| @ -4,6 +4,8 @@ | ||||
| @inject IPageService PageService | ||||
| @inject IThemeService  ThemeService | ||||
|  | ||||
| @if (Themes != null) | ||||
| { | ||||
|     <table class="table table-borderless"> | ||||
|         <tr> | ||||
|             <td> | ||||
| @ -139,8 +141,9 @@ | ||||
|             </td> | ||||
|         </tr> | ||||
|     </table> | ||||
| <button type="button" class="btn btn-success" @onclick="SavePage">Save</button> | ||||
| <NavLink class="btn btn-secondary" href="@NavigateUrl()">Cancel</NavLink> | ||||
|     <button type="button" class="btn btn-success" @onclick="SavePage">Save</button> | ||||
|     <NavLink class="btn btn-secondary" href="@NavigateUrl()">Cancel</NavLink> | ||||
| } | ||||
|  | ||||
| @code { | ||||
|     public override SecurityAccessLevel SecurityAccessLevel { get { return SecurityAccessLevel.Admin; } } | ||||
|  | ||||
| @ -4,164 +4,167 @@ | ||||
| @inject IPageService PageService | ||||
| @inject IThemeService  ThemeService | ||||
|  | ||||
| <table class="table table-borderless"> | ||||
|     <tr> | ||||
|         <td> | ||||
|             <label for="Name" class="control-label">Name: </label> | ||||
|         </td> | ||||
|         <td> | ||||
|             <input class="form-control" @bind="@name" /> | ||||
|         </td> | ||||
|     </tr> | ||||
|     <tr> | ||||
|         <td> | ||||
|             <label for="Name" class="control-label">Path: </label> | ||||
|         </td> | ||||
|         <td> | ||||
|             <input class="form-control" @bind="@path" /> | ||||
|         </td> | ||||
|     </tr> | ||||
|     <tr> | ||||
|         <td> | ||||
|             <label for="Name" class="control-label">Parent: </label> | ||||
|         </td> | ||||
|         <td> | ||||
|             <select class="form-control" @onchange="(e => ParentChanged(e))"> | ||||
|                 <option value="-1"><Site Root></option> | ||||
|                 @foreach (Page page in pages) | ||||
|                 { | ||||
|                     if (page.PageId.ToString() == parentid) | ||||
| @if (Themes != null) | ||||
| { | ||||
|     <table class="table table-borderless"> | ||||
|         <tr> | ||||
|             <td> | ||||
|                 <label for="Name" class="control-label">Name: </label> | ||||
|             </td> | ||||
|             <td> | ||||
|                 <input class="form-control" @bind="@name" /> | ||||
|             </td> | ||||
|         </tr> | ||||
|         <tr> | ||||
|             <td> | ||||
|                 <label for="Name" class="control-label">Path: </label> | ||||
|             </td> | ||||
|             <td> | ||||
|                 <input class="form-control" @bind="@path" /> | ||||
|             </td> | ||||
|         </tr> | ||||
|         <tr> | ||||
|             <td> | ||||
|                 <label for="Name" class="control-label">Parent: </label> | ||||
|             </td> | ||||
|             <td> | ||||
|                 <select class="form-control" @onchange="(e => ParentChanged(e))"> | ||||
|                     <option value="-1"><Site Root></option> | ||||
|                     @foreach (Page page in pages) | ||||
|                     { | ||||
|                         <option value="@(page.PageId)" selected>@(new string('-', page.Level * 2))@(page.Name)</option> | ||||
|                     } | ||||
|                     else | ||||
|                     { | ||||
|                         <option value="@(page.PageId)">@(new string('-', page.Level * 2))@(page.Name)</option> | ||||
|                     } | ||||
|                 } | ||||
|             </select> | ||||
|         </td> | ||||
|     </tr> | ||||
|     <tr> | ||||
|         <td> | ||||
|             <label for="Name" class="control-label">Move: </label> | ||||
|         </td> | ||||
|         <td> | ||||
|             <select class="form-control" @bind="@insert"> | ||||
|                 @if (parentid == currentparentid) | ||||
|                 { | ||||
|                     <option value="="><Maintain Current Location></option> | ||||
|                 } | ||||
