kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #4633 from sbwalker/dev

Browse Source 
fix trimming of site, page, and module settings
This commit is contained in:
Shaun Walker 2024-09-18 18:32:04 -04:00 committed by GitHub
commit 3c417bfa99
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
4 changed files with 24 additions and 29 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
Oqtane.Server/Repository/SettingRepository.cs
View File

@ -1,7 +1,6 @@
using System.Collections.Generic; using System.Collections.Generic;
using System.Linq; using System.Linq;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
using Microsoft.EntityFrameworkCore.Internal;
using Microsoft.Extensions.Caching.Memory; using Microsoft.Extensions.Caching.Memory;
using Oqtane.Infrastructure; using Oqtane.Infrastructure;
using Oqtane.Models; using Oqtane.Models;

4
Oqtane.Server/Repository/ThemeRepository.cs
View File

@ -5,15 +5,11 @@ using System.IO;
using System.Linq; using System.Linq;
using System.Reflection; using System.Reflection;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
using System.Security;
using Microsoft.Extensions.Caching.Memory; using Microsoft.Extensions.Caching.Memory;
using Oqtane.Infrastructure; using Oqtane.Infrastructure;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Shared; using Oqtane.Shared;
using Oqtane.Themes; using Oqtane.Themes;
using System.Reflection.Metadata;
using Oqtane.Migrations.Master;
using Oqtane.Modules;
namespace Oqtane.Repository namespace Oqtane.Repository
{ {

