From b4d3903517872ed9eec84330ae1a88bad1160ed7 Mon Sep 17 00:00:00 2001 From: Pavel Vesely Date: Sat, 14 Mar 2020 10:12:07 +0100 Subject: [PATCH] Replace magic strings in other places --- Oqtane.Client/Modules/Admin/Files/Edit.razor | 6 +++--- .../Admin/ModuleDefinitions/Edit.razor | 2 +- Oqtane.Client/Modules/Admin/Pages/Add.razor | 4 ++-- Oqtane.Server/Controllers/FileController.cs | 8 ++++---- Oqtane.Server/Controllers/FolderController.cs | 14 ++++++------- Oqtane.Server/Controllers/ModuleController.cs | 10 +++++----- Oqtane.Server/Controllers/PageController.cs | 16 +++++++-------- .../Controllers/PageModuleController.cs | 8 ++++---- .../Controllers/SettingController.cs | 12 +++++------ Oqtane.Server/Startup.cs | 20 +++++++++---------- Oqtane.Shared/Shared/PermissionNames.cs | 1 + 11 files changed, 51 insertions(+), 50 deletions(-) diff --git a/Oqtane.Client/Modules/Admin/Files/Edit.razor b/Oqtane.Client/Modules/Admin/Files/Edit.razor index 360ac6b6..234dd684 100644 --- a/Oqtane.Client/Modules/Admin/Files/Edit.razor +++ b/Oqtane.Client/Modules/Admin/Files/Edit.razor @@ -100,9 +100,9 @@ { parentid = folders[0].FolderId; List permissionstrings = new List(); - permissionstrings.Add(new PermissionString { PermissionName = "Browse", Permissions = Constants.AdminRole }); - permissionstrings.Add(new PermissionString { PermissionName = "View", Permissions = Constants.AdminRole }); - permissionstrings.Add(new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole }); + permissionstrings.Add(new PermissionString { PermissionName = PermissionNames.Browse, Permissions = Constants.AdminRole }); + permissionstrings.Add(new PermissionString { PermissionName = PermissionNames.View, Permissions = Constants.AdminRole }); + permissionstrings.Add(new PermissionString { PermissionName = PermissionNames.Edit, Permissions = Constants.AdminRole }); permissions = UserSecurity.SetPermissionStrings(permissionstrings); } } diff --git a/Oqtane.Client/Modules/Admin/ModuleDefinitions/Edit.razor b/Oqtane.Client/Modules/Admin/ModuleDefinitions/Edit.razor index f767c33b..36032ce9 100644 --- a/Oqtane.Client/Modules/Admin/ModuleDefinitions/Edit.razor +++ b/Oqtane.Client/Modules/Admin/ModuleDefinitions/Edit.razor @@ -17,7 +17,7 @@ - + diff --git a/Oqtane.Client/Modules/Admin/Pages/Add.razor b/Oqtane.Client/Modules/Admin/Pages/Add.razor index 46543bca..17a785dc 100644 --- a/Oqtane.Client/Modules/Admin/Pages/Add.razor +++ b/Oqtane.Client/Modules/Admin/Pages/Add.razor @@ -184,8 +184,8 @@ layouttype = PageState.Site.DefaultLayoutType; List permissionstrings = new List(); - permissionstrings.Add(new PermissionString { PermissionName = "View", Permissions = Constants.AdminRole }); - permissionstrings.Add(new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole }); + permissionstrings.Add(new PermissionString { PermissionName = PermissionNames.View, Permissions = Constants.AdminRole }); + permissionstrings.Add(new PermissionString { PermissionName = PermissionNames.Edit, Permissions = Constants.AdminRole }); permissions = UserSecurity.SetPermissionStrings(permissionstrings); } catch (Exception ex) diff --git a/Oqtane.Server/Controllers/FileController.cs b/Oqtane.Server/Controllers/FileController.cs index 5f0b507a..aed3deb6 100644 --- a/Oqtane.Server/Controllers/FileController.cs +++ b/Oqtane.Server/Controllers/FileController.cs @@ -47,7 +47,7 @@ namespace Oqtane.Controllers if (int.TryParse(folder, out folderid)) { Folder f = _folders.GetFolder(folderid); - if (f != null && _userPermissions.IsAuthorized(User, "Browse", f.Permissions)) + if (f != null && _userPermissions.IsAuthorized(User, PermissionNames.Browse, f.Permissions)) { files = _files.GetFiles(folderid).ToList(); } @@ -77,7 +77,7 @@ namespace Oqtane.Controllers Folder folder = _folders.GetFolder(siteId, folderPath); List files; if (folder != null) - if (_userPermissions.IsAuthorized(User, "Browse", folder.Permissions)) + if (_userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.Permissions)) { files = _files.GetFiles(folder.FolderId).ToList(); } @@ -120,7 +120,7 @@ namespace Oqtane.Controllers [Authorize(Roles = Constants.RegisteredRole)] public Models.File Put(int id, [FromBody] Models.File File) { - if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Folder", File.Folder.FolderId, "Edit")) + if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Folder", File.Folder.FolderId, PermissionNames.Edit)) { File = _files.UpdateFile(File); _logger.Log(LogLevel.Information, this, LogFunction.Update, "File Updated {File}", File); @@ -140,7 +140,7 @@ namespace Oqtane.Controllers public void Delete(int id) { Models.File file = _files.GetFile(id); - if (_userPermissions.IsAuthorized(User, "Folder", file.Folder.FolderId, "Edit")) + if (_userPermissions.IsAuthorized(User, "Folder", file.Folder.FolderId, PermissionNames.Edit)) { _files.DeleteFile(id); diff --git a/Oqtane.Server/Controllers/FolderController.cs b/Oqtane.Server/Controllers/FolderController.cs index 94ea087d..54c5eba9 100644 --- a/Oqtane.Server/Controllers/FolderController.cs +++ b/Oqtane.Server/Controllers/FolderController.cs @@ -32,7 +32,7 @@ namespace Oqtane.Controllers List folders = new List(); foreach(Folder folder in _folders.GetFolders(int.Parse(siteid))) { - if (_userPermissions.IsAuthorized(User, "Browse", folder.Permissions)) + if (_userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.Permissions)) { folders.Add(folder); } @@ -45,7 +45,7 @@ namespace Oqtane.Controllers public Folder Get(int id) { Folder folder = _folders.GetFolder(id); - if (_userPermissions.IsAuthorized(User, "Browse", folder.Permissions)) + if (_userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.Permissions)) { return folder; } @@ -63,7 +63,7 @@ namespace Oqtane.Controllers var folderPath = WebUtility.UrlDecode(path); Folder folder = _folders.GetFolder(siteId, folderPath); if (folder != null) - if (_userPermissions.IsAuthorized(User, "Browse", folder.Permissions)) + if (_userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.Permissions)) { return folder; } @@ -97,7 +97,7 @@ namespace Oqtane.Controllers } else { - permissions = UserSecurity.SetPermissionStrings(new List { new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole } }); + permissions = UserSecurity.SetPermissionStrings(new List { new PermissionString { PermissionName = PermissionNames.Edit, Permissions = Constants.AdminRole } }); } if (_userPermissions.IsAuthorized(User,PermissionNames.Edit, permissions)) { @@ -124,7 +124,7 @@ namespace Oqtane.Controllers [Authorize(Roles = Constants.RegisteredRole)] public Folder Put(int id, [FromBody] Folder Folder) { - if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Folder", Folder.FolderId, "Edit")) + if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Folder", Folder.FolderId, PermissionNames.Edit)) { if (string.IsNullOrEmpty(Folder.Path) && Folder.ParentId != null) { @@ -148,7 +148,7 @@ namespace Oqtane.Controllers [Authorize(Roles = Constants.RegisteredRole)] public void Put(int siteid, int folderid, int? parentid) { - if (_userPermissions.IsAuthorized(User, "Folder", folderid, "Edit")) + if (_userPermissions.IsAuthorized(User, "Folder", folderid, PermissionNames.Edit)) { int order = 1; List folders = _folders.GetFolders(siteid).ToList(); @@ -175,7 +175,7 @@ namespace Oqtane.Controllers [Authorize(Roles = Constants.RegisteredRole)] public void Delete(int id) { - if (_userPermissions.IsAuthorized(User, "Folder", id, "Edit")) + if (_userPermissions.IsAuthorized(User, "Folder", id, PermissionNames.Edit)) { _folders.DeleteFolder(id); _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Folder Deleted {FolderId}", id); diff --git a/Oqtane.Server/Controllers/ModuleController.cs b/Oqtane.Server/Controllers/ModuleController.cs index 98e4d109..431167d3 100644 --- a/Oqtane.Server/Controllers/ModuleController.cs +++ b/Oqtane.Server/Controllers/ModuleController.cs @@ -89,7 +89,7 @@ namespace Oqtane.Controllers [Authorize(Roles = Constants.RegisteredRole)] public Models.Module Post([FromBody] Models.Module Module) { - if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Page", Module.PageId, "Edit")) + if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Page", Module.PageId, PermissionNames.Edit)) { Module = _modules.AddModule(Module); _logger.Log(LogLevel.Information, this, LogFunction.Create, "Module Added {Module}", Module); @@ -108,7 +108,7 @@ namespace Oqtane.Controllers [Authorize(Roles = Constants.RegisteredRole)] public Models.Module Put(int id, [FromBody] Models.Module Module) { - if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Module", Module.ModuleId, "Edit")) + if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Module", Module.ModuleId, PermissionNames.Edit)) { Module = _modules.UpdateModule(Module); _logger.Log(LogLevel.Information, this, LogFunction.Update, "Module Updated {Module}", Module); @@ -127,7 +127,7 @@ namespace Oqtane.Controllers [Authorize(Roles = Constants.RegisteredRole)] public void Delete(int id) { - if (_userPermissions.IsAuthorized(User, "Module", id, "Edit")) + if (_userPermissions.IsAuthorized(User, "Module", id, PermissionNames.Edit)) { _modules.DeleteModule(id); _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Module Deleted {ModuleId}", id); @@ -145,7 +145,7 @@ namespace Oqtane.Controllers public string Export(int moduleid) { string content = ""; - if (_userPermissions.IsAuthorized(User, "Module", moduleid, "Edit")) + if (_userPermissions.IsAuthorized(User, "Module", moduleid, PermissionNames.Edit)) { content = _modules.ExportModule(moduleid); } @@ -163,7 +163,7 @@ namespace Oqtane.Controllers public bool Import(int moduleid, [FromBody] string Content) { bool success = false; - if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Module", moduleid, "Edit")) + if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Module", moduleid, PermissionNames.Edit)) { success = _modules.ImportModule(moduleid, Content); } diff --git a/Oqtane.Server/Controllers/PageController.cs b/Oqtane.Server/Controllers/PageController.cs index 7fb3221d..371c15d6 100644 --- a/Oqtane.Server/Controllers/PageController.cs +++ b/Oqtane.Server/Controllers/PageController.cs @@ -110,7 +110,7 @@ namespace Oqtane.Controllers } else { - permissions = UserSecurity.SetPermissionStrings(new List { new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole } }); + permissions = UserSecurity.SetPermissionStrings(new List { new PermissionString { PermissionName = PermissionNames.Edit, Permissions = Constants.AdminRole } }); } if (_userPermissions.IsAuthorized(User,PermissionNames.Edit, permissions)) @@ -150,8 +150,8 @@ namespace Oqtane.Controllers page.LayoutType = parent.LayoutType; page.Icon = parent.Icon; List permissions = new List(); - permissions.Add(new PermissionString { PermissionName = "View", Permissions = "[" + userid + "]" }); - permissions.Add(new PermissionString { PermissionName = "Edit", Permissions = "[" + userid + "]" }); + permissions.Add(new PermissionString { PermissionName = PermissionNames.View, Permissions = "[" + userid + "]" }); + permissions.Add(new PermissionString { PermissionName = PermissionNames.Edit, Permissions = "[" + userid + "]" }); page.Permissions = UserSecurity.SetPermissionStrings(permissions); page.IsPersonalizable = false; page.UserId = int.Parse(userid); @@ -167,8 +167,8 @@ namespace Oqtane.Controllers module.PageId = page.PageId; module.ModuleDefinitionName = pm.Module.ModuleDefinitionName; permissions = new List(); - permissions.Add(new PermissionString { PermissionName = "View", Permissions = "[" + userid + "]" }); - permissions.Add(new PermissionString { PermissionName = "Edit", Permissions = "[" + userid + "]" }); + permissions.Add(new PermissionString { PermissionName = PermissionNames.View, Permissions = "[" + userid + "]" }); + permissions.Add(new PermissionString { PermissionName = PermissionNames.Edit, Permissions = "[" + userid + "]" }); module.Permissions = UserSecurity.SetPermissionStrings(permissions); module = _modules.AddModule(module); @@ -197,7 +197,7 @@ namespace Oqtane.Controllers [Authorize(Roles = Constants.RegisteredRole)] public Page Put(int id, [FromBody] Page Page) { - if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Page", Page.PageId, "Edit")) + if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Page", Page.PageId, PermissionNames.Edit)) { Page = _pages.UpdatePage(Page); _syncManager.AddSyncEvent("Site", Page.SiteId); @@ -217,7 +217,7 @@ namespace Oqtane.Controllers [Authorize(Roles = Constants.RegisteredRole)] public void Put(int siteid, int pageid, int? parentid) { - if (_userPermissions.IsAuthorized(User, "Page", pageid, "Edit")) + if (_userPermissions.IsAuthorized(User, "Page", pageid, PermissionNames.Edit)) { int order = 1; List pages = _pages.GetPages(siteid).ToList(); @@ -246,7 +246,7 @@ namespace Oqtane.Controllers public void Delete(int id) { Page page = _pages.GetPage(id); - if (_userPermissions.IsAuthorized(User, "Page", page.PageId, "Edit")) + if (_userPermissions.IsAuthorized(User, "Page", page.PageId, PermissionNames.Edit)) { _pages.DeletePage(page.PageId); _syncManager.AddSyncEvent("Site", page.SiteId); diff --git a/Oqtane.Server/Controllers/PageModuleController.cs b/Oqtane.Server/Controllers/PageModuleController.cs index a9278747..71fdaeaf 100644 --- a/Oqtane.Server/Controllers/PageModuleController.cs +++ b/Oqtane.Server/Controllers/PageModuleController.cs @@ -67,7 +67,7 @@ namespace Oqtane.Controllers [Authorize(Roles = Constants.RegisteredRole)] public PageModule Post([FromBody] PageModule PageModule) { - if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Page", PageModule.PageId, "Edit")) + if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Page", PageModule.PageId, PermissionNames.Edit)) { PageModule = _pageModules.AddPageModule(PageModule); _syncManager.AddSyncEvent("Page", PageModule.PageId); @@ -87,7 +87,7 @@ namespace Oqtane.Controllers [Authorize(Roles = Constants.RegisteredRole)] public PageModule Put(int id, [FromBody] PageModule PageModule) { - if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Module", PageModule.ModuleId, "Edit")) + if (ModelState.IsValid && _userPermissions.IsAuthorized(User, "Module", PageModule.ModuleId, PermissionNames.Edit)) { PageModule = _pageModules.UpdatePageModule(PageModule); _syncManager.AddSyncEvent("Page", PageModule.PageId); @@ -107,7 +107,7 @@ namespace Oqtane.Controllers [Authorize(Roles = Constants.RegisteredRole)] public void Put(int pageid, string pane) { - if (_userPermissions.IsAuthorized(User, "Page", pageid, "Edit")) + if (_userPermissions.IsAuthorized(User, "Page", pageid, PermissionNames.Edit)) { int order = 1; List pagemodules = _pageModules.GetPageModules(pageid, pane).OrderBy(item => item.Order).ToList(); @@ -136,7 +136,7 @@ namespace Oqtane.Controllers public void Delete(int id) { PageModule pagemodule = _pageModules.GetPageModule(id); - if (_userPermissions.IsAuthorized(User, "Page", pagemodule.PageId, "Edit")) + if (_userPermissions.IsAuthorized(User, "Page", pagemodule.PageId, PermissionNames.Edit)) { _pageModules.DeletePageModule(id); _syncManager.AddSyncEvent("Page", pagemodule.PageId); diff --git a/Oqtane.Server/Controllers/SettingController.cs b/Oqtane.Server/Controllers/SettingController.cs index 5fcd65c4..e0a95d4e 100644 --- a/Oqtane.Server/Controllers/SettingController.cs +++ b/Oqtane.Server/Controllers/SettingController.cs @@ -31,7 +31,7 @@ namespace Oqtane.Controllers public IEnumerable Get(string entityname, int entityid) { List settings = new List(); - if (IsAuthorized(entityname, entityid, "View")) + if (IsAuthorized(entityname, entityid, PermissionNames.View)) { settings = _settings.GetSettings(entityname, entityid).ToList(); } @@ -48,7 +48,7 @@ namespace Oqtane.Controllers public Setting Get(int id) { Setting setting = _settings.GetSetting(id); - if (IsAuthorized(setting.EntityName, setting.EntityId, "View")) + if (IsAuthorized(setting.EntityName, setting.EntityId, PermissionNames.View)) { return setting; } @@ -64,7 +64,7 @@ namespace Oqtane.Controllers [HttpPost] public Setting Post([FromBody] Setting Setting) { - if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId, "Edit")) + if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId, PermissionNames.Edit)) { Setting = _settings.AddSetting(Setting); _logger.Log(LogLevel.Information, this, LogFunction.Create, "Setting Added {Setting}", Setting); @@ -82,7 +82,7 @@ namespace Oqtane.Controllers [HttpPut("{id}")] public Setting Put(int id, [FromBody] Setting Setting) { - if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId, "Edit")) + if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId, PermissionNames.Edit)) { Setting = _settings.UpdateSetting(Setting); _logger.Log(LogLevel.Information, this, LogFunction.Update, "Setting Updated {Setting}", Setting); @@ -101,7 +101,7 @@ namespace Oqtane.Controllers public void Delete(int id) { Setting setting = _settings.GetSetting(id); - if (IsAuthorized(setting.EntityName, setting.EntityId, "Edit")) + if (IsAuthorized(setting.EntityName, setting.EntityId, PermissionNames.Edit)) { _settings.DeleteSetting(id); _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Setting Deleted {Setting}", setting); @@ -136,7 +136,7 @@ namespace Oqtane.Controllers break; case "User": authorized = true; - if (PermissionName == "Edit") + if (PermissionName == PermissionNames.Edit) { authorized = User.IsInRole(Constants.AdminRole) || (_userPermissions.GetUser(User).UserId == EntityId); } diff --git a/Oqtane.Server/Startup.cs b/Oqtane.Server/Startup.cs index 55e2391a..acb3b811 100644 --- a/Oqtane.Server/Startup.cs +++ b/Oqtane.Server/Startup.cs @@ -78,12 +78,12 @@ namespace Oqtane.Server // register authorization services services.AddAuthorizationCore(options => { - options.AddPolicy("ViewPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", "View"))); - options.AddPolicy("EditPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", "Edit"))); - options.AddPolicy("ViewModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", "View"))); - options.AddPolicy("EditModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", "Edit"))); - options.AddPolicy("ViewFolder", policy => policy.Requirements.Add(new PermissionRequirement("Folder", "View"))); - options.AddPolicy("EditFolder", policy => policy.Requirements.Add(new PermissionRequirement("Folder", "Edit"))); + options.AddPolicy("ViewPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", PermissionNames.View))); + options.AddPolicy("EditPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", PermissionNames.Edit))); + options.AddPolicy("ViewModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", PermissionNames.View))); + options.AddPolicy("EditModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", PermissionNames.Edit))); + options.AddPolicy("ViewFolder", policy => policy.Requirements.Add(new PermissionRequirement("Folder", PermissionNames.View))); + options.AddPolicy("EditFolder", policy => policy.Requirements.Add(new PermissionRequirement("Folder", PermissionNames.Edit))); options.AddPolicy("ListFolder", policy => policy.Requirements.Add(new PermissionRequirement("Folder", "List"))); }); @@ -253,10 +253,10 @@ namespace Oqtane.Server // register authorization services services.AddAuthorizationCore(options => { - options.AddPolicy("ViewPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", "View"))); - options.AddPolicy("EditPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", "Edit"))); - options.AddPolicy("ViewModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", "View"))); - options.AddPolicy("EditModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", "Edit"))); + options.AddPolicy("ViewPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", PermissionNames.View))); + options.AddPolicy("EditPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", PermissionNames.Edit))); + options.AddPolicy("ViewModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", PermissionNames.View))); + options.AddPolicy("EditModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", PermissionNames.Edit))); }); // register scoped core services diff --git a/Oqtane.Shared/Shared/PermissionNames.cs b/Oqtane.Shared/Shared/PermissionNames.cs index 4c77542f..a157199b 100644 --- a/Oqtane.Shared/Shared/PermissionNames.cs +++ b/Oqtane.Shared/Shared/PermissionNames.cs @@ -2,6 +2,7 @@ { public class PermissionNames { + public const string Browse = "Browse"; public const string View = "View"; public const string Edit = "Edit"; public const string Delete = "Delete";