Merge remote-tracking branch 'oqtane/dev' into dev
This commit is contained in:
@ -9,7 +9,9 @@
|
|||||||
@inject IStringLocalizer<Edit> Localizer
|
@inject IStringLocalizer<Edit> Localizer
|
||||||
@inject IStringLocalizer<SharedResources> SharedLocalizer
|
@inject IStringLocalizer<SharedResources> SharedLocalizer
|
||||||
|
|
||||||
<TabStrip>
|
@if (_initialized)
|
||||||
|
{
|
||||||
|
<TabStrip>
|
||||||
<TabPanel Name="Definition" ResourceKey="Definition">
|
<TabPanel Name="Definition" ResourceKey="Definition">
|
||||||
<form @ref="form" class="@(validated ? "was-validated" : "needs-validation")" novalidate>
|
<form @ref="form" class="@(validated ? "was-validated" : "needs-validation")" novalidate>
|
||||||
<div class="container">
|
<div class="container">
|
||||||
@ -98,6 +100,7 @@
|
|||||||
<PermissionGrid EntityName="@EntityNames.ModuleDefinition" PermissionNames="@PermissionNames.Utilize" PermissionList="@_permissions" @ref="_permissionGrid" />
|
<PermissionGrid EntityName="@EntityNames.ModuleDefinition" PermissionNames="@PermissionNames.Utilize" PermissionList="@_permissions" @ref="_permissionGrid" />
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
<br />
|
||||||
<button type="button" class="btn btn-success" @onclick="SaveModuleDefinition">@SharedLocalizer["Save"]</button>
|
<button type="button" class="btn btn-success" @onclick="SaveModuleDefinition">@SharedLocalizer["Save"]</button>
|
||||||
<NavLink class="btn btn-secondary" href="@NavigateUrl()">@SharedLocalizer["Cancel"]</NavLink>
|
<NavLink class="btn btn-secondary" href="@NavigateUrl()">@SharedLocalizer["Cancel"]</NavLink>
|
||||||
</TabPanel>
|
</TabPanel>
|
||||||
@ -149,10 +152,10 @@
|
|||||||
<br />
|
<br />
|
||||||
}
|
}
|
||||||
</TabPanel>
|
</TabPanel>
|
||||||
</TabStrip>
|
</TabStrip>
|
||||||
|
|
||||||
@if (_package != null)
|
@if (_package != null)
|
||||||
{
|
{
|
||||||
<div class="app-actiondialog">
|
<div class="app-actiondialog">
|
||||||
<div class="modal" tabindex="-1" role="dialog">
|
<div class="modal" tabindex="-1" role="dialog">
|
||||||
<div class="modal-dialog">
|
<div class="modal-dialog">
|
||||||
@ -189,9 +192,11 @@
|
|||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@code {
|
@code {
|
||||||
|
private bool _initialized = false;
|
||||||
private ElementReference form;
|
private ElementReference form;
|
||||||
private bool validated = false;
|
private bool validated = false;
|
||||||
private int _moduleDefinitionId;
|
private int _moduleDefinitionId;
|
||||||
@ -262,6 +267,8 @@
|
|||||||
}
|
}
|
||||||
_languages = _languages.OrderBy(item => item.Name).ToList();
|
_languages = _languages.OrderBy(item => item.Name).ToList();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
_initialized = true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
catch (Exception ex)
|
catch (Exception ex)
|
||||||
|
@ -294,6 +294,12 @@ else
|
|||||||
<input id="roleclaimtype" class="form-control" @bind="@_roleclaimtype" />
|
<input id="roleclaimtype" class="form-control" @bind="@_roleclaimtype" />
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="row mb-1 align-items-center">
|
||||||
|
<Label Class="col-sm-3" For="profileclaimtypes" HelpText="A comma delimited list of user profile claims provided by the provider, as well as mappings to your user profile definition. For example if the provider includes a 'given_name' claim and you have a 'FirstName' user profile definition you should specify 'given_name:FirstName'." ResourceKey="ProfileClaimTypes">User Profile Claims:</Label>
|
||||||
|
<div class="col-sm-9">
|
||||||
|
<input id="profileclaimtypes" class="form-control" @bind="@_profileclaimtypes" />
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
}
|
}
|
||||||
<div class="row mb-1 align-items-center">
|
<div class="row mb-1 align-items-center">
|
||||||
<Label Class="col-sm-3" For="domainfilter" HelpText="Provide any email domain filter criteria (separated by commas). Domains to exclude should be prefixed with an exclamation point (!). For example 'microsoft.com,!hotmail.com' would include microsoft.com email addresses but not hotmail.com email addresses." ResourceKey="DomainFilter">Domain Filter:</Label>
|
<Label Class="col-sm-3" For="domainfilter" HelpText="Provide any email domain filter criteria (separated by commas). Domains to exclude should be prefixed with an exclamation point (!). For example 'microsoft.com,!hotmail.com' would include microsoft.com email addresses but not hotmail.com email addresses." ResourceKey="DomainFilter">Domain Filter:</Label>
|
||||||
@ -395,6 +401,7 @@ else
|
|||||||
private string _identifierclaimtype;
|
private string _identifierclaimtype;
|
||||||
private string _emailclaimtype;
|
private string _emailclaimtype;
|
||||||
private string _roleclaimtype;
|
private string _roleclaimtype;
|
||||||
|
private string _profileclaimtypes;
|
||||||
private string _domainfilter;
|
private string _domainfilter;
|
||||||
private string _createusers;
|
private string _createusers;
|
||||||
|
|
||||||
@ -449,6 +456,7 @@ else
|
|||||||
_identifierclaimtype = SettingService.GetSetting(settings, "ExternalLogin:IdentifierClaimType", "sub");
|
_identifierclaimtype = SettingService.GetSetting(settings, "ExternalLogin:IdentifierClaimType", "sub");
|
||||||
_emailclaimtype = SettingService.GetSetting(settings, "ExternalLogin:EmailClaimType", "email");
|
_emailclaimtype = SettingService.GetSetting(settings, "ExternalLogin:EmailClaimType", "email");
|
||||||
_roleclaimtype = SettingService.GetSetting(settings, "ExternalLogin:RoleClaimType", "");
|
_roleclaimtype = SettingService.GetSetting(settings, "ExternalLogin:RoleClaimType", "");
|
||||||
|
_profileclaimtypes = SettingService.GetSetting(settings, "ExternalLogin:ProfileClaimTypes", "");
|
||||||
_domainfilter = SettingService.GetSetting(settings, "ExternalLogin:DomainFilter", "");
|
_domainfilter = SettingService.GetSetting(settings, "ExternalLogin:DomainFilter", "");
|
||||||
_createusers = SettingService.GetSetting(settings, "ExternalLogin:CreateUsers", "true");
|
_createusers = SettingService.GetSetting(settings, "ExternalLogin:CreateUsers", "true");
|
||||||
|
|
||||||
@ -568,6 +576,7 @@ else
|
|||||||
settings = SettingService.SetSetting(settings, "ExternalLogin:IdentifierClaimType", _identifierclaimtype, true);
|
settings = SettingService.SetSetting(settings, "ExternalLogin:IdentifierClaimType", _identifierclaimtype, true);
|
||||||
settings = SettingService.SetSetting(settings, "ExternalLogin:EmailClaimType", _emailclaimtype, true);
|
settings = SettingService.SetSetting(settings, "ExternalLogin:EmailClaimType", _emailclaimtype, true);
|
||||||
settings = SettingService.SetSetting(settings, "ExternalLogin:RoleClaimType", _roleclaimtype, true);
|
settings = SettingService.SetSetting(settings, "ExternalLogin:RoleClaimType", _roleclaimtype, true);
|
||||||
|
settings = SettingService.SetSetting(settings, "ExternalLogin:ProfileClaimTypes", _profileclaimtypes, true);
|
||||||
settings = SettingService.SetSetting(settings, "ExternalLogin:DomainFilter", _domainfilter, true);
|
settings = SettingService.SetSetting(settings, "ExternalLogin:DomainFilter", _domainfilter, true);
|
||||||
settings = SettingService.SetSetting(settings, "ExternalLogin:CreateUsers", _createusers, true);
|
settings = SettingService.SetSetting(settings, "ExternalLogin:CreateUsers", _createusers, true);
|
||||||
|
|
||||||
|
@ -62,7 +62,7 @@
|
|||||||
public SecurityAccessLevel? Security { get; set; } // optional - can be used to explicitly specify SecurityAccessLevel
|
public SecurityAccessLevel? Security { get; set; } // optional - can be used to explicitly specify SecurityAccessLevel
|
||||||
|
|
||||||
