kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #62 from sbwalker/master

Browse Source 
Permission-based authorization utilizing Policies
This commit is contained in:
Shaun Walker 2019-08-27 17:15:46 -04:00 committed by GitHub
commit 1ea9d8f42d
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
54 changed files with 1104 additions and 388 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
Oqtane.Client/Modules/Admin/Admin/Index.razor
View File

@ -2,6 +2,7 @@
@using Oqtane.Modules
@using Oqtane.Services
@using Oqtane.Models;
@using Oqtane.Security
@using Oqtane.Client.Modules.Controls
@inherits ModuleBase
@inject IPageService PageService
@ -10,7 +11,7 @@
<ul class="list-group">
@foreach (var p in pages)
{
if (p.IsNavigation && UserService.IsAuthorized(PageState.User, p.ViewPermissions))
if (p.IsNavigation && UserSecurity.IsAuthorized(PageState.User, "View", p.Permissions))
{
string url = NavigateUrl(p.Path);
<li class="list-group-item">

8
Oqtane.Client/Modules/Admin/ModuleSettings/Index.razor
View File

@ -3,6 +3,7 @@
@using Oqtane.Models
@using Oqtane.Modules
@using Oqtane.Shared
@using Oqtane.Security
@using Oqtane.Client.Modules.Controls
@inherits ModuleBase
@inject IUriHelper UriHelper
@ -89,8 +90,8 @@
title = ModuleState.Title;
containers = ThemeService.GetContainerTypes(await ThemeService.GetThemesAsync());
containertype = ModuleState.ContainerType;
viewpermissions = ModuleState.ViewPermissions;
editpermissions = ModuleState.EditPermissions;
viewpermissions = UserSecurity.GetPermissions("View", ModuleState.Permissions);
editpermissions = UserSecurity.GetPermissions("Edit", ModuleState.Permissions);
pageid = ModuleState.PageId.ToString();
DynamicComponent = builder =>
@ -108,8 +109,7 @@
private async Task SaveModule()
{
Module module = ModuleState;
module.ViewPermissions = viewpermissions;
module.EditPermissions = editpermissions;
module.Permissions = UserSecurity.SetPermissions("View", viewpermissions) + UserSecurity.SetPermissions("Edit", editpermissions);
await ModuleService.UpdateModuleAsync(module);
PageModule pagemodule = await PageModuleService.GetPageModuleAsync(ModuleState.PageModuleId);

12
Oqtane.Client/Modules/Admin/Pages/Add.razor
View File

@ -1,15 +1,16 @@
@using Microsoft.AspNetCore.Components.Routing
@using Oqtane.Client.Modules.Controls
@using Oqtane.Models
@using Oqtane.Services
@using Oqtane.Modules
@using Oqtane.Shared
@using Oqtane.Security
@inherits ModuleBase
@inject IUriHelper UriHelper
@inject IPageService PageService
@inject IThemeService ThemeService
@((MarkupString)message)
<ModuleMessage Message="@message" />
<table class="form-group">
<tr>
<td>
@ -144,7 +145,7 @@
}
catch (Exception ex)
{
message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
message = ex.Message;
}
}
@ -180,8 +181,7 @@
}
System.Reflection.PropertyInfo property = type.GetProperty("Panes");
page.Panes = (string)property.GetValue(Activator.CreateInstance(type), null);
page.ViewPermissions = viewpermissions;
page.EditPermissions = editpermissions;
page.Permissions = UserSecurity.SetPermissions("View", viewpermissions) + UserSecurity.SetPermissions("Edit", editpermissions);
await PageService.AddPageAsync(page);
PageState.Reload = Constants.ReloadSite;
@ -196,7 +196,7 @@
}
catch (Exception ex)
{
message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
message = ex.Message;
}
}
}

13
Oqtane.Client/Modules/Admin/Pages/Delete.razor
View File

@ -1,15 +1,16 @@
@using Microsoft.AspNetCore.Components.Routing
@using Oqtane.Client.Modules.Controls
@using Oqtane.Models
@using Oqtane.Services
@using Oqtane.Modules
@using Oqtane.Shared
@using Oqtane.Client.Modules.Controls
@using Oqtane.Security
@inherits ModuleBase
@inject IUriHelper UriHelper
@inject IPageService PageService
@inject IThemeService ThemeService
@((MarkupString)message)
<ModuleMessage Message="@message" />
<table class="form-group">
<tr>
@ -163,8 +164,8 @@
themetype = page.ThemeType;
layouttype = page.LayoutType;
icon = page.Icon;
viewpermissions = page.ViewPermissions;
editpermissions = page.EditPermissions;
viewpermissions = UserSecurity.GetPermissions("View", page.Permissions);
editpermissions = UserSecurity.GetPermissions("Edit", page.Permissions);
createdby = page.CreatedBy;
createdon = page.CreatedOn;
modifiedby = page.ModifiedBy;
@ -173,7 +174,7 @@
}
catch (Exception ex)
{
message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
message = ex.Message;
}
}
@ -194,7 +195,7 @@
}
catch (Exception ex)
{
message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
message = ex.Message;
}
}
}

16
Oqtane.Client/Modules/Admin/Pages/Edit.razor
View File

@ -1,15 +1,16 @@
@using Microsoft.AspNetCore.Components.Routing
@using Oqtane.Client.Modules.Controls
@using Oqtane.Models
@using Oqtane.Services
@using Oqtane.Modules
@using Oqtane.Shared
@using Oqtane.Client.Modules.Controls
@using Oqtane.Security
@inherits ModuleBase
@inject IUriHelper UriHelper
@inject IPageService PageService
@inject IThemeService ThemeService
@((MarkupString)message)
<ModuleMessage Message="@message" />
<table class="form-group">
<tr>
@ -170,8 +171,8 @@
themetype = page.ThemeType;
layouttype = page.LayoutType;
icon = page.Icon;
viewpermissions = page.ViewPermissions;
editpermissions = page.EditPermissions;
viewpermissions = UserSecurity.GetPermissions("View", page.Permissions);
editpermissions = UserSecurity.GetPermissions("Edit", page.Permissions);
createdby = page.CreatedBy;
createdon = page.CreatedOn;
modifiedby = page.ModifiedBy;
@ -180,7 +181,7 @@
}
catch (Exception ex)
{
message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
message = ex.Message;
}
}
@ -216,8 +217,7 @@
}
System.Reflection.PropertyInfo property = type.GetProperty("Panes");
page.Panes = (string)property.GetValue(Activator.CreateInstance(type), null);
page.ViewPermissions = viewpermissions;
page.EditPermissions = editpermissions;
page.Permissions = UserSecurity.SetPermissions("View", viewpermissions) + UserSecurity.SetPermissions("Edit", editpermissions);
await PageService.UpdatePageAsync(page);
PageState.Reload = Constants.ReloadSite;
@ -232,7 +232,7 @@
}
catch (Exception ex)
{
message = "<div class=\"alert alert-danger\" role=\"alert\">" + ex.Message + "</div><br /><br />";
message = ex.Message;
}
}
}

4
Oqtane.Client/Modules/Admin/Pages/Index.razor
View File

@ -1,7 +1,7 @@
@using Oqtane.Services
@using Oqtane.Client.Modules.Controls
@using Oqtane.Services
@using Oqtane.Models
@using Oqtane.Modules
@using Oqtane.Client.Modules.Controls
@inherits ModuleBase
@inject IPageService PageService

12
Oqtane.Client/Modules/Admin/Register/Index.razor
View File

@ -9,7 +9,7 @@
<div class="container">
<div class="form-group">
<label for="Username" class="control-label">Email: </label>
<input type="text" name="Username" class="form-control" placeholder="Username" @bind="@Username" />
<input type="text" name="Username" class="form-control" placeholder="Username" @bind="@Email" />
</div>
<div class="form-group">
<label for="Password" class="control-label">Password: </label>
@ -22,17 +22,17 @@
@code {
public override SecurityAccessLevel SecurityAccessLevel { get { return SecurityAccessLevel.Anonymous; } }
public string Username { get; set; } = "";
public string Email { get; set; } = "";
public string Password { get; set; } = "";
private async Task RegisterUser()
{
User user = new User();
user.SiteId = PageState.Site.SiteId;
user.Username = Username;
user.DisplayName = Username;
user.Roles = "Administrators;";
user.IsSuperUser = false;
user.Username = Email;
user.DisplayName = Email;
user.Email = Email;
user.IsHost = false;
user.Password = Password;
await UserService.AddUserAsync(user);
UriHelper.NavigateTo("");

5
Oqtane.Client/Modules/Admin/Sites/Add.razor
View File

@ -2,6 +2,8 @@
@using Oqtane.Models
@using Oqtane.Services
@using Oqtane.Modules
@using Oqtane.Shared
@using Oqtane.Security
@inherits ModuleBase
@inject IUriHelper UriHelper
@inject ITenantService TenantService
@ -102,8 +104,7 @@ else
Type type = Type.GetType(p.ThemeType);
System.Reflection.PropertyInfo property = type.GetProperty("Panes");
p.Panes = (string)property.GetValue(Activator.CreateInstance(type), null);
p.ViewPermissions = "All Users";
p.EditPermissions = "Administrators";
p.Permissions = UserSecurity.SetPermissions("View", Constants.AllUsersRole) + UserSecurity.SetPermissions("Edit", Constants.AdminRole);
await PageService.AddPageAsync(p);
UriHelper.NavigateTo(url, true);

