Diplomarbeit-Absolventenverein/oqtane.framework
9
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

restrict user data leakage

Browse Source
This commit is contained in:
Shaun Walker 2020-06-03 19:46:47 -04:00
parent 5544d2bed3
commit 99cad13890
14 changed files with 249 additions and 115 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Oqtane.Client/Modules/Admin/Modules/Settings.razor
View File

@ -63,7 +63,7 @@
} }
</TabPanel> </TabPanel>
<TabPanel Name="Permissions"> <TabPanel Name="Permissions">
@if (_containers != null) @if (_permissions != null)
{ {
<table class="table table-borderless"> <table class="table table-borderless">
<tr> <tr>
@ -90,7 +90,7 @@
private string _containerType; private string _containerType;
private string _allPages = "false"; private string _allPages = "false";
private string _permissionNames = ""; private string _permissionNames = "";
private string _permissions; private string _permissions = null;
private string _pageId; private string _pageId;
private PermissionGrid _permissionGrid; private PermissionGrid _permissionGrid;
private Type _settingsModuleType; private Type _settingsModuleType;

19
Oqtane.Client/Modules/Admin/Pages/Edit.razor
View File

@ -202,13 +202,16 @@
} }
</TabPanel> </TabPanel>
<TabPanel Name="Permissions"> <TabPanel Name="Permissions">
<table class="table table-borderless"> @if (_permissions != null)
<tr> {
<td> <table class="table table-borderless">
<PermissionGrid EntityName="@EntityNames.Page" Permissions="@_permissions" @ref="_permissionGrid" /> <tr>
</td> <td>
</tr> <PermissionGrid EntityName="@EntityNames.Page" Permissions="@_permissions" @ref="_permissionGrid" />
</table> </td>
</tr>
</table>
}
</TabPanel> </TabPanel>
</TabStrip> </TabStrip>
<button type="button" class="btn btn-success" @onclick="SavePage">Save</button> <button type="button" class="btn btn-success" @onclick="SavePage">Save</button>
@ -237,7 +240,7 @@
private string _layouttype = "-"; private string _layouttype = "-";
private string _containertype = "-"; private string _containertype = "-";
private string _icon; private string _icon;
private string _permissions; private string _permissions = null;
private string _createdby; private string _createdby;
private DateTime _createdon; private DateTime _createdon;
private string _modifiedby; private string _modifiedby;