[Parameter]
|
[Parameter]
|
||||||
public string Permissions { get; set; } // optional - can be used to specify permissions (deprecated - use PermissionList)
|
public string Permissions { get; set; } // deprecated - use PermissionList instead
|
||||||
|
|
||||||
[Parameter]
|
[Parameter]
|
||||||
public List<Permission> PermissionList { get; set; } // optional - can be used to specify permissions
|
public List<Permission> PermissionList { get; set; } // optional - can be used to specify permissions
|
||||||
|
@ -53,7 +53,7 @@
|
|||||||
public SecurityAccessLevel? Security { get; set; } // optional - can be used to explicitly specify SecurityAccessLevel
|
public SecurityAccessLevel? Security { get; set; } // optional - can be used to explicitly specify SecurityAccessLevel
|
||||||
|
|
||||||
[Parameter]
|
[Parameter]
|
||||||
public string Permissions { get; set; } // optional - can be used to specify permissions (deprecated - use PermissionList)
|
public string Permissions { get; set; } // deprecated - use PermissionList instead
|
||||||
|
|
||||||
[Parameter]
|
[Parameter]
|
||||||
public List<Permission> PermissionList { get; set; } // optional - can be used to specify permissions
|
public List<Permission> PermissionList { get; set; } // optional - can be used to specify permissions
|
||||||
|
@ -138,7 +138,7 @@
|
|||||||
|
|
||||||
// initialize permissions
|
// initialize permissions
|
||||||
_permissions = new List<Permission>();
|
_permissions = new List<Permission>();
|
||||||
if (PermissionList.Any())
|
if (PermissionList != null && PermissionList.Any())
|
||||||
{
|
{
|
||||||
foreach (var permission in PermissionList)
|
foreach (var permission in PermissionList)
|
||||||
{
|
{
|
||||||
@ -167,7 +167,7 @@
|
|||||||
_permissions.Add(new Permission(ModuleState.SiteId, segments[0], segments[1], role, null, true));
|
_permissions.Add(new Permission(ModuleState.SiteId, segments[0], segments[1], role, null, true));
|
||||||
}
|
}
|
||||||
// ensure admin access
|
// ensure admin access
|
||||||
if (!_permissions.Any(item => item.EntityName == segments[0] && item.PermissionName == segments[1] && item.Role.Name == RoleNames.Admin))
|
if (!_permissions.Any(item => item.EntityName == segments[0] && item.PermissionName == segments[1] && item.RoleName == RoleNames.Admin))
|
||||||
{
|
{
|
||||||
_permissions.Add(new Permission(ModuleState.SiteId, segments[0], segments[1], RoleNames.Admin, null, true));
|
_permissions.Add(new Permission(ModuleState.SiteId, segments[0], segments[1], RoleNames.Admin, null, true));
|
||||||
}
|
}
|
||||||
@ -203,7 +203,7 @@
|
|||||||
bool? isauthorized = null;
|
bool? isauthorized = null;
|
||||||
if (roleName != "")
|
if (roleName != "")
|
||||||
{
|
{
|
||||||
var permission = _permissions.FirstOrDefault(item => item.EntityName == GetEntityName(permissionName) && item.PermissionName == GetPermissionName(permissionName) && item.Role.Name == roleName);
|
var permission = _permissions.FirstOrDefault(item => item.EntityName == GetEntityName(permissionName) && item.PermissionName == GetPermissionName(permissionName) && item.RoleName == roleName);
|
||||||
if (permission != null)
|
if (permission != null)
|
||||||
{
|
{
|
||||||
isauthorized = permission.IsAuthorized;
|
isauthorized = permission.IsAuthorized;
|
||||||
@ -243,7 +243,7 @@
|
|||||||
{
|
{
|
||||||
if (roleName != "")
|
if (roleName != "")
|
||||||
{
|
{
|
||||||
var permission = _permissions.FirstOrDefault(item => item.EntityName == GetEntityName(permissionName) && item.PermissionName == GetPermissionName(permissionName) && item.Role.Name == roleName);
|
var permission = _permissions.FirstOrDefault(item => item.EntityName == GetEntityName(permissionName) && item.PermissionName == GetPermissionName(permissionName) && item.RoleName == roleName);
|
||||||
if (permission != null)
|
if (permission != null)
|
||||||
{
|
{
|
||||||
_permissions.Remove(permission);
|
_permissions.Remove(permission);
|
||||||
@ -307,7 +307,7 @@
|
|||||||
{
|
{
|
||||||
// remove deny all users, unauthenticated, and registered users
|
// remove deny all users, unauthenticated, and registered users
|
||||||
var permissions = _permissions.Where(item => !item.IsAuthorized &&
|
var permissions = _permissions.Where(item => !item.IsAuthorized &&
|
||||||
(item.Role.Name == RoleNames.Everyone || item.Role.Name == RoleNames.Unauthenticated || item.Role.Name == RoleNames.Registered)).ToList();
|
(item.RoleName == RoleNames.Everyone || item.RoleName == RoleNames.Unauthenticated || item.RoleName == RoleNames.Registered)).ToList();
|
||||||
foreach (var permission in permissions)
|
foreach (var permission in permissions)
|
||||||
{
|
{
|
||||||
_permissions.Remove(permission);
|
_permissions.Remove(permission);
|
||||||
@ -316,7 +316,7 @@
|
|||||||
{
|
{
|
||||||
// remove deny administrators and host users
|
// remove deny administrators and host users
|
||||||
permissions = _permissions.Where(item => !item.IsAuthorized &&
|
permissions = _permissions.Where(item => !item.IsAuthorized &&
|
||||||
(item.Role.Name == RoleNames.Admin || item.Role.Name == RoleNames.Host)).ToList();
|
(item.RoleName == RoleNames.Admin || item.RoleName == RoleNames.Host)).ToList();
|
||||||
foreach (var permission in permissions)
|
foreach (var permission in permissions)
|
||||||
{
|
{
|
||||||
_permissions.Remove(permission);
|
_permissions.Remove(permission);
|
||||||
@ -325,7 +325,7 @@
|
|||||||
{
|
{
|
||||||
// add administrators role if neither host or administrator is assigned
|
// add administrators role if neither host or administrator is assigned
|
||||||
if (!_permissions.Any(item => item.EntityName == GetEntityName(permissionname) && item.PermissionName == GetPermissionName(permissionname) &&
|
if (!_permissions.Any(item => item.EntityName == GetEntityName(permissionname) && item.PermissionName == GetPermissionName(permissionname) &&
|
||||||
(item.Role.Name == RoleNames.Admin || item.Role.Name == RoleNames.Host)))
|
(item.RoleName == RoleNames.Admin || item.RoleName == RoleNames.Host)))
|
||||||
{
|
{
|
||||||
_permissions.Add(new Permission(ModuleState.SiteId, GetEntityName(permissionname), GetPermissionName(permissionname), RoleNames.Admin, null, true));
|
_permissions.Add(new Permission(ModuleState.SiteId, GetEntityName(permissionname), GetPermissionName(permissionname), RoleNames.Admin, null, true));
|
||||||
}
|
}
|
||||||
|
@ -388,6 +388,12 @@
|
|||||||
<value>Optionally provide the name of the role claim provided by the identity provider. These roles will be used in addition to any internal user roles assigned within the site.</value>
|
<value>Optionally provide the name of the role claim provided by the identity provider. These roles will be used in addition to any internal user roles assigned within the site.</value>
|
||||||
</data>
|
</data>
|
||||||
<data name="RoleClaimType.Text" xml:space="preserve">
|
<data name="RoleClaimType.Text" xml:space="preserve">
|
||||||
<value>Role Claim Type:</value>
|
<value>Role Claim:</value>
|
||||||
|
</data>
|
||||||
|
<data name="ProfileClaimTypes.HelpText" xml:space="preserve">
|
||||||
|
<value>Optionally provide a comma delimited list of user profile claims provided by the identity provider, as well as mappings to your user profile definition. For example if the identity provider includes a 'given_name' claim and you have a 'FirstName' user profile definition you should specify 'given_name:FirstName'.</value>
|
||||||
|
</data>
|
||||||
|
<data name="ProfileClaimTypes.Text" xml:space="preserve">
|
||||||
|
<value>User Profile Claims:</value>
|
||||||
</data>
|
</data>
|
||||||
</root>
|
</root>
|
@ -44,7 +44,7 @@ namespace Oqtane.Themes.Controls
|
|||||||
}
|
}
|
||||||