12
Oqtane.Client/Modules/Controls/ActionLink.razor
View File

@ -2,6 +2,7 @@
@using Oqtane.Modules
@using Oqtane.Services
@using Oqtane.Shared
@using Oqtane.Security
@inherits ModuleBase
@inject IUserService UserService
@ -70,19 +71,16 @@
authorized = true;
break;
case SecurityAccessLevel.View:
authorized = UserService.IsAuthorized(PageState.User, ModuleState.ViewPermissions);
authorized = UserSecurity.IsAuthorized(PageState.User, "View", ModuleState.Permissions);
break;
case SecurityAccessLevel.Edit:
authorized = UserService.IsAuthorized(PageState.User, ModuleState.EditPermissions);
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions);
break;
case SecurityAccessLevel.Admin:
authorized = UserService.IsAuthorized(PageState.User, Constants.AdminRole);
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.AdminRole));
break;
case SecurityAccessLevel.Host:
if (PageState.User != null)
{
authorized = PageState.User.IsSuperUser;
}
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.HostRole));
break;
}
}

20
Oqtane.Client/Modules/Controls/ModuleMessage.razor
View File

@ -1,30 +1,22 @@
@using Oqtane.Modules
@inherits ModuleBase
@if (authorized)
@if (Message != "")
{
<div class="@type">
@Message
</div>
<div class="@type">@Message</div><br /><br />
}
@code {
[Parameter]
public MessageType Type { get; set; }
[Parameter]
public string Message { get; set; }
string type = "alert alert-success"; // optional
bool authorized = false;
[Parameter]
public MessageType Type { get; set; }
string type = "alert alert-danger";
protected override void OnInitialized()
{
if (PageState.User != null)
{
authorized = PageState.User.IsSuperUser;
}
switch (Type)
{
case MessageType.Success:

10
Oqtane.Client/Modules/HtmlText/Services/HtmlTextService.cs
View File

@ -29,22 +29,22 @@ namespace Oqtane.Client.Modules.HtmlText.Services
public async Task<HtmlTextInfo> GetHtmlTextAsync(int ModuleId)
{
return await http.GetJsonAsync<HtmlTextInfo>(apiurl + "/" + ModuleId.ToString());
return await http.GetJsonAsync<HtmlTextInfo>(apiurl + "/" + ModuleId.ToString() + "?entityid=" + ModuleId.ToString());
}
public async Task AddHtmlTextAsync(HtmlTextInfo htmltext)
{
await http.PostJsonAsync(apiurl, htmltext);
await http.PostJsonAsync(apiurl + "?entityid=" + htmltext.ModuleId.ToString(), htmltext);
}
public async Task UpdateHtmlTextAsync(HtmlTextInfo htmltext)
{
await http.PutJsonAsync(apiurl + "/" + htmltext.HtmlTextId.ToString(), htmltext);
await http.PutJsonAsync(apiurl + "/" + htmltext.HtmlTextId.ToString() + "?entityid=" + htmltext.ModuleId.ToString(), htmltext);
}
public async Task DeleteHtmlTextAsync(int HtmlTextId)
public async Task DeleteHtmlTextAsync(int ModuleId)
{
await http.DeleteAsync(apiurl + "/" + HtmlTextId.ToString());
await http.DeleteAsync(apiurl + "/" + ModuleId.ToString() + "?entityid=" + ModuleId.ToString());
}
}
}

2
Oqtane.Client/Modules/HtmlText/Services/IHtmlTextService.cs
View File

@ -12,6 +12,6 @@ namespace Oqtane.Client.Modules.HtmlText.Services
Task UpdateHtmlTextAsync(HtmlTextInfo htmltext);
Task DeleteHtmlTextAsync(int HtmlTextId);
Task DeleteHtmlTextAsync(int ModuleId);
}
}

1
Oqtane.Client/Providers/IdentityAuthenticationStateProvider.cs
View File

@ -32,6 +32,7 @@ namespace Oqtane.Providers
{
identity = new ClaimsIdentity("Identity.Application");
identity.AddClaim(new Claim(ClaimTypes.Name, user.Username));
identity.AddClaim(new Claim(ClaimTypes.PrimarySid, user.UserId.ToString()));
foreach (string role in user.Roles.Split(new char[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
{
identity.AddClaim(new Claim(ClaimTypes.Role, role));

2
Oqtane.Client/Services/Interfaces/IUserService.cs
View File

@ -21,7 +21,5 @@ namespace Oqtane.Services
Task<User> LoginUserAsync(User User, bool SetCookie, bool IsPersistent);
Task LogoutUserAsync();
bool IsAuthorized(User User, string AccessControlList);
}
}

73
Oqtane.Client/Services/UserService.cs
View File

@ -67,78 +67,5 @@ namespace Oqtane.Services
// best practices recommend post is preferrable to get for logout
await http.PostJsonAsync(apiurl + "/logout", null);
}
// ACLs are stored in the format "!rolename1;![userid1];rolename2;rolename3;[userid2];[userid3]" where "!" designates Deny permissions
public bool IsAuthorized(User User, string AccessControlList)
{
bool isAllowed = false;
if (User != null)
{
// super user always has full access
isAllowed = User.IsSuperUser;
}
if (!isAllowed)
{
if (AccessControlList != null)
{
foreach (string permission in AccessControlList.Split(new[] { ';' }))
{
bool? allowed = VerifyPermission(User, permission);
if (allowed.HasValue)
{
isAllowed = allowed.Value;
break;
}
}
}
}
return isAllowed;
}
private bool? VerifyPermission(User user, string permission)
{
bool? allowed = null;
//permissions strings are encoded with deny permissions at the beginning and grant permissions at the end for optimal performance
if (!String.IsNullOrEmpty(permission))
{
// deny permission
if (permission.StartsWith("!"))
{
string denyRole = permission.Replace("!", "");
if (denyRole == Constants.AllUsersRole || IsAllowed(user, denyRole))
{
allowed = false;
}
}
else // grant permission
{
if (permission == Constants.AllUsersRole || IsAllowed(user, permission))
{
allowed = true;
}
}
}
return allowed;
}
private bool IsAllowed(User user, string permission)
{
if (user != null)
{
if ("[" + user.UserId + "]" == permission)
{
return true;
}
var roles = user.Roles;
if (roles != null)
{
return roles.IndexOf(";" + permission + ";") != -1;
}
}
return false;
}
}
}

3
Oqtane.Client/Shared/Container.razor
View File

@ -34,8 +34,7 @@
{
// container does not exist with type specified
builder.OpenComponent(0, Type.GetType(Constants.ModuleMessageControl));
builder.AddAttribute(1, "Type", MessageType.Error);
builder.AddAttribute(2, "Message", "Error Loading Module Container " + container);
builder.AddAttribute(1, "Message", "Error Loading Module Container " + container);
builder.CloseComponent();
}
}

14
Oqtane.Client/Shared/Installer.razor
View File

@ -82,10 +82,10 @@
<tbody>
<tr>
<td>
<label for="Title" class="control-label" style="font-weight: bold">Username: </label>
<label for="Title" class="control-label" style="font-weight: bold">Email: </label>
</td>
<td>
<input type="text" id="Email" class="form-control" @bind="@HostUsername" />
<input type="text" id="Email" class="form-control" @bind="@Email" />
</td>
</tr>
<tr>
@ -115,7 +115,7 @@
private string DatabaseName = "Oqtane-" + DateTime.Now.ToString("yyyyMMddHHmm");
private string Username = "";
private string Password = "";
private string HostUsername = "host";
private string Email = "";
private string HostPassword = "";
private string Message = "";
@ -164,11 +164,11 @@
{
User user = new User();
user.SiteId = 1;
user.Username = HostUsername;
user.DisplayName = HostUsername;
user.Username = Email;
user.DisplayName = Email;
user.Email = Email;
user.Password = HostPassword;
user.IsSuperUser = true;
user.Roles = "";
user.IsHost = true;
user = await UserService.AddUserAsync(user);
UriHelper.NavigateTo("", true);

3
Oqtane.Client/Shared/ModuleInstance.razor
View File

@ -36,8 +36,7 @@
{
// module does not exist with typename specified
builder.OpenComponent(0, Type.GetType(Constants.ModuleMessageControl));
builder.AddAttribute(1, "Type", MessageType.Error);
builder.AddAttribute(2, "Message", "Error Loading Component For Module " + ModuleState.ModuleDefinitionName);
builder.AddAttribute(1, "Message", "Error Loading Component For Module " + ModuleState.ModuleDefinitionName);
builder.CloseComponent();
}
};

15
Oqtane.Client/Shared/Pane.razor
View File

@ -3,6 +3,7 @@
@using Oqtane.Modules
@using Oqtane.Models
@using Oqtane.Shared
@using Oqtane.Security
@using System.Linq
@inject IUserService UserService
@inject IModuleService ModuleService
@ -27,7 +28,7 @@
protected override void OnInitialized()
{
if (UserService.IsAuthorized(PageState.User, PageState.Page.EditPermissions) && Name != Constants.AdminPane)
if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions) && Name != Constants.AdminPane)
{
paneadminborder = "pane-admin-border";
panetitle = "<div class=\"pane-admin-title\">" + Name + " Pane</div>";
@ -60,16 +61,16 @@
authorized = true;
break;
case SecurityAccessLevel.View:
authorized = UserService.IsAuthorized(PageState.User, module.ViewPermissions);
authorized = UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions);
break;
case SecurityAccessLevel.Edit:
authorized = UserService.IsAuthorized(PageState.User, module.EditPermissions);
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", module.Permissions);
break;
case SecurityAccessLevel.Admin:
authorized = UserService.IsAuthorized(PageState.User, Constants.AdminRole);
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.AdminRole));
break;
case SecurityAccessLevel.Host:
authorized = PageState.User.IsSuperUser;
authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.HostRole));
break;
}
if (authorized)
@ -103,7 +104,7 @@
if (module != null && module.Pane == Name)
{
// check if user is authorized to view module
if (UserService.IsAuthorized(PageState.User, module.ViewPermissions))
if (UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions))
{
builder.OpenComponent(0, Type.GetType(Constants.DefaultContainer));
builder.AddAttribute(1, "Module", module);
@ -116,7 +117,7 @@
foreach (Module module in PageState.Modules.Where(item => item.Pane == Name).OrderBy(x => x.Order).ToArray())
{
// check if user is authorized to view module
if (UserService.IsAuthorized(PageState.User, module.ViewPermissions))
if (UserSecurity.IsAuthorized(PageState.User, "View", module.Permissions))
{
builder.OpenComponent(0, Type.GetType(Constants.DefaultContainer));
builder.AddAttribute(1, "Module", module);

