exclude legacy Permissions properties from serialization/API payload

2023-03-09 15:51:16 -05:00
parent 9c6174e3f2
commit af3b289331
15 changed files with 307 additions and 225 deletions
--- a/Oqtane.Shared/Models/Folder.cs
+++ b/Oqtane.Shared/Models/Folder.cs
@ -2,6 +2,7 @@ using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations.Schema;
 using System.Text.Json;
+using System.Text.Json.Serialization;

 namespace Oqtane.Models
 {
@ -85,18 +86,19 @@ namespace Oqtane.Models
        [NotMapped]
        public bool HasChildren { get; set; }

+        #region Deprecated Properties
+
        [Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
        [NotMapped]
+        [JsonIgnore] // exclude from API payload
        public string Permissions
        {
            get
            {
                return JsonSerializer.Serialize(PermissionList);
            }
-            set
-            {
-                PermissionList = JsonSerializer.Deserialize<List<Permission>>(Permissions);
-            }
        }
+
+        #endregion
    }
 }
--- a/Oqtane.Shared/Models/Module.cs
+++ b/Oqtane.Shared/Models/Module.cs
@ -3,6 +3,7 @@ using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations.Schema;
 using System.Text.Json;
+using System.Text.Json.Serialization;

 namespace Oqtane.Models
 {
@ -109,18 +110,19 @@ namespace Oqtane.Models

        #endregion

+        #region Deprecated Properties
+
        [Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
        [NotMapped]
+        [JsonIgnore] // exclude from API payload
        public string Permissions
        {
            get
            {
                return JsonSerializer.Serialize(PermissionList);
            }
-            set
-            {
-                PermissionList = JsonSerializer.Deserialize<List<Permission>>(Permissions);
-            }
        }
+
+        #endregion
    }
 }
--- a/Oqtane.Shared/Models/ModuleDefinition.cs
+++ b/Oqtane.Shared/Models/ModuleDefinition.cs
@ -2,6 +2,7 @@ using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations.Schema;
 using System.Text.Json;
+using System.Text.Json.Serialization;
 using Oqtane.Documentation;

 namespace Oqtane.Models
@ -68,55 +69,75 @@ namespace Oqtane.Models
        // additional IModule properties 
        [NotMapped]
        public string Owner { get; set; }
+
        [NotMapped]
        public string Url { get; set; }
+
        [NotMapped]
        public string Contact { get; set; }
+
        [NotMapped]
        public string License { get; set; }
+
        [NotMapped]
        public string Runtimes { get; set; }
+
        [NotMapped]
        public string Dependencies { get; set; }
+
        [NotMapped]
        public string PermissionNames { get; set; }
+
        [NotMapped]
        public string ServerManagerType { get; set; }
+
        [NotMapped]
        public string ControlTypeRoutes { get; set; }
+
        [NotMapped]
        public string ReleaseVersions { get; set; }
+
        [NotMapped]
        public string DefaultAction { get; set; }
+
        [NotMapped]
        public string SettingsType { get; set; } // added in 2.0.2
+
        [NotMapped]
        public string PackageName { get; set; } // added in 2.1.0

        // internal properties
        [NotMapped]
        public int SiteId { get; set; }
+
        [NotMapped]
        public string ControlTypeTemplate { get; set; }
+
        [NotMapped]
        public string AssemblyName { get; set; }
+
        [NotMapped]
        public List<Permission> PermissionList { get; set; }
+
        [NotMapped]
        public string Template { get; set; }

+        [NotMapped]
+        public bool IsPortable { get; set; }
+
+        #region Deprecated Properties
+
        [Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
        [NotMapped]
+        [JsonIgnore] // exclude from API payload
        public string Permissions
        {
            get
            {
                return JsonSerializer.Serialize(PermissionList);
            }
-            set
-            {
-                PermissionList = JsonSerializer.Deserialize<List<Permission>>(Permissions);
-            }
        }
+
+        #endregion
    }
 }
--- a/Oqtane.Shared/Models/Page.cs
+++ b/Oqtane.Shared/Models/Page.cs
@ -2,6 +2,7 @@ using System;
 using System.Collections.Generic;
 using System.ComponentModel.DataAnnotations.Schema;
 using System.Text.Json;
+using System.Text.Json.Serialization;

 namespace Oqtane.Models
 {
@ -115,26 +116,24 @@ namespace Oqtane.Models

        #region Deprecated Properties

-        [Obsolete("This property is deprecated", false)]
+        [Obsolete("The EditMode property is deprecated", false)]
        [NotMapped]
        public bool EditMode { get; set; }