actionList.Add(new ActionViewModel { Icon = Icons.Trash, Name = "Delete Module", Action = async (u, m) => await DeleteModule(u, m) });
|
actionList.Add(new ActionViewModel { Icon = Icons.Trash, Name = "Delete Module", Action = async (u, m) => await DeleteModule(u, m) });
|
||||||
|
|
||||||
if (ModuleState.ModuleDefinition != null && ModuleState.ModuleDefinition.ServerManagerType != "")
|
if (ModuleState.ModuleDefinition != null && ModuleState.ModuleDefinition.IsPortable)
|
||||||
{
|
{
|
||||||
actionList.Add(new ActionViewModel { Name = "" });
|
actionList.Add(new ActionViewModel { Name = "" });
|
||||||
actionList.Add(new ActionViewModel { Icon = Icons.CloudUpload, Name = "Import Content", Action = async (u, m) => await EditUrlAsync(u, m.ModuleId, "Import") });
|
actionList.Add(new ActionViewModel { Icon = Icons.CloudUpload, Name = "Import Content", Action = async (u, m) => await EditUrlAsync(u, m.ModuleId, "Import") });
|
||||||
@ -137,11 +137,11 @@ namespace Oqtane.Themes.Controls
|
|||||||
private async Task<string> Publish(string url, PageModule pagemodule)
|
private async Task<string> Publish(string url, PageModule pagemodule)
|
||||||
{
|
{
|
||||||
var permissions = pagemodule.Module.PermissionList;
|
var permissions = pagemodule.Module.PermissionList;
|
||||||
if (!permissions.Any(item => item.PermissionName == PermissionNames.View && item.Role.Name == RoleNames.Everyone))
|
if (!permissions.Any(item => item.PermissionName == PermissionNames.View && item.RoleName == RoleNames.Everyone))
|
||||||
{
|
{
|
||||||
permissions.Add(new Permission(ModuleState.SiteId, EntityNames.Page, pagemodule.PageId, PermissionNames.View, RoleNames.Everyone, null, true));
|
permissions.Add(new Permission(ModuleState.SiteId, EntityNames.Page, pagemodule.PageId, PermissionNames.View, RoleNames.Everyone, null, true));
|
||||||
}
|
}
|
||||||
if (!permissions.Any(item => item.PermissionName == PermissionNames.View && item.Role.Name == RoleNames.Registered))
|
if (!permissions.Any(item => item.PermissionName == PermissionNames.View && item.RoleName == RoleNames.Registered))
|
||||||
{
|
{
|
||||||
permissions.Add(new Permission(ModuleState.SiteId, EntityNames.Page, pagemodule.PageId, PermissionNames.View, RoleNames.Registered, null, true));
|
permissions.Add(new Permission(ModuleState.SiteId, EntityNames.Page, pagemodule.PageId, PermissionNames.View, RoleNames.Registered, null, true));
|
||||||
}
|
}
|
||||||
@ -153,13 +153,13 @@ namespace Oqtane.Themes.Controls
|
|||||||
private async Task<string> Unpublish(string url, PageModule pagemodule)
|
private async Task<string> Unpublish(string url, PageModule pagemodule)
|
||||||
{
|
{
|
||||||
var permissions = pagemodule.Module.PermissionList;
|
var permissions = pagemodule.Module.PermissionList;
|
||||||
if (permissions.Any(item => item.PermissionName == PermissionNames.View && item.Role.Name == RoleNames.Everyone))
|
if (permissions.Any(item => item.PermissionName == PermissionNames.View && item.RoleName == RoleNames.Everyone))
|
||||||
{
|
{
|
||||||
permissions.Remove(permissions.First(item => item.PermissionName == PermissionNames.View && item.Role.Name == RoleNames.Everyone));
|
permissions.Remove(permissions.First(item => item.PermissionName == PermissionNames.View && item.RoleName == RoleNames.Everyone));
|
||||||
}
|
}
|
||||||
if (permissions.Any(item => item.PermissionName == PermissionNames.View && item.Role.Name == RoleNames.Registered))
|
if (permissions.Any(item => item.PermissionName == PermissionNames.View && item.RoleName == RoleNames.Registered))
|
||||||
{
|
{
|
||||||
permissions.Remove(permissions.First(item => item.PermissionName == PermissionNames.View && item.Role.Name == RoleNames.Registered));
|
permissions.Remove(permissions.First(item => item.PermissionName == PermissionNames.View && item.RoleName == RoleNames.Registered));
|
||||||
}
|
}
|
||||||
pagemodule.Module.PermissionList = permissions;
|
pagemodule.Module.PermissionList = permissions;
|
||||||
await ModuleService.UpdateModuleAsync(pagemodule.Module);
|
await ModuleService.UpdateModuleAsync(pagemodule.Module);
|
||||||
|
@ -537,11 +537,11 @@
|
|||||||
if (UserSecurity.IsAuthorized(PageState.User, PermissionNames.Edit, PageState.Page.PermissionList))
|
if (UserSecurity.IsAuthorized(PageState.User, PermissionNames.Edit, PageState.Page.PermissionList))
|
||||||
{
|
{
|
||||||
var permissions = PageState.Page.PermissionList;
|
var permissions = PageState.Page.PermissionList;
|
||||||
if (!permissions.Any(item => item.PermissionName == PermissionNames.View && item.Role.Name == RoleNames.Everyone))
|
if (!permissions.Any(item => item.PermissionName == PermissionNames.View && item.RoleName == RoleNames.Everyone))
|
||||||
{
|
{
|
||||||
permissions.Add(new Permission(PageState.Site.SiteId, EntityNames.Page, PageState.Page.PageId, PermissionNames.View, RoleNames.Everyone, null, true));
|
permissions.Add(new Permission(PageState.Site.SiteId, EntityNames.Page, PageState.Page.PageId, PermissionNames.View, RoleNames.Everyone, null, true));
|
||||||
}
|
}
|
||||||
if (!permissions.Any(item => item.PermissionName == PermissionNames.View && item.Role.Name == RoleNames.Registered))
|
if (!permissions.Any(item => item.PermissionName == PermissionNames.View && item.RoleName == RoleNames.Registered))
|
||||||
{
|
{
|
||||||
permissions.Add(new Permission(PageState.Site.SiteId, EntityNames.Page, PageState.Page.PageId, PermissionNames.View, RoleNames.Registered, null, true));
|
permissions.Add(new Permission(PageState.Site.SiteId, EntityNames.Page, PageState.Page.PageId, PermissionNames.View, RoleNames.Registered, null, true));
|
||||||
}
|
}
|
||||||
|
@ -47,6 +47,7 @@ namespace Oqtane.Controllers
|
|||||||
int SiteId;
|
int SiteId;
|
||||||
if (int.TryParse(siteid, out SiteId) && SiteId == _alias.SiteId)
|
if (int.TryParse(siteid, out SiteId) && SiteId == _alias.SiteId)
|
||||||
{
|
{
|
||||||
|
List<ModuleDefinition> moduledefinitions = _moduleDefinitions.GetModuleDefinitions(SiteId).ToList();
|
||||||
List<Setting> settings = _settings.GetSettings(EntityNames.Module).ToList();
|
List<Setting> settings = _settings.GetSettings(EntityNames.Module).ToList();
|
||||||
|
|
||||||
foreach (PageModule pagemodule in _pageModules.GetPageModules(SiteId))
|
foreach (PageModule pagemodule in _pageModules.GetPageModules(SiteId))
|
||||||
@ -74,6 +75,8 @@ namespace Oqtane.Controllers
|
|||||||
module.Order = pagemodule.Order;
|
module.Order = pagemodule.Order;
|
||||||
module.ContainerType = pagemodule.ContainerType;
|
module.ContainerType = pagemodule.ContainerType;
|
||||||
|
|
||||||
|
module.ModuleDefinition = FilterModuleDefinition(moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName));
|
||||||
|
|
||||||
module.Settings = settings.Where(item => item.EntityId == pagemodule.ModuleId)
|
module.Settings = settings.Where(item => item.EntityId == pagemodule.ModuleId)
|
||||||
.Where(item => !item.IsPrivate || _userPermissions.IsAuthorized(User, PermissionNames.Edit, pagemodule.Module.PermissionList))
|
.Where(item => !item.IsPrivate || _userPermissions.IsAuthorized(User, PermissionNames.Edit, pagemodule.Module.PermissionList))
|
||||||
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
|
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
|
||||||
@ -92,6 +95,29 @@ namespace Oqtane.Controllers
|
|||||||
return modules;
|
return modules;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private ModuleDefinition FilterModuleDefinition(ModuleDefinition moduleDefinition)
|
||||||
|
{
|
||||||
|
if (moduleDefinition != null)
|
||||||
|
{
|
||||||
|
moduleDefinition.Description = "";
|
||||||
|
moduleDefinition.Categories = "";
|
||||||
|
moduleDefinition.Version = "";
