Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

add API method to get File based on name, and fix permission validation for Folder

Browse Source
This commit is contained in:
sbwalker
2023-07-10 08:44:14 -04:00
parent 9a3b458c45
commit c597c4c234
4 changed files with 34 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
Oqtane.Server/Controllers/FileController.cs
View File

@ -129,6 +129,22 @@ namespace Oqtane.Controllers
}
}
[HttpGet("name/{name}/{folderId}")]
public Models.File Get(string name, int folderId)
{
Models.File file = _files.GetFile(folderId, name);
if (file != null && file.Folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, file.Folder.PermissionList))
{
return file;
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Get Attempt {Name} For Folder {FolderId}", name, folderId);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return null;
}
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = RoleNames.Registered)]

6
Oqtane.Server/Controllers/FolderController.cs
View File

@ -43,7 +43,7 @@ namespace Oqtane.Controllers
{
foreach (Folder folder in _folders.GetFolders(SiteId))
{
if (_userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.PermissionList))
if (_userPermissions.IsAuthorized(User, PermissionNames.View, folder.PermissionList))
{
folders.Add(folder);
}
@ -64,7 +64,7 @@ namespace Oqtane.Controllers
public Folder Get(int id)
{
Folder folder = _folders.GetFolder(id);
if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.PermissionList))
if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, folder.PermissionList))
{
return folder;
}
@ -85,7 +85,7 @@ namespace Oqtane.Controllers
folderPath += "/";
}
Folder folder = _folders.GetFolder(siteId, folderPath);
if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.PermissionList))
if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, folder.PermissionList))
{
return folder;
}