13
Oqtane.Client/Shared/SiteRouter.razor
View File

@ -4,6 +4,7 @@
@using System.Linq
@using System.Collections.Generic
@using Oqtane.Shared
@using Oqtane.Security
@using Microsoft.AspNetCore.Components.Routing
@inject AuthenticationStateProvider AuthenticationStateProvider
@inject SiteState SiteState
@ -153,12 +154,12 @@
}
// extract admin route elements from path
string[] segments = path.Split('/');
string[] segments = path.Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries);
int result;
if (segments.Length >= 3 && int.TryParse(segments[segments.Length - 3], out result))
if (segments.Length >= 2 && int.TryParse(segments[segments.Length - 2], out result))
{
// path has moduleid and control specification ie. page/moduleid/control/
control = segments[segments.Length - 2];
control = segments[segments.Length - 1];
moduleid = result;
path = path.Replace(moduleid.ToString() + "/" + control + "/", "");
}
@ -206,7 +207,7 @@
if (page != null)
{
// check if user is authorized to view page
if (UserService.IsAuthorized(user, page.ViewPermissions))
if (UserSecurity.IsAuthorized(user, "View", page.Permissions))
{
pagestate = new PageState();
pagestate.ModuleDefinitions = moduledefinitions;
@ -278,7 +279,7 @@
Dictionary<string, string> querystring = new Dictionary<string, string>();
if (path.IndexOf("?") != -1)
{
foreach (string kvp in path.Substring(path.IndexOf("?") + 1).Split('&'))
foreach (string kvp in path.Substring(path.IndexOf("?") + 1).Split(new[] { '&' }, StringSplitOptions.RemoveEmptyEntries))
{
if (kvp != "")
{
@ -316,7 +317,7 @@
string typename = moduledefinition.ControlTypeTemplate;
if (moduledefinition.ControlTypeRoutes != "")
{
foreach (string route in moduledefinition.ControlTypeRoutes.Split(';'))
foreach (string route in moduledefinition.ControlTypeRoutes.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
{
if (route.StartsWith(control + "="))
{

3
Oqtane.Client/Shared/Theme.razor
View File

@ -22,8 +22,7 @@
{
// theme does not exist with type specified
builder.OpenComponent(0, Type.GetType(Constants.ModuleMessageControl));
builder.AddAttribute(1, "Type", MessageType.Error);
builder.AddAttribute(2, "Message", "Error Loading Page Theme " + PageState.Page.ThemeType);
builder.AddAttribute(1, "Message", "Error Loading Page Theme " + PageState.Page.ThemeType);
builder.CloseComponent();
}
};

1
Oqtane.Client/Shared/Utilities.cs
View File

@ -35,6 +35,7 @@ namespace Oqtane.Shared
public static string EditUrl(string alias, string path, int moduleid, string action, string parameters)
{
string url = NavigateUrl(alias, path, "");
if (url == "/") url = "";
if (moduleid != -1)
{
url += "/" + moduleid.ToString();

8
Oqtane.Client/Themes/Controls/ControlPanel.razor
View File

@ -3,6 +3,7 @@
@using Oqtane.Models
@using Oqtane.Themes
@using Oqtane.Shared
@using Oqtane.Security
@inherits ThemeObjectBase
@inject IUriHelper UriHelper
@inject IUserService UserService
@ -44,7 +45,7 @@
<label for="Pane" class="control-label" style="color: white !important;">Pane: </label>
<select class="form-control" @bind="@pane">
<option value="">&lt;Select Pane&gt;</option>
@foreach (string pane in PageState.Page.Panes.Split(';'))
@foreach (string pane in PageState.Page.Panes.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
{
<option value="@pane">@pane Pane</option>
}
@ -89,7 +90,7 @@
{
pagemanagementmoduleid = modules.FirstOrDefault().ModuleId;
}
if (UserService.IsAuthorized(PageState.User, PageState.Page.EditPermissions))
if (UserSecurity.IsAuthorized(PageState.User, "Edit", PageState.Page.Permissions))
{
display = "display: inline";
}
@ -100,8 +101,7 @@
Module module = new Module();
module.SiteId = PageState.Site.SiteId;
module.ModuleDefinitionName = moduledefinitionname;
module.ViewPermissions = PageState.Page.ViewPermissions;
module.EditPermissions = PageState.Page.EditPermissions;
module.Permissions = PageState.Page.Permissions;
await ModuleService.AddModuleAsync(module);
List<Module> modules = await ModuleService.GetModulesAsync(PageState.Site.SiteId, moduledefinitionname);

3
Oqtane.Client/Themes/Controls/Menu.razor
View File

@ -2,6 +2,7 @@
@using Oqtane.Themes
@using Oqtane.Services
@using Oqtane.Models;
@using Oqtane.Security
@inherits ThemeObjectBase
@inject IPageService PageService
@inject IUserService UserService
@ -18,7 +19,7 @@
}
@foreach (var p in pages)
{
if (p.IsNavigation && UserService.IsAuthorized(PageState.User, p.ViewPermissions))
if (p.IsNavigation && UserSecurity.IsAuthorized(PageState.User, "View", p.Permissions))
{
string url = NavigateUrl(p.Path);
<li class="nav-item px-3">

5
Oqtane.Client/Themes/Controls/ModuleActions.razor
View File

@ -2,6 +2,7 @@
@using Oqtane.Services
@using Oqtane.Models
@using Oqtane.Shared
@using Oqtane.Security
@inherits ContainerBase
@inject IUriHelper UriHelper
@inject IUserService UserService
@ -32,7 +33,7 @@
{
actions.Add(new ActionViewModel { Action = "down", Name = "Move Down" });
}
foreach (string pane in PageState.Page.Panes.Split(';'))
foreach (string pane in PageState.Page.Panes.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
{
if (pane != ModuleState.Pane)
{
@ -42,7 +43,7 @@
actions.Add(new ActionViewModel { Action = "settings", Name = "Settings" });
actions.Add(new ActionViewModel { Action = "delete", Name = "Delete" });
if (UserService.IsAuthorized(PageState.User, ModuleState.EditPermissions))
if (UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions))
{
display = "display: inline";
}

6
Oqtane.Server/Controllers/AliasController.cs
View File

@ -32,7 +32,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize]
[Authorize(Roles = "Administrators")]
public Alias Post([FromBody] Alias Alias)
{
if (ModelState.IsValid)
@ -44,7 +44,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public Alias Put(int id, [FromBody] Alias Alias)
{
if (ModelState.IsValid)
@ -55,8 +55,8 @@ namespace Oqtane.Controllers
}
// DELETE api/<controller>/5
[Authorize]
[HttpDelete("{id}")]
[Authorize(Roles = "Administrators")]
public void Delete(int id)
{
Aliases.DeleteAlias(id);

2
Oqtane.Server/Controllers/InstallationController.cs
View File

@ -4,9 +4,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Configuration;
using Oqtane.Models;
using Oqtane.Repository;
using System;
using System.Collections.Generic;
using System.Data.SqlClient;
using System.IO;
using System.Linq;

6
Oqtane.Server/Controllers/ModuleController.cs
View File

@ -54,7 +54,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize]
[Authorize(Roles = "Administrators")]
public Module Post([FromBody] Module Module)
{
if (ModelState.IsValid)
@ -66,7 +66,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public Module Put(int id, [FromBody] Module Module)
{
if (ModelState.IsValid)
@ -78,7 +78,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public void Delete(int id)
{
Modules.DeleteModule(id);

6
Oqtane.Server/Controllers/PageModuleController.cs
View File

@ -32,7 +32,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize]
[Authorize(Roles = "Administrators")]
public PageModule Post([FromBody] PageModule PageModule)
{
if (ModelState.IsValid)
@ -44,7 +44,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public PageModule Put(int id, [FromBody] PageModule PageModule)
{
if (ModelState.IsValid)
@ -56,7 +56,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public void Delete(int id)
{
PageModules.DeletePageModule(id);

65
Oqtane.Server/Controllers/PermissionController.cs Normal file
View File

@ -0,0 +1,65 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
namespace Oqtane.Controllers
{
[Route("{site}/api/[controller]")]
public class PermissionController : Controller
{
private readonly IPermissionRepository Permissions;
public PermissionController(IPermissionRepository Permissions)
{
this.Permissions = Permissions;
}
// GET: api/<controller>
[HttpGet]
public IEnumerable<Permission> Get(string entityname, int entityid, string permissionname)
{
return Permissions.GetPermissions(entityname, entityid, permissionname);
}
// GET api/<controller>/5
[HttpGet("{id}")]
public Permission Get(int id)
{
return Permissions.GetPermission(id);
}
// POST api/<controller>
[HttpPost]
[Authorize(Roles = "Administrators")]
public Permission Post([FromBody] Permission Permission)
{
if (ModelState.IsValid)
{
Permission = Permissions.AddPermission(Permission);
}
return Permission;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = "Administrators")]
public Permission Put(int id, [FromBody] Permission Permission)
{
if (ModelState.IsValid)
{
Permission = Permissions.UpdatePermission(Permission);
}
return Permission;
}
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize(Roles = "Administrators")]
public void Delete(int id)
{
Permissions.DeletePermission(id);
}
}
}

6
Oqtane.Server/Controllers/RoleController.cs
View File

@ -39,7 +39,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize]
[Authorize(Roles = "Administrators")]
public Role Post([FromBody] Role Role)
{
if (ModelState.IsValid)
@ -51,7 +51,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public Role Put(int id, [FromBody] Role Role)
{
if (ModelState.IsValid)
@ -63,7 +63,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public void Delete(int id)
{
Roles.DeleteRole(id);