72
Oqtane.Client/Modules/Admin/UserProfile/Add.razor
View File

@ -1,7 +1,7 @@
@namespace Oqtane.Modules.Admin.UserProfile @namespace Oqtane.Modules.Admin.UserProfile
@inherits ModuleBase @inherits ModuleBase
@inject NavigationManager NavigationManager @inject NavigationManager NavigationManager
@inject IUserRoleService UserRoleService @inject IUserService UserService
@inject INotificationService NotificationService @inject INotificationService NotificationService
@if (PageState.User != null) @if (PageState.User != null)
@ -9,19 +9,10 @@
<table class="table table-borderless"> <table class="table table-borderless">
<tr> <tr>
<td> <td>
<Label For="to" HelpText="Select the user it is going to">To: </Label> <Label For="to" HelpText="Enter the username you wish to send a message to">To: </Label>
</td> </td>
<td> <td>
<select id="to" class="form-control" @bind="@userid"> <input id="to" class="form-control" @bind="@username" />
<option value="-1">&lt;Select User&gt;</option>
@if (userroles != null)
{
foreach (UserRole userrole in userroles)
{
<option value="@userrole.UserId">@userrole.User.DisplayName</option>
}
}
</select>
</td> </td>
</tr> </tr>
<tr> <tr>
@ -46,8 +37,7 @@
} }
@code { @code {
private List<UserRole> userroles; private string username = "";
private string userid = "-1";
private string subject = ""; private string subject = "";
private string body = ""; private string body = "";
@ -55,41 +45,35 @@
public override string Title => "Send Notification"; public override string Title => "Send Notification";
protected override async Task OnInitializedAsync()
{
try
{
userroles = await UserRoleService.GetUserRolesAsync(PageState.Site.SiteId);
userroles = userroles.Where(item => item.Role.Name == Constants.RegisteredRole || item.Role.Name == Constants.HostRole)
.OrderBy(item => item.User.DisplayName).ToList();
}
catch (Exception ex)
{
await logger.LogError(ex, "Error Loading Users {Error}", ex.Message);
AddModuleMessage("Error Loading Users", MessageType.Error);
}
}
private async Task Send() private async Task Send()
{ {
var notification = new Notification(); var notification = new Notification();
try try
{ {
notification.SiteId = PageState.Site.SiteId; var user = await UserService.GetUserAsync(username, PageState.Site.SiteId);
notification.FromUserId = PageState.User.UserId; if (user != null)
notification.ToUserId = int.Parse(userid); {
notification.ToEmail = ""; notification.SiteId = PageState.Site.SiteId;
notification.Subject = subject; notification.FromUserId = PageState.User.UserId;
notification.Body = body; notification.FromDisplayName = PageState.User.DisplayName;
notification.ParentId = null; notification.FromEmail = PageState.User.Email;
notification.CreatedOn = DateTime.UtcNow; notification.ToUserId = user.UserId;
notification.IsDelivered = false; notification.ToDisplayName = user.DisplayName;
notification.DeliveredOn = null; notification.ToEmail = user.Email;
notification.Subject = subject;