|
||||||
|
moduleDefinition.Owner = "";
|
||||||
|
moduleDefinition.Url = "";
|
||||||
|
moduleDefinition.Contact = "";
|
||||||
|
moduleDefinition.License = "";
|
||||||
|
moduleDefinition.Dependencies = "";
|
||||||
|
moduleDefinition.PermissionNames = "";
|
||||||
|
moduleDefinition.ServerManagerType = "";
|
||||||
|
moduleDefinition.ReleaseVersions = "";
|
||||||
|
moduleDefinition.PackageName = "";
|
||||||
|
moduleDefinition.AssemblyName = "";
|
||||||
|
moduleDefinition.PermissionList = null;
|
||||||
|
moduleDefinition.Template = "";
|
||||||
|
}
|
||||||
|
return moduleDefinition;
|
||||||
|
}
|
||||||
|
|
||||||
// GET api/<controller>/5
|
// GET api/<controller>/5
|
||||||
[HttpGet("{id}")]
|
[HttpGet("{id}")]
|
||||||
public Module Get(int id)
|
public Module Get(int id)
|
||||||
@ -100,7 +126,7 @@ namespace Oqtane.Controllers
|
|||||||
if (module != null && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User,PermissionNames.View, module.PermissionList))
|
if (module != null && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User,PermissionNames.View, module.PermissionList))
|
||||||
{
|
{
|
||||||
List<ModuleDefinition> moduledefinitions = _moduleDefinitions.GetModuleDefinitions(module.SiteId).ToList();
|
List<ModuleDefinition> moduledefinitions = _moduleDefinitions.GetModuleDefinitions(module.SiteId).ToList();
|
||||||
module.ModuleDefinition = moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName);
|
module.ModuleDefinition = FilterModuleDefinition(moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName));
|
||||||
module.Settings = _settings.GetSettings(EntityNames.Module, id)
|
module.Settings = _settings.GetSettings(EntityNames.Module, id)
|
||||||
.Where(item => !item.IsPrivate || _userPermissions.IsAuthorized(User, PermissionNames.Edit, module.PermissionList))
|
.Where(item => !item.IsPrivate || _userPermissions.IsAuthorized(User, PermissionNames.Edit, module.PermissionList))
|
||||||
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
|
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
|
||||||
|
@ -13,6 +13,7 @@ using System.Globalization;
|
|||||||
using Microsoft.Extensions.Caching.Memory;
|
using Microsoft.Extensions.Caching.Memory;
|
||||||
using Oqtane.Extensions;
|
using Oqtane.Extensions;
|
||||||
using System;
|
using System;
|
||||||
|
using System.ComponentModel.DataAnnotations.Schema;
|
||||||
|
|
||||||
namespace Oqtane.Controllers
|
namespace Oqtane.Controllers
|
||||||
{
|
{
|
||||||
@ -128,7 +129,8 @@ namespace Oqtane.Controllers
|
|||||||
module.Order = pagemodule.Order;
|
module.Order = pagemodule.Order;
|
||||||
module.ContainerType = pagemodule.ContainerType;
|
module.ContainerType = pagemodule.ContainerType;
|
||||||
|
|
||||||
module.ModuleDefinition = moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName);
|
module.ModuleDefinition = FilterModuleDefinition(moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName));
|
||||||
|
|
||||||
module.Settings = settings.Where(item => item.EntityId == pagemodule.ModuleId)
|
module.Settings = settings.Where(item => item.EntityId == pagemodule.ModuleId)
|
||||||
.Where(item => !item.IsPrivate || _userPermissions.IsAuthorized(User, PermissionNames.Edit, pagemodule.Module.PermissionList))
|
.Where(item => !item.IsPrivate || _userPermissions.IsAuthorized(User, PermissionNames.Edit, pagemodule.Module.PermissionList))
|
||||||
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
|
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
|
||||||
@ -152,6 +154,29 @@ namespace Oqtane.Controllers
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private ModuleDefinition FilterModuleDefinition(ModuleDefinition moduleDefinition)
|
||||||
|
{
|
||||||
|
if (moduleDefinition != null)
|
||||||
|
{
|
||||||
|
moduleDefinition.Description = "";
|
||||||
|
moduleDefinition.Categories = "";
|
||||||
|
moduleDefinition.Version = "";
|
||||||
|
moduleDefinition.Owner = "";
|
||||||
|
moduleDefinition.Url = "";
|
||||||
|
moduleDefinition.Contact = "";
|
||||||
|
moduleDefinition.License = "";
|
||||||
|
moduleDefinition.Dependencies = "";
|
||||||
|
moduleDefinition.PermissionNames = "";
|
||||||
|
moduleDefinition.ServerManagerType = "";
|
||||||
|
moduleDefinition.ReleaseVersions = "";
|
||||||
|
moduleDefinition.PackageName = "";
|
||||||
|
moduleDefinition.AssemblyName = "";
|
||||||
|
moduleDefinition.PermissionList = null;
|
||||||
|
moduleDefinition.Template = "";
|
||||||
|
}
|
||||||
|
return moduleDefinition;
|
||||||
|
}
|
||||||
|
|
||||||
// POST api/<controller>
|
// POST api/<controller>
|
||||||
[HttpPost]
|
[HttpPost]
|
||||||
[Authorize(Roles = RoleNames.Host)]
|
[Authorize(Roles = RoleNames.Host)]
|
||||||
|
@ -197,7 +197,7 @@ namespace Oqtane.Extensions
|
|||||||
}
|
}
|
||||||
|
|
||||||
// validate user
|
// validate user
|
||||||
var identity = await ValidateUser(email, id, claims, context.HttpContext);
|
var identity = await ValidateUser(email, id, claims, context.HttpContext, context.Principal);
|
||||||
if (identity.Label == ExternalLoginStatus.Success)
|
if (identity.Label == ExternalLoginStatus.Success)
|
||||||
{
|
{
|
||||||
identity.AddClaim(new Claim("access_token", context.AccessToken));
|
identity.AddClaim(new Claim("access_token", context.AccessToken));
|
||||||
@ -232,7 +232,7 @@ namespace Oqtane.Extensions
|
|||||||
var claims = string.Join(", ", context.Principal.Claims.Select(item => item.Type).ToArray());
|
var claims = string.Join(", ", context.Principal.Claims.Select(item => item.Type).ToArray());
|
||||||
|
|
||||||
// validate user
|
// validate user
|
||||||
var identity = await ValidateUser(email, id, claims, context.HttpContext);
|
var identity = await ValidateUser(email, id, claims, context.HttpContext, context.Principal);
|
||||||
if (identity.Label == ExternalLoginStatus.Success)
|
if (identity.Label == ExternalLoginStatus.Success)
|
||||||
{
|
{
|
||||||
// external roles
|
// external roles
|
||||||
@ -278,7 +278,7 @@ namespace Oqtane.Extensions
|
|||||||
return Task.CompletedTask;
|
return Task.CompletedTask;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static async Task<ClaimsIdentity> ValidateUser(string email, string id, string claims, HttpContext httpContext)
|
private static async Task<ClaimsIdentity> ValidateUser(string email, string id, string claims, HttpContext httpContext, ClaimsPrincipal claimsPrincipal)
|
||||||
{
|
{
|
||||||
var _logger = httpContext.RequestServices.GetRequiredService<ILogManager>();
|
var _logger = httpContext.RequestServices.GetRequiredService<ILogManager>();
|
||||||
ClaimsIdentity identity = new ClaimsIdentity(Constants.AuthenticationScheme);
|
ClaimsIdentity identity = new ClaimsIdentity(Constants.AuthenticationScheme);
|
||||||
@ -427,6 +427,40 @@ namespace Oqtane.Extensions
|
|||||||
user.LastLoginOn = DateTime.UtcNow;
|
user.LastLoginOn = DateTime.UtcNow;
|
||||||
user.LastIPAddress = httpContext.Connection.RemoteIpAddress.ToString();
|
user.LastIPAddress = httpContext.Connection.RemoteIpAddress.ToString();
|
||||||
_users.UpdateUser(user);
|
_users.UpdateUser(user);
|
||||||
|
|
||||||
|
// user profile claims
|
||||||
|
if (!string.IsNullOrEmpty(httpContext.GetSiteSettings().GetValue("ExternalLogin:ProfileClaimTypes", "")))
|
||||||
|
{
|
||||||
|
var _settings = httpContext.RequestServices.GetRequiredService<ISettingRepository>();
|
||||||
|
var _profiles = httpContext.RequestServices.GetRequiredService<IProfileRepository>();
|
||||||
|
var profiles = _profiles.GetProfiles(user.SiteId);
|
||||||
|
foreach (var mapping in httpContext.GetSiteSettings().GetValue("ExternalLogin:ProfileClaimTypes", "").Split(',', StringSplitOptions.RemoveEmptyEntries))
|