46
Oqtane.Server/Services/SiteService.cs
View File

@ -32,6 +32,7 @@ namespace Oqtane.Services
private readonly ILogManager _logger; private readonly ILogManager _logger;
private readonly IMemoryCache _cache; private readonly IMemoryCache _cache;
private readonly IHttpContextAccessor _accessor; private readonly IHttpContextAccessor _accessor;
private readonly string _private = "[PRIVATE]";
public ServerSiteService(ISiteRepository sites, IPageRepository pages, IThemeRepository themes, IPageModuleRepository pageModules, IModuleDefinitionRepository moduleDefinitions, ILanguageRepository languages, IUserPermissions userPermissions, ISettingRepository settings, ITenantManager tenantManager, ISyncManager syncManager, ILogManager logger, IMemoryCache cache, IHttpContextAccessor accessor) public ServerSiteService(ISiteRepository sites, IPageRepository pages, IThemeRepository themes, IPageModuleRepository pageModules, IModuleDefinitionRepository moduleDefinitions, ILanguageRepository languages, IUserPermissions userPermissions, ISettingRepository settings, ITenantManager tenantManager, ISyncManager syncManager, ILogManager logger, IMemoryCache cache, IHttpContextAccessor accessor)
{ {
@ -69,18 +70,26 @@ namespace Oqtane.Services
return GetSite(siteId); return GetSite(siteId);
}); });
// clone object so that cache is not mutated
site = site.Clone(site);
// trim site settings based on user permissions
site.Settings = site.Settings
.Where(item => !item.Value.StartsWith(_private) || _accessor.HttpContext.User.IsInRole(RoleNames.Admin))
.ToDictionary(setting => setting.Key, setting => setting.Value.Replace(_private, ""));
// trim pages based on user permissions // trim pages based on user permissions
var pages = new List<Page>(); var pages = new List<Page>();
foreach (Page page in site.Pages) foreach (Page page in site.Pages)
{ {
if (!page.IsDeleted && _userPermissions.IsAuthorized(_accessor.HttpContext.User, PermissionNames.View, page.PermissionList) && (Utilities.IsEffectiveAndNotExpired(page.EffectiveDate, page.ExpiryDate) || _userPermissions.IsAuthorized(_accessor.HttpContext.User, PermissionNames.Edit, page.PermissionList))) if (!page.IsDeleted && _userPermissions.IsAuthorized(_accessor.HttpContext.User, PermissionNames.View, page.PermissionList) && (Utilities.IsEffectiveAndNotExpired(page.EffectiveDate, page.ExpiryDate) || _userPermissions.IsAuthorized(_accessor.HttpContext.User, PermissionNames.Edit, page.PermissionList)))
{ {
page.Settings = page.Settings
.Where(item => !item.Value.StartsWith(_private) || _userPermissions.IsAuthorized(_accessor.HttpContext.User, PermissionNames.Edit, page.PermissionList))
.ToDictionary(setting => setting.Key, setting => setting.Value.Replace(_private, ""));
pages.Add(page); pages.Add(page);
} }
} }
// clone object so that cache is not mutated
site = site.Clone(site);
site.Pages = pages; site.Pages = pages;
return Task.FromResult(site); return Task.FromResult(site);
@ -94,14 +103,13 @@ namespace Oqtane.Services
{ {
// site settings // site settings
site.Settings = _settings.GetSettings(EntityNames.Site, site.SiteId) site.Settings = _settings.GetSettings(EntityNames.Site, site.SiteId)
.Where(item => !item.IsPrivate || _accessor.HttpContext.User.IsInRole(RoleNames.Admin)) .ToDictionary(setting => setting.SettingName, setting => (setting.IsPrivate ? _private : "") + setting.SettingValue);
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
// populate File Extensions // populate file extensions
site.ImageFiles = site.Settings.ContainsKey("ImageFiles") && !string.IsNullOrEmpty(site.Settings["ImageFiles"]) site.ImageFiles = site.Settings.ContainsKey("ImageFiles") && !string.IsNullOrEmpty(site.Settings["ImageFiles"])
? site.Settings["ImageFiles"] : Constants.ImageFiles; ? site.Settings["ImageFiles"] : Constants.ImageFiles;
site.UploadableFiles = site.Settings.ContainsKey("UploadableFiles") && !string.IsNullOrEmpty(site.Settings["UploadableFiles"]) site.UploadableFiles = site.Settings.ContainsKey("UploadableFiles") && !string.IsNullOrEmpty(site.Settings["UploadableFiles"])
? site.Settings["UploadableFiles"] : Constants.UploadableFiles; ? site.Settings["UploadableFiles"] : Constants.UploadableFiles;
// pages // pages
List<Setting> settings = _settings.GetSettings(EntityNames.Page).ToList(); List<Setting> settings = _settings.GetSettings(EntityNames.Page).ToList();
@ -109,14 +117,13 @@ namespace Oqtane.Services
foreach (Page page in _pages.GetPages(site.SiteId)) foreach (Page page in _pages.GetPages(site.SiteId))
{ {
page.Settings = settings.Where(item => item.EntityId == page.PageId) page.Settings = settings.Where(item => item.EntityId == page.PageId)