|                 <option value="<<">To Beginning</option> | ||||
|                 @if (children != null && children.Count > 0) | ||||
|                 { | ||||
|                     <option value="<">Before</option> | ||||
|                     <option value=">">After</option> | ||||
|                 } | ||||
|                 <option value=">>">To End</option> | ||||
|             </select> | ||||
|             @if (children != null && children.Count > 0 && (insert == "<" || insert == ">")) | ||||
|             { | ||||
|                 <select class="form-control" @bind="@childid"> | ||||
|                     <option value="-1"><Select Page></option> | ||||
|                     @foreach (Page page in children) | ||||
|                     { | ||||
|                         <option value="@(page.PageId)">@(page.Name)</option> | ||||
|                         if (page.PageId.ToString() == parentid) | ||||
|                         { | ||||
|                             <option value="@(page.PageId)" selected>@(new string('-', page.Level * 2))@(page.Name)</option> | ||||
|                         } | ||||
|                         else | ||||
|                         { | ||||
|                             <option value="@(page.PageId)">@(new string('-', page.Level * 2))@(page.Name)</option> | ||||
|                         } | ||||
|                     } | ||||
|                 </select> | ||||
|             } | ||||
|         </td> | ||||
|     </tr> | ||||
|     <tr> | ||||
|         <td> | ||||
|             <label for="Name" class="control-label">Navigation? </label> | ||||
|         </td> | ||||
|         <td> | ||||
|             <select class="form-control" @bind="@isnavigation"> | ||||
|                 <option value="True">Yes</option> | ||||
|                 <option value="False">No</option> | ||||
|             </select> | ||||
|         </td> | ||||
|     </tr> | ||||
|     <tr> | ||||
|         <td> | ||||
|             <label for="Name" class="control-label">Personalizable? </label> | ||||
|         </td> | ||||
|         <td> | ||||
|             <select class="form-control" @bind="@ispersonalizable"> | ||||
|                 <option value="True">Yes</option> | ||||
|                 <option value="False">No</option> | ||||
|             </select> | ||||
|         </td> | ||||
|     </tr> | ||||
|     <tr> | ||||
|         <td> | ||||
|             <label for="Name" class="control-label">Default Mode? </label> | ||||
|         </td> | ||||
|         <td> | ||||
|             <select class="form-control" @bind="@mode"> | ||||
|                 <option value="view">View Mode</option> | ||||
|                 <option value="edit">Edit Mode</option> | ||||
|             </select> | ||||
|         </td> | ||||
|     </tr> | ||||
|     <tr> | ||||
|         <td> | ||||
|             <label for="Name" class="control-label">Theme: </label> | ||||
|         </td> | ||||
|         <td> | ||||
|             <select class="form-control" @onchange="(e => ThemeChanged(e))"> | ||||
|                 <option value=""><Select Theme></option> | ||||
|                 @foreach (KeyValuePair<string, string> item in themes) | ||||
|                 { | ||||
|                     if (item.Key == themetype) | ||||
|             </td> | ||||
|         </tr> | ||||
|         <tr> | ||||
|             <td> | ||||
|                 <label for="Name" class="control-label">Move: </label> | ||||
|             </td> | ||||
|             <td> | ||||
|                 <select class="form-control" @bind="@insert"> | ||||
|                     @if (parentid == currentparentid) | ||||
|                     { | ||||
|                         <option value="@item.Key" selected>@item.Value</option> | ||||
|                         <option value="="><Maintain Current Location></option> | ||||
|                     } | ||||
|                     else | ||||
|                     <option value="<<">To Beginning</option> | ||||
|                     @if (children != null && children.Count > 0) | ||||
|                     { | ||||
