fix #4965 - improve user/site management
This commit is contained in:
sbwalker
parent
4793ab4bc9
commit
16477052e2
|
|
@ -58,7 +58,7 @@ else
|
|||
<td>@context.EffectiveDate</td>
|
||||
<td>@context.ExpiryDate</td>
|
||||
<td>
|
||||
<ActionDialog Header="Remove User" Message="@string.Format(Localizer["Confirm.User.DeleteRole"], context.User.DisplayName)" Action="Delete" Security="SecurityAccessLevel.Edit" Class="btn btn-danger" OnClick="@(async () => await DeleteUserRole(context.UserRoleId))" Disabled="@(context.Role.IsAutoAssigned || context.User.Username == UserNames.Host || context.User.UserId == PageState.User.UserId)" ResourceKey="DeleteUserRole" />
|
||||
<ActionDialog Header="Remove User" Message="@string.Format(Localizer["Confirm.User.DeleteRole"], context.User.DisplayName)" Action="Delete" Security="SecurityAccessLevel.Edit" Class="btn btn-danger" OnClick="@(async () => await DeleteUserRole(context.UserRoleId))" Disabled="@(context.User.Username == UserNames.Host || context.User.UserId == PageState.User.UserId)" ResourceKey="DeleteUserRole" />
|
||||
</td>
|
||||
</Row>
|
||||
</Pager>
|
||||
|
|
@ -179,15 +179,21 @@ else
|
|||
}
|
||||
|
||||
private async Task DeleteUserRole(int UserRoleId)
|
||||
{
|
||||
validated = true;
|
||||
var interop = new Interop(JSRuntime);
|
||||
if (await interop.FormValid(form))
|
||||
{
|
||||
try
|
||||
{
|
||||
var userrole = await UserRoleService.GetUserRoleAsync(UserRoleId);
|
||||
if (userrole.Role.Name == RoleNames.Registered)
|
||||
{
|
||||
userrole.ExpiryDate = DateTime.UtcNow;
|
||||
await UserRoleService.UpdateUserRoleAsync(userrole);
|
||||
await logger.LogInformation("User {Username} Expired From Role {Role}", userrole.User.Username, userrole.Role.Name);
|
||||
}
|
||||
else
|
||||
{
|
||||
await UserRoleService.DeleteUserRoleAsync(UserRoleId);
|
||||
await logger.LogInformation("User Removed From Role {UserRoleId}", UserRoleId);
|
||||
await logger.LogInformation("User {Username} Removed From Role {Role}", userrole.User.Username, userrole.Role.Name);
|
||||
}
|
||||
AddModuleMessage(Localizer["Confirm.User.RoleRemoved"], MessageType.Success);
|
||||
await GetUserRoles();
|
||||
StateHasChanged();
|
||||
|
|
@ -198,9 +204,4 @@ else
|
|||
AddModuleMessage(Localizer["Error.User.RemoveRole"], MessageType.Error);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
AddModuleMessage(SharedLocalizer["Message.InfoRequired"], MessageType.Warning);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -51,6 +51,8 @@
|
|||
<input id="displayname" class="form-control" @bind="@displayname" />
|
||||
</div>
|
||||
</div>
|
||||
@if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
|
||||
{
|
||||
<div class="row mb-1 align-items-center">
|
||||
<Label Class="col-sm-3" For="isdeleted" HelpText="Indicate if the user is active" ResourceKey="IsDeleted"></Label>
|
||||
<div class="col-sm-9">
|
||||
|
|
@ -60,6 +62,7 @@
|
|||
</select>
|
||||
</div>
|
||||
</div>
|
||||
}
|
||||
<div class="row mb-1 align-items-center">
|
||||
<Label Class="col-sm-3" For="lastlogin" HelpText="The date and time when the user last signed in" ResourceKey="LastLogin"></Label>
|
||||
<div class="col-sm-9">
|
||||
|
|
@ -127,8 +130,11 @@
|
|||
|
||||
<button type="button" class="btn btn-success" @onclick="SaveUser">@SharedLocalizer["Save"]</button>
|
||||
<NavLink class="btn btn-secondary" href="@NavigateUrl()">@SharedLocalizer["Cancel"]</NavLink>
|
||||
<br />
|
||||
<br />
|
||||
@if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host) && isdeleted == "True")
|
||||
{
|
||||
<ActionDialog Header="Delete User" Message="Are You Sure You Wish To Permanently Delete This User?" Action="Delete" Security="SecurityAccessLevel.Host" Class="btn btn-danger" OnClick="@(async () => await DeleteUser())" ResourceKey="DeleteUser" />
