Multi-tenant role authorization

2019-08-25 14:52:25 -04:00
parent ad2d865d7c
commit f037898c6e
34 changed files with 312 additions and 252 deletions
--- a/Oqtane.Server/Controllers/AliasController.cs
+++ b/Oqtane.Server/Controllers/AliasController.cs
@ -1,5 +1,6 @@
 using System.Collections.Generic;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
 using Oqtane.Repository;
 using Oqtane.Models;

@ -31,6 +32,7 @@ namespace Oqtane.Controllers

        // POST api/<controller>
        [HttpPost]
+        [Authorize]
        public Alias Post([FromBody] Alias Alias)
        {
            if (ModelState.IsValid)
@ -42,6 +44,7 @@ namespace Oqtane.Controllers

        // PUT api/<controller>/5
        [HttpPut("{id}")]
+        [Authorize]
        public Alias Put(int id, [FromBody] Alias Alias)
        {
            if (ModelState.IsValid)
@ -52,6 +55,7 @@ namespace Oqtane.Controllers
        }

        // DELETE api/<controller>/5
+        [Authorize]
        [HttpDelete("{id}")]
        public void Delete(int id)
        {
--- a/Oqtane.Server/Controllers/ModuleController.cs
+++ b/Oqtane.Server/Controllers/ModuleController.cs
@ -1,5 +1,6 @@
 using System.Collections.Generic;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
 using Oqtane.Repository;
 using Oqtane.Models;

@ -53,6 +54,7 @@ namespace Oqtane.Controllers

        // POST api/<controller>
        [HttpPost]
+        [Authorize]
        public Module Post([FromBody] Module Module)
        {
            if (ModelState.IsValid)
@ -64,6 +66,7 @@ namespace Oqtane.Controllers

        // PUT api/<controller>/5
        [HttpPut("{id}")]
+        [Authorize]
        public Module Put(int id, [FromBody] Module Module)
        {
            if (ModelState.IsValid)
@ -75,6 +78,7 @@ namespace Oqtane.Controllers

        // DELETE api/<controller>/5
        [HttpDelete("{id}")]
+        [Authorize]
        public void Delete(int id)
        {
            Modules.DeleteModule(id);
--- a/Oqtane.Server/Controllers/PageController.cs
+++ b/Oqtane.Server/Controllers/PageController.cs
@ -1,5 +1,6 @@
 using System.Collections.Generic;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
 using Oqtane.Repository;
 using Oqtane.Models;

@ -38,6 +39,7 @@ namespace Oqtane.Controllers

        // POST api/<controller>
        [HttpPost]
+        [Authorize(Roles = "Administrators")]
        public Page Post([FromBody] Page Page)
        {
            if (ModelState.IsValid)
@ -49,6 +51,7 @@ namespace Oqtane.Controllers

        // PUT api/<controller>/5
        [HttpPut("{id}")]
+        [Authorize(Roles = "Administrators")]
        public Page Put(int id, [FromBody] Page Page)
        {
            if (ModelState.IsValid)
@ -60,6 +63,7 @@ namespace Oqtane.Controllers

        // DELETE api/<controller>/5
        [HttpDelete("{id}")]
+        [Authorize(Roles = "Administrators")]
        public void Delete(int id)
        {
            Pages.DeletePage(id);
--- a/Oqtane.Server/Controllers/PageModuleController.cs
+++ b/Oqtane.Server/Controllers/PageModuleController.cs
@ -1,5 +1,6 @@
 using System.Collections.Generic;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
 using Oqtane.Repository;
 using Oqtane.Models;

@ -31,6 +32,7 @@ namespace Oqtane.Controllers

        // POST api/<controller>
        [HttpPost]
+        [Authorize]
        public PageModule Post([FromBody] PageModule PageModule)
        {
            if (ModelState.IsValid)
@ -42,6 +44,7 @@ namespace Oqtane.Controllers

        // PUT api/<controller>/5
        [HttpPut("{id}")]
+        [Authorize]
        public PageModule Put(int id, [FromBody] PageModule PageModule)
        {
            if (ModelState.IsValid)
@ -53,6 +56,7 @@ namespace Oqtane.Controllers