31
Oqtane.Server/Controllers/UserController.cs
View File

@ -8,6 +8,7 @@ using Microsoft.AspNetCore.Identity;
using System.Threading.Tasks;
using System.Linq;
using System.Security.Claims;
using Oqtane.Shared;
namespace Oqtane.Controllers
{
@ -54,7 +55,7 @@ namespace Oqtane.Controllers
if (user != null)
{
user.SiteId = int.Parse(siteid);
if (!user.IsSuperUser) // super users are part of every site by default
if (!user.IsHost) // host users are part of every site by default
{
SiteUser siteuser = SiteUsers.GetSiteUser(user.SiteId, id);
if (siteuser != null)
@ -62,6 +63,10 @@ namespace Oqtane.Controllers
user.Roles = GetUserRoles(user.UserId, user.SiteId);
}
}
else
{
user.Roles = ";" + Constants.HostRole + ";" + Constants.AdminRole + ";";
}
}
return user;
}
@ -74,7 +79,7 @@ namespace Oqtane.Controllers
if (user != null)
{
user.SiteId = int.Parse(siteid);
if (!user.IsSuperUser) // super users are part of every site by default
if (!user.IsHost) // host users are part of every site by default
{
SiteUser siteuser = SiteUsers.GetSiteUser(user.SiteId, user.UserId);
if (siteuser != null)
@ -86,6 +91,10 @@ namespace Oqtane.Controllers
user = null;
}
}
else
{
user.Roles = ";" + Constants.HostRole + ";" + Constants.AdminRole + ";";
}
}
return user;
}
@ -97,6 +106,13 @@ namespace Oqtane.Controllers
User user = null;
if (ModelState.IsValid)
{
bool authorized = HttpContext.User.IsInRole(Constants.AdminRole);
if (!authorized && !Users.GetUsers().Any())
{
authorized = true; // during initial installation we need to be able to create the host user
}
if (authorized)
{
IdentityUser identityuser = await IdentityUserManager.FindByNameAsync(User.Username);
if (identityuser == null)
@ -108,7 +124,7 @@ namespace Oqtane.Controllers
if (result.Succeeded)
{
user = Users.AddUser(User);
if (!user.IsSuperUser)
if (!user.IsHost) // host users are part of every site by default
{
SiteUser siteuser = new SiteUser();
siteuser.SiteId = User.SiteId;
@ -134,7 +150,7 @@ namespace Oqtane.Controllers
SiteUser siteuser = SiteUsers.GetSiteUser(User.SiteId, user.UserId);
if (siteuser == null)
{
if (!user.IsSuperUser)
if (!user.IsHost) // host users are part of every site by default
{
siteuser = new SiteUser();
siteuser.SiteId = User.SiteId;
@ -155,13 +171,14 @@ namespace Oqtane.Controllers
}
}
}
}
return user;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public User Put(int id, [FromBody] User User)
{
if (ModelState.IsValid)
@ -173,7 +190,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5?siteid=x
[HttpDelete("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public void Delete(int id, string siteid)
{
SiteUser siteuser = SiteUsers.GetSiteUser(id, int.Parse(siteid));
@ -200,7 +217,7 @@ namespace Oqtane.Controllers
user = Users.GetUser(identityuser.UserName);
if (user != null)
{
if (!user.IsSuperUser) // super users are part of every site by default
if (!user.IsHost) // host users are part of every site by default
{
SiteUser siteuser = SiteUsers.GetSiteUser(User.SiteId, user.UserId);
if (siteuser != null)

6
Oqtane.Server/Controllers/UserRoleController.cs
View File

@ -39,7 +39,7 @@ namespace Oqtane.Controllers
// POST api/<controller>
[HttpPost]
[Authorize]
[Authorize(Roles = "Administrators")]
public UserRole Post([FromBody] UserRole UserRole)
{
if (ModelState.IsValid)
@ -51,7 +51,7 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public UserRole Put(int id, [FromBody] UserRole UserRole)
{
if (ModelState.IsValid)
@ -63,7 +63,7 @@ namespace Oqtane.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize]
[Authorize(Roles = "Administrators")]
public void Delete(int id)
{
UserRoles.DeleteUserRole(id);

32
Oqtane.Server/Modules/HtmlText/Controllers/HtmlTextController.cs
View File

@ -1,8 +1,8 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Shared.Modules.HtmlText.Models;
using Oqtane.Server.Modules.HtmlText.Repository;
using Microsoft.AspNetCore.Http;
namespace Oqtane.Server.Modules.HtmlText.Controllers
{
@ -10,25 +10,36 @@ namespace Oqtane.Server.Modules.HtmlText.Controllers
public class HtmlTextController : Controller
{
private IHtmlTextRepository htmltext;
private int EntityId = -1; // passed as a querystring parameter for authorization and used for validation
public HtmlTextController(IHtmlTextRepository HtmlText)
public HtmlTextController(IHtmlTextRepository HtmlText, IHttpContextAccessor HttpContextAccessor)
{
htmltext = HtmlText;
if (HttpContextAccessor.HttpContext.Request.Query.ContainsKey("entityid"))
{
EntityId = int.Parse(HttpContextAccessor.HttpContext.Request.Query["entityid"]);
}
}
// GET api/<controller>/5
[HttpGet("{id}")]
[Authorize(Policy = "ViewModule")]
public HtmlTextInfo Get(int id)
{
return htmltext.GetHtmlText(id);
HtmlTextInfo HtmlText = null;
if (EntityId == id)
{
HtmlText = htmltext.GetHtmlText(id);
}
return HtmlText;
}
// POST api/<controller>
[HttpPost]
[Authorize]
[Authorize(Policy = "EditModule")]
public HtmlTextInfo Post([FromBody] HtmlTextInfo HtmlText)
{
if (ModelState.IsValid)
if (ModelState.IsValid && HtmlText.ModuleId == EntityId)
{
HtmlText = htmltext.AddHtmlText(HtmlText);
}
@ -37,10 +48,10 @@ namespace Oqtane.Server.Modules.HtmlText.Controllers
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize]
[Authorize(Policy = "EditModule")]
public HtmlTextInfo Put(int id, [FromBody] HtmlTextInfo HtmlText)
{
if (ModelState.IsValid)
if (ModelState.IsValid && HtmlText.ModuleId == EntityId)
{
HtmlText = htmltext.UpdateHtmlText(HtmlText);
}
@ -49,10 +60,13 @@ namespace Oqtane.Server.Modules.HtmlText.Controllers
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize]
[Authorize(Policy = "EditModule")]
public void Delete(int id)
{
if (id == EntityId)
{
htmltext.DeleteHtmlText(id);
}
}
}
}

4
Oqtane.Server/Modules/HtmlText/Repository/HtmlTextRepository.cs
View File

@ -56,11 +56,11 @@ namespace Oqtane.Server.Modules.HtmlText.Repository
}
}
public void DeleteHtmlText(int HtmlTextId)
public void DeleteHtmlText(int ModuleId)
{
try
{
HtmlTextInfo HtmlText = db.HtmlText.Find(HtmlTextId);
HtmlTextInfo HtmlText = db.HtmlText.Where(item => item.ModuleId == ModuleId).FirstOrDefault();
db.HtmlText.Remove(HtmlText);
db.SaveChanges();
}

2
Oqtane.Server/Modules/HtmlText/Repository/IHtmlTextRepository.cs
View File

@ -8,6 +8,6 @@ namespace Oqtane.Server.Modules.HtmlText.Repository
HtmlTextInfo GetHtmlText(int ModuleId);
HtmlTextInfo AddHtmlText(HtmlTextInfo HtmlText);
HtmlTextInfo UpdateHtmlText(HtmlTextInfo HtmlText);
void DeleteHtmlText(int HtmlTextId);
void DeleteHtmlText(int ModuleId);
}
}

1
Oqtane.Server/Repository/Context/TenantDBContext.cs
View File

@ -14,6 +14,7 @@ namespace Oqtane.Repository
public virtual DbSet<SiteUser> SiteUser { get; set; }
public virtual DbSet<Role> Role { get; set; }
public virtual DbSet<UserRole> UserRole { get; set; }
public virtual DbSet<Permission> Permission { get; set; }
public virtual DbSet<Setting> Setting { get; set; }
public TenantDBContext(ITenantResolver TenantResolver, IHttpContextAccessor accessor) : base(TenantResolver, accessor)

19
Oqtane.Server/Repository/Interfaces/IPermissionRepository.cs Normal file
View File

@ -0,0 +1,19 @@
using System.Collections.Generic;
using Oqtane.Models;
namespace Oqtane.Repository
{
public interface IPermissionRepository
{
IEnumerable<Permission> GetPermissions(int SiteId, string EntityName);
IEnumerable<Permission> GetPermissions(string EntityName, int EntityId);
IEnumerable<Permission> GetPermissions(string EntityName, int EntityId, string PermissionName);
Permission AddPermission(Permission Permission);
Permission UpdatePermission(Permission Permission);
void UpdatePermissions(int SiteId, string EntityName, int EntityId, string Permissions);
Permission GetPermission(int PermissionId);
void DeletePermission(int PermissionId);
string EncodePermissions(int EntityId, List<Permission> Permissions);
List<Permission> DecodePermissions(string Permissions, int SiteId, string EntityName, int EntityId);
}
}