-        [Obsolete("This property is deprecated", false)]
+        [Obsolete("The LayoutType property is deprecated", false)]
        [NotMapped]
        public string LayoutType { get; set; }

        [Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
        [NotMapped]
+        [JsonIgnore] // exclude from API payload
        public string Permissions {
            get
            {
                return JsonSerializer.Serialize(PermissionList);
            }
-            set
-            {
-                PermissionList = JsonSerializer.Deserialize<List<Permission>>(Permissions);
-            }
        }
+
        #endregion
    }
 }
--- a/Oqtane.Shared/Models/SiteTemplate.cs
+++ b/Oqtane.Shared/Models/SiteTemplate.cs
@ -33,10 +33,6 @@ namespace Oqtane.Models
            {
                return JsonSerializer.Serialize(PermissionList);
            }
-            set
-            {
-                PermissionList = JsonSerializer.Deserialize<List<Permission>>(PagePermissions);
-            }
        }
    }

@ -55,10 +51,6 @@ namespace Oqtane.Models
            {
                return JsonSerializer.Serialize(PermissionList);
            }
-            set
-            {
-                PermissionList = JsonSerializer.Deserialize<List<Permission>>(ModulePermissions);
-            }
        }
    }
 }
--- a/Oqtane.Shared/Security/UserSecurity.cs
+++ b/Oqtane.Shared/Security/UserSecurity.cs
@ -20,42 +20,37 @@ namespace Oqtane.Security
            return IsAuthorized(user, permissions);
        }

-        public static bool IsAuthorized(User user, string permissionName, List<Permission> permissions)
+        public static bool IsAuthorized(User user, string permissionName, List<Permission> permissionList)
        {
-            return IsAuthorized(user, permissions.Where(item => item.PermissionName == permissionName).ToList());
+            return IsAuthorized(user, permissionList.Where(item => item.PermissionName == permissionName).ToList());
        }

-        public static bool IsAuthorized(User user, string permissionName, string permissions)
-        {
-            return IsAuthorized(user, JsonSerializer.Deserialize<List<Permission>>(permissions).Where(item => item.PermissionName == permissionName).ToList());
-        }
-
-        public static bool IsAuthorized(User user, List<Permission> permissions)
+        public static bool IsAuthorized(User user, List<Permission> permissionList)
        {
            bool authorized = false;
-            if (permissions != null && permissions.Any())
+            if (permissionList != null && permissionList.Any())
            {
                if (user == null)
                {
-                    authorized = IsAuthorized(-1, "", permissions); // user is not authenticated but may have access to resource
+                    authorized = IsAuthorized(-1, "", permissionList); // user is not authenticated but may have access to resource
                }
                else
                {
-                    authorized = IsAuthorized(user.UserId, user.Roles, permissions);
+                    authorized = IsAuthorized(user.UserId, user.Roles, permissionList);
                }

            }
            return authorized;
        }

-        private static bool IsAuthorized(int userId, string roles, List<Permission> permissions)
+        private static bool IsAuthorized(int userId, string roles, List<Permission> permissionList)
        {
            bool isAuthorized = false;

-            if (permissions != null && permissions.Any())
+            if (permissionList != null && permissionList.Any())
            {
                // check if denied first
-                isAuthorized = !permissions.Where(item => !item.IsAuthorized && (
+                isAuthorized = !permissionList.Where(item => !item.IsAuthorized && (
                    (item.Role != null && (
                        (item.Role.Name == RoleNames.Everyone) ||
                        (item.Role.Name == RoleNames.Unauthenticated && userId == -1) ||
@ -65,7 +60,7 @@ namespace Oqtane.Security
                if (isAuthorized)
                {
                    // then check if authorized
-                    isAuthorized = permissions.Where(item => item.IsAuthorized && (
+                    isAuthorized = permissionList.Where(item => item.IsAuthorized && (
                        (item.Role != null && (
                            (item.Role.Name == RoleNames.Everyone) ||
                            (item.Role.Name == RoleNames.Unauthenticated && userId == -1) ||
@ -123,5 +118,11 @@ namespace Oqtane.Security
            }
            return identity;
        }
+
+        [Obsolete("IsAuthorized(User user, string permissionName, string permissions) is deprecated. Use IsAuthorized(User user, string permissionName, List<Permission> permissionList) instead", false)]
+        public static bool IsAuthorized(User user, string permissionName, string permissions)
+        {
+            return IsAuthorized(user, JsonSerializer.Deserialize<List<Permission>>(permissions).Where(item => item.PermissionName == permissionName).ToList());
+        }
    }
 }