        // DELETE api/<controller>/5
        [HttpDelete("{id}")]
+        [Authorize]
        public void Delete(int id)
        {
            PageModules.DeletePageModule(id);
--- a/Oqtane.Server/Controllers/RoleController.cs
+++ b/Oqtane.Server/Controllers/RoleController.cs
@ -1,5 +1,6 @@
 using System.Collections.Generic;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
 using Oqtane.Repository;
 using Oqtane.Models;

@ -38,6 +39,7 @@ namespace Oqtane.Controllers

        // POST api/<controller>
        [HttpPost]
+        [Authorize]
        public Role Post([FromBody] Role Role)
        {
            if (ModelState.IsValid)
@ -49,6 +51,7 @@ namespace Oqtane.Controllers

        // PUT api/<controller>/5
        [HttpPut("{id}")]
+        [Authorize]
        public Role Put(int id, [FromBody] Role Role)
        {
            if (ModelState.IsValid)
@ -60,6 +63,7 @@ namespace Oqtane.Controllers

        // DELETE api/<controller>/5
        [HttpDelete("{id}")]
+        [Authorize]
        public void Delete(int id)
        {
            Roles.DeleteRole(id);
--- a/Oqtane.Server/Controllers/SettingController.cs
+++ b/Oqtane.Server/Controllers/SettingController.cs
@ -1,5 +1,6 @@
 using System.Collections.Generic;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
 using Oqtane.Repository;
 using Oqtane.Models;

@ -31,6 +32,7 @@ namespace Oqtane.Controllers

        // POST api/<controller>
        [HttpPost]
+        [Authorize]
        public Setting Post([FromBody] Setting Setting)
        {
            if (ModelState.IsValid)
@ -42,6 +44,7 @@ namespace Oqtane.Controllers

        // PUT api/<controller>/5
        [HttpPut("{id}")]
+        [Authorize]
        public Setting Put(int id, [FromBody] Setting Setting)
        {
            if (ModelState.IsValid)
@ -53,6 +56,7 @@ namespace Oqtane.Controllers

        // DELETE api/<controller>/5
        [HttpDelete("{id}")]
+        [Authorize]
        public void Delete(int id)
        {
            Settings.DeleteSetting(id);
--- a/Oqtane.Server/Controllers/SiteController.cs
+++ b/Oqtane.Server/Controllers/SiteController.cs
@ -1,5 +1,6 @@
 using System.Collections.Generic;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
 using Oqtane.Repository;
 using Oqtane.Models;

@ -31,6 +32,7 @@ namespace Oqtane.Controllers

        // POST api/<controller>
        [HttpPost]
+        [Authorize]
        public Site Post([FromBody] Site Site)
        {
            if (ModelState.IsValid)
@ -42,6 +44,7 @@ namespace Oqtane.Controllers

        // PUT api/<controller>/5
        [HttpPut("{id}")]
+        [Authorize]
        public Site Put(int id, [FromBody] Site Site)
        {
            if (ModelState.IsValid)
@ -53,6 +56,7 @@ namespace Oqtane.Controllers

        // DELETE api/<controller>/5
        [HttpDelete("{id}")]
+        [Authorize]
        public void Delete(int id)
        {
            Sites.DeleteSite(id);
--- a/Oqtane.Server/Controllers/TenantController.cs
+++ b/Oqtane.Server/Controllers/TenantController.cs
@ -1,4 +1,5 @@
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
 using Oqtane.Repository;
 using Oqtane.Models;
 using System.Collections.Generic;
@ -31,6 +32,7 @@ namespace Oqtane.Controllers

        // POST api/<controller>
        [HttpPost]
+        [Authorize]
        public Tenant Post([FromBody] Tenant Tenant)
        {
            if (ModelState.IsValid)
@ -42,6 +44,7 @@ namespace Oqtane.Controllers

        // PUT api/<controller>/5
        [HttpPut("{id}")]
+        [Authorize]
        public Tenant Put(int id, [FromBody] Tenant Tenant)
        {
            if (ModelState.IsValid)
@ -53,6 +56,7 @@ namespace Oqtane.Controllers