|                         <option value="@item.Key">@item.Value</option> | ||||
|                         <option value="<">Before</option> | ||||
|                         <option value=">">After</option> | ||||
|                     } | ||||
|                 } | ||||
|             </select> | ||||
|         </td> | ||||
|     </tr> | ||||
|     <tr> | ||||
|         <td> | ||||
|             <label for="Name" class="control-label">Layout: </label> | ||||
|         </td> | ||||
|         <td> | ||||
|             <select class="form-control" @bind="@layouttype"> | ||||
|                 <option value=""><Select Layout></option> | ||||
|                 @foreach (KeyValuePair<string, string> panelayout in panelayouts) | ||||
|                     <option value=">>">To End</option> | ||||
|                 </select> | ||||
|                 @if (children != null && children.Count > 0 && (insert == "<" || insert == ">")) | ||||
|                 { | ||||
|                     <option value="@panelayout.Key">@panelayout.Value</option> | ||||
|                     <select class="form-control" @bind="@childid"> | ||||
|                         <option value="-1"><Select Page></option> | ||||
|                         @foreach (Page page in children) | ||||
|                         { | ||||
|                             <option value="@(page.PageId)">@(page.Name)</option> | ||||
|                         } | ||||
|                     </select> | ||||
|                 } | ||||
|             </select> | ||||
|         </td> | ||||
|     </tr> | ||||
|     <tr> | ||||
|         <td> | ||||
|             <label for="Name" class="control-label">Icon: </label> | ||||
|         </td> | ||||
|         <td> | ||||
|             <input class="form-control" @bind="@icon" /> | ||||
|         </td> | ||||
|     </tr> | ||||
|     <tr> | ||||
|         <td> | ||||
|             <label for="Name" class="control-label">Permissions: </label> | ||||
|         </td> | ||||
|         <td> | ||||
|             <PermissionGrid EntityName="Page" Permissions="@permissions" @ref="permissiongrid" /> | ||||
|         </td> | ||||
|     </tr> | ||||
| </table> | ||||
| <button type="button" class="btn btn-success" @onclick="SavePage">Save</button> | ||||
| <NavLink class="btn btn-secondary" href="@NavigateUrl()">Cancel</NavLink> | ||||
| <br /> | ||||
| <br /> | ||||
| <AuditInfo CreatedBy="@createdby" CreatedOn="@createdon" ModifiedBy="@modifiedby" ModifiedOn="@modifiedon" DeletedBy="@deletedby" DeletedOn="@deletedon"></AuditInfo> | ||||
|             </td> | ||||
|         </tr> | ||||
|         <tr> | ||||
|             <td> | ||||
|                 <label for="Name" class="control-label">Navigation? </label> | ||||
|             </td> | ||||
|             <td> | ||||
|                 <select class="form-control" @bind="@isnavigation"> | ||||
|                     <option value="True">Yes</option> | ||||
|                     <option value="False">No</option> | ||||
|                 </select> | ||||
|             </td> | ||||
|         </tr> | ||||
|         <tr> | ||||
|             <td> | ||||
|                 <label for="Name" class="control-label">Personalizable? </label> | ||||
|             </td> | ||||
|             <td> | ||||
|                 <select class="form-control" @bind="@ispersonalizable"> | ||||
|                     <option value="True">Yes</option> | ||||
|                     <option value="False">No</option> | ||||
|                 </select> | ||||
|             </td> | ||||
|         </tr> | ||||
|         <tr> | ||||
|             <td> | ||||
|                 <label for="Name" class="control-label">Default Mode? </label> | ||||
|             </td> | ||||
|             <td> | ||||
|                 <select class="form-control" @bind="@mode"> | ||||
|                     <option value="view">View Mode</option> | ||||
|                     <option value="edit">Edit Mode</option> | ||||
|                 </select> | ||||
|             </td> | ||||
|         </tr> | ||||
|         <tr> | ||||