||||||
|
{
|
||||||
|
if (mapping.Contains(":"))
|
||||||
|
{
|
||||||
|
var claim = claimsPrincipal.Claims.FirstOrDefault(item => item.Type == mapping.Split(":")[0]);
|
||||||
|
if (claim != null && !string.IsNullOrEmpty(claim.Value))
|
||||||
|
{
|
||||||
|
var profile = profiles.FirstOrDefault(item => item.Name == mapping.Split(":")[1]);
|
||||||
|
if (profile != null)
|
||||||
|
{
|
||||||
|
var setting = _settings.GetSetting(EntityNames.User, user.UserId, profile.Name);
|
||||||
|
if (setting != null)
|
||||||
|
{
|
||||||
|
setting.SettingValue = claim.Value;
|
||||||
|
_settings.UpdateSetting(setting);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
setting = new Setting { EntityName = EntityNames.User, EntityId = user.UserId, SettingName = profile.Name, SettingValue = claim.Value, IsPrivate = profile.IsPrivate };
|
||||||
|
_settings.AddSetting(setting);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
_logger.Log(LogLevel.Information, "ExternalLogin", Enums.LogFunction.Security, "External User Login Successful For {Username} Using Provider {Provider}", user.Username, providerName);
|
_logger.Log(LogLevel.Information, "ExternalLogin", Enums.LogFunction.Security, "External User Login Successful For {Username} Using Provider {Provider}", user.Username, providerName);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -4,14 +4,10 @@ using System.Diagnostics;
|
|||||||
using System.IO;
|
using System.IO;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
using System.Reflection;
|
using System.Reflection;
|
||||||
using System.Security.Policy;
|
|
||||||
using Microsoft.EntityFrameworkCore;
|
using Microsoft.EntityFrameworkCore;
|
||||||
using Microsoft.Extensions.Caching.Memory;
|
using Microsoft.Extensions.Caching.Memory;
|
||||||
using Oqtane.Extensions;
|
|
||||||
using Oqtane.Models;
|
using Oqtane.Models;
|
||||||
using Oqtane.Modules;
|
using Oqtane.Modules;
|
||||||
using Oqtane.Modules.Admin.Roles;
|
|
||||||
using Oqtane.Modules.Admin.Users;
|
|
||||||
using Oqtane.Shared;
|
using Oqtane.Shared;
|
||||||
|
|
||||||
namespace Oqtane.Repository
|
namespace Oqtane.Repository
|
||||||
@ -85,7 +81,7 @@ namespace Oqtane.Repository
|
|||||||
if (permissions.Count == 0)
|
if (permissions.Count == 0)
|
||||||
{
|
{
|
||||||
// no module definition permissions exist for this site
|
// no module definition permissions exist for this site
|
||||||
moduledefinition.PermissionList = ClonePermissions(moduledefinition.PermissionList);
|
moduledefinition.PermissionList = ClonePermissions(siteId, moduledefinition.PermissionList);
|
||||||
_permissions.UpdatePermissions(siteId, EntityNames.ModuleDefinition, moduledefinition.ModuleDefinitionId, moduledefinition.PermissionList);
|
_permissions.UpdatePermissions(siteId, EntityNames.ModuleDefinition, moduledefinition.ModuleDefinitionId, moduledefinition.PermissionList);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -97,7 +93,7 @@ namespace Oqtane.Repository
|
|||||||
else
|
else
|
||||||
{
|
{
|
||||||
// permissions for module definition do not exist for this site
|
// permissions for module definition do not exist for this site
|
||||||
moduledefinition.PermissionList = ClonePermissions(moduledefinition.PermissionList);
|
moduledefinition.PermissionList = ClonePermissions(siteId, moduledefinition.PermissionList);
|
||||||
_permissions.UpdatePermissions(siteId, EntityNames.ModuleDefinition, moduledefinition.ModuleDefinitionId, moduledefinition.PermissionList);
|
_permissions.UpdatePermissions(siteId, EntityNames.ModuleDefinition, moduledefinition.ModuleDefinitionId, moduledefinition.PermissionList);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -239,6 +235,16 @@ namespace Oqtane.Repository
|
|||||||
moduledefinition.ControlTypeTemplate = modulecontroltype.Namespace + "." + Constants.ActionToken + ", " + modulecontroltype.Assembly.GetName().Name;
|
moduledefinition.ControlTypeTemplate = modulecontroltype.Namespace + "." + Constants.ActionToken + ", " + modulecontroltype.Assembly.GetName().Name;
|
||||||
moduledefinition.AssemblyName = assembly.GetName().Name;
|
moduledefinition.AssemblyName = assembly.GetName().Name;
|
||||||
|
|
||||||
|
moduledefinition.IsPortable = false;
|
||||||
|
if (!string.IsNullOrEmpty(moduledefinition.ServerManagerType))
|
||||||
|
{
|
||||||
|
Type servertype = Type.GetType(moduledefinition.ServerManagerType);
|
||||||
|
if (servertype != null && servertype.GetInterface("IPortable") != null)
|
||||||
|
{
|
||||||
|
moduledefinition.IsPortable = true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
if (string.IsNullOrEmpty(moduledefinition.Categories))
|
if (string.IsNullOrEmpty(moduledefinition.Categories))
|
||||||
{
|
{
|
||||||
moduledefinition.Categories = "Common";
|
moduledefinition.Categories = "Common";
|
||||||
@ -283,17 +289,18 @@ namespace Oqtane.Repository
|
|||||||
return moduledefinitions;
|
return moduledefinitions;
|
||||||
}
|
}
|
||||||
|
|
||||||
private List<Permission> ClonePermissions(List<Permission> permissionList)
|
private List<Permission> ClonePermissions(int siteId, List<Permission> permissionList)
|
||||||
{
|
{
|
||||||
var permissions = new List<Permission>();
|
var permissions = new List<Permission>();
|
||||||
foreach (var p in permissionList)
|
foreach (var p in permissionList)
|
||||||
{
|
{
|
||||||
var permission = new Permission();
|
var permission = new Permission();
|
||||||
permission.SiteId = p.SiteId;
|
permission.SiteId = siteId;
|
||||||
permission.EntityName = p.EntityName;
|
permission.EntityName = p.EntityName;
|
||||||
permission.EntityId = p.EntityId;
|
permission.EntityId = p.EntityId;
|
||||||
permission.PermissionName = p.PermissionName;
|
permission.PermissionName = p.PermissionName;
|
||||||
permission.RoleId = p.RoleId;
|
permission.RoleId = p.RoleId;
|
||||||
|
permission.RoleName = p.RoleName;
|
||||||
permission.UserId = p.UserId;
|
permission.UserId = p.UserId;
|
||||||
permission.IsAuthorized = p.IsAuthorized;
|
permission.IsAuthorized = p.IsAuthorized;
|
||||||
permissions.Add(permission);
|
permissions.Add(permission);
|
||||||
|
@ -30,10 +30,17 @@ namespace Oqtane.Repository
|
|||||||
{
|
{
|
||||||
return _cache.GetOrCreate($"permissions:{alias.TenantId}:{siteId}:{entityName}", entry =>
|
return _cache.GetOrCreate($"permissions:{alias.TenantId}:{siteId}:{entityName}", entry =>
|
||||||
{
|
{
|
||||||
|
var roles = _roles.GetRoles(siteId, true).ToList();
|
||||||
|
var permissions = _db.Permission.Where(item => item.SiteId == siteId).Where(item => item.EntityName == entityName).ToList();
|
||||||
|
foreach (var permission in permissions)
|
||||||
|
{
|
||||||
|
if (permission.RoleId != null)
|
||||||
|
{
|
||||||
|
permission.RoleName = roles.Find(item => item.RoleId == permission.RoleId).Name;
|
||||||
|
}
|
||||||
|
}
|
||||||
entry.SlidingExpiration = TimeSpan.FromMinutes(30);
|
entry.SlidingExpiration = TimeSpan.FromMinutes(30);
|
||||||
return _db.Permission.Where(item => item.SiteId == siteId)
|
return permissions;
|
||||||
.Where(item => item.EntityName == entityName)
|
|
||||||
.Include(item => item.Role).ToList(); // eager load roles
|
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
@ -84,15 +91,14 @@ namespace Oqtane.Repository
|
|||||||
permission.SiteId = siteId;
|
permission.SiteId = siteId;
|
||||||
permission.EntityName = (string.IsNullOrEmpty(permission.EntityName)) ? entityName : permission.EntityName;
|
permission.EntityName = (string.IsNullOrEmpty(permission.EntityName)) ? entityName : permission.EntityName;
|
||||||
permission.EntityId = (permission.EntityName == entityName) ? entityId : -1;
|
permission.EntityId = (permission.EntityName == entityName) ? entityId : -1;
|