        // DELETE api/<controller>/5
        [HttpDelete("{id}")]
+        [Authorize]
        public void Delete(int id)
        {
            Tenants.DeleteTenant(id);
--- a/Oqtane.Server/Controllers/UserController.cs
+++ b/Oqtane.Server/Controllers/UserController.cs
@ -1,10 +1,13 @@
 using System.Collections.Generic;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authentication;
+using Microsoft.AspNetCore.Authorization;
 using Oqtane.Repository;
 using Oqtane.Models;
 using Microsoft.AspNetCore.Identity;
 using System.Threading.Tasks;
 using System.Linq;
+using System.Security.Claims;

 namespace Oqtane.Controllers
 {
@ -105,21 +108,23 @@ namespace Oqtane.Controllers
                    if (result.Succeeded)
                    {
                        user = Users.AddUser(User);
-
-                        SiteUser siteuser = new SiteUser();
-                        siteuser.SiteId = User.SiteId;
-                        siteuser.UserId = user.UserId;
-                        SiteUsers.AddSiteUser(siteuser);
-
-                        List<Role> roles = Roles.GetRoles(user.SiteId).Where(item => item.IsAutoAssigned == true).ToList();
-                        foreach (Role role in roles)
+                        if (!user.IsSuperUser)
                        {
-                            UserRole userrole = new UserRole();
-                            userrole.UserId = user.UserId;
-                            userrole.RoleId = role.RoleId;
-                            userrole.EffectiveDate = null;
-                            userrole.ExpiryDate = null;
-                            UserRoles.AddUserRole(userrole);
+                            SiteUser siteuser = new SiteUser();
+                            siteuser.SiteId = User.SiteId;
+                            siteuser.UserId = user.UserId;
+                            SiteUsers.AddSiteUser(siteuser);
+
+                            List<Role> roles = Roles.GetRoles(user.SiteId).Where(item => item.IsAutoAssigned == true).ToList();
+                            foreach (Role role in roles)
+                            {
+                                UserRole userrole = new UserRole();
+                                userrole.UserId = user.UserId;
+                                userrole.RoleId = role.RoleId;
+                                userrole.EffectiveDate = null;
+                                userrole.ExpiryDate = null;
+                                UserRoles.AddUserRole(userrole);
+                            }
                        }
                    }
                }
@ -129,20 +134,23 @@ namespace Oqtane.Controllers
                    SiteUser siteuser = SiteUsers.GetSiteUser(User.SiteId, user.UserId);
                    if (siteuser == null)
                    {
-                        siteuser = new SiteUser();
-                        siteuser.SiteId = User.SiteId;
-                        siteuser.UserId = user.UserId;
-                        SiteUsers.AddSiteUser(siteuser);
-
-                        List<Role> roles = Roles.GetRoles(User.SiteId).Where(item => item.IsAutoAssigned == true).ToList();
-                        foreach (Role role in roles)
+                        if (!user.IsSuperUser)
                        {
-                            UserRole userrole = new UserRole();
-                            userrole.UserId = user.UserId;
-                            userrole.RoleId = role.RoleId;
-                            userrole.EffectiveDate = null;
-                            userrole.ExpiryDate = null;
-                            UserRoles.AddUserRole(userrole);
+                            siteuser = new SiteUser();
+                            siteuser.SiteId = User.SiteId;
+                            siteuser.UserId = user.UserId;
+                            SiteUsers.AddSiteUser(siteuser);
+
+                            List<Role> roles = Roles.GetRoles(User.SiteId).Where(item => item.IsAutoAssigned == true).ToList();
+                            foreach (Role role in roles)
+                            {
+                                UserRole userrole = new UserRole();
+                                userrole.UserId = user.UserId;
+                                userrole.RoleId = role.RoleId;
+                                userrole.EffectiveDate = null;
+                                userrole.ExpiryDate = null;
+                                UserRoles.AddUserRole(userrole);
+                            }
                        }
                    }
                }
@ -153,6 +161,7 @@ namespace Oqtane.Controllers