23
Oqtane.Server/Repository/ModuleRepository.cs
View File

@ -8,10 +8,12 @@ namespace Oqtane.Repository
public class ModuleRepository : IModuleRepository
{
private TenantDBContext db;
private readonly IPermissionRepository Permissions;
public ModuleRepository(TenantDBContext context)
public ModuleRepository(TenantDBContext context, IPermissionRepository Permissions)
{
db = context;
this.Permissions = Permissions;
}
public IEnumerable<Module> GetModules()
@ -30,10 +32,16 @@ namespace Oqtane.Repository
{
try
{
return db.Module
List<Permission> permissions = Permissions.GetPermissions(SiteId, "Module").ToList();
List<Module> modules = db.Module
.Where(item => item.SiteId == SiteId)
.Where(item => item.ModuleDefinitionName == ModuleDefinitionName)
.ToList();
foreach (Module module in modules)
{
module.Permissions = Permissions.EncodePermissions(module.ModuleId, permissions);
}
return modules;
}
catch
{
@ -47,6 +55,7 @@ namespace Oqtane.Repository
{
db.Module.Add(Module);
db.SaveChanges();
Permissions.UpdatePermissions(Module.SiteId, "Module", Module.ModuleId, Module.Permissions);
return Module;
}
catch
@ -61,6 +70,7 @@ namespace Oqtane.Repository
{
db.Entry(Module).State = EntityState.Modified;
db.SaveChanges();
Permissions.UpdatePermissions(Module.SiteId, "Module", Module.ModuleId, Module.Permissions);
return Module;
}
catch
@ -73,7 +83,13 @@ namespace Oqtane.Repository
{
try
{
return db.Module.Find(ModuleId);
Module module = db.Module.Find(ModuleId);
if (module != null)
{
List<Permission> permissions = Permissions.GetPermissions("Module", module.ModuleId).ToList();
module.Permissions = Permissions.EncodePermissions(module.ModuleId, permissions);
}
return module;
}
catch
{
@ -86,6 +102,7 @@ namespace Oqtane.Repository
try
{
Module Module = db.Module.Find(ModuleId);
Permissions.UpdatePermissions(Module.SiteId, "Module", ModuleId, "");
db.Module.Remove(Module);
db.SaveChanges();
}

23
Oqtane.Server/Repository/PageModuleRepository.cs
View File

@ -8,10 +8,12 @@ namespace Oqtane.Repository
public class PageModuleRepository : IPageModuleRepository
{
private TenantDBContext db;
private readonly IPermissionRepository Permissions;
public PageModuleRepository(TenantDBContext context)
public PageModuleRepository(TenantDBContext context, IPermissionRepository Permissions)
{
db = context;
this.Permissions = Permissions;
}
public IEnumerable<PageModule> GetPageModules()
@ -29,9 +31,18 @@ namespace Oqtane.Repository
{
try
{
return db.PageModule.Where(item => item.PageId == PageId)
List<PageModule> pagemodules = db.PageModule.Where(item => item.PageId == PageId)
.Include(item => item.Module) // eager load modules
.ToList();
if (pagemodules != null && pagemodules.Any())
{
List<Permission> permissions = Permissions.GetPermissions(pagemodules.FirstOrDefault().Module.SiteId, "Module").ToList();
foreach (PageModule pagemodule in pagemodules)
{
pagemodule.Module.Permissions = Permissions.EncodePermissions(pagemodule.ModuleId, permissions);
}
}
return pagemodules;
}
catch
{
@ -71,8 +82,14 @@ namespace Oqtane.Repository
{
try
{
return db.PageModule.Include(item => item.Module) // eager load modules
PageModule pagemodule = db.PageModule.Include(item => item.Module) // eager load modules
.SingleOrDefault(item => item.PageModuleId == PageModuleId);
if (pagemodule != null)
{
List<Permission> permissions = Permissions.GetPermissions("Module", pagemodule.ModuleId).ToList();
pagemodule.Module.Permissions = Permissions.EncodePermissions(pagemodule.ModuleId, permissions);
}
return pagemodule;
}
catch
{

23
Oqtane.Server/Repository/PageRepository.cs
View File

@ -8,10 +8,12 @@ namespace Oqtane.Repository
public class PageRepository : IPageRepository
{
private TenantDBContext db;
private readonly IPermissionRepository Permissions;
public PageRepository(TenantDBContext context)
public PageRepository(TenantDBContext context, IPermissionRepository Permissions)
{
db = context;
this.Permissions = Permissions;
}
public IEnumerable<Page> GetPages()
@ -30,7 +32,13 @@ namespace Oqtane.Repository
{
try
{
return db.Page.Where(item => item.SiteId == SiteId).ToList();
List<Permission> permissions = Permissions.GetPermissions(SiteId, "Page").ToList();
List<Page> pages = db.Page.Where(item => item.SiteId == SiteId).ToList();
foreach(Page page in pages)
{
page.Permissions = Permissions.EncodePermissions(page.PageId, permissions);
}
return pages;
}
catch
{
@ -44,6 +52,7 @@ namespace Oqtane.Repository
{
db.Page.Add(Page);
db.SaveChanges();
Permissions.UpdatePermissions(Page.SiteId, "Page", Page.PageId, Page.Permissions);
return Page;
}
catch
@ -58,6 +67,7 @@ namespace Oqtane.Repository
{
db.Entry(Page).State = EntityState.Modified;
db.SaveChanges();
Permissions.UpdatePermissions(Page.SiteId, "Page", Page.PageId, Page.Permissions);
return Page;
}
catch
@ -70,7 +80,13 @@ namespace Oqtane.Repository
{
try
{
return db.Page.Find(PageId);
Page page = db.Page.Find(PageId);
if (page != null)
{
List<Permission> permissions = Permissions.GetPermissions("Page", page.PageId).ToList();
page.Permissions = Permissions.EncodePermissions(page.PageId, permissions);
}
return page;
}
catch
{
@ -83,6 +99,7 @@ namespace Oqtane.Repository
try
{
Page Page = db.Page.Find(PageId);
Permissions.UpdatePermissions(Page.SiteId, "Page", PageId, "");
db.Page.Remove(Page);
db.SaveChanges();
}

236
Oqtane.Server/Repository/PermissionRepository.cs Normal file
View File

@ -0,0 +1,236 @@
using Microsoft.EntityFrameworkCore;
using System.Collections.Generic;
using System.Linq;
using Oqtane.Models;
using System.Text;
using System;
namespace Oqtane.Repository
{
public class PermissionRepository : IPermissionRepository
{
private TenantDBContext db;
private readonly IRoleRepository Roles;
public PermissionRepository(TenantDBContext context, IRoleRepository Roles)
{
db = context;
this.Roles = Roles;
}
public IEnumerable<Permission> GetPermissions(int SiteId, string EntityName)
{
try
{
return db.Permission.Where(item => item.SiteId == SiteId)
.Where(item => item.EntityName == EntityName)
.Include(item => item.Role); // eager load roles
}
catch
{
throw;
}
}
public IEnumerable<Permission> GetPermissions(string EntityName, int EntityId)
{
try
{
return db.Permission.Where(item => item.EntityName == EntityName)
.Where(item => item.EntityId == EntityId)
.Include(item => item.Role); // eager load roles
}
catch
{
throw;
}
}
public IEnumerable<Permission> GetPermissions(string EntityName, int EntityId, string PermissionName)
{
try
{
return db.Permission.Where(item => item.EntityName == EntityName)
.Where(item => item.EntityId == EntityId)
.Where(item => item.PermissionName == PermissionName)
.Include(item => item.Role); // eager load roles
}
catch
{
throw;
}
}
public Permission AddPermission(Permission Permission)
{
try
{
db.Permission.Add(Permission);
db.SaveChanges();
return Permission;
}
catch
{
throw;
}
}
public Permission UpdatePermission(Permission Permission)
{
try
{
db.Entry(Permission).State = EntityState.Modified;
db.SaveChanges();
return Permission;
}
catch
{
throw;
}
}
public void UpdatePermissions(int SiteId, string EntityName, int EntityId, string Permissions)
{
// get current permissions and delete
List<Permission> permissions = db.Permission.Where(item => item.EntityName == EntityName)
.Where(item => item.EntityId == EntityId).ToList();
foreach(Permission permission in permissions)
{
db.Permission.Remove(permission);
}
// add permissions
permissions = DecodePermissions(Permissions, SiteId, EntityName, EntityId);
foreach (Permission permission in permissions)
{
db.Permission.Add(permission);
}
db.SaveChanges();
}
public Permission GetPermission(int PermissionId)
{
try
{
return db.Permission.Find(PermissionId);
}
catch
{
throw;
}
}
public void DeletePermission(int PermissionId)
{
try
{
Permission Permission = db.Permission.Find(PermissionId);
db.Permission.Remove(Permission);
db.SaveChanges();
}
catch
{
throw;
}
}
// permissions are stored in the format "{permissionname:!rolename1;![userid1];rolename2;rolename3;[userid2];[userid3]}" where "!" designates Deny permissions
public string EncodePermissions(int EntityId, List<Permission> Permissions)
{
string permissions = "";
string permissionname = "";
StringBuilder permissionsbuilder = new StringBuilder();
string perm = "";
foreach (Permission permission in Permissions.Where(item => item.EntityId == EntityId).OrderBy(item => item.PermissionName))
{
// permission collections are grouped by permissionname
if (permissionname != permission.PermissionName)
{
permissionname = permission.PermissionName;
permissions += permissionsbuilder.ToString();
permissions += ((permissions != "") ? "}" : "") + "{" + permissionname + ":";
permissionsbuilder = new StringBuilder();
}
// deny permissions are prefixed with a "!"
string prefix = !permission.IsAuthorized ? "!" : "";
// encode permission
if (permission.UserId == null)
{
perm = prefix + permission.Role.Name + ";";
}
else
{
perm = prefix + "[" + permission.UserId.ToString() + "];";
}
// insert Deny permissions at the beginning and append Grant permissions at the end
if (prefix == "!")
{
permissionsbuilder.Insert(0, perm);
}
else
{
permissionsbuilder.Append(perm);
}
}
if (permissionsbuilder.ToString() != "")
{
permissions += permissionsbuilder.ToString() + "}";
}
return permissions;
}
public List<Permission> DecodePermissions(string Permissions, int SiteId, string EntityName, int EntityId)
{
List<Role> roles = Roles.GetRoles(SiteId).ToList();
List<Permission> permissions = new List<Permission>();
string perm = "";
string permissionname;
string permissionstring;
foreach (string PermissionString in Permissions.Split(new char[] { '{' }, StringSplitOptions.RemoveEmptyEntries))
{
permissionname = PermissionString.Substring(0, PermissionString.IndexOf(":"));
permissionstring = PermissionString.Replace(permissionname + ":", "").Replace("}", "");
foreach (string Perm in permissionstring.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
{
perm = Perm;
Permission permission = new Permission();
permission.SiteId = SiteId;
permission.EntityName = EntityName;
permission.EntityId = EntityId;
permission.PermissionName = permissionname;
permission.RoleId = null;
permission.UserId = null;
permission.IsAuthorized = true;
if (perm.StartsWith("!"))
{
// deny permission
perm.Replace("!", "");
permission.IsAuthorized = false;
}
if (perm.StartsWith("[") && perm.EndsWith("]"))
{
// user id
perm = perm.Replace("[", "").Replace("]", "");
permission.UserId = int.Parse(perm);
}
else
{
// role name
Role role = roles.Where(item => item.Name == perm).SingleOrDefault();
if (role != null)
{
permission.RoleId = role.RoleId;
}
}
permissions.Add(permission);
}
}
return permissions;
}
}
}