||||||
if (permission.RoleId == null && permission.Role != null && !string.IsNullOrEmpty(permission.Role.Name))
|
if (permission.UserId == null && permission.RoleId == null && !string.IsNullOrEmpty(permission.RoleName))
|
||||||
{
|
{
|
||||||
var role = roles.FirstOrDefault(item => item.Name == permission.Role.Name);
|
var role = roles.FirstOrDefault(item => item.Name == permission.RoleName);
|
||||||
if (role != null)
|
if (role != null)
|
||||||
{
|
{
|
||||||
permission.RoleId = role.RoleId;
|
permission.RoleId = role.RoleId;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
permission.Role = null;
|
|
||||||
}
|
}
|
||||||
// add or update permissions
|
// add or update permissions
|
||||||
bool modified = false;
|
bool modified = false;
|
||||||
@ -112,7 +118,6 @@ namespace Oqtane.Repository
|
|||||||
if (current.IsAuthorized != permission.IsAuthorized)
|
if (current.IsAuthorized != permission.IsAuthorized)
|
||||||
{
|
{
|
||||||
current.IsAuthorized = permission.IsAuthorized;
|
current.IsAuthorized = permission.IsAuthorized;
|
||||||
current.Role = null; // remove linked reference to Role which can cause errors in EF Core change tracking
|
|
||||||
_db.Entry(current).State = EntityState.Modified;
|
_db.Entry(current).State = EntityState.Modified;
|
||||||
modified = true;
|
modified = true;
|
||||||
}
|
}
|
||||||
@ -129,7 +134,6 @@ namespace Oqtane.Repository
|
|||||||
if (!permissions.Any(item => item.EntityName == permission.EntityName && item.PermissionName == permission.PermissionName
|
if (!permissions.Any(item => item.EntityName == permission.EntityName && item.PermissionName == permission.PermissionName
|
||||||
&& item.EntityId == permission.EntityId && item.RoleId == permission.RoleId && item.UserId == permission.UserId))
|
&& item.EntityId == permission.EntityId && item.RoleId == permission.RoleId && item.UserId == permission.UserId))
|
||||||
{
|
{
|
||||||
permission.Role = null; // remove linked reference to Role which can cause errors in EF Core change tracking
|
|
||||||
_db.Permission.Remove(permission);
|
_db.Permission.Remove(permission);
|
||||||
modified = true;
|
modified = true;
|
||||||
}
|
}
|
||||||
|
@ -52,14 +52,9 @@ namespace Oqtane.Security
|
|||||||
return IsAuthorized(principal, permissionName, _permissions.GetPermissions(siteId, entityName, entityId, permissionName).ToList());
|
return IsAuthorized(principal, permissionName, _permissions.GetPermissions(siteId, entityName, entityId, permissionName).ToList());
|
||||||
}
|
}
|
||||||
|
|
||||||
public bool IsAuthorized(ClaimsPrincipal principal, string permissionName, List<Permission> permissions)
|
public bool IsAuthorized(ClaimsPrincipal principal, string permissionName, List<Permission> permissionList)
|
||||||
{
|
{
|
||||||
return UserSecurity.IsAuthorized(GetUser(principal), permissionName, permissions);
|
return UserSecurity.IsAuthorized(GetUser(principal), permissionName, permissionList);
|
||||||
}
|
|
||||||
|
|
||||||
public bool IsAuthorized(ClaimsPrincipal principal, string permissionName, string permissions)
|
|
||||||
{
|
|
||||||
return UserSecurity.IsAuthorized(GetUser(principal), permissionName, JsonSerializer.Deserialize<List<Permission>>(permissions));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public User GetUser(ClaimsPrincipal principal)
|
public User GetUser(ClaimsPrincipal principal)
|
||||||
@ -106,5 +101,11 @@ namespace Oqtane.Security
|
|||||||
{
|
{
|
||||||
return IsAuthorized(principal, permissionName, _permissions.GetPermissions(_accessor.HttpContext.GetAlias().SiteId, entityName, entityId, permissionName).ToList());
|
return IsAuthorized(principal, permissionName, _permissions.GetPermissions(_accessor.HttpContext.GetAlias().SiteId, entityName, entityId, permissionName).ToList());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Obsolete("IsAuthorized(ClaimsPrincipal principal, string permissionName, string permissions) is deprecated. Use IsAuthorized(ClaimsPrincipal principal, string permissionName, List<Permission> permissionList) instead", false)]
|
||||||
|
public bool IsAuthorized(ClaimsPrincipal principal, string permissionName, string permissions)
|
||||||
|
{
|
||||||
|
return UserSecurity.IsAuthorized(GetUser(principal), permissionName, JsonSerializer.Deserialize<List<Permission>>(permissions));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2,6 +2,7 @@ using System;
|
|||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.ComponentModel.DataAnnotations.Schema;
|
using System.ComponentModel.DataAnnotations.Schema;
|
||||||
using System.Text.Json;
|
using System.Text.Json;
|
||||||
|
using System.Text.Json.Serialization;
|
||||||
|
|
||||||
namespace Oqtane.Models
|
namespace Oqtane.Models
|
||||||
{
|
{
|
||||||
@ -85,18 +86,19 @@ namespace Oqtane.Models
|
|||||||
[NotMapped]
|
[NotMapped]
|
||||||
public bool HasChildren { get; set; }
|
public bool HasChildren { get; set; }
|
||||||
|
|
||||||
|
#region Deprecated Properties
|
||||||
|
|
||||||
[Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
|
[Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
|
[JsonIgnore] // exclude from API payload
|
||||||
public string Permissions
|
public string Permissions
|
||||||
{
|
{
|
||||||
get
|
get
|
||||||
{
|
{
|
||||||
return JsonSerializer.Serialize(PermissionList);
|
return JsonSerializer.Serialize(PermissionList);
|
||||||
}
|
}
|
||||||
set
|
|
||||||
{
|
|
||||||
PermissionList = JsonSerializer.Deserialize<List<Permission>>(Permissions);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#endregion
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -3,6 +3,7 @@ using System;
|
|||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.ComponentModel.DataAnnotations.Schema;
|
using System.ComponentModel.DataAnnotations.Schema;
|
||||||
using System.Text.Json;
|
using System.Text.Json;
|
||||||
|
using System.Text.Json.Serialization;
|
||||||
|
|
||||||
namespace Oqtane.Models
|
namespace Oqtane.Models
|
||||||
{
|
{
|
||||||
@ -109,18 +110,19 @@ namespace Oqtane.Models
|
|||||||
|
|
||||||
#endregion
|
#endregion
|
||||||
|
|
||||||
|
#region Deprecated Properties
|
||||||
|
|
||||||
[Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
|
[Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
|
[JsonIgnore] // exclude from API payload
|
||||||
public string Permissions
|
public string Permissions
|
||||||
{
|
{
|
||||||
get
|
get
|
||||||
{
|
{
|
||||||
return JsonSerializer.Serialize(PermissionList);
|
return JsonSerializer.Serialize(PermissionList);
|
||||||
}
|
}
|
||||||
set
|
|
||||||
{
|
|
||||||
PermissionList = JsonSerializer.Deserialize<List<Permission>>(Permissions);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#endregion
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2,6 +2,7 @@ using System;
|
|||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.ComponentModel.DataAnnotations.Schema;
|
using System.ComponentModel.DataAnnotations.Schema;
|
||||||
using System.Text.Json;
|
using System.Text.Json;
|
||||||
|
using System.Text.Json.Serialization;
|
||||||
using Oqtane.Documentation;
|
using Oqtane.Documentation;
|
||||||
|
|
||||||
namespace Oqtane.Models
|
namespace Oqtane.Models
|
||||||
@ -68,55 +69,75 @@ namespace Oqtane.Models
|
|||||||
// additional IModule properties
|
// additional IModule properties
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public string Owner { get; set; }
|
public string Owner { get; set; }
|
||||||
|
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public string Url { get; set; }
|
public string Url { get; set; }
|
||||||
|
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public string Contact { get; set; }
|
public string Contact { get; set; }