|
||||
}
|
||||
<br /><br />
|
||||
<AuditInfo CreatedBy="@createdby" CreatedOn="@createdon" ModifiedBy="@modifiedby" ModifiedOn="@modifiedon" DeletedBy="@deletedby" DeletedOn="@deletedon"></AuditInfo>
|
||||
}
|
||||
|
||||
|
|
@ -226,8 +232,10 @@
|
|||
user.Password = _password;
|
||||
user.Email = email;
|
||||
user.DisplayName = string.IsNullOrWhiteSpace(displayname) ? username : displayname;
|
||||
|
||||
if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
|
||||
{
|
||||
user.IsDeleted = (isdeleted == null ? true : Boolean.Parse(isdeleted));
|
||||
}
|
||||
|
||||
user = await UserService.UpdateUserAsync(user);
|
||||
if (user != null)
|
||||
|
|
@ -259,6 +267,25 @@
|
|||
}
|
||||
}
|
||||
|
||||
private async Task DeleteUser()
|
||||
{
|
||||
try
|
||||
{
|
||||
if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host) && userid != PageState.User.UserId)
|
||||
{
|
||||
var user = await UserService.GetUserAsync(userid, PageState.Site.SiteId);
|
||||
await UserService.DeleteUserAsync(user.UserId, PageState.Site.SiteId);
|
||||
await logger.LogInformation("User Permanently Deleted {User}", user);
|
||||
NavigationManager.NavigateTo(NavigateUrl());
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
await logger.LogError(ex, "Error Permanently Deleting User {UserId} {Error}", userid, ex.Message);
|
||||
AddModuleMessage(Localizer["Error.DeleteUser"], MessageType.Error);
|
||||
}
|
||||
}
|
||||
|
||||
private bool ValidateProfiles()
|
||||
{
|
||||
foreach (Profile profile in profiles)
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ else
|
|||
<ActionLink Action="Edit" Text="Edit" Parameters="@($"id=" + context.UserId.ToString())" Security="SecurityAccessLevel.Edit" ResourceKey="EditUser" />
|
||||
</td>
|
||||
<td>
|
||||
<ActionDialog Header="Delete User" Message="@string.Format(Localizer["Confirm.User.Delete"], context.User.DisplayName)" Action="Delete" Security="SecurityAccessLevel.Edit" Class="btn btn-danger" OnClick="@(async () => await DeleteUser(context))" Disabled="@(context.UserId == PageState.User.UserId)" ResourceKey="DeleteUser" />
|
||||
<ActionDialog Header="Delete User" Message="@string.Format(Localizer["Confirm.User.Delete"], context.User.DisplayName)" Action="Delete" Security="SecurityAccessLevel.Edit" Class="btn btn-danger" OnClick="@(async () => await DeleteUser(context))" Disabled="@(context.UserId == PageState.User.UserId || context.User.IsDeleted)" ResourceKey="DeleteUser" />
|
||||
</td>
|
||||
<td>
|
||||
<ActionLink Action="Roles" Text="Roles" Parameters="@($"id=" + context.UserId.ToString())" Security="SecurityAccessLevel.Edit" ResourceKey="Roles" />
|
||||
|
|
@ -610,20 +610,32 @@ else
|
|||
private async Task DeleteUser(UserRole UserRole)
|
||||
{
|
||||
try
|
||||
{
|
||||
if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
|
||||
{
|
||||
var user = await UserService.GetUserAsync(UserRole.UserId, PageState.Site.SiteId);
|
||||
if (user != null)
|
||||
{
|
||||
await UserService.DeleteUserAsync(user.UserId, PageState.Site.SiteId);
|
||||
await logger.LogInformation("User Deleted {User}", UserRole.User);
|
||||
user.IsDeleted = true;
|
||||
await UserService.UpdateUserAsync(user);
|
||||
await logger.LogInformation("User Soft Deleted {User}", user);
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
var userrole = await UserRoleService.GetUserRoleAsync(UserRole.UserRoleId);
|
||||
userrole.ExpiryDate = DateTime.UtcNow;
|
||||
await UserRoleService.UpdateUserRoleAsync(userrole);
|
||||
await logger.LogInformation("User {Username} Expired From Role {Role}", userrole.User.Username, userrole.Role.Name);
|
||||
}
|
||||
AddModuleMessage(Localizer["Success.DeleteUser"], MessageType.Success);
|
||||