notification = await NotificationService.AddNotificationAsync(notification); notification.Body = body;
notification.ParentId = null;
await logger.LogInformation("Notification Created {Notification}", notification); notification.CreatedOn = DateTime.UtcNow;
NavigationManager.NavigateTo(NavigateUrl()); notification.IsDelivered = false;
notification.DeliveredOn = null;
notification = await NotificationService.AddNotificationAsync(notification);
await logger.LogInformation("Notification Created {Notification}", notification);
NavigationManager.NavigateTo(NavigateUrl());
}
else
{
AddModuleMessage("User Does Not Exist. Please Verify That The Username Provided Is Correct.", MessageType.Warning);
}
} }
catch (Exception ex) catch (Exception ex)
{ {

4
Oqtane.Client/Modules/Admin/UserProfile/Index.razor
View File

@ -120,7 +120,7 @@ else
<Row> <Row>
<td><ActionLink Action="View" Parameters="@($"id=" + context.NotificationId.ToString())" Security="SecurityAccessLevel.View" EditMode="false" /></td> <td><ActionLink Action="View" Parameters="@($"id=" + context.NotificationId.ToString())" Security="SecurityAccessLevel.View" EditMode="false" /></td>
<td><ActionDialog Header="Delete Notification" Message="@("Are You Sure You Wish To Delete This Notification?")" Action="Delete" Security="SecurityAccessLevel.View" Class="btn btn-danger" OnClick="@(async () => await Delete(context))" EditMode="false" /></td> <td><ActionDialog Header="Delete Notification" Message="@("Are You Sure You Wish To Delete This Notification?")" Action="Delete" Security="SecurityAccessLevel.View" Class="btn btn-danger" OnClick="@(async () => await Delete(context))" EditMode="false" /></td>
<td>@(context.FromUser == null ? "System" : context.FromUser.DisplayName)</td> <td>@context.FromDisplayName</td>
<td>@context.Subject</td> <td>@context.Subject</td>
<td>@context.CreatedOn</td> <td>@context.CreatedOn</td>
</Row> </Row>
@ -143,7 +143,7 @@ else
<Row> <Row>
<td><ActionLink Action="View" Parameters="@($"id=" + context.NotificationId.ToString())" Security="SecurityAccessLevel.View" EditMode="false" /></td> <td><ActionLink Action="View" Parameters="@($"id=" + context.NotificationId.ToString())" Security="SecurityAccessLevel.View" EditMode="false" /></td>
<td><ActionDialog Header="Delete Notification" Message="@("Are You Sure You Wish To Delete This Notification?")" Action="Delete" Security="SecurityAccessLevel.View" Class="btn btn-danger" OnClick="@(async () => await Delete(context))" EditMode="false" /></td> <td><ActionDialog Header="Delete Notification" Message="@("Are You Sure You Wish To Delete This Notification?")" Action="Delete" Security="SecurityAccessLevel.View" Class="btn btn-danger" OnClick="@(async () => await Delete(context))" EditMode="false" /></td>
<td>@(context.ToUser == null ? context.ToEmail : context.ToUser.DisplayName)</td> <td>@context.ToDisplayName</td>
<td>@context.Subject</td> <td>@context.Subject</td>
<td>@context.CreatedOn</td> <td>@context.CreatedOn</td>
</Row> </Row>

