enhance UserRole service with filtering and moved workload to server for better performance, improve error message details during installation
This commit is contained in:
Shaun Walker
@ -109,7 +109,6 @@ namespace Oqtane.Controllers
|
||||
|
||||
if (!User.IsInRole(RoleNames.Admin) && User.Identity.Name?.ToLower() != user.Username.ToLower())
|
||||
{
|
||||
user.DisplayName = "";
|
||||
user.Email = "";
|
||||
user.PhotoFileId = null;
|
||||
user.LastLoginOn = DateTime.MinValue;
|
||||
|
||||
@ -8,6 +8,8 @@ using Oqtane.Infrastructure;
|
||||
using Oqtane.Repository;
|
||||
using System.Linq;
|
||||
using System.Net;
|
||||
using Oqtane.Security;
|
||||
using System;
|
||||
|
||||
namespace Oqtane.Controllers
|
||||
{
|
||||
@ -16,32 +18,57 @@ namespace Oqtane.Controllers
|
||||
{
|
||||
private readonly IUserRoleRepository _userRoles;
|
||||
private readonly IRoleRepository _roles;
|
||||
private readonly IUserPermissions _userPermissions;
|
||||
private readonly ISyncManager _syncManager;
|
||||
private readonly ILogManager _logger;
|
||||
private readonly Alias _alias;
|
||||
|
||||
public UserRoleController(IUserRoleRepository userRoles, IRoleRepository roles, ITenantManager tenantManager, ISyncManager syncManager, ILogManager logger)
|
||||
public UserRoleController(IUserRoleRepository userRoles, IRoleRepository roles, IUserPermissions userPermissions, ITenantManager tenantManager, ISyncManager syncManager, ILogManager logger)
|
||||
{
|
||||
_userRoles = userRoles;
|
||||
_roles = roles;
|
||||
_userPermissions = userPermissions;
|
||||
_syncManager = syncManager;
|
||||
_logger = logger;
|
||||
_alias = tenantManager.GetAlias();
|
||||
}
|
||||
|
||||
// GET: api/<controller>?siteid=x
|
||||
// GET: api/<controller>?siteid=x&userid=y&rolename=z
|
||||
[HttpGet]
|
||||
[Authorize(Roles = RoleNames.Admin)]
|
||||
public IEnumerable<UserRole> Get(string siteid)
|
||||
[Authorize(Roles = RoleNames.Registered)]
|
||||
public IEnumerable<UserRole> Get(string siteid, string userid = null, string rolename = null)
|
||||
{
|
||||
int SiteId;
|
||||
if (int.TryParse(siteid, out SiteId) && SiteId == _alias.SiteId)
|
||||
{
|
||||
return _userRoles.GetUserRoles(SiteId);
|
||||
int UserId = (int.TryParse(userid, out UserId)) ? UserId : -1;
|
||||
if (User.IsInRole(RoleNames.Admin) || ((userid == null || _userPermissions.GetUser().UserId == UserId) && (rolename == null || (User.IsInRole(rolename) && rolename != RoleNames.Registered))))
|
||||
{
|
||||
var userroles = _userRoles.GetUserRoles(SiteId).ToList();
|
||||
if (userid != null)
|
||||
{
|
||||
userroles = userroles.Where(item => item.UserId == UserId).ToList();
|
||||
}
|
||||
if (rolename != null)
|
||||
{
|
||||
userroles = userroles.Where(item => item.Role.Name == rolename).ToList();
|
||||
}
|
||||
for (int i = 0; i < userroles.Count(); i++)
|
||||
{
|
||||
userroles[i] = Filter(userroles[i]);
|
||||
}
|
||||
return userroles.OrderBy(u => u.User.DisplayName);
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized UserRole Get Attempt For Site {SiteId} User {UserId} Role {RoleName}", siteid, userid, rolename);
|
||||
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
|
||||
return null;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized UserRole Get Attempt {SiteId}", siteid);
|
||||
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized UserRole Get Attempt For Site {SiteId} User {UserId} Role {RoleName}", siteid, userid, rolename);
|
||||
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
|
||||
return null;
|
||||
}
|
||||
@ -49,13 +76,22 @@ namespace Oqtane.Controllers
|
||||
|
||||
// GET api/<controller>/5
|
||||
[HttpGet("{id}")]
|
||||
[Authorize(Roles = RoleNames.Admin)]
|
||||
[Authorize(Roles = RoleNames.Registered)]
|
||||
public UserRole Get(int id)
|
||||
{
|
||||
var userrole = _userRoles.GetUserRole(id);
|
||||
if (userrole != null && SiteValid(userrole.Role.SiteId))
|
||||
{
|
||||
return userrole;
|
||||
if (User.IsInRole(RoleNames.Admin) || User.Identity.Name?.ToLower() != userrole.User.Username.ToLower() || User.IsInRole(userrole.Role.Name))
|
||||
{
|
||||
return Filter(userrole);
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized User Role Get Attempt {UserRoleId}", id);
|
||||
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
|
||||
return null;
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
@ -65,6 +101,35 @@ namespace Oqtane.Controllers
|
||||
}
|
||||
}
|
||||
|
||||
private UserRole Filter(UserRole userrole)
|
||||
{
|
||||
if (userrole != null)
|
||||
{
|
||||
userrole.User.Password = "";
|
||||
userrole.User.IsAuthenticated = false;
|
||||
userrole.User.TwoFactorCode = "";
|
||||
userrole.User.TwoFactorExpiry = null;
|
||||
|
||||
if (!User.IsInRole(RoleNames.Admin) && User.Identity.Name?.ToLower() != userrole.User.Username.ToLower())
|
||||
{
|
||||
userrole.User.Email = "";
|
||||
userrole.User.PhotoFileId = null;
|
||||
userrole.User.LastLoginOn = DateTime.MinValue;
|
||||
userrole.User.LastIPAddress = "";
|
||||
userrole.User.Roles = "";
|
||||
userrole.User.CreatedBy = "";
|
||||
userrole.User.CreatedOn = DateTime.MinValue;
|
||||
userrole.User.ModifiedBy = "";
|
||||
userrole.User.ModifiedOn = DateTime.MinValue;
|
||||
userrole.User.DeletedBy = "";
|
||||
userrole.User.DeletedOn = DateTime.MinValue;
|
||||
userrole.User.IsDeleted = false;
|
||||
userrole.User.TwoFactorRequired = false;
|
||||
}
|
||||
}
|
||||
return userrole;
|
||||
}
|
||||
|
||||
// POST api/<controller>
|
||||
[HttpPost]
|
||||
[Authorize(Roles = RoleNames.Admin)]
|
||||
|
||||
Reference in New Issue
Block a user