await LoadUsersAsync(true);
|
||||
StateHasChanged();
|
||||
}
|
||||
}
|
||||
catch (Exception ex)
|
||||
{
|
||||
await logger.LogError(ex, "Error Deleting User {User} {Error}", UserRole.User, ex.Message);
|
||||
AddModuleMessage(ex.Message, MessageType.Error);
|
||||
AddModuleMessage(Localizer["Error.DeleteUser"], MessageType.Error);
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -63,7 +63,7 @@ else
|
|||
<td>@Utilities.UtcAsLocalDate(context.EffectiveDate)</td>
|
||||
<td>@Utilities.UtcAsLocalDate(context.ExpiryDate)</td>
|
||||
<td>
|
||||
<ActionDialog Header="Remove Role" Message="@string.Format(Localizer["Confirm.User.RemoveRole"], context.Role.Name)" Action="Delete" Security="SecurityAccessLevel.Edit" Class="btn btn-danger" OnClick="@(async () => await DeleteUserRole(context.UserRoleId))" Disabled="@(context.Role.IsAutoAssigned || (context.Role.Name == RoleNames.Host && userid == PageState.User.UserId))" ResourceKey="DeleteUserRole" />
|
||||
<ActionDialog Header="Remove Role" Message="@string.Format(Localizer["Confirm.User.RemoveRole"], context.Role.Name)" Action="Delete" Security="SecurityAccessLevel.Edit" Class="btn btn-danger" OnClick="@(async () => await DeleteUserRole(context.UserRoleId))" Disabled="@(context.Role.Name == RoleNames.Host && userid == PageState.User.UserId)" ResourceKey="DeleteUserRole" />
|
||||
</td>
|
||||
</Row>
|
||||
</Pager>
|
||||
|
|
@ -170,9 +170,19 @@ else
|
|||
private async Task DeleteUserRole(int UserRoleId)
|
||||
{
|
||||
try
|
||||
{
|
||||
var userrole = await UserRoleService.GetUserRoleAsync(UserRoleId);
|
||||
if (userrole.Role.Name == RoleNames.Registered)
|
||||
{
|
||||
userrole.ExpiryDate = DateTime.UtcNow;
|
||||
await UserRoleService.UpdateUserRoleAsync(userrole);
|
||||
await logger.LogInformation("User {Username} Expired From Role {Role}", userrole.User.Username, userrole.Role.Name);
|
||||
}
|
||||
else
|
||||
{
|
||||
await UserRoleService.DeleteUserRoleAsync(UserRoleId);
|
||||
await logger.LogInformation("User Removed From Role {UserRoleId}", UserRoleId);
|
||||
await logger.LogInformation("User {Username} Removed From Role {Role}", userrole.User.Username, userrole.Role.Name);
|
||||
}
|
||||
AddModuleMessage(Localizer["Success.User.Remove"], MessageType.Success);
|
||||
await GetUserRoles();
|
||||
StateHasChanged();
|
||||
|
|
|
|||
|
|
@ -195,4 +195,13 @@
|
|||
<data name="LastLogin.Text" xml:space="preserve">
|
||||
<value>Last Login:</value>
|
||||
</data>
|
||||
<data name="DeleteUser.Header" xml:space="preserve">
|
||||
<value>Delete User</value>
|
||||
</data>
|
||||
<data name="DeleteUser.Text" xml:space="preserve">
|
||||
<value>Delete</value>
|
||||
</data>
|
||||
<data name="DeleteUser.Message" xml:space="preserve">
|
||||
<value>Are You Sure You Wish To Permanently Delete This User?</value>
|
||||
</data>
|
||||
</root>
|
||||
|
|
@ -501,4 +501,10 @@
|
|||
<data name="SaveTokens.HelpText" xml:space="preserve">
|
||||
<value>Specify whether access and refresh tokens should be saved after a successful login. The default is false to reduce the size of the authentication cookie.</value>
|
||||
</data>
|
||||
<data name="Success.DeleteUser" xml:space="preserve">
|
||||
<value>User Deleted Successfully</value>
|
||||
</data>
|
||||
<data name="Error.DeleteUser" xml:space="preserve">
|
||||
<value>Error Deleting User</value>
|
||||
</data>
|
||||
</root>
|
||||
|
|
@ -427,7 +427,7 @@
|
|||
<value>At Least One Uppercase Letter</value>
|
||||
</data>
|
||||
<data name="Password.ValidationCriteria" xml:space="preserve">
|
||||
<value>Passwords Must Have A Minimum Length Of {0} Characters, Including At Least {1} Unique Character(s), {2}{3}{4}{5} To Satisfy Password Compexity Requirements For This Site.</value>
|
||||