|
||||||
|
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public string License { get; set; }
|
public string License { get; set; }
|
||||||
|
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public string Runtimes { get; set; }
|
public string Runtimes { get; set; }
|
||||||
|
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public string Dependencies { get; set; }
|
public string Dependencies { get; set; }
|
||||||
|
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public string PermissionNames { get; set; }
|
public string PermissionNames { get; set; }
|
||||||
|
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public string ServerManagerType { get; set; }
|
public string ServerManagerType { get; set; }
|
||||||
|
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public string ControlTypeRoutes { get; set; }
|
public string ControlTypeRoutes { get; set; }
|
||||||
|
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public string ReleaseVersions { get; set; }
|
public string ReleaseVersions { get; set; }
|
||||||
|
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public string DefaultAction { get; set; }
|
public string DefaultAction { get; set; }
|
||||||
|
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public string SettingsType { get; set; } // added in 2.0.2
|
public string SettingsType { get; set; } // added in 2.0.2
|
||||||
|
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public string PackageName { get; set; } // added in 2.1.0
|
public string PackageName { get; set; } // added in 2.1.0
|
||||||
|
|
||||||
// internal properties
|
// internal properties
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public int SiteId { get; set; }
|
public int SiteId { get; set; }
|
||||||
|
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public string ControlTypeTemplate { get; set; }
|
public string ControlTypeTemplate { get; set; }
|
||||||
|
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public string AssemblyName { get; set; }
|
public string AssemblyName { get; set; }
|
||||||
|
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public List<Permission> PermissionList { get; set; }
|
public List<Permission> PermissionList { get; set; }
|
||||||
|
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public string Template { get; set; }
|
public string Template { get; set; }
|
||||||
|
|
||||||
|
[NotMapped]
|
||||||
|
public bool IsPortable { get; set; }
|
||||||
|
|
||||||
|
#region Deprecated Properties
|
||||||
|
|
||||||
[Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
|
[Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
|
[JsonIgnore] // exclude from API payload
|
||||||
public string Permissions
|
public string Permissions
|
||||||
{
|
{
|
||||||
get
|
get
|
||||||
{
|
{
|
||||||
return JsonSerializer.Serialize(PermissionList);
|
return JsonSerializer.Serialize(PermissionList);
|
||||||
}
|
}
|
||||||
set
|
|
||||||
{
|
|
||||||
PermissionList = JsonSerializer.Deserialize<List<Permission>>(Permissions);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
#endregion
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -2,6 +2,7 @@ using System;
|
|||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.ComponentModel.DataAnnotations.Schema;
|
using System.ComponentModel.DataAnnotations.Schema;
|
||||||
using System.Text.Json;
|
using System.Text.Json;
|
||||||
|
using System.Text.Json.Serialization;
|
||||||
|
|
||||||
namespace Oqtane.Models
|
namespace Oqtane.Models
|
||||||
{
|
{
|
||||||
@ -115,26 +116,24 @@ namespace Oqtane.Models
|
|||||||
|
|
||||||
#region Deprecated Properties
|
#region Deprecated Properties
|
||||||
|
|
||||||
[Obsolete("This property is deprecated", false)]
|
[Obsolete("The EditMode property is deprecated", false)]
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public bool EditMode { get; set; }
|
public bool EditMode { get; set; }
|
||||||
|
|
||||||
[Obsolete("This property is deprecated", false)]
|
[Obsolete("The LayoutType property is deprecated", false)]
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
public string LayoutType { get; set; }
|
public string LayoutType { get; set; }
|
||||||
|
|
||||||
[Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
|
[Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
|
||||||
[NotMapped]
|
[NotMapped]
|
||||||
|
[JsonIgnore] // exclude from API payload
|
||||||
public string Permissions {
|
public string Permissions {
|
||||||
get
|
get
|
||||||
{
|
{
|
||||||
return JsonSerializer.Serialize(PermissionList);
|
return JsonSerializer.Serialize(PermissionList);
|
||||||
}
|
}
|
||||||
set
|
|
||||||
{
|
|
||||||
PermissionList = JsonSerializer.Deserialize<List<Permission>>(Permissions);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
#endregion
|
#endregion
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,3 +1,7 @@
|
|||||||
|
using System.ComponentModel.DataAnnotations.Schema;
|
||||||
|
using System.Text.Json.Serialization;
|
||||||
|
using System;
|
||||||
|
|
||||||
namespace Oqtane.Models
|
namespace Oqtane.Models
|
||||||
{
|
{
|
||||||
/// <summary>
|
/// <summary>
|
||||||
@ -17,47 +21,41 @@ namespace Oqtane.Models
|
|||||||
public int SiteId { get; set; }
|
public int SiteId { get; set; }
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Name of the Entity these permissions apply to.
|
/// Name of the Entity these permissions apply to (ie. Module )
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public string EntityName { get; set; }
|
public string EntityName { get; set; }
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// ID of the Entity these permissions apply to.
|
/// ID of the Entity these permissions apply to (ie. a ModuleId). A value of -1 indicates the permission applies to all EntityNames regardless of ID (ie. API permissions)
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public int EntityId { get; set; }
|
public int EntityId { get; set; }
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// What this permission is called.
|
/// Name of the permission (ie. View)
|
||||||
/// TODO: todoc - must clarify what exactly this means, I assume any module can give it's own names for Permissions
|
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public string PermissionName { get; set; }
|
public string PermissionName { get; set; }
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// <see cref="Role"/> this permission applies to. So if all users in the Role _Customers_ have this permission, then it would reference that Role.
|
/// <see cref="Role"/> this permission applies to. If null then this is a <see cref="User"/> permission.
|
||||||
/// If null, then the permission doesn't target a role but probably a <see cref="User"/> (see <see cref="UserId"/>).
|
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public int? RoleId { get; set; }
|
public int? RoleId { get; set; }
|
||||||
|
|
||||||
|
/// <summary>
|
||||||
|
/// The role name associated to the RoleId.
|
||||||
|
/// </summary>
|
||||||
|
[NotMapped]
|
||||||
|
public string RoleName { get; set; }
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// <see cref="User"/> this permission applies to.
|
/// <see cref="User"/> this permission applies to. If null then this is a <see cref="Role"/> permission.
|
||||||
/// If null, then the permission doesn't target a User but probably a <see cref="Role"/> (see <see cref="RoleId"/>).
|
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public int? UserId { get; set; }
|
public int? UserId { get; set; }
|
||||||
|
|
||||||
/// <summary>
|
/// <summary>
|
||||||
/// Determines if Authorization is sufficient to receive this permission.