77
Oqtane.Client/Modules/Admin/UserProfile/View.razor
View File

@ -1,7 +1,7 @@
@namespace Oqtane.Modules.Admin.UserProfile @namespace Oqtane.Modules.Admin.UserProfile
@inherits ModuleBase @inherits ModuleBase
@inject NavigationManager NavigationManager @inject NavigationManager NavigationManager
@inject IUserRoleService UserRoleService @inject IUserService UserService
@inject INotificationService NotificationService @inject INotificationService NotificationService
@if (PageState.User != null) @if (PageState.User != null)
@ -12,16 +12,7 @@
<label class="control-label">@title: </label> <label class="control-label">@title: </label>
</td> </td>
<td> <td>
<select class="form-control" readonly @bind="userid"> <input class="form-control" @bind="@username" />
<option value="-1">&lt;System&gt;</option>
@if (userroles != null)
{
foreach (UserRole userrole in userroles)
{
<option value="@userrole.UserId">@userrole.User.DisplayName</option>
}
}
</select>
</td> </td>
</tr> </tr>
<tr> <tr>
@ -72,8 +63,7 @@
@code { @code {
private int notificationid; private int notificationid;
private string title = string.Empty; private string title = string.Empty;
private List<UserRole> userroles; private string username = "";
private string userid = "-1";
private string subject = string.Empty; private string subject = string.Empty;
private string createdon = string.Empty; private string createdon = string.Empty;
private string body = string.Empty; private string body = string.Empty;
@ -86,20 +76,17 @@
{ {
try try
{ {
userroles = await UserRoleService.GetUserRolesAsync(PageState.Site.SiteId);
userroles = userroles.Where(item => item.Role.Name == Constants.RegisteredRole || item.Role.Name == Constants.HostRole)
.OrderBy(item => item.User.DisplayName).ToList();
notificationid = Int32.Parse(PageState.QueryString["id"]); notificationid = Int32.Parse(PageState.QueryString["id"]);
Notification notification = await NotificationService.GetNotificationAsync(notificationid); Notification notification = await NotificationService.GetNotificationAsync(notificationid);
if (notification != null) if (notification != null)
{ {
int userid = -1;
if (notification.ToUserId == PageState.User.UserId) if (notification.ToUserId == PageState.User.UserId)
{ {
title = "From"; title = "From";
if (notification.FromUserId != null) if (notification.FromUserId != null)
{ {
userid = notification.FromUserId.ToString(); userid = notification.FromUserId.Value;
} }
} }
else else
@ -107,10 +94,21 @@
title = "To"; title = "To";
if (notification.ToUserId != null) if (notification.ToUserId != null)
{ {
userid = notification.ToUserId.ToString(); userid = notification.ToUserId.Value;
} }
} }
if (userid != -1)
{
var user = await UserService.GetUserAsync(userid, PageState.Site.SiteId);
if (user != null)
{
username = user.Username;
}
}
if (username == "")
{
username = "System";
}
subject = notification.Subject; subject = notification.Subject;
createdon = notification.CreatedOn.ToString(); createdon = notification.CreatedOn.ToString();
body = notification.Body; body = notification.Body;
@ -134,23 +132,32 @@
private async Task Send() private async Task Send()
{ {
var notification = new Notification(); var notification = new Notification();
notification.SiteId = PageState.Site.SiteId;
notification.FromUserId = PageState.User.UserId;
notification.ToUserId = int.Parse(userid);
notification.ToEmail = string.Empty;
notification.Subject = subject;
notification.Body = body;
notification.ParentId = notificationid;
notification.CreatedOn = DateTime.UtcNow;
notification.IsDelivered = false;
notification.DeliveredOn = null;
try try
{ {
notification = await NotificationService.AddNotificationAsync(notification); var user = await UserService.GetUserAsync(username, PageState.Site.SiteId);
if (user != null)
await logger.LogInformation("Notification Created {Notification}", notification); {
NavigationManager.NavigateTo(NavigateUrl()); notification.SiteId = PageState.Site.SiteId;
notification.FromUserId = PageState.User.UserId;
notification.FromDisplayName = PageState.User.DisplayName;
notification.FromEmail = PageState.User.Email;
notification.ToUserId = user.UserId;
notification.ToDisplayName = user.DisplayName;
notification.ToEmail = user.Email;
notification.Subject = subject;
notification.Body = body;
notification.ParentId = notificationid;
notification.CreatedOn = DateTime.UtcNow;
notification.IsDelivered = false;
notification.DeliveredOn = null;
notification = await NotificationService.AddNotificationAsync(notification);
await logger.LogInformation("Notification Created {Notification}", notification);
NavigationManager.NavigateTo(NavigateUrl());
}
else
{
AddModuleMessage("User Does Not Exist. Please Verify That The Username Provided Is Correct.", MessageType.Warning);
}
} }
catch (Exception ex) catch (Exception ex)
{ {