<value>Passwords Must Have A Minimum Length Of {0} Characters, Including At Least {1} Unique Character(s), {2}{3}{4}{5} To Satisfy Password Complexity Requirements For This Site.</value>
|
||||
</data>
|
||||
<data name="ProfileInvalid" xml:space="preserve">
|
||||
<value>{0} Is Not Valid</value>
|
||||
|
|
|
|||
|
|
@ -217,7 +217,7 @@ namespace Oqtane.Controllers
|
|||
|
||||
// DELETE api/<controller>/5?siteid=x
|
||||
[HttpDelete("{id}")]
|
||||
[Authorize(Policy = $"{EntityNames.User}:{PermissionNames.Write}:{RoleNames.Admin}")]
|
||||
[Authorize(Policy = $"{EntityNames.User}:{PermissionNames.Write}:{RoleNames.Host}")]
|
||||
public async Task Delete(int id, string siteid)
|
||||
{
|
||||
User user = _users.GetUser(id, false);
|
||||
|
|
|
|||
|
|
@ -524,11 +524,6 @@ namespace Oqtane.Extensions
|
|||
// manage user
|
||||
if (user != null)
|
||||
{
|
||||
// update user
|
||||
user.LastLoginOn = DateTime.UtcNow;
|
||||
user.LastIPAddress = httpContext.Connection.RemoteIpAddress.ToString();
|
||||
_users.UpdateUser(user);
|
||||
|
||||
// manage roles
|
||||
var _userRoles = httpContext.RequestServices.GetRequiredService<IUserRoleRepository>();
|
||||
var userRoles = _userRoles.GetUserRoles(user.UserId, user.SiteId).ToList();
|
||||
|
|
@ -588,6 +583,14 @@ namespace Oqtane.Extensions
|
|||
}
|
||||
}
|
||||
|
||||
var userrole = userRoles.FirstOrDefault(item => item.Role.Name == RoleNames.Registered);
|
||||
if (!user.IsDeleted && userrole != null && Utilities.IsEffectiveAndNotExpired(userrole.EffectiveDate, userrole.ExpiryDate))
|
||||
{
|
||||
// update user
|
||||
user.LastLoginOn = DateTime.UtcNow;
|
||||
user.LastIPAddress = httpContext.Connection.RemoteIpAddress.ToString();
|
||||
_users.UpdateUser(user);
|
||||
|
||||
// create claims identity
|
||||
identityuser = await _identityUserManager.FindByNameAsync(user.Username);
|
||||
user.SecurityStamp = identityuser.SecurityStamp;
|
||||
|
|
@ -647,6 +650,12 @@ namespace Oqtane.Extensions
|
|||
|
||||
_logger.Log(LogLevel.Information, "ExternalLogin", Enums.LogFunction.Security, "External User Login Successful For {Username} From IP Address {IPAddress} Using Provider {Provider}", user.Username, httpContext.Connection.RemoteIpAddress.ToString(), providerName);
|
||||
}
|
||||
else
|
||||
{
|
||||
identity.Label = ExternalLoginStatus.AccessDenied;
|
||||
_logger.Log(LogLevel.Error, "ExternalLogin", Enums.LogFunction.Security, "External User Login Denied For {Username}. User Account Is Deleted Or Not An Active Member Of Site {SiteId}.", user.Username, user.SiteId);
|
||||
}
|
||||
}
|
||||
}
|
||||
else // claims invalid
|
||||
{
|
||||
|
|
|
|||
|
|
@ -363,10 +363,13 @@ namespace Oqtane.Managers
|
|||
}
|
||||
else
|
||||
{
|
||||
user = _users.GetUser(identityuser.UserName);
|
||||
if (await _identityUserManager.IsEmailConfirmedAsync(identityuser))
|
||||
{
|
||||
user = GetUser(identityuser.UserName, alias.SiteId);
|
||||
if (user != null)
|
||||
{
|
||||
if (await _identityUserManager.IsEmailConfirmedAsync(identityuser))
|
||||
// ensure user is registered for site
|
||||
if (user.Roles.Contains(RoleNames.Registered))
|
||||
{
|
||||
user.IsAuthenticated = true;
|
||||
user.LastLoginOn = DateTime.UtcNow;
|
||||
|
|
@ -383,10 +386,15 @@ namespace Oqtane.Managers
|
|||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Email Address Not Verified {Username}", user.Username);
|
||||
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User {Username} Is Not An Active Member Of Site {SiteId}", user.Username, alias.SiteId);
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
_logger.Log(LogLevel.Information, this, LogFunction.Security, "User Email Address Not Verified {Username}", user.Username);
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user