5
Oqtane.Server/Repository/TenantResolver.cs
View File

@ -2,6 +2,7 @@
using System.Linq;
using Oqtane.Models;
using Microsoft.AspNetCore.Http;
using System;
namespace Oqtane.Repository
{
@ -21,8 +22,8 @@ namespace Oqtane.Repository
// get alias based on request context
aliasname = accessor.HttpContext.Request.Host.Value;
string path = accessor.HttpContext.Request.Path.Value;
string[] segments = path.Split('/');
if (segments[0] == "api" && segments[1] != "~")
string[] segments = path.Split(new[] { '/' }, StringSplitOptions.RemoveEmptyEntries);
if (segments.Length > 0 && segments[0] == "api" && segments[1] != "~")
{
aliasname += "/" + segments[1];
}

399
Oqtane.Server/Scripts/00.00.00.sql
View File

@ -27,8 +27,6 @@ CREATE TABLE [dbo].[Page](
[ThemeType] [nvarchar](200) NULL,
[Icon] [nvarchar](50) NOT NULL,
[Panes] [nvarchar](50) NOT NULL,
[ViewPermissions] [nvarchar](500) NOT NULL,
[EditPermissions] [nvarchar](500) NOT NULL,
[ParentId] [int] NULL,
[Order] [int] NOT NULL,
[IsNavigation] [bit] NOT NULL,
@ -48,8 +46,6 @@ CREATE TABLE [dbo].[Module](
[ModuleId] [int] IDENTITY(1,1) NOT NULL,
[SiteId] [int] NOT NULL,
[ModuleDefinitionName] [nvarchar](200) NOT NULL,
[ViewPermissions] [nvarchar](500) NOT NULL,
[EditPermissions] [nvarchar](500) NOT NULL,
[CreatedBy] [nvarchar](256) NOT NULL,
[CreatedOn] [datetime] NOT NULL,
[ModifiedBy] [nvarchar](256) NOT NULL,
@ -80,26 +76,12 @@ CREATE TABLE [dbo].[PageModule](
)
GO
CREATE TABLE [dbo].[HtmlText](
[HtmlTextId] [int] IDENTITY(1,1) NOT NULL,
[ModuleId] [int] NOT NULL,
[Content] [nvarchar](max) NOT NULL,
[CreatedBy] [nvarchar](256) NOT NULL,
[CreatedOn] [datetime] NOT NULL,
[ModifiedBy] [nvarchar](256) NOT NULL,
[ModifiedOn] [datetime] NOT NULL,
CONSTRAINT [PK_HtmlText] PRIMARY KEY CLUSTERED
(
[HtmlTextId] ASC
)
)
GO
CREATE TABLE [dbo].[User](
[UserId] [int] IDENTITY(1,1) NOT NULL,
[Username] [nvarchar](256) NOT NULL,
[DisplayName] [nvarchar](50) NOT NULL,
[IsSuperUser] [bit] NOT NULL,
[Email] [nvarchar](256) NOT NULL,
[IsHost] [bit] NOT NULL,
[CreatedBy] [nvarchar](256) NOT NULL,
[CreatedOn] [datetime] NOT NULL,
[ModifiedBy] [nvarchar](256) NOT NULL,
@ -128,7 +110,7 @@ GO
CREATE TABLE [dbo].[Role](
[RoleId] [int] IDENTITY(1,1) NOT NULL,
[SiteId] [int] NOT NULL,
[SiteId] [int] NULL,
[Name] [nvarchar](256) NOT NULL,
[Description] [nvarchar](50) NOT NULL,
[IsAutoAssigned] [bit] NOT NULL,
@ -160,6 +142,26 @@ CREATE TABLE [dbo].[UserRole](
)
GO
CREATE TABLE [dbo].[Permission](
[PermissionId] [int] IDENTITY(1,1) NOT NULL,
[SiteId] [int] NOT NULL,
[EntityName] [nvarchar](50) NOT NULL,
[EntityId] [int] NOT NULL,
[PermissionName] [nvarchar](50) NOT NULL,
[RoleId] [int] NULL,
[UserId] [int] NULL,
[IsAuthorized] [bit] NOT NULL,
[CreatedBy] [nvarchar](256) NOT NULL,
[CreatedOn] [datetime] NOT NULL,
[ModifiedBy] [nvarchar](256) NOT NULL,
[ModifiedOn] [datetime] NOT NULL,
CONSTRAINT [PK_Permission] PRIMARY KEY CLUSTERED
(
[PermissionId] ASC
)
)
GO
CREATE TABLE [dbo].[Setting](
[SettingId] [int] IDENTITY(1,1) NOT NULL,
[EntityName] [nvarchar](50) NOT NULL,
@ -176,16 +178,27 @@ CREATE TABLE [dbo].[Setting](
)
)
GO
CREATE TABLE [dbo].[HtmlText](
[HtmlTextId] [int] IDENTITY(1,1) NOT NULL,
[ModuleId] [int] NOT NULL,
[Content] [nvarchar](max) NOT NULL,
[CreatedBy] [nvarchar](256) NOT NULL,
[CreatedOn] [datetime] NOT NULL,
[ModifiedBy] [nvarchar](256) NOT NULL,
[ModifiedOn] [datetime] NOT NULL,
CONSTRAINT [PK_HtmlText] PRIMARY KEY CLUSTERED
(
[HtmlTextId] ASC
)
)
GO
/*
Create foreign key relationships
*/
ALTER TABLE [dbo].[HtmlText] WITH CHECK ADD CONSTRAINT [FK_HtmlText_Module] FOREIGN KEY([ModuleId])
REFERENCES [dbo].[Module] ([ModuleId])
ON DELETE CASCADE
GO
ALTER TABLE [dbo].[Module] WITH CHECK ADD CONSTRAINT [FK_Module_Site] FOREIGN KEY([SiteId])
REFERENCES [dbo].[Site] ([SiteId])
ON DELETE CASCADE
@ -214,6 +227,11 @@ ALTER TABLE [dbo].[SiteUser] WITH CHECK ADD CONSTRAINT [FK_SiteUser_User] FORE
REFERENCES [dbo].[User] ([UserId])
GO
ALTER TABLE [dbo].[HtmlText] WITH CHECK ADD CONSTRAINT [FK_HtmlText_Module] FOREIGN KEY([ModuleId])
REFERENCES [dbo].[Module] ([ModuleId])
ON DELETE CASCADE
GO
/*
Create indexes
@ -245,120 +263,287 @@ GO
SET IDENTITY_INSERT [dbo].[Site] OFF
GO
SET IDENTITY_INSERT [dbo].[Role] ON
GO
INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (-1, null, N'All Users', N'All Users', 0, '', getdate(), '', getdate())
GO
INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (0, null, N'Super Users', N'Super Users', 0, '', getdate(), '', getdate())
GO
INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (1, 1, N'Administrators', N'Site Administrators', 0, '', getdate(), '', getdate())
GO
INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (2, 1, N'Registered Users', N'Registered Users', 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (3, 2, N'Administrators', N'Site Administrators', 0, '', getdate(), '', getdate())
GO
INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (4, 2, N'Registered Users', N'Registered Users', 1, '', getdate(), '', getdate())
GO
SET IDENTITY_INSERT [dbo].[Role] OFF
GO
SET IDENTITY_INSERT [dbo].[Page] ON
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (1, 1, N'Page1', N'', N'Oqtane.Client.Themes.Theme1.Theme1, Oqtane.Client', N'oi-home', N'Left;Right', N'All Users', N'Administrators', NULL, 1, 1, N'', '', getdate(), '', getdate())
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (1, 1, N'Page1', N'', N'Oqtane.Client.Themes.Theme1.Theme1, Oqtane.Client', N'oi-home', N'Left;Right', NULL, 1, 1, N'', '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (2, 1, N'Page2', N'page2', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'oi-plus', N'Top;Bottom', N'Administrators', N'Administrators', NULL, 3, 1, N'', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 1, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (3, 1, N'Page3', N'page3', N'Oqtane.Client.Themes.Theme3.Theme3, Oqtane.Client', N'oi-list-rich', N'Left;Right', N'All Users', N'Administrators', NULL, 3, 1, N'Oqtane.Client.Themes.Theme3.HorizontalLayout, Oqtane.Client', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 1, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (4, 1, N'Admin', N'admin', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'oi-home', N'Top;Bottom', N'Administrators', N'Administrators', NULL, 7, 1, N'', '', getdate(), '', getdate())
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (2, 1, N'Page2', N'page2', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'oi-plus', N'Top;Bottom', NULL, 3, 1, N'', '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (5, 1, N'Page Management', N'admin/pages', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'Administrators', N'Administrators', 4, 1, 1, N'', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 2, 'View', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (6, 1, N'Login', N'login', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'All Users', N'Administrators', NULL, 1, 0, N'', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 2, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (7, 1, N'Register', N'register', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'All Users', N'Administrators', NULL, 1, 0, N'', '', getdate(), '', getdate())
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (3, 1, N'Page3', N'page3', N'Oqtane.Client.Themes.Theme3.Theme3, Oqtane.Client', N'oi-list-rich', N'Left;Right', NULL, 3, 1, N'Oqtane.Client.Themes.Theme3.HorizontalLayout, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (8, 1, N'Site Management', N'admin/sites', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'Administrators', N'Administrators', 4, 0, 1, N'', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 3, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (9, 1, N'User Management', N'admin/users', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'Administrators', N'Administrators', 4, 2, 1, N'', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 3, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (10, 1, N'Module Management', N'admin/modules', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'Administrators', N'Administrators', 4, 3, 1, N'', '', getdate(), '', getdate())
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (4, 1, N'Admin', N'admin', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'oi-home', N'Top;Bottom', NULL, 7, 1, N'', '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (11, 1, N'Theme Management', N'admin/themes', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'Administrators', N'Administrators', 4, 4, 1, N'', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 4, 'View', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (12, 2, N'Page1', N'', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'oi-home', N'Top;Bottom', N'All Users', N'Administrators', NULL, 1, 1, N'', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 4, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (13, 2, N'Page2', N'page2', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'oi-home', N'Top;Bottom', N'All Users', N'Administrators', NULL, 1, 1, N'', '', getdate(), '', getdate())
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (5, 1, N'Page Management', N'admin/pages', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', 4, 1, 1, N'', '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (14, 2, N'Login', N'login', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'All Users', N'Administrators', NULL, 1, 0, N'', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 5, 'View', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (15, 2, N'Register', N'register', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'All Users', N'Administrators', NULL, 1, 0, N'', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 5, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ViewPermissions], [EditPermissions], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (16, 1, N'Role Management', N'admin/roles', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', N'Administrators', N'Administrators', 4, 5, 1, N'', '', getdate(), '', getdate())