82
Oqtane.Client/Themes/Controls/ControlPanel.razor
View File

@ -32,7 +32,7 @@
</div> </div>
</div> </div>
<hr class="app-rule"/> <hr class="app-rule" />
<div class="row"> <div class="row">
<div class="col text-center"> <div class="col text-center">
@ -50,6 +50,21 @@
<button class="btn btn-danger btn-block mx-auto" @onclick="ConfirmDelete">Delete</button> <button class="btn btn-danger btn-block mx-auto" @onclick="ConfirmDelete">Delete</button>
</div> </div>
</div> </div>
<br />
<div class="row">
@if (UserSecurity.GetPermissionStrings(PageState.Page.Permissions).FirstOrDefault(item => item.PermissionName == PermissionNames.View).Permissions.Split(';').Contains(Constants.AllUsersRole))
{
<div class="col">
<button type="button" class="btn btn-primary btn-block mx-auto" @onclick=@(async () => Publish("unpublish"))>Unpublish Page</button>
</div>
}
else
{
<div class="col">
<button type="button" class="btn btn-primary btn-block mx-auto" @onclick=@(async () => Publish("publish"))>Publish Page</button>
</div>
}
</div>
} }
@if (_deleteConfirmation) @if (_deleteConfirmation)
@ -74,7 +89,7 @@
</div> </div>
</div> </div>
} }
<hr class="app-rule"/> <hr class="app-rule" />
<div class="row"> <div class="row">
<div class="col text-center"> <div class="col text-center">
@ -142,7 +157,7 @@
<div class="row"> <div class="row">
<div class="col text-center"> <div class="col text-center">
<label for="Title" class="control-label">Title: </label> <label for="Title" class="control-label">Title: </label>
<input type="text" name="Title" class="form-control" @bind="@Title"/> <input type="text" name="Title" class="form-control" @bind="@Title" />
</div> </div>
</div> </div>
@if (_pane.Length > 1) @if (_pane.Length > 1)
@ -171,7 +186,7 @@
</div> </div>
</div> </div>
<br/> <br />
<button type="button" class="btn btn-primary btn-block mx-auto" @onclick="@AddModule">Add Module To Page</button> <button type="button" class="btn btn-primary btn-block mx-auto" @onclick="@AddModule">Add Module To Page</button>
@((MarkupString) Message) @((MarkupString) Message)
@ -448,7 +463,7 @@
switch (location) switch (location)
{ {
case "Admin": case "Admin":
// get admin dashboard moduleid // get admin dashboard moduleid
module = PageState.Modules.FirstOrDefault(item => item.ModuleDefinitionName == Constants.AdminDashboardModule); module = PageState.Modules.FirstOrDefault(item => item.ModuleDefinitionName == Constants.AdminDashboardModule);
if (module != null) if (module != null)
@ -460,7 +475,7 @@
case "Add": case "Add":
case "Edit": case "Edit":
string url = ""; string url = "";
// get page management moduleid // get page management moduleid
module = PageState.Modules.FirstOrDefault(item => item.ModuleDefinitionName == Constants.PageManagementModule); module = PageState.Modules.FirstOrDefault(item => item.ModuleDefinitionName == Constants.PageManagementModule);
if (module != null) if (module != null)
@ -485,6 +500,61 @@
} }
} }
private async void Publish(string action)
{
if (UserSecurity.IsAuthorized(PageState.User, PermissionNames.Edit, PageState.Page.Permissions))
{
List<PermissionString> permissions;
if (action == "publish")
{
// publish all modules
foreach (var module in PageState.Modules.Where(item => item.PageId == PageState.Page.PageId))
{
permissions = UserSecurity.GetPermissionStrings(module.Permissions);
foreach (var permissionstring in permissions)
{
if (permissionstring.PermissionName == PermissionNames.View)
{
List<string> ids = permissionstring.Permissions.Split(';').ToList();
if (!ids.Contains(Constants.AllUsersRole)) ids.Add(Constants.AllUsersRole);
if (!ids.Contains(Constants.RegisteredRole)) ids.Add(Constants.RegisteredRole);
permissionstring.Permissions = string.Join(";", ids.ToArray());
}
}
module.Permissions = UserSecurity.SetPermissionStrings(permissions);
await ModuleService.UpdateModuleAsync(module);
}
}
// publish page
var page = PageState.Page;
permissions = UserSecurity.GetPermissionStrings(page.Permissions);
foreach (var permissionstring in permissions)
{
if (permissionstring.PermissionName == PermissionNames.View)
{
List<string> ids = permissionstring.Permissions.Split(';').ToList();
switch (action)
{
case "publish":
if (!ids.Contains(Constants.AllUsersRole)) ids.Add(Constants.AllUsersRole);
if (!ids.Contains(Constants.RegisteredRole)) ids.Add(Constants.RegisteredRole);
break;
case "unpublish":
ids.Remove(Constants.AllUsersRole);
ids.Remove(Constants.RegisteredRole);
break;
}
permissionstring.Permissions = string.Join(";", ids.ToArray());
}
}
page.Permissions = UserSecurity.SetPermissionStrings(permissions);
await PageService.UpdatePageAsync(page);
NavigationManager.NavigateTo(NavigateUrl(PageState.Page.Path, "reload"));
}
}
private void ConfirmDelete() private void ConfirmDelete()
{ {
_deleteConfirmation = !_deleteConfirmation; _deleteConfirmation = !_deleteConfirmation;