|
/// The type of permission (ie. grant = true, deny = false)
|
||||||
/// </summary>
|
/// </summary>
|
||||||
public bool IsAuthorized { get; set; }
|
public bool IsAuthorized { get; set; }
|
||||||
|
|
||||||
/// <summary>
|
|
||||||
/// Reference to the <see cref="Role"/> based on the <see cref="RoleId"/> - can be nullable.
|
|
||||||
/// </summary>
|
|
||||||
/// <remarks>
|
|
||||||
/// It's not certain if this will always be populated. TODO: todoc/verify
|
|
||||||
/// </remarks>
|
|
||||||
public Role Role { get; set; }
|
|
||||||
|
|
||||||
public Permission()
|
public Permission()
|
||||||
{
|
{
|
||||||
}
|
}
|
||||||
@ -90,17 +88,22 @@ namespace Oqtane.Models
|
|||||||
PermissionName = permissionName;
|
PermissionName = permissionName;
|
||||||
if (!string.IsNullOrEmpty(roleName))
|
if (!string.IsNullOrEmpty(roleName))
|
||||||
{
|
{
|
||||||
Role = new Role { Name = roleName };
|
|
||||||
RoleId = null;
|
RoleId = null;
|
||||||
|
RoleName = roleName;
|
||||||
UserId = null;
|
UserId = null;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
Role = null;
|
|
||||||
RoleId = null;
|
RoleId = null;
|
||||||
|
RoleName = null;
|
||||||
UserId = userId;
|
UserId = userId;
|
||||||
}
|
}
|
||||||
IsAuthorized = isAuthorized;
|
IsAuthorized = isAuthorized;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Obsolete("The Role property is deprecated", false)]
|
||||||
|
[NotMapped]
|
||||||
|
[JsonIgnore] // exclude from API payload
|
||||||
|
public Role Role { get; set; }
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -33,10 +33,6 @@ namespace Oqtane.Models
|
|||||||
{
|
{
|
||||||
return JsonSerializer.Serialize(PermissionList);
|
return JsonSerializer.Serialize(PermissionList);
|
||||||
}
|
}
|
||||||
set
|
|
||||||
{
|
|
||||||
PermissionList = JsonSerializer.Deserialize<List<Permission>>(PagePermissions);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -55,10 +51,6 @@ namespace Oqtane.Models
|
|||||||
{
|
{
|
||||||
return JsonSerializer.Serialize(PermissionList);
|
return JsonSerializer.Serialize(PermissionList);
|
||||||
}
|
}
|
||||||
set
|
|
||||||
{
|
|
||||||
PermissionList = JsonSerializer.Deserialize<List<Permission>>(ModulePermissions);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -20,56 +20,51 @@ namespace Oqtane.Security
|
|||||||
return IsAuthorized(user, permissions);
|
return IsAuthorized(user, permissions);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static bool IsAuthorized(User user, string permissionName, List<Permission> permissions)
|
public static bool IsAuthorized(User user, string permissionName, List<Permission> permissionList)
|
||||||
{
|
{
|
||||||
return IsAuthorized(user, permissions.Where(item => item.PermissionName == permissionName).ToList());
|
return IsAuthorized(user, permissionList.Where(item => item.PermissionName == permissionName).ToList());
|
||||||
}
|
}
|
||||||
|
|
||||||
public static bool IsAuthorized(User user, string permissionName, string permissions)
|
public static bool IsAuthorized(User user, List<Permission> permissionList)
|
||||||
{
|
|
||||||
return IsAuthorized(user, JsonSerializer.Deserialize<List<Permission>>(permissions).Where(item => item.PermissionName == permissionName).ToList());
|
|
||||||
}
|
|
||||||
|
|
||||||
public static bool IsAuthorized(User user, List<Permission> permissions)
|
|
||||||
{
|
{
|
||||||
bool authorized = false;
|
bool authorized = false;
|
||||||
if (permissions != null && permissions.Any())
|
if (permissionList != null && permissionList.Any())
|
||||||
{
|
{
|
||||||
if (user == null)
|
if (user == null)
|
||||||
{
|
{
|
||||||
authorized = IsAuthorized(-1, "", permissions); // user is not authenticated but may have access to resource
|
authorized = IsAuthorized(-1, "", permissionList); // user is not authenticated but may have access to resource
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
authorized = IsAuthorized(user.UserId, user.Roles, permissions);
|
authorized = IsAuthorized(user.UserId, user.Roles, permissionList);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
return authorized;
|
return authorized;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static bool IsAuthorized(int userId, string roles, List<Permission> permissions)
|
private static bool IsAuthorized(int userId, string roles, List<Permission> permissionList)
|
||||||
{
|
{
|
||||||
bool isAuthorized = false;
|
bool isAuthorized = false;
|
||||||
|
|
||||||
if (permissions != null && permissions.Any())
|
if (permissionList != null && permissionList.Any())
|
||||||
{
|
{
|
||||||
// check if denied first
|
// check if denied first
|
||||||
isAuthorized = !permissions.Where(item => !item.IsAuthorized && (
|
isAuthorized = !permissionList.Where(item => !item.IsAuthorized && (
|
||||||
(item.Role != null && (
|
(item.UserId == null && (
|
||||||
(item.Role.Name == RoleNames.Everyone) ||
|
(item.RoleName == RoleNames.Everyone) ||
|
||||||
(item.Role.Name == RoleNames.Unauthenticated && userId == -1) ||
|
(item.RoleName == RoleNames.Unauthenticated && userId == -1) ||
|
||||||
roles.Split(';', StringSplitOptions.RemoveEmptyEntries).Contains(item.Role.Name))) ||
|
roles.Split(';', StringSplitOptions.RemoveEmptyEntries).Contains(item.RoleName))) ||
|
||||||
(item.UserId != null && item.UserId.Value == userId))).Any();
|
(item.UserId != null && item.UserId.Value == userId))).Any();
|
||||||
|
|
||||||
if (isAuthorized)
|
if (isAuthorized)
|
||||||
{
|
{
|
||||||
// then check if authorized
|
// then check if authorized
|
||||||
isAuthorized = permissions.Where(item => item.IsAuthorized && (
|
isAuthorized = permissionList.Where(item => item.IsAuthorized && (
|
||||||
(item.Role != null && (
|
(item.UserId == null && (
|
||||||
(item.Role.Name == RoleNames.Everyone) ||
|
(item.RoleName == RoleNames.Everyone) ||
|
||||||
(item.Role.Name == RoleNames.Unauthenticated && userId == -1) ||
|
(item.RoleName == RoleNames.Unauthenticated && userId == -1) ||
|
||||||
roles.Split(';', StringSplitOptions.RemoveEmptyEntries).Contains(item.Role.Name))) ||
|
roles.Split(';', StringSplitOptions.RemoveEmptyEntries).Contains(item.RoleName))) ||
|
||||||
(item.UserId != null && item.UserId.Value == userId))).Any();
|
(item.UserId != null && item.UserId.Value == userId))).Any();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -79,7 +74,7 @@ namespace Oqtane.Security
|
|||||||
|
|
||||||
public static bool ContainsRole(List<Permission> permissions, string permissionName, string roleName)
|
public static bool ContainsRole(List<Permission> permissions, string permissionName, string roleName)
|
||||||
{
|
{
|
||||||
return permissions.Any(item => item.PermissionName == permissionName && item.Role.Name == roleName);
|
return permissions.Any(item => item.PermissionName == permissionName && item.RoleName == roleName);
|
||||||
}
|
}
|
||||||
|
|
||||||
public static bool ContainsUser(List<Permission> permissions, string permissionName, int userId)
|
public static bool ContainsUser(List<Permission> permissions, string permissionName, int userId)
|
||||||
@ -123,5 +118,11 @@ namespace Oqtane.Security
|
|||||||
}
|
}
|
||||||
return identity;
|
return identity;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Obsolete("IsAuthorized(User user, string permissionName, string permissions) is deprecated. Use IsAuthorized(User user, string permissionName, List<Permission> permissionList) instead", false)]
|
||||||
|
public static bool IsAuthorized(User user, string permissionName, string permissions)
|
||||||
|
{
|
||||||
|
return IsAuthorized(user, JsonSerializer.Deserialize<List<Permission>>(permissions).Where(item => item.PermissionName == permissionName).ToList());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
Reference in New Issue
Block a user