kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #370 from sbwalker/master

Browse Source 
added defensive coding to deal with scenarios where files are deleted but still references from other entities
This commit is contained in:
Shaun Walker 2020-04-14 12:17:44 -04:00 committed by GitHub
commit 4bb906a316
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 92 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Oqtane.Client/Modules/Admin/ModuleCreator/Templates/External/Client/Index.razor vendored
View File

@ -37,6 +37,8 @@ else
}
}
<!-- The content below is for informational purposes only and can be safely removed -->
<hr />
[Module] Module Created Successfully. Use Edit Mode To Add A [Module]. You Can Access The Files At The Following Locations:<br /><br />
[RootPath]Client\<br />
@ -65,6 +67,8 @@ else
- [Owner].[Module]s.Module.Shared.csproj - shared project<br />
- Models\[Module].cs - model definition<br /><br />
<!-- The content above is for informational purposes only and can be safely removed -->
@code {
I[Module]Service [Module]Service;
List<[Module]> _[Module]s;

4
Oqtane.Client/Modules/Admin/ModuleCreator/Templates/Internal/Oqtane.Client/Modules/[Module]/Index.razor
View File

@ -37,6 +37,8 @@ else
}
}
<!-- The content below is for informational purposes only and can be safely removed -->
<hr />
[Module] Module Created Successfully. Use Edit Mode To Add A [Module]. You Can Access The Files At The Following Locations:<br /><br />
[RootPath]Oqtane.Client\Modules\[Module]\<br />
@ -56,6 +58,8 @@ else
[RootPath]Oqtane.Shared\Modules\[Module]\<br />
- Models\[Module].cs - model definition<br /><br />
<!-- The content above is for informational purposes only and can be safely removed -->
@code {
I[Module]Service [Module]Service;
List<[Module]> _[Module]s;

31
Oqtane.Client/Modules/Controls/FileManager.razor
View File

@ -6,7 +6,7 @@
@if (_folders != null)
{
<div class="container-fluid px-0">
<div id="@Id" class="container-fluid px-0">
<div class="row">
<div class="col">
<div>
@ -95,6 +95,10 @@
private bool _haseditpermission = false;
private string _message = string.Empty;
private string _image = string.Empty;
private string _guid;
[Parameter]
public string Id { get; set; } // optional - for setting the id of the FileManager component for accessibility
[Parameter]
public string Folder { get; set; } // optional - for setting a specific folder by default
@ -116,6 +120,11 @@
protected override async Task OnInitializedAsync()
{
if (!string.IsNullOrEmpty(Id))
{
_id = Id;
}
if (!string.IsNullOrEmpty(Folder))
{
_folders = new List<Folder> {new Folder {FolderId = -1, Name = Folder}};
@ -133,7 +142,6 @@
if (!string.IsNullOrEmpty(FileId))
{
_fileid = int.Parse(FileId);
await SetImage();
if (_fileid != -1)
{
File file = await FileService.GetFileAsync(int.Parse(FileId));
@ -141,7 +149,12 @@
{
_folderid = file.FolderId;
}
else
{
_fileid = -1; // file does not exist
}
}
await SetImage();
}
if (!string.IsNullOrEmpty(ShowFiles))
{
@ -156,10 +169,10 @@
await GetFiles();
// create unique id for component
_id = Guid.NewGuid().ToString("N");
_fileinputid = _id + "FileInput";
_progressinfoid = _id + "ProgressInfo";
_progressbarid = _id + "ProgressBar";
_guid = Guid.NewGuid().ToString("N");
_fileinputid = _guid + "FileInput";
_progressinfoid = _guid + "ProgressInfo";
_progressbarid = _guid + "ProgressBar";
if (!string.IsNullOrEmpty(UploadMultiple))
{
@ -236,7 +249,7 @@
if (_fileid != -1)
{
File file = await FileService.GetFileAsync(_fileid);
if (file.ImageHeight != 0 && file.ImageWidth != 0)
if (file != null && file.ImageHeight != 0 && file.ImageWidth != 0)
{
var maxwidth = 200;
var maxheight = 200;
@ -263,11 +276,11 @@
string result;
if (!string.IsNullOrEmpty(Folder))
{
result = await FileService.UploadFilesAsync(Folder, upload, _id);
result = await FileService.UploadFilesAsync(Folder, upload, _guid);
}
else
{
result = await FileService.UploadFilesAsync(_folderid, upload, _id);
result = await FileService.UploadFilesAsync(_folderid, upload, _guid);
}
if (result == string.Empty)