49
Oqtane.Client/Themes/Controls/ModuleActionsBase.cs
View File

@ -1,5 +1,6 @@
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Linq;
using System.Threading.Tasks; using System.Threading.Tasks;
using Microsoft.AspNetCore.Components; using Microsoft.AspNetCore.Components;
using Oqtane.Models; using Oqtane.Models;
@ -16,6 +17,7 @@ namespace Oqtane.Themes.Controls
{ {
[Inject] public NavigationManager NavigationManager { get; set; } [Inject] public NavigationManager NavigationManager { get; set; }
[Inject] public IPageModuleService PageModuleService { get; set; } [Inject] public IPageModuleService PageModuleService { get; set; }
[Inject] public IModuleService ModuleService { get; set; }
protected List<ActionViewModel> Actions; protected List<ActionViewModel> Actions;
@ -30,14 +32,23 @@ namespace Oqtane.Themes.Controls
if (PageState.EditMode && UserSecurity.IsAuthorized(PageState.User, PermissionNames.Edit, ModuleState.Permissions)) if (PageState.EditMode && UserSecurity.IsAuthorized(PageState.User, PermissionNames.Edit, ModuleState.Permissions))
{ {
actionList.Add(new ActionViewModel {Name = "Manage Settings", Action = async (u, m) => await Settings(u, m)}); actionList.Add(new ActionViewModel {Name = "Manage Settings", Action = async (u, m) => await Settings(u, m)});
if (UserSecurity.GetPermissionStrings(ModuleState.Permissions).FirstOrDefault(item => item.PermissionName == PermissionNames.View).Permissions.Split(';').Contains(Constants.AllUsersRole))
{
actionList.Add(new ActionViewModel { Name = "Unpublish Module", Action = async (s, m) => await Unpublish(s, m) });
}
else
{
actionList.Add(new ActionViewModel { Name = "Publish Module", Action = async (s, m) => await Publish(s, m) });
}
actionList.Add(new ActionViewModel { Name = "Delete Module", Action = async (u, m) => await DeleteModule(u, m) });
if (ModuleState.ModuleDefinition != null && ModuleState.ModuleDefinition.ServerManagerType != "") if (ModuleState.ModuleDefinition != null && ModuleState.ModuleDefinition.ServerManagerType != "")
{ {
actionList.Add(new ActionViewModel { Name = "" });
actionList.Add(new ActionViewModel {Name = "Import Content", Action = async (u, m) => await EditUrlAsync(u, m.ModuleId, "Import")}); actionList.Add(new ActionViewModel {Name = "Import Content", Action = async (u, m) => await EditUrlAsync(u, m.ModuleId, "Import")});
actionList.Add(new ActionViewModel {Name = "Export Content", Action = async (u, m) => await EditUrlAsync(u, m.ModuleId, "Export")}); actionList.Add(new ActionViewModel {Name = "Export Content", Action = async (u, m) => await EditUrlAsync(u, m.ModuleId, "Export")});
} }
actionList.Add(new ActionViewModel {Name = "Delete Module", Action = async (u, m) => await DeleteModule(u, m)});
actionList.Add(new ActionViewModel {Name = ""}); actionList.Add(new ActionViewModel {Name = ""});
if (ModuleState.PaneModuleIndex > 0) if (ModuleState.PaneModuleIndex > 0)
@ -121,6 +132,42 @@ namespace Oqtane.Themes.Controls
return url; return url;
} }
private async Task<string> Publish(string s, PageModule pagemodule)
{
var permissions = UserSecurity.GetPermissionStrings(pagemodule.Module.Permissions);
foreach (var permissionstring in permissions)
{
if (permissionstring.PermissionName == PermissionNames.View)
{
List<string> ids = permissionstring.Permissions.Split(';').ToList();
if (!ids.Contains(Constants.AllUsersRole)) ids.Add(Constants.AllUsersRole);
if (!ids.Contains(Constants.RegisteredRole)) ids.Add(Constants.RegisteredRole);
permissionstring.Permissions = string.Join(";", ids.ToArray());
}
}
pagemodule.Module.Permissions = UserSecurity.SetPermissionStrings(permissions);
await ModuleService.UpdateModuleAsync(pagemodule.Module);
return NavigateUrl(s, "reload");
}
private async Task<string> Unpublish(string s, PageModule pagemodule)
{
var permissions = UserSecurity.GetPermissionStrings(pagemodule.Module.Permissions);
foreach (var permissionstring in permissions)
{
if (permissionstring.PermissionName == PermissionNames.View)
{
List<string> ids = permissionstring.Permissions.Split(';').ToList();
ids.Remove(Constants.AllUsersRole);
ids.Remove(Constants.RegisteredRole);
permissionstring.Permissions = string.Join(";", ids.ToArray());
}
}
pagemodule.Module.Permissions = UserSecurity.SetPermissionStrings(permissions);
await ModuleService.UpdateModuleAsync(pagemodule.Module);
return NavigateUrl(s, "reload");
}
private async Task<string> MoveTop(string s, PageModule pagemodule) private async Task<string> MoveTop(string s, PageModule pagemodule)
{ {
pagemodule.Order = 0; pagemodule.Order = 0;