|             <td> | ||||
|                 <label for="Name" class="control-label">Theme: </label> | ||||
|             </td> | ||||
|             <td> | ||||
|                 <select class="form-control" @onchange="(e => ThemeChanged(e))"> | ||||
|                     <option value=""><Select Theme></option> | ||||
|                     @foreach (KeyValuePair<string, string> item in themes) | ||||
|                     { | ||||
|                         if (item.Key == themetype) | ||||
|                         { | ||||
|                             <option value="@item.Key" selected>@item.Value</option> | ||||
|                         } | ||||
|                         else | ||||
|                         { | ||||
|                             <option value="@item.Key">@item.Value</option> | ||||
|                         } | ||||
|                     } | ||||
|                 </select> | ||||
|             </td> | ||||
|         </tr> | ||||
|         <tr> | ||||
|             <td> | ||||
|                 <label for="Name" class="control-label">Layout: </label> | ||||
|             </td> | ||||
|             <td> | ||||
|                 <select class="form-control" @bind="@layouttype"> | ||||
|                     <option value=""><Select Layout></option> | ||||
|                     @foreach (KeyValuePair<string, string> panelayout in panelayouts) | ||||
|                     { | ||||
|                         <option value="@panelayout.Key">@panelayout.Value</option> | ||||
|                     } | ||||
|                 </select> | ||||
|             </td> | ||||
|         </tr> | ||||
|         <tr> | ||||
|             <td> | ||||
|                 <label for="Name" class="control-label">Icon: </label> | ||||
|             </td> | ||||
|             <td> | ||||
|                 <input class="form-control" @bind="@icon" /> | ||||
|             </td> | ||||
|         </tr> | ||||
|         <tr> | ||||
|             <td> | ||||
|                 <label for="Name" class="control-label">Permissions: </label> | ||||
|             </td> | ||||
|             <td> | ||||
|                 <PermissionGrid EntityName="Page" Permissions="@permissions" @ref="permissiongrid" /> | ||||
|             </td> | ||||
|         </tr> | ||||
|     </table> | ||||
|     <button type="button" class="btn btn-success" @onclick="SavePage">Save</button> | ||||
|     <NavLink class="btn btn-secondary" href="@NavigateUrl()">Cancel</NavLink> | ||||
|     <br /> | ||||
|     <br /> | ||||
|     <AuditInfo CreatedBy="@createdby" CreatedOn="@createdon" ModifiedBy="@modifiedby" ModifiedOn="@modifiedon" DeletedBy="@deletedby" DeletedOn="@deletedon"></AuditInfo> | ||||
| } | ||||
|  | ||||
| @code { | ||||
|     public override SecurityAccessLevel SecurityAccessLevel { get { return SecurityAccessLevel.Admin; } } | ||||
|  | ||||
| @ -5,8 +5,8 @@ using Oqtane.Repository; | ||||
| using Oqtane.Models; | ||||
| using Oqtane.Shared; | ||||
| using Oqtane.Infrastructure; | ||||
| using System.Security.Claims; | ||||
| using Microsoft.AspNetCore.Http; | ||||
| using Oqtane.Security; | ||||
|  | ||||
| namespace Oqtane.Controllers | ||||
| { | ||||
| @ -14,13 +14,13 @@ namespace Oqtane.Controllers | ||||
|     public class NotificationController : Controller | ||||
|     { | ||||
|         private readonly INotificationRepository Notifications; | ||||
|         private readonly IHttpContextAccessor Accessor; | ||||
|         private readonly IUserPermissions UserPermissions; | ||||
|         private readonly ILogManager logger; | ||||
|  | ||||
|         public NotificationController(INotificationRepository Notifications, IHttpContextAccessor Accessor, ILogManager logger) | ||||
|         public NotificationController(INotificationRepository Notifications, IUserPermissions UserPermissions, ILogManager logger) | ||||
|         { | ||||
|             this.Notifications = Notifications; | ||||
|             this.Accessor = Accessor; | ||||
|             this.UserPermissions = UserPermissions; | ||||
|             this.logger = logger; | ||||
