diff --git a/Oqtane.Server/Controllers/FileController.cs b/Oqtane.Server/Controllers/FileController.cs index 63488906..26386be3 100644 --- a/Oqtane.Server/Controllers/FileController.cs +++ b/Oqtane.Server/Controllers/FileController.cs @@ -137,8 +137,8 @@ namespace Oqtane.Controllers { var File = _files.GetFile(file.FileId, false); if (ModelState.IsValid && file.Folder.SiteId == _alias.SiteId && File != null // ensure file exists - && _userPermissions.IsAuthorized(User, EntityNames.Folder, File.FolderId, PermissionNames.Edit) // ensure user had edit rights to original folder - && _userPermissions.IsAuthorized(User, EntityNames.Folder, file.FolderId, PermissionNames.Edit)) // ensure user has edit rights to new folder + && _userPermissions.IsAuthorized(User, file.Folder.SiteId, EntityNames.Folder, File.FolderId, PermissionNames.Edit) // ensure user had edit rights to original folder + && _userPermissions.IsAuthorized(User, file.Folder.SiteId, EntityNames.Folder, file.FolderId, PermissionNames.Edit)) // ensure user has edit rights to new folder { if (File.Name != file.Name || File.FolderId != file.FolderId) { @@ -180,7 +180,7 @@ namespace Oqtane.Controllers public void Delete(int id) { Models.File file = _files.GetFile(id); - if (file != null && file.Folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Folder, file.Folder.FolderId, PermissionNames.Edit)) + if (file != null && file.Folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, file.Folder.SiteId, EntityNames.Folder, file.Folder.FolderId, PermissionNames.Edit)) { string filepath = _files.GetFilePath(file); if (System.IO.File.Exists(filepath)) diff --git a/Oqtane.Server/Controllers/FolderController.cs b/Oqtane.Server/Controllers/FolderController.cs index d15f89f3..839c8e1f 100644 --- a/Oqtane.Server/Controllers/FolderController.cs +++ b/Oqtane.Server/Controllers/FolderController.cs @@ -157,7 +157,7 @@ namespace Oqtane.Controllers [Authorize(Roles = RoleNames.Registered)] public Folder Put(int id, [FromBody] Folder folder) { - if (ModelState.IsValid && folder.SiteId == _alias.SiteId && _folders.GetFolder(folder.FolderId, false) != null && _userPermissions.IsAuthorized(User, EntityNames.Folder, folder.FolderId, PermissionNames.Edit)) + if (ModelState.IsValid && folder.SiteId == _alias.SiteId && _folders.GetFolder(folder.FolderId, false) != null && _userPermissions.IsAuthorized(User, folder.SiteId, EntityNames.Folder, folder.FolderId, PermissionNames.Edit)) { if (folder.IsPathValid()) { @@ -199,7 +199,7 @@ namespace Oqtane.Controllers [Authorize(Roles = RoleNames.Registered)] public void Put(int siteid, int folderid, int? parentid) { - if (siteid == _alias.SiteId && _folders.GetFolder(folderid, false) != null && _userPermissions.IsAuthorized(User, EntityNames.Folder, folderid, PermissionNames.Edit)) + if (siteid == _alias.SiteId && _folders.GetFolder(folderid, false) != null && _userPermissions.IsAuthorized(User, siteid, EntityNames.Folder, folderid, PermissionNames.Edit)) { int order = 1; List folders = _folders.GetFolders(siteid).ToList(); @@ -228,7 +228,7 @@ namespace Oqtane.Controllers public void Delete(int id) { var folder = _folders.GetFolder(id, false); - if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Folder, id, PermissionNames.Edit)) + if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, folder.SiteId, EntityNames.Folder, id, PermissionNames.Edit)) { if (Directory.Exists(_folders.GetFolderPath(folder))) { diff --git a/Oqtane.Server/Controllers/ModuleController.cs b/Oqtane.Server/Controllers/ModuleController.cs index 1ba4e8ce..dbc57f07 100644 --- a/Oqtane.Server/Controllers/ModuleController.cs +++ b/Oqtane.Server/Controllers/ModuleController.cs @@ -121,7 +121,7 @@ namespace Oqtane.Controllers [Authorize(Roles = RoleNames.Registered)] public