2
Oqtane.Client/UI/SiteRouter.razor
View File

@ -90,7 +90,7 @@
// parse querystring // parse querystring
var querystring = ParseQueryString(uri.Query); var querystring = ParseQueryString(uri.Query);
// the reload parameter is used during user login/logout // the reload parameter is used to reload the PageState
if (querystring.ContainsKey("reload")) if (querystring.ContainsKey("reload"))
{ {
reload = Reload.Site; reload = Reload.Site;

25
Oqtane.Server/Controllers/UserController.cs
View File

@ -57,7 +57,7 @@ namespace Oqtane.Controllers
user.SiteId = int.Parse(siteid); user.SiteId = int.Parse(siteid);
user.Roles = GetUserRoles(user.UserId, user.SiteId); user.Roles = GetUserRoles(user.UserId, user.SiteId);
} }
return user; return Filter(user);
} }
// GET api/<controller>/name/x?siteid=x // GET api/<controller>/name/x?siteid=x
@ -70,6 +70,29 @@ namespace Oqtane.Controllers
user.SiteId = int.Parse(siteid); user.SiteId = int.Parse(siteid);
user.Roles = GetUserRoles(user.UserId, user.SiteId); user.Roles = GetUserRoles(user.UserId, user.SiteId);
} }
return Filter(user);
}
private User Filter(User user)
{
if (user != null && !User.IsInRole(Constants.AdminRole) && User.Identity.Name != user.Username)
{
user.DisplayName = "";
user.Email = "";
user.PhotoFileId = null;
user.LastLoginOn = DateTime.MinValue;
user.LastIPAddress = "";
user.Roles = "";
user.CreatedBy = "";
user.CreatedOn = DateTime.MinValue;
user.ModifiedBy = "";
user.ModifiedOn = DateTime.MinValue;
user.DeletedBy = "";
user.DeletedOn = DateTime.MinValue;
user.IsDeleted = false;
user.Password = "";
user.IsAuthenticated = false;
}
return user; return user;
} }

6
Oqtane.Server/Controllers/UserRoleController.cs
View File

@ -25,9 +25,9 @@ namespace Oqtane.Controllers
_logger = logger; _logger = logger;
} }
// GET: api/<controller>?userid=x // GET: api/<controller>?siteid=x
[HttpGet] [HttpGet]
[Authorize] [Authorize(Roles = Constants.AdminRole)]
public IEnumerable<UserRole> Get(string siteid) public IEnumerable<UserRole> Get(string siteid)
{ {
return _userRoles.GetUserRoles(int.Parse(siteid)); return _userRoles.GetUserRoles(int.Parse(siteid));
@ -35,7 +35,7 @@ namespace Oqtane.Controllers
// GET api/<controller>/5 // GET api/<controller>/5
[HttpGet("{id}")] [HttpGet("{id}")]
[Authorize] [Authorize(Roles = Constants.AdminRole)]
public UserRole Get(int id) public UserRole Get(int id)
{ {
return _userRoles.GetUserRole(id); return _userRoles.GetUserRole(id);