9
Oqtane.Client/Services/FileService.cs
View File

@ -56,7 +56,14 @@ namespace Oqtane.Services
public async Task<File> GetFileAsync(int fileId)
{
return await _http.GetJsonAsync<File>($"{Apiurl}/{fileId.ToString()}");
try
{
return await _http.GetJsonAsync<File>($"{Apiurl}/{fileId.ToString()}");
}
catch
{
return null;
}
}
public async Task<File> AddFileAsync(File file)

82
Oqtane.Server/Controllers/FileController.cs
View File

@ -81,22 +81,22 @@ namespace Oqtane.Controllers
Folder folder = _folders.GetFolder(siteId, folderPath);
List<Models.File> files;
if (folder != null)
{
if (_userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.Permissions))
{
files = _files.GetFiles(folder.FolderId).ToList();
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Folder {folder}",
folder);
_logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Folder {folder}", folder);
HttpContext.Response.StatusCode = 401;
return null;
}
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Read, "Folder not found {path}",
path);
HttpContext.Response.StatusCode = 401;
_logger.Log(LogLevel.Error, this, LogFunction.Read, "Folder Not Found {SiteId} {Path}", siteId, path);
HttpContext.Response.StatusCode = 404;
return null;
}
@ -108,14 +108,23 @@ namespace Oqtane.Controllers
public Models.File Get(int id)
{
Models.File file = _files.GetFile(id);
if (_userPermissions.IsAuthorized(User, PermissionNames.View, file.Folder.Permissions))
if (file != null)
{
return file;
if (_userPermissions.IsAuthorized(User, PermissionNames.View, file.Folder.Permissions))
{
return file;
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access File {File}", file);
HttpContext.Response.StatusCode = 401;
return null;
}
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access File {File}", file);
HttpContext.Response.StatusCode = 401;
_logger.Log(LogLevel.Error, this, LogFunction.Read, "File Not Found {FileId}", id);
HttpContext.Response.StatusCode = 404;
return null;
}
}
@ -146,22 +155,30 @@ namespace Oqtane.Controllers
public void Delete(int id)
{
Models.File file = _files.GetFile(id);
if (_userPermissions.IsAuthorized(User, EntityNames.Folder, file.Folder.FolderId, PermissionNames.Edit))
if (file != null)
{
_files.DeleteFile(id);
string filepath = Path.Combine(GetFolderPath(file.Folder) + file.Name);
if (System.IO.File.Exists(filepath))
if (_userPermissions.IsAuthorized(User, EntityNames.Folder, file.Folder.FolderId, PermissionNames.Edit))
{
System.IO.File.Delete(filepath);
}
_files.DeleteFile(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "File Deleted {File}", file);
string filepath = Path.Combine(GetFolderPath(file.Folder) + file.Name);
if (System.IO.File.Exists(filepath))
{
System.IO.File.Delete(filepath);
}
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "File Deleted {File}", file);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete File {FileId}", id);
HttpContext.Response.StatusCode = 401;
}
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete File {FileId}", id);
HttpContext.Response.StatusCode = 401;
_logger.Log(LogLevel.Error, this, LogFunction.Delete, "File Not Found {FileId}", id);
HttpContext.Response.StatusCode = 404;
}
}
@ -379,25 +396,34 @@ namespace Oqtane.Controllers
public IActionResult Download(int id)
{
Models.File file = _files.GetFile(id);
if (file != null && _userPermissions.IsAuthorized(User, PermissionNames.View, file.Folder.Permissions))
if (file != null)
{
string filepath = GetFolderPath(file.Folder) + file.Name;
if (System.IO.File.Exists(filepath))
if (_userPermissions.IsAuthorized(User, PermissionNames.View, file.Folder.Permissions))
{
byte[] filebytes = System.IO.File.ReadAllBytes(filepath);
return File(filebytes, "application/octet-stream", file.Name);
string filepath = GetFolderPath(file.Folder) + file.Name;
if (System.IO.File.Exists(filepath))
{
byte[] filebytes = System.IO.File.ReadAllBytes(filepath);
return File(filebytes, "application/octet-stream", file.Name);
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Read, "File Does Not Exist {FileId} {FilePath}", id, filepath);
HttpContext.Response.StatusCode = 404;
return null;
}
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Read, "File Does Not Exist {File}", file);
HttpContext.Response.StatusCode = 404;
_logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access File {FileId}", id);
HttpContext.Response.StatusCode = 401;
return null;
}
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access File {FileId}", id);
HttpContext.Response.StatusCode = 401;
_logger.Log(LogLevel.Error, this, LogFunction.Read, "File Not Found {FileId}", id);
HttpContext.Response.StatusCode = 404;
return null;
}
}