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (6, 1, N'Login', N'login', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', NULL, 1, 0, N'', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 6, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 6, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (7, 1, N'Register', N'register', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', NULL, 1, 0, N'', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 7, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 7, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (8, 1, N'Site Management', N'admin/sites', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', 4, 0, 1, N'', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 8, 'View', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 8, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (9, 1, N'User Management', N'admin/users', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', 4, 2, 1, N'', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 9, 'View', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 9, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (10, 1, N'Module Management', N'admin/modules', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', 4, 3, 1, N'', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 10, 'View', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 10, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (11, 1, N'Theme Management', N'admin/themes', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', 4, 4, 1, N'', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 11, 'View', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 11, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (12, 2, N'Page1', N'', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'oi-home', N'Top;Bottom', NULL, 1, 1, N'', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Page', 12, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Page', 12, 'Edit', 3, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (13, 2, N'Page2', N'page2', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'oi-home', N'Top;Bottom', NULL, 1, 1, N'', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Page', 13, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Page', 13, 'Edit', 3, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (14, 2, N'Login', N'login', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', NULL, 1, 0, N'', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Page', 14, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Page', 14, 'Edit', 3, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (15, 2, N'Register', N'register', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', NULL, 1, 0, N'', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Page', 15, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Page', 15, 'Edit', 3, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Page] ([PageId], [SiteId], [Name], [Path], [ThemeType], [Icon], [Panes], [ParentId], [Order], [IsNavigation], [LayoutType], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (16, 1, N'Role Management', N'admin/roles', N'Oqtane.Client.Themes.Theme2.Theme2, Oqtane.Client', N'', N'Top;Bottom', 4, 5, 1, N'', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 16, 'View', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Page', 16, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
SET IDENTITY_INSERT [dbo].[Page] OFF
GO
SET IDENTITY_INSERT [dbo].[Module] ON
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (1, 1, N'Oqtane.Client.Modules.Weather, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (1, 1, N'Oqtane.Client.Modules.Weather, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (2, 1, N'Oqtane.Client.Modules.Counter, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 1, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (3, 1, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 1, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (4, 1, N'Oqtane.Client.Modules.Weather, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (2, 1, N'Oqtane.Client.Modules.Counter, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (5, 1, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 2, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (6, 1, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 2, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (7, 1, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', N'Administrators', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (3, 1, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (8, 1, N'Oqtane.Client.Modules.Admin.Pages, Oqtane.Client', N'Administrators', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 3, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (9, 1, N'Oqtane.Client.Modules.Admin.Login, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 3, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (10, 1, N'Oqtane.Client.Modules.Admin.Register, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (4, 1, N'Oqtane.Client.Modules.Weather, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (11, 1, N'Oqtane.Client.Modules.Admin.Admin, Oqtane.Client', N'Administrators', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 4, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (12, 1, N'Oqtane.Client.Modules.Admin.Sites, Oqtane.Client', N'Administrators', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 4, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (13, 1, N'Oqtane.Client.Modules.Admin.Users, Oqtane.Client', N'Administrators', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (5, 1, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (14, 1, N'Oqtane.Client.Modules.Admin.ModuleDefinitions, Oqtane.Client', N'Administrators', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 5, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (15, 1, N'Oqtane.Client.Modules.Admin.Themes, Oqtane.Client', N'Administrators', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 5, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (16, 2, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (6, 1, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (17, 2, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 6, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (18, 2, N'Oqtane.Client.Modules.Admin.Login, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 6, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (19, 2, N'Oqtane.Client.Modules.Admin.Register, Oqtane.Client', N'All Users', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (7, 1, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [ViewPermissions], [EditPermissions], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (20, 1, N'Oqtane.Client.Modules.Admin.Roles, Oqtane.Client', N'Administrators', N'Administrators', '', getdate(), '', getdate())
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 7, 'View', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 7, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (8, 1, N'Oqtane.Client.Modules.Admin.Pages, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 8, 'View', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 8, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (9, 1, N'Oqtane.Client.Modules.Admin.Login, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 9, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 9, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (10, 1, N'Oqtane.Client.Modules.Admin.Register, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 10, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 10, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (11, 1, N'Oqtane.Client.Modules.Admin.Admin, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 11, 'View', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 11, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (12, 1, N'Oqtane.Client.Modules.Admin.Sites, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 12, 'View', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 12, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (13, 1, N'Oqtane.Client.Modules.Admin.Users, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 13, 'View', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 13, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (14, 1, N'Oqtane.Client.Modules.Admin.ModuleDefinitions, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 14, 'View', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 14, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (15, 1, N'Oqtane.Client.Modules.Admin.Themes, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 15, 'View', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 15, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (16, 2, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Module', 16, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Module', 16, 'Edit', 3, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (17, 2, N'Oqtane.Client.Modules.HtmlText, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Module', 17, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Module', 17, 'Edit', 3, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (18, 2, N'Oqtane.Client.Modules.Admin.Login, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Module', 18, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Module', 18, 'Edit', 3, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (19, 2, N'Oqtane.Client.Modules.Admin.Register, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Module', 19, 'View', -1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (2, 'Module', 19, 'Edit', 3, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Module] ([ModuleId], [SiteId], [ModuleDefinitionName], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (20, 1, N'Oqtane.Client.Modules.Admin.Roles, Oqtane.Client', '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 20, 'View', 1, null, 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Permission] ([SiteId], [EntityName], [EntityId], [PermissionName], [RoleId], [UserId], [IsAuthorized], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn]) VALUES (1, 'Module', 20, 'Edit', 1, null, 1, '', getdate(), '', getdate())
GO
SET IDENTITY_INSERT [dbo].[Module] OFF
GO
@ -450,21 +635,3 @@ VALUES (6, 17, N'Lorem ipsum dolor sit amet, consectetur adipiscing elit, sed do
GO
SET IDENTITY_INSERT [dbo].[HtmlText] OFF
GO
SET IDENTITY_INSERT [dbo].[Role] ON
GO
INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (1, 1, N'Administrators', N'Site Administrators', 0, '', getdate(), '', getdate())
GO
INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (2, 1, N'Registered Users', N'Registered Users', 1, '', getdate(), '', getdate())
GO
INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (3, 2, N'Administrators', N'Site Administrators', 0, '', getdate(), '', getdate())
GO
INSERT [dbo].[Role] ([RoleId], [SiteId], [Name], [Description], [IsAutoAssigned], [CreatedBy], [CreatedOn], [ModifiedBy], [ModifiedOn])
VALUES (4, 2, N'Registered Users', N'Registered Users', 1, '', getdate(), '', getdate())
GO
SET IDENTITY_INSERT [dbo].[Role] OFF
GO

7
Oqtane.Server/Security/ClaimsPrincipalFactory.cs
View File

@ -4,6 +4,7 @@ using System.Security.Claims;
using System.Threading.Tasks;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Security
{
@ -29,9 +30,11 @@ namespace Oqtane.Security
User user = Users.GetUser(identityuser.UserName);
if (user != null)
{
if (user.IsSuperUser)
id.AddClaim(new Claim(ClaimTypes.PrimarySid, user.UserId.ToString()));
if (user.IsHost) // host users are part of every site by default
{
id.AddClaim(new Claim(options.ClaimsIdentity.RoleClaimType, "Administrators"));
id.AddClaim(new Claim(options.ClaimsIdentity.RoleClaimType, Constants.HostRole));
id.AddClaim(new Claim(options.ClaimsIdentity.RoleClaimType, Constants.AdminRole));
}
else
{

