Diplomarbeit-Absolventenverein/oqtane.framework
9
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

add API method to get File based on name, and fix permission validation for Folder

Browse Source
This commit is contained in:
sbwalker 2023-07-10 08:44:14 -04:00
parent 9a3b458c45
commit c597c4c234
4 changed files with 34 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Oqtane.Client/Services/FileService.cs
View File

@ -46,6 +46,11 @@ namespace Oqtane.Services
return await GetJsonAsync<File>($"{Apiurl}/{fileId}");
}
public async Task<File> GetFileAsync(int folderId, string name)
{
return await GetJsonAsync<File>($"{Apiurl}/name/{name}/{folderId}");
}
public async Task<File> AddFileAsync(File file)
{
return await PostJsonAsync<File>(Apiurl, file);

10
Oqtane.Client/Services/Interfaces/IFileService.cs
View File

@ -1,5 +1,6 @@
using Oqtane.Models;
using System.Collections.Generic;
using System.Diagnostics.CodeAnalysis;
using System.Threading.Tasks;
namespace Oqtane.Services
@ -33,6 +34,15 @@ namespace Oqtane.Services
/// <returns></returns>
Task<File> GetFileAsync(int fileId);
/// <summary>
/// Get a <see cref="File"/> based on the <see cref="Folder"/> and file name.
/// </summary>
/// <param name="folderId">Reference to the <see cref="Folder"/></param>
/// <param name="name">name of the file
/// </param>
/// <returns></returns>
Task<File> GetFileAsync(int folderId, string name);
/// <summary>
/// Add / store a <see cref="File"/> record.
/// This does not contain the file contents.

16
Oqtane.Server/Controllers/FileController.cs
View File

@ -129,6 +129,22 @@ namespace Oqtane.Controllers
}
}
[HttpGet("name/{name}/{folderId}")]
public Models.File Get(string name, int folderId)
{
Models.File file = _files.GetFile(folderId, name);
if (file != null && file.Folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, file.Folder.PermissionList))
{
return file;
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Get Attempt {Name} For Folder {FolderId}", name, folderId);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return null;
}
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = RoleNames.Registered)]

6
Oqtane.Server/Controllers/FolderController.cs
View File

@ -43,7 +43,7 @@ namespace Oqtane.Controllers
{
foreach (Folder folder in _folders.GetFolders(SiteId))
{
if (_userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.PermissionList))
if (_userPermissions.IsAuthorized(User, PermissionNames.View, folder.PermissionList))
{
folders.Add(folder);
}
@ -64,7 +64,7 @@ namespace Oqtane.Controllers
public Folder Get(int id)
{
Folder folder = _folders.GetFolder(id);
if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.PermissionList))
if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, folder.PermissionList))
{
return folder;
}
@ -85,7 +85,7 @@ namespace Oqtane.Controllers
folderPath += "/";
}
Folder folder = _folders.GetFolder(siteId, folderPath);
if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.PermissionList))
if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, folder.PermissionList))
{
return folder;
}