|         } | ||||
|  | ||||
| @ -101,7 +101,7 @@ namespace Oqtane.Controllers | ||||
|             bool authorized = true; | ||||
|             if (userid != null) | ||||
|             { | ||||
|                 authorized = (int.Parse(Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid).Value) == userid); | ||||
|                 authorized = (UserPermissions.GetUser(User).UserId == userid); | ||||
|             } | ||||
|             return authorized; | ||||
|         } | ||||
|  | ||||
| @ -107,7 +107,7 @@ namespace Oqtane.Controllers | ||||
|         { | ||||
|             Page page = null; | ||||
|             Page parent = Pages.GetPage(id); | ||||
|             if (parent != null && parent.IsPersonalizable && !string.IsNullOrEmpty(userid)) | ||||
|             if (parent != null && parent.IsPersonalizable && UserPermissions.GetUser(User).UserId == int.Parse(userid)) | ||||
|             { | ||||
|                 page = new Page(); | ||||
|                 page.SiteId = parent.SiteId; | ||||
|  | ||||
| @ -6,7 +6,6 @@ using Oqtane.Shared; | ||||
| using Oqtane.Security; | ||||
| using Oqtane.Infrastructure; | ||||
| using System.Linq; | ||||
| using System.Security.Claims; | ||||
| using Microsoft.AspNetCore.Http; | ||||
|  | ||||
| namespace Oqtane.Controllers | ||||
| @ -17,15 +16,13 @@ namespace Oqtane.Controllers | ||||
|         private readonly ISettingRepository Settings; | ||||
|         private readonly IPageModuleRepository PageModules; | ||||
|         private readonly IUserPermissions UserPermissions; | ||||
|         private readonly IHttpContextAccessor Accessor; | ||||
|         private readonly ILogManager logger; | ||||
|  | ||||
|         public SettingController(ISettingRepository Settings, IPageModuleRepository PageModules, IUserPermissions UserPermissions, IHttpContextAccessor Accessor, ILogManager logger) | ||||
|         public SettingController(ISettingRepository Settings, IPageModuleRepository PageModules, IUserPermissions UserPermissions, ILogManager logger) | ||||
|         { | ||||
|             this.Settings = Settings; | ||||
|             this.PageModules = PageModules; | ||||
|             this.UserPermissions = UserPermissions; | ||||
|             this.Accessor = Accessor; | ||||
|             this.logger = logger; | ||||
|         } | ||||
|  | ||||
| @ -141,7 +138,7 @@ namespace Oqtane.Controllers | ||||
|                     authorized = true; | ||||
|                     if (PermissionName == "Edit") | ||||
|                     { | ||||
|                         authorized = User.IsInRole(Constants.AdminRole) || (int.Parse(Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid).Value) == EntityId); | ||||
|                         authorized = User.IsInRole(Constants.AdminRole) || (UserPermissions.GetUser(User).UserId == EntityId); | ||||
|                     } | ||||
|                     break; | ||||
|             } | ||||
|  | ||||
| @ -5,8 +5,8 @@ using System.Text.Json; | ||||
| using Oqtane.Repository; | ||||
| using Microsoft.Extensions.Configuration; | ||||
| using Microsoft.AspNetCore.Http; | ||||
| using System.Security.Claims; | ||||
| using System.Collections.Generic; | ||||
| using Oqtane.Security; | ||||
|  | ||||
| namespace Oqtane.Infrastructure | ||||
| { | ||||
| @ -15,13 +15,15 @@ namespace Oqtane.Infrastructure | ||||
|         private readonly ILogRepository Logs; | ||||
|         private readonly ITenantResolver TenantResolver; | ||||
|         private readonly IConfigurationRoot Config; | ||||
|         private readonly IUserPermissions UserPermissions; | ||||
|         private readonly IHttpContextAccessor Accessor; | ||||
|  | ||||
|         public LogManager(ILogRepository Logs, ITenantResolver TenantResolver, IConfigurationRoot Config, IHttpContextAccessor Accessor) | ||||
|         public LogManager(ILogRepository Logs, ITenantResolver TenantResolver, IConfigurationRoot Config, IUserPermissions UserPermissions, IHttpContextAccessor Accessor) | ||||
|         { | ||||
|             this.Logs = Logs; | ||||