        // PUT api/<controller>/5
        [HttpPut("{id}")]
+        [Authorize]
        public User Put(int id, [FromBody] User User)
        {
            if (ModelState.IsValid)
@ -164,6 +173,7 @@ namespace Oqtane.Controllers

        // DELETE api/<controller>/5?siteid=x
        [HttpDelete("{id}")]
+        [Authorize]
        public void Delete(int id, string siteid)
        {
            SiteUser siteuser = SiteUsers.GetSiteUser(id, int.Parse(siteid));
@ -175,7 +185,7 @@ namespace Oqtane.Controllers

        // POST api/<controller>/login
        [HttpPost("login")]
-        public async Task<User> Login([FromBody] User User)
+        public async Task<User> Login([FromBody] User User, bool SetCookie, bool IsPersistent)
        {
            User user = new Models.User { Username = User.Username, IsAuthenticated = false };

@ -202,9 +212,9 @@ namespace Oqtane.Controllers
                            {
                                user.IsAuthenticated = true;
                            }
-                            if (user.IsAuthenticated)
+                            if (user.IsAuthenticated && SetCookie)
                            {
-                                await IdentitySignInManager.SignInAsync(identityuser, User.IsPersistent);
+                                await IdentitySignInManager.SignInAsync(identityuser, IsPersistent);
                            }
                        }
                    }
@ -216,28 +226,36 @@ namespace Oqtane.Controllers

        // POST api/<controller>/logout
        [HttpPost("logout")]
+        [Authorize]
        public async Task Logout([FromBody] User User)
        {
-            await IdentitySignInManager.SignOutAsync();
+            await HttpContext.SignOutAsync(IdentityConstants.ApplicationScheme);
        }

        // GET api/<controller>/current
        [HttpGet("authenticate")]
        public User Authenticate()
        {
-            return new User { Username = User.Identity.Name, IsAuthenticated = User.Identity.IsAuthenticated };
+            User user = new User();
+            user.Username = User.Identity.Name;
+            user.IsAuthenticated = User.Identity.IsAuthenticated;
+            string roles = "";
+            foreach (var claim in User.Claims.Where(item => item.Type == ClaimTypes.Role))
+            {
+                roles += claim.Value + ";";
+            }
+            if (roles != "") roles = ";" + roles;
+            user.Roles = roles;
+            return user;
        }

        private string GetUserRoles(int UserId, int SiteId)
        {
            string roles = "";
-            IEnumerable<UserRole> userroles = UserRoles.GetUserRoles(UserId);
+            IEnumerable<UserRole> userroles = UserRoles.GetUserRoles(UserId, SiteId);
            foreach (UserRole userrole in userroles)
            {
-                if (userrole.Role.SiteId == SiteId)
-                {
-                    roles += userrole.Role.Name + ";";
-                }
+                roles += userrole.Role.Name + ";";
            }
            if (roles != "") roles = ";" + roles;
            return roles;
--- a/Oqtane.Server/Controllers/UserRoleController.cs
+++ b/Oqtane.Server/Controllers/UserRoleController.cs
@ -1,5 +1,6 @@
 using System.Collections.Generic;
 using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Authorization;
 using Oqtane.Repository;
 using Oqtane.Models;

@ -38,6 +39,7 @@ namespace Oqtane.Controllers

        // POST api/<controller>
        [HttpPost]
+        [Authorize]
        public UserRole Post([FromBody] UserRole UserRole)
        {
            if (ModelState.IsValid)
@ -49,6 +51,7 @@ namespace Oqtane.Controllers

        // PUT api/<controller>/5
        [HttpPut("{id}")]
+        [Authorize]
        public UserRole Put(int id, [FromBody] UserRole UserRole)
        {
            if (ModelState.IsValid)
@ -60,6 +63,7 @@ namespace Oqtane.Controllers

        // DELETE api/<controller>/5
        [HttpDelete("{id}")]
+        [Authorize]
        public void Delete(int id)
        {
            UserRoles.DeleteUserRole(id);