Security fixes for Site Administrators to ensure proper access. Improvements to User and Role management components. Fix logic in CreateUser so that it does not prevent Administrators from creating users.

2020-04-21 15:16:12 -04:00
parent 72995cd8fa
commit ab5257cea2
15 changed files with 910 additions and 592 deletions
--- a/Oqtane.Server/Controllers/TenantController.cs
+++ b/Oqtane.Server/Controllers/TenantController.cs
@ -23,7 +23,7 @@ namespace Oqtane.Controllers

        // GET: api/<controller>
        [HttpGet]
-        [Authorize(Roles = Constants.HostRole)]
+        [Authorize(Roles = Constants.AdminRole)]
        public IEnumerable<Tenant> Get()
        {
            return _tenants.GetTenants();
@ -31,7 +31,7 @@ namespace Oqtane.Controllers

        // GET api/<controller>/5
        [HttpGet("{id}")]
-        [Authorize(Roles = Constants.HostRole)]
+        [Authorize(Roles = Constants.AdminRole)]
        public Tenant Get(int id)
        {
            return _tenants.GetTenant(id);