Diplomarbeit-Absolventenverein/oqtane.framework
10
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

allow host username to be specified during installation, allow user to be added to host role, refresh user list after delete, improve date/time entry in scheduled jobs, require license acceptance during module and theme install

Browse Source
This commit is contained in:
Shaun Walker
2021-08-06 12:59:56 -04:00
parent 5c42e8e5bc
commit e4201c1a4d
22 changed files with 390 additions and 215 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
Oqtane.Server/Controllers/PackageController.cs
View File

@ -34,6 +34,7 @@ namespace Oqtane.Controllers
// GET: api/<controller>?type=x&search=y
[HttpGet]
[Authorize(Roles = RoleNames.Host)]
public async Task<IEnumerable<Package>> Get(string type, string search)
{
// get packages
@ -52,36 +53,40 @@ namespace Oqtane.Controllers
[HttpPost]
[Authorize(Roles = RoleNames.Host)]
public async Task Post(string packageid, string version, string folder)
public async Task<Package> Post(string packageid, string version, string folder)
{
// get package info
Package package = null;
if (bool.Parse(_configManager.GetSetting("PackageService", "true")) == true)
{
var download = (string.IsNullOrEmpty(folder)) ? "false" : "true";
using (var client = new HttpClient())
{
client.DefaultRequestHeaders.Add("Referer", HttpContext.Request.Scheme + "://" + HttpContext.Request.Host.Value);
client.DefaultRequestHeaders.UserAgent.Add(new ProductInfoHeaderValue(Constants.PackageId, Constants.Version));
package = await GetJson<Package>(client, Constants.PackageRegistryUrl + $"/api/registry/package/?id={_configManager.GetInstallationId()}&package={packageid}&version={version}");
package = await GetJson<Package>(client, Constants.PackageRegistryUrl + $"/api/registry/package/?id={_configManager.GetInstallationId()}&package={packageid}&version={version}&download={download}");
}
if (package != null)
{
using (var httpClient = new HttpClient())
if (bool.Parse(download))
{
folder = Path.Combine(_environment.ContentRootPath, folder);
var response = await httpClient.GetAsync(package.PackageUrl).ConfigureAwait(false);
if (response.IsSuccessStatusCode)
using (var httpClient = new HttpClient())
{
string filename = packageid + "." + version + ".nupkg";
using (var fileStream = new FileStream(Path.Combine(folder, filename), FileMode.Create, FileAccess.Write, FileShare.None))
folder = Path.Combine(_environment.ContentRootPath, folder);
var response = await httpClient.GetAsync(package.PackageUrl).ConfigureAwait(false);
if (response.IsSuccessStatusCode)
{
await response.Content.CopyToAsync(fileStream).ConfigureAwait(false);
string filename = packageid + "." + version + ".nupkg";
using (var fileStream = new FileStream(Path.Combine(folder, filename), FileMode.Create, FileAccess.Write, FileShare.None))
{
await response.Content.CopyToAsync(fileStream).ConfigureAwait(false);
}
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Create, "Could Not Download {PackageUrl}", package.PackageUrl);
}
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Create, "Could Not Download {PackageUrl}", package.PackageUrl);
}
}
}
@ -90,6 +95,7 @@ namespace Oqtane.Controllers
_logger.Log(LogLevel.Error, this, LogFunction.Create, "Package {PackageId}.{Version} Is Not Registered", packageid, version);
}
}
return package;
}
private async Task<T> GetJson<T>(HttpClient httpClient, string url)

25
Oqtane.Server/Controllers/SiteController.cs
View File

@ -54,26 +54,19 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize(Roles = RoleNames.Host)]
public Site Post([FromBody] Site site)
{
if (ModelState.IsValid)
{
bool authorized;
if (!_sites.GetSites().Any())
{
// provision initial site during installation
authorized = true;
site.TenantId = _alias.TenantId;
}
else
{
authorized = User.IsInRole(RoleNames.Host);
}
if (authorized)
{
site = _sites.AddSite(site);
_logger.Log(site.SiteId, LogLevel.Information, this, LogFunction.Create, "Site Added {Site}", site);
}
site = _sites.AddSite(site);
_logger.Log(site.SiteId, LogLevel.Information, this, LogFunction.Create, "Site Added {Site}", site);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Site Post Attempt {Site}", site);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
site = null;
}
return site;
}

16
Oqtane.Server/Controllers/UserController.cs
View File

@ -142,7 +142,7 @@ namespace Oqtane.Controllers
bool verified;
bool allowregistration;
if (user.Username == UserNames.Host || User.IsInRole(RoleNames.Admin))
if (User.IsInRole(RoleNames.Admin))
{
verified = true;
allowregistration = true;
@ -177,18 +177,6 @@ namespace Oqtane.Controllers
_notifications.AddNotification(notification);
}
// assign to host role if this is the host user ( initial installation )
if (user.Username == UserNames.Host)
{
int hostroleid = _roles.GetRoles(user.SiteId, true).Where(item => item.Name == RoleNames.Host).FirstOrDefault().RoleId;
UserRole userrole = new UserRole();
userrole.UserId = newUser.UserId;
userrole.RoleId = hostroleid;
userrole.EffectiveDate = null;
userrole.ExpiryDate = null;
_userRoles.AddUserRole(userrole);
}
// add folder for user
Folder folder = _folders.GetFolder(user.SiteId, Utilities.PathCombine("Users",Path.DirectorySeparatorChar.ToString()));
if (folder != null)
@ -221,7 +209,7 @@ namespace Oqtane.Controllers
}
}
if (newUser != null && user.Username != UserNames.Host)
if (newUser != null)
{
// add auto assigned roles to user for site
List<Role> roles = _roles.GetRoles(user.SiteId).Where(item => item.IsAutoAssigned).ToList();