57
Oqtane.Server/Security/PermissionHandler.cs Normal file
View File

@ -0,0 +1,57 @@
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Oqtane.Models;
using Oqtane.Repository;
namespace Oqtane.Security
{
public class PermissionHandler : AuthorizationHandler<PermissionRequirement>
{
private readonly IHttpContextAccessor HttpContextAccessor;
private readonly IPermissionRepository Permissions;
public PermissionHandler(IHttpContextAccessor HttpContextAccessor, IPermissionRepository Permissions)
{
this.HttpContextAccessor = HttpContextAccessor;
this.Permissions = Permissions;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement)
{
// permission is scoped based on EntityId which must be passed as a querystring parameter
var ctx = HttpContextAccessor.HttpContext;
if (ctx != null && ctx.Request.Query.ContainsKey("entityid"))
{
int EntityId = int.Parse(ctx.Request.Query["entityid"]);
string permissions = Permissions.EncodePermissions(EntityId, Permissions.GetPermissions(requirement.EntityName, EntityId, requirement.PermissionName).ToList());
User user = new User();
user.UserId = -1;
user.Roles = "";
if (context.User != null)
{
var idclaim = context.User.Claims.Where(item => item.Type == ClaimTypes.PrimarySid).FirstOrDefault();
if (idclaim != null)
{
user.UserId = int.Parse(idclaim.Value);
foreach (var claim in context.User.Claims.Where(item => item.Type == ClaimTypes.Role))
{
user.Roles += claim.Value + ";";
}
if (user.Roles != "") user.Roles = ";" + user.Roles;
}
}
if (UserSecurity.IsAuthorized(user, requirement.PermissionName, permissions))
{
context.Succeed(requirement);
}
}
return Task.CompletedTask;
}
}
}

17
Oqtane.Server/Security/PermissionRequirement.cs Normal file
View File

@ -0,0 +1,17 @@
using Microsoft.AspNetCore.Authorization;
namespace Oqtane.Security
{
public class PermissionRequirement : IAuthorizationRequirement
{
public string EntityName { get; }
public string PermissionName { get; }
public PermissionRequirement(string EntityName, string PermissionName)
{
this.EntityName = EntityName;
this.PermissionName = PermissionName;
}
}
}

25
Oqtane.Server/Startup.cs
View File

@ -25,6 +25,7 @@ using Oqtane.Security;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication;
using System.Net;
using Microsoft.AspNetCore.Authorization;
namespace Oqtane.Server
{
@ -68,8 +69,15 @@ namespace Oqtane.Server
});
}
// register auth services
services.AddAuthorizationCore();
// register authorization services
services.AddAuthorizationCore(options =>
{
options.AddPolicy("ViewPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", "View")));
options.AddPolicy("EditPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", "Edit")));
options.AddPolicy("ViewModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", "View")));
options.AddPolicy("EditModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", "Edit")));
});
services.AddScoped<IAuthorizationHandler, PermissionHandler>();
// register scoped core services
services.AddScoped<SiteState>();
@ -172,6 +180,7 @@ namespace Oqtane.Server
services.AddTransient<ISiteUserRepository, SiteUserRepository>();
services.AddTransient<IRoleRepository, RoleRepository>();
services.AddTransient<IUserRoleRepository, UserRoleRepository>();
services.AddTransient<IPermissionRepository, PermissionRepository>();
services.AddTransient<ISettingRepository, SettingRepository>();
// dynamically register module services, contexts, and repository classes
@ -275,8 +284,15 @@ namespace Oqtane.Server
options.User.RequireUniqueEmail = false;
});
services.AddAuthentication(IdentityConstants.ApplicationScheme)
.AddCookie(IdentityConstants.ApplicationScheme);
// register authorization services
services.AddAuthorizationCore(options =>
{
options.AddPolicy("ViewPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", "View")));
options.AddPolicy("EditPage", policy => policy.Requirements.Add(new PermissionRequirement("Page", "Edit")));
options.AddPolicy("ViewModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", "View")));
options.AddPolicy("EditModule", policy => policy.Requirements.Add(new PermissionRequirement("Module", "Edit")));
});
services.AddScoped<IAuthorizationHandler, PermissionHandler>();
services.ConfigureApplicationCookie(options =>
{
@ -329,6 +345,7 @@ namespace Oqtane.Server
services.AddTransient<ISiteUserRepository, SiteUserRepository>();
services.AddTransient<IRoleRepository, RoleRepository>();
services.AddTransient<IUserRoleRepository, UserRoleRepository>();
services.AddTransient<IPermissionRepository, PermissionRepository>();
services.AddTransient<ISettingRepository, SettingRepository>();
// dynamically register module services, contexts, and repository classes

5
Oqtane.Shared/Models/Module.cs
View File

@ -9,14 +9,15 @@ namespace Oqtane.Models
public int ModuleId { get; set; }
public int SiteId { get; set; }
public string ModuleDefinitionName { get; set; }
public string ViewPermissions { get; set; }
public string EditPermissions { get; set; }
public string CreatedBy { get; set; }
public DateTime CreatedOn { get; set; }
public string ModifiedBy { get; set; }
public DateTime ModifiedOn { get; set; }
[NotMapped]
public string Permissions { get; set; }
[NotMapped]
public int PageModuleId { get; set; }
[NotMapped]

7
Oqtane.Shared/Models/Page.cs
View File

@ -1,4 +1,5 @@
using System;
using System.ComponentModel.DataAnnotations.Schema;
namespace Oqtane.Models
{
@ -14,13 +15,15 @@ namespace Oqtane.Models
public string LayoutType { get; set; }
public string Icon { get; set; }
public string Panes { get; set; }
public string ViewPermissions { get; set; }
public string EditPermissions { get; set; }
public bool IsNavigation { get; set; }
public string CreatedBy { get; set; }
public DateTime CreatedOn { get; set; }
public string ModifiedBy { get; set; }
public DateTime ModifiedOn { get; set; }
[NotMapped]
public string Permissions { get; set; }
}
}

23
Oqtane.Shared/Models/Permission.cs Normal file
View File

@ -0,0 +1,23 @@
using System;
namespace Oqtane.Models
{
public class Permission : IAuditable
{
public int PermissionId { get; set; }
public int SiteId { get; set; }
public string EntityName { get; set; }
public int EntityId { get; set; }
public string PermissionName { get; set; }
public int? RoleId { get; set; }
public int? UserId { get; set; }
public bool IsAuthorized { get; set; }
public string CreatedBy { get; set; }
public DateTime CreatedOn { get; set; }
public string ModifiedBy { get; set; }
public DateTime ModifiedOn { get; set; }
public Role Role { get; set; }
}
}

3
Oqtane.Shared/Models/User.cs
View File

@ -8,7 +8,8 @@ namespace Oqtane.Models
public int UserId { get; set; }
public string Username { get; set; }
public string DisplayName { get; set; }
public bool IsSuperUser { get; set; }
public string Email { get; set; }
public bool IsHost { get; set; }
[NotMapped]
public int SiteId { get; set; }
[NotMapped]

103
Oqtane.Shared/Security/UserSecurity.cs Normal file
View File

@ -0,0 +1,103 @@
using System;
using Oqtane.Models;
using Oqtane.Shared;
namespace Oqtane.Security
{
public class UserSecurity
{
// permission collections are stored in format {permissionname1:permissions}{permissionname2:permissions}...
public static string GetPermissions(string PermissionName, string Permissions)
{
string permissions = "";
foreach(string permission in Permissions.Split(new char[] { '{' }, StringSplitOptions.RemoveEmptyEntries))
{
if (permission.StartsWith(PermissionName + ":"))
{
permissions = permission.Replace(PermissionName + ":", "").Replace("}", "");
break;
}
}
return permissions;
}
public static string SetPermissions(string PermissionName, string Permissions)
{
return "{" + PermissionName + ":" + Permissions + "}";
}
// permissions are stored in the format "!rolename1;![userid1];rolename2;rolename3;[userid2];[userid3]" where "!" designates Deny permissions
public static bool IsAuthorized(User User, string PermissionName, string Permissions)
{
Permissions = GetPermissions(PermissionName, Permissions);
if (User == null)
{
return IsAuthorized(-1, "", Permissions); // user is not authenticated but may have access to resource
}
else
{
return IsAuthorized(User.UserId, User.Roles, Permissions);
}
}
private static bool IsAuthorized(int UserId, string Roles, string Permissions)
{
bool IsAuthorized = false;
if (Permissions != null)
{
foreach (string permission in Permissions.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
{
bool? allowed = VerifyPermission(UserId, Roles, permission);
if (allowed.HasValue)
{
IsAuthorized = allowed.Value;
break;
}
}
}
return IsAuthorized;
}
private static bool? VerifyPermission(int UserId, string Roles, string Permission)
{
bool? allowed = null;
//permissions strings are encoded with deny permissions at the beginning and grant permissions at the end for optimal performance
if (!String.IsNullOrEmpty(Permission))
{
// deny permission
if (Permission.StartsWith("!"))
{
string denyRole = Permission.Replace("!", "");
if (denyRole == Constants.AllUsersRole || IsAllowed(UserId, Roles, denyRole))
{
allowed = false;
}
}
else // grant permission
{
if (Permission == Constants.AllUsersRole || IsAllowed(UserId, Roles, Permission))
{
allowed = true;
}
}
}
return allowed;
}
private static bool IsAllowed(int UserId, string Roles, string Permission)
{
if ("[" + UserId + "]" == Permission)
{
return true;
}
if (Roles != null)
{
return Roles.IndexOf(";" + Permission + ";") != -1;
}
return false;
}
}
}

1
Oqtane.Client/Shared/Constants.cs → Oqtane.Shared/Shared/Constants.cs
View File

@ -14,6 +14,7 @@
public const string AllUsersRole = "All Users";
public const string AdminRole = "Administrators";
public const string HostRole = "Hosts";
public const int ReloadApplication = 3;
public const int ReloadSite = 2;