("{id}")] - [Authorize] + [Authorize(Roles = Constants.AdminRole)] public UserRole Get(int id) { return _userRoles.GetUserRole(id); diff --git a/Oqtane.Server/Infrastructure/Jobs/NotificationJob.cs b/Oqtane.Server/Infrastructure/Jobs/NotificationJob.cs index b3a3e7b2..520533d9 100644 --- a/Oqtane.Server/Infrastructure/Jobs/NotificationJob.cs +++ b/Oqtane.Server/Infrastructure/Jobs/NotificationJob.cs @@ -69,7 +69,7 @@ namespace Oqtane.Infrastructure mailMessage.Subject = notification.Subject; if (notification.FromUserId != null) { - mailMessage.Body = "From: " + notification.FromUser.DisplayName + "<" + notification.FromUser.Email + ">" + "\n"; + mailMessage.Body = "From: " + notification.FromDisplayName + "<" + notification.FromEmail + ">" + "\n"; } else { @@ -78,8 +78,8 @@ namespace Oqtane.Infrastructure mailMessage.Body += "Sent: " + notification.CreatedOn + "\n"; if (notification.ToUserId != null) { - mailMessage.To.Add(new MailAddress(notification.ToUser.Email, notification.ToUser.DisplayName)); - mailMessage.Body += "To: " + notification.ToUser.DisplayName + "<" + notification.ToUser.Email + ">" + "\n"; + mailMessage.To.Add(new MailAddress(notification.ToEmail, notification.ToDisplayName)); + mailMessage.Body += "To: " + notification.ToDisplayName + "<" + notification.ToEmail + ">" + "\n"; } else { diff --git a/Oqtane.Server/Repository/NotificationRepository.cs b/Oqtane.Server/Repository/NotificationRepository.cs index 8f34ff50..4e6550d2 100644 --- a/Oqtane.Server/Repository/NotificationRepository.cs +++ b/Oqtane.Server/Repository/NotificationRepository.cs @@ -21,8 +21,6 @@ namespace Oqtane.Repository return _db.Notification .Where(item => item.SiteId == siteId) .Where(item => item.IsDelivered == false) - .Include(item => item.FromUser) - .Include(item => item.ToUser) .ToList(); } @@ -30,8 +28,6 @@ namespace Oqtane.Repository .Where(item => item.SiteId == siteId) .Where(item => item.ToUserId == toUserId || toUserId == -1) .Where(item => item.FromUserId == fromUserId || fromUserId == -1) - .Include(item => item.FromUser) - .Include(item => item.ToUser) .ToList(); } diff --git a/Oqtane.Server/Scripts/Tenant.1.0.1.sql b/Oqtane.Server/Scripts/Tenant.1.0.1.sql index 83904a29..5737acf3 100644 --- a/Oqtane.Server/Scripts/Tenant.1.0.1.sql +++ b/Oqtane.Server/Scripts/Tenant.1.0.1.sql @@ -31,3 +31,9 @@ CREATE UNIQUE NONCLUSTERED INDEX IX_File ON [dbo].[File] [Name] ) ON [PRIMARY] GO + +ALTER TABLE [dbo].[Notification] ADD + [FromDisplayName] [nvarchar](50) NULL, + [FromEmail] [nvarchar](256) NULL, + [ToDisplayName] [nvarchar](50) NULL +GO diff --git a/Oqtane.Shared/Models/Notification.cs b/Oqtane.Shared/Models/Notification.cs index 0d804e41..aeb7235d 100644 --- a/Oqtane.Shared/Models/Notification.cs +++ b/Oqtane.Shared/Models/Notification.cs @@ -8,7 +8,10 @@ namespace Oqtane.Models public int NotificationId { get; set; } public int SiteId { get; set; } public int? FromUserId { get; set; } + public string FromDisplayName { get; set; } + public string FromEmail { get; set; } public int? ToUserId { get; set; } + public string ToDisplayName { get; set; } public string ToEmail { get; set; } public int? ParentId { get; set; } public string Subject { get; set; } @@ -19,11 +22,6 @@ namespace Oqtane.Models public string DeletedBy { get; set; } public DateTime? DeletedOn { get; set; } public bool IsDeleted { get; set; } - - [ForeignKey("FromUserId")] - public User FromUser { get; set; } - [ForeignKey("ToUserId")] - public User ToUser { get; set; } } }
- + - +
@(context.FromUser == null ? "System" : context.FromUser.DisplayName)@context.FromDisplayName @context.Subject @context.CreatedOn @(context.ToUser == null ? context.ToEmail : context.ToUser.DisplayName)@context.ToDisplayName @context.Subject @context.CreatedOn - +