.Where(item => !item.IsPrivate || _userPermissions.IsAuthorized(_accessor.HttpContext.User, PermissionNames.Edit, page.PermissionList)) .ToDictionary(setting => setting.SettingName, setting => (setting.IsPrivate ? _private : "") + setting.SettingValue);
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
site.Pages.Add(page); site.Pages.Add(page);
} }
site.Pages = GetPagesHierarchy(site.Pages); site.Pages = GetPagesHierarchy(site.Pages);
// framework modules // framework modules
var modules = GetModules(site.SiteId); var modules = GetPageModules(site.SiteId);
site.Settings.Add(Constants.AdminDashboardModule, modules.FirstOrDefault(item => item.ModuleDefinitionName == Constants.AdminDashboardModule).ModuleId.ToString()); site.Settings.Add(Constants.AdminDashboardModule, modules.FirstOrDefault(item => item.ModuleDefinitionName == Constants.AdminDashboardModule).ModuleId.ToString());
site.Settings.Add(Constants.PageManagementModule, modules.FirstOrDefault(item => item.ModuleDefinitionName == Constants.PageManagementModule).ModuleId.ToString()); site.Settings.Add(Constants.PageManagementModule, modules.FirstOrDefault(item => item.ModuleDefinitionName == Constants.PageManagementModule).ModuleId.ToString());
@ -252,30 +259,24 @@ namespace Oqtane.Services
var sitemodules = _cache.GetOrCreate($"modules:{alias.SiteKey}", entry => var sitemodules = _cache.GetOrCreate($"modules:{alias.SiteKey}", entry =>
{ {
entry.SlidingExpiration = TimeSpan.FromMinutes(30); entry.SlidingExpiration = TimeSpan.FromMinutes(30);
return GetModules(siteId); return GetPageModules(siteId);
}); });
// trim modules for current page based on user permissions
var modules = new List<Module>(); var modules = new List<Module>();
foreach (Module module in sitemodules.Where(item => (item.PageId == pageId || pageId == -1) && !item.IsDeleted && _userPermissions.IsAuthorized(_accessor.HttpContext.User, PermissionNames.View, item.PermissionList))) foreach (Module module in sitemodules.Where(item => (item.PageId == pageId || pageId == -1) && !item.IsDeleted && _userPermissions.IsAuthorized(_accessor.HttpContext.User, PermissionNames.View, item.PermissionList)))
{ {
if (Utilities.IsEffectiveAndNotExpired(module.EffectiveDate, module.ExpiryDate) || _userPermissions.IsAuthorized(_accessor.HttpContext.User, PermissionNames.Edit, module.PermissionList)) if (Utilities.IsEffectiveAndNotExpired(module.EffectiveDate, module.ExpiryDate) || _userPermissions.IsAuthorized(_accessor.HttpContext.User, PermissionNames.Edit, module.PermissionList))
{ {
module.Settings = module.Settings
.Where(item => !item.Value.StartsWith(_private) || _userPermissions.IsAuthorized(_accessor.HttpContext.User, PermissionNames.Edit, module.PermissionList))
.ToDictionary(setting => setting.Key, setting => setting.Value.Replace(_private, ""));
modules.Add(module); modules.Add(module);
} }
} }
return Task.FromResult(modules); return Task.FromResult(modules);
} }
private List<Module> GetModules(int siteId)
{
var alias = _tenantManager.GetAlias();
return _cache.GetOrCreate($"modules:{alias.SiteKey}", entry =>
{
entry.SlidingExpiration = TimeSpan.FromMinutes(30);
return GetPageModules(siteId);
});
}
private List<Module> GetPageModules(int siteId) private List<Module> GetPageModules(int siteId)
{ {
List<ModuleDefinition> moduledefinitions = _moduleDefinitions.GetModuleDefinitions(siteId).ToList(); List<ModuleDefinition> moduledefinitions = _moduleDefinitions.GetModuleDefinitions(siteId).ToList();
@ -311,8 +312,7 @@ namespace Oqtane.Services
ModuleDefinition = _moduleDefinitions.FilterModuleDefinition(moduledefinitions.Find(item => item.ModuleDefinitionName == pagemodule.Module.ModuleDefinitionName)), ModuleDefinition = _moduleDefinitions.FilterModuleDefinition(moduledefinitions.Find(item => item.ModuleDefinitionName == pagemodule.Module.ModuleDefinitionName)),
Settings = settings.Where(item => item.EntityId == pagemodule.ModuleId) Settings = settings.Where(item => item.EntityId == pagemodule.ModuleId)
.Where(item => !item.IsPrivate || _userPermissions.IsAuthorized(_accessor.HttpContext.User, PermissionNames.Edit, pagemodule.Module.PermissionList)) .ToDictionary(setting => setting.SettingName, setting => (setting.IsPrivate ? _private : "") + setting.SettingValue)
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue)
}; };
modules.Add(module); modules.Add(module);

2
Oqtane.Shared/Interfaces/IThemeControl.cs
View File

@ -16,7 +16,7 @@ namespace Oqtane.Themes
string Thumbnail { get; } string Thumbnail { get; }
/// <summary> /// <summary>
/// Identifies all panes in a theme ( delimited by "," or ";") - assumed to be a layout if no panes specified /// Comma delimited list of all panes in a theme
/// </summary> /// </summary>
string Panes { get; } string Panes { get; }