34
Oqtane.Server/Controllers/UserRoleController.cs
View File

@ -53,7 +53,7 @@ namespace Oqtane.Controllers
public UserRole Get(int id)
{
var userrole = _userRoles.GetUserRole(id);
if (userrole != null && userrole.Role.SiteId == _alias.SiteId)
if (userrole != null && SiteValid(userrole.Role.SiteId))
{
return userrole;
}
@ -71,7 +71,7 @@ namespace Oqtane.Controllers
public UserRole Post([FromBody] UserRole userRole)
{
var role = _roles.GetRole(userRole.RoleId);
if (ModelState.IsValid && role != null && role.SiteId == _alias.SiteId && (User.IsInRole(RoleNames.Host) || role.Name != RoleNames.Host))
if (ModelState.IsValid && role != null && SiteValid(role.SiteId) && RoleValid(role.Name))
{
if (role.Name == RoleNames.Host)
{
@ -100,7 +100,7 @@ namespace Oqtane.Controllers
public UserRole Put(int id, [FromBody] UserRole userRole)
{
var role = _roles.GetRole(userRole.RoleId);
if (ModelState.IsValid && role != null && role.SiteId == _alias.SiteId && _userRoles.GetUserRole(userRole.UserRoleId, false) != null && (User.IsInRole(RoleNames.Host) || role.Name != RoleNames.Host))
if (ModelState.IsValid && role != null && SiteValid(role.SiteId) && RoleValid(role.Name) && _userRoles.GetUserRole(userRole.UserRoleId, false) != null)
{
userRole = _userRoles.UpdateUserRole(userRole);
_syncManager.AddSyncEvent(_alias.TenantId, EntityNames.User, userRole.UserId);
@ -120,24 +120,24 @@ namespace Oqtane.Controllers
[Authorize(Roles = RoleNames.Admin)]
public void Delete(int id)
{
UserRole userRole = _userRoles.GetUserRole(id);
if (userRole != null && userRole.Role.SiteId == _alias.SiteId && (User.IsInRole(RoleNames.Host) || userRole.Role.Name != RoleNames.Host))
UserRole userrole = _userRoles.GetUserRole(id);
if (userrole != null && SiteValid(userrole.Role.SiteId) && RoleValid(userrole.Role.Name))
{
_userRoles.DeleteUserRole(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "User Role Deleted {UserRole}", userRole);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "User Role Deleted {UserRole}", userrole);
if (userRole.Role.Name == RoleNames.Host)
if (userrole.Role.Name == RoleNames.Host)
{
// add site specific user roles to preserve user access
var role = _roles.GetRoles(_alias.SiteId).FirstOrDefault(item => item.Name == RoleNames.Registered);
userRole = _userRoles.AddUserRole(new UserRole { UserId = userRole.UserId, RoleId = role.RoleId, EffectiveDate = null, ExpiryDate = null });
_logger.Log(LogLevel.Information, this, LogFunction.Create, "User Role Added {UserRole}", userRole);
userrole = _userRoles.AddUserRole(new UserRole { UserId = userrole.UserId, RoleId = role.RoleId, EffectiveDate = null, ExpiryDate = null });
_logger.Log(LogLevel.Information, this, LogFunction.Create, "User Role Added {UserRole}", userrole);
role = _roles.GetRoles(_alias.SiteId).FirstOrDefault(item => item.Name == RoleNames.Admin);
userRole = _userRoles.AddUserRole(new UserRole { UserId = userRole.UserId, RoleId = role.RoleId, EffectiveDate = null, ExpiryDate = null });
_logger.Log(LogLevel.Information, this, LogFunction.Create, "User Role Added {UserRole}", userRole);
userrole = _userRoles.AddUserRole(new UserRole { UserId = userrole.UserId, RoleId = role.RoleId, EffectiveDate = null, ExpiryDate = null });
_logger.Log(LogLevel.Information, this, LogFunction.Create, "User Role Added {UserRole}", userrole);
}
_syncManager.AddSyncEvent(_alias.TenantId, EntityNames.User, userRole.UserId);
_syncManager.AddSyncEvent(_alias.TenantId, EntityNames.User, userrole.UserId);
}
else
{
@ -145,5 +145,15 @@ namespace Oqtane.Controllers
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
}
private bool SiteValid(int? SiteId)
{
return (SiteId == _alias.SiteId || (SiteId == null && User.IsInRole(RoleNames.Host)));
}
private bool RoleValid(string RoleName)
{
return (RoleName != RoleNames.Host || User.IsInRole(RoleNames.Host));
}
}
}