6
Oqtane.Server/Infrastructure/Jobs/NotificationJob.cs
View File

@ -69,7 +69,7 @@ namespace Oqtane.Infrastructure
mailMessage.Subject = notification.Subject; mailMessage.Subject = notification.Subject;
if (notification.FromUserId != null) if (notification.FromUserId != null)
{ {
mailMessage.Body = "From: " + notification.FromUser.DisplayName + "<" + notification.FromUser.Email + ">" + "\n"; mailMessage.Body = "From: " + notification.FromDisplayName + "<" + notification.FromEmail + ">" + "\n";
} }
else else
{ {
@ -78,8 +78,8 @@ namespace Oqtane.Infrastructure
mailMessage.Body += "Sent: " + notification.CreatedOn + "\n"; mailMessage.Body += "Sent: " + notification.CreatedOn + "\n";
if (notification.ToUserId != null) if (notification.ToUserId != null)
{ {
mailMessage.To.Add(new MailAddress(notification.ToUser.Email, notification.ToUser.DisplayName)); mailMessage.To.Add(new MailAddress(notification.ToEmail, notification.ToDisplayName));
mailMessage.Body += "To: " + notification.ToUser.DisplayName + "<" + notification.ToUser.Email + ">" + "\n"; mailMessage.Body += "To: " + notification.ToDisplayName + "<" + notification.ToEmail + ">" + "\n";
} }
else else
{ {

4
Oqtane.Server/Repository/NotificationRepository.cs
View File

@ -21,8 +21,6 @@ namespace Oqtane.Repository
return _db.Notification return _db.Notification
.Where(item => item.SiteId == siteId) .Where(item => item.SiteId == siteId)
.Where(item => item.IsDelivered == false) .Where(item => item.IsDelivered == false)
.Include(item => item.FromUser)
.Include(item => item.ToUser)
.ToList(); .ToList();
} }
@ -30,8 +28,6 @@ namespace Oqtane.Repository
.Where(item => item.SiteId == siteId) .Where(item => item.SiteId == siteId)
.Where(item => item.ToUserId == toUserId || toUserId == -1) .Where(item => item.ToUserId == toUserId || toUserId == -1)
.Where(item => item.FromUserId == fromUserId || fromUserId == -1) .Where(item => item.FromUserId == fromUserId || fromUserId == -1)
.Include(item => item.FromUser)
.Include(item => item.ToUser)
.ToList(); .ToList();
} }

6
Oqtane.Server/Scripts/Tenant.1.0.1.sql
View File

@ -31,3 +31,9 @@ CREATE UNIQUE NONCLUSTERED INDEX IX_File ON [dbo].[File]
[Name] [Name]
) ON [PRIMARY] ) ON [PRIMARY]
GO GO
ALTER TABLE [dbo].[Notification] ADD
[FromDisplayName] [nvarchar](50) NULL,
[FromEmail] [nvarchar](256) NULL,
[ToDisplayName] [nvarchar](50) NULL
GO

8
Oqtane.Shared/Models/Notification.cs
View File

@ -8,7 +8,10 @@ namespace Oqtane.Models
public int NotificationId { get; set; } public int NotificationId { get; set; }
public int SiteId { get; set; } public int SiteId { get; set; }
public int? FromUserId { get; set; } public int? FromUserId { get; set; }
public string FromDisplayName { get; set; }
public string FromEmail { get; set; }
public int? ToUserId { get; set; } public int? ToUserId { get; set; }
public string ToDisplayName { get; set; }
public string ToEmail { get; set; } public string ToEmail { get; set; }
public int? ParentId { get; set; } public int? ParentId { get; set; }
public string Subject { get; set; } public string Subject { get; set; }
@ -19,11 +22,6 @@ namespace Oqtane.Models
public string DeletedBy { get; set; } public string DeletedBy { get; set; }
public DateTime? DeletedOn { get; set; } public DateTime? DeletedOn { get; set; }
public bool IsDeleted { get; set; } public bool IsDeleted { get; set; }
[ForeignKey("FromUserId")]
public User FromUser { get; set; }
[ForeignKey("ToUserId")]
public User ToUser { get; set; }
} }
} }