Diplomarbeit-Absolventenverein/oqtane.framework
6
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #5873 from leigh-pointer/SupportCustomRole

Browse Source 
Enhance tab authorization with role and permission checks #5872
This commit is contained in:
Shaun Walker
2025-12-14 15:15:19 -05:00
committed by GitHub
parent 2685c18798 e62268af2e
commit c0c71251ab
2 changed files with 45 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Oqtane.Client/Modules/Controls/TabPanel.razor
View File

@@ -30,6 +30,12 @@ else
[Parameter] [Parameter]
public SecurityAccessLevel? Security { get; set; } // optional - can be used to specify SecurityAccessLevel public SecurityAccessLevel? Security { get; set; } // optional - can be used to specify SecurityAccessLevel
[Parameter]
public string RoleName { get; set; } // optional - can be used to specify Role allowed to view this tab
[Parameter]
public string PermissionName { get; set; } // optional - can be used to specify Permission allowed to view this tab
protected override void OnParametersSet() protected override void OnParametersSet()
{ {
base.OnParametersSet(); base.OnParametersSet();

43
Oqtane.Client/Modules/Controls/TabStrip.razor
View File

@@ -84,12 +84,37 @@
} }
} }
/// <summary>
/// Determines if a tab should be visible based on user permissions.
/// Authorization hierarchy:
/// 1. Host and Admin roles ALWAYS have access (bypass all checks)
/// 2. Check standard SecurityAccessLevel (View, Edit, etc.)
/// 3. If RoleName specified AND user is not Admin/Host, check RoleName
/// 4. If PermissionName specified AND user is not Admin/Host, check PermissionName
/// </summary>
/// <param name="tabPanel">The tab panel to check authorization for</param>
/// <returns>True if user is authorized to see this tab, false otherwise</returns>
private bool IsAuthorized(TabPanel tabPanel) private bool IsAuthorized(TabPanel tabPanel)
{ {
// Step 1: Check for Host-only restriction
if (tabPanel.Security == SecurityAccessLevel.Host)
{
// Only Host users can access Host-level security tabs (Admin users are excluded)
return UserSecurity.IsAuthorized(PageState.User, RoleNames.Host);
}
// Step 2: Admin bypass all other restrictions
if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Admin))
{
return true;
}
var authorized = false; var authorized = false;
// Step 3: Check standard SecurityAccessLevel
switch (tabPanel.Security) switch (tabPanel.Security)
{ {
case null: // security not specified - assume SecurityAccessLevel.Anonymous case null:
authorized = true; authorized = true;
break; break;
case SecurityAccessLevel.Anonymous: case SecurityAccessLevel.Anonymous:
@@ -101,13 +126,23 @@
case SecurityAccessLevel.Edit: case SecurityAccessLevel.Edit:
authorized = UserSecurity.IsAuthorized(PageState.User, PermissionNames.Edit, ModuleState.PermissionList); authorized = UserSecurity.IsAuthorized(PageState.User, PermissionNames.Edit, ModuleState.PermissionList);
break; break;
case SecurityAccessLevel.Admin:
authorized = UserSecurity.IsAuthorized(PageState.User, RoleNames.Admin);
break;
case SecurityAccessLevel.Host: case SecurityAccessLevel.Host:
authorized = UserSecurity.IsAuthorized(PageState.User, RoleNames.Host); authorized = UserSecurity.IsAuthorized(PageState.User, RoleNames.Host);
break; break;
} }
// Step 4: Check RoleName if provided (additional requirement)
if (authorized && !string.IsNullOrEmpty(tabPanel.RoleName))
{
authorized = UserSecurity.IsAuthorized(PageState.User, tabPanel.RoleName);
}
// Step 5: Check PermissionName if provided (additional requirement)
if (authorized && !string.IsNullOrEmpty(tabPanel.PermissionName))
{
authorized = UserSecurity.IsAuthorized(PageState.User, tabPanel.PermissionName, ModuleState.PermissionList);
}
return authorized; return authorized;
} }
} }