|             this.TenantResolver = TenantResolver; | ||||
|             this.Config = Config; | ||||
|             this.UserPermissions = UserPermissions; | ||||
|             this.Accessor = Accessor; | ||||
|         } | ||||
|  | ||||
| @ -37,9 +39,11 @@ namespace Oqtane.Infrastructure | ||||
|             log.SiteId = alias.SiteId; | ||||
|             log.PageId = null; | ||||
|             log.ModuleId = null; | ||||
|             if (Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid) != null) | ||||
|             log.UserId = null; | ||||
|             User user = UserPermissions.GetUser(); | ||||
|             if (user != null) | ||||
|             { | ||||
|                 log.UserId = int.Parse(Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid).Value); | ||||
|                 log.UserId = user.UserId; | ||||
|             } | ||||
|             HttpRequest request = Accessor.HttpContext.Request; | ||||
|             if (request != null) | ||||
|  | ||||
| @ -1,4 +1,5 @@ | ||||
| using System.Security.Claims; | ||||
| using Oqtane.Models; | ||||
| using System.Security.Claims; | ||||
|  | ||||
| namespace Oqtane.Security | ||||
| { | ||||
| @ -6,5 +7,7 @@ namespace Oqtane.Security | ||||
|     { | ||||
|         bool IsAuthorized(ClaimsPrincipal User, string EntityName, int EntityId, string PermissionName); | ||||
|         bool IsAuthorized(ClaimsPrincipal User, string PermissionName, string Permissions); | ||||
|         User GetUser(ClaimsPrincipal User); | ||||
|         User GetUser(); | ||||
|     } | ||||
| } | ||||
|  | ||||
| @ -1,4 +1,5 @@ | ||||
| using Oqtane.Models; | ||||
| using Microsoft.AspNetCore.Http; | ||||
| using Oqtane.Models; | ||||
| using Oqtane.Repository; | ||||
| using System.Linq; | ||||
| using System.Security.Claims; | ||||
| @ -8,10 +9,12 @@ namespace Oqtane.Security | ||||
|     public class UserPermissions : IUserPermissions | ||||
|     { | ||||
|         private readonly IPermissionRepository Permissions; | ||||
|         private readonly IHttpContextAccessor Accessor; | ||||
|  | ||||
|         public UserPermissions(IPermissionRepository Permissions) | ||||
|         public UserPermissions(IPermissionRepository Permissions, IHttpContextAccessor Accessor) | ||||
|         { | ||||
|             this.Permissions = Permissions; | ||||
|             this.Accessor = Accessor; | ||||
|         } | ||||
|  | ||||
|         public bool IsAuthorized(ClaimsPrincipal User, string EntityName, int EntityId, string PermissionName) | ||||
| @ -20,13 +23,22 @@ namespace Oqtane.Security | ||||
|         } | ||||
|  | ||||
|         public bool IsAuthorized(ClaimsPrincipal User, string PermissionName, string Permissions) | ||||
|         { | ||||
|             return UserSecurity.IsAuthorized(GetUser(User), PermissionName, Permissions); | ||||
|         } | ||||
|  | ||||
|         public User GetUser(ClaimsPrincipal User) | ||||
|         { | ||||
|             User user = new User(); | ||||
|             user.Username = ""; | ||||
|             user.IsAuthenticated = false; | ||||
|             user.UserId = -1; | ||||
|             user.Roles = ""; | ||||
|  | ||||
|             if (User != null) | ||||
|             { | ||||
|                 user.Username = User.Identity.Name; | ||||
|                 user.IsAuthenticated = User.Identity.IsAuthenticated; | ||||
|                 var idclaim = User.Claims.Where(item => item.Type == ClaimTypes.PrimarySid).FirstOrDefault(); | ||||
|                 if (idclaim != null) | ||||
|                 { | ||||
| @ -39,7 +51,12 @@ namespace Oqtane.Security | ||||
|                 } | ||||
|             } | ||||
|  | ||||
|             return UserSecurity.IsAuthorized(user, PermissionName, Permissions); | ||||
|             return user; | ||||
|         } | ||||
|  | ||||
|         public User GetUser() | ||||
|         { | ||||
|             return GetUser(Accessor.HttpContext.User); | ||||
|         } | ||||
|     } | ||||
| } | ||||
|  | ||||
		Reference in New Issue
	
	Block a user
	 Shaun Walker
					Shaun Walker