Module Post([FromBody] Module module) { - if (ModelState.IsValid && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Page, module.PageId, PermissionNames.Edit)) + if (ModelState.IsValid && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, module.SiteId, EntityNames.Page, module.PageId, PermissionNames.Edit)) { module = _modules.AddModule(module); _syncManager.AddSyncEvent(_alias.TenantId, EntityNames.Module, module.ModuleId, SyncEventActions.Create); @@ -144,7 +144,7 @@ namespace Oqtane.Controllers { var _module = _modules.GetModule(module.ModuleId, false); - if (ModelState.IsValid && module.SiteId == _alias.SiteId && _module != null && _userPermissions.IsAuthorized(User, EntityNames.Module, module.ModuleId, PermissionNames.Edit)) + if (ModelState.IsValid && module.SiteId == _alias.SiteId && _module != null && _userPermissions.IsAuthorized(User, module.SiteId, EntityNames.Module, module.ModuleId, PermissionNames.Edit)) { module = _modules.UpdateModule(module); @@ -194,7 +194,7 @@ namespace Oqtane.Controllers public void Delete(int id) { var module = _modules.GetModule(id); - if (module != null && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Module, module.ModuleId, PermissionNames.Edit)) + if (module != null && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, module.SiteId, EntityNames.Module, module.ModuleId, PermissionNames.Edit)) { _modules.DeleteModule(id); _syncManager.AddSyncEvent(_alias.TenantId, EntityNames.Module, module.ModuleId, SyncEventActions.Delete); @@ -215,7 +215,7 @@ namespace Oqtane.Controllers { string content = ""; var module = _modules.GetModule(moduleid); - if (module != null && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Page, pageid, PermissionNames.Edit)) + if (module != null && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, module.SiteId, EntityNames.Page, pageid, PermissionNames.Edit)) { content = _modules.ExportModule(moduleid); if (!string.IsNullOrEmpty(content)) @@ -242,7 +242,7 @@ namespace Oqtane.Controllers { bool success = false; var module = _modules.GetModule(moduleid); - if (ModelState.IsValid && module != null && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Page, pageid, PermissionNames.Edit)) + if (ModelState.IsValid && module != null && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, module.SiteId, EntityNames.Page, pageid, PermissionNames.Edit)) { success = _modules.ImportModule(moduleid, content); if (success) diff --git a/Oqtane.Server/Controllers/PageController.cs b/Oqtane.Server/Controllers/PageController.cs index 92cf36b6..b363dc35 100644 --- a/Oqtane.Server/Controllers/PageController.cs +++ b/Oqtane.Server/Controllers/PageController.cs @@ -253,10 +253,10 @@ namespace Oqtane.Controllers // get current page var currentPage = _pages.GetPage(page.PageId, false); - if (ModelState.IsValid && page.SiteId == _alias.SiteId && currentPage != null && _userPermissions.IsAuthorized(User, EntityNames.Page, page.PageId, PermissionNames.Edit)) + if (ModelState.IsValid && page.SiteId == _alias.SiteId && currentPage != null && _userPermissions.IsAuthorized(User, page.SiteId, EntityNames.Page, page.PageId, PermissionNames.Edit)) { // get current page permissions - var currentPermissions = _permissionRepository.GetPermissions(EntityNames.Page, page.PageId).ToList(); + var currentPermissions = _permissionRepository.GetPermissions(page.SiteId, EntityNames.Page, page.PageId).ToList(); page = _pages.UpdatePage(page); @@ -283,7 +283,7 @@ namespace Oqtane.Controllers { foreach (PageModule pageModule in _pageModules.GetPageModules(page.PageId, "").ToList()) { - var modulePermissions = _permissionRepository.GetPermissions(EntityNames.Module, pageModule.Module.ModuleId).ToList(); + var modulePermissions = _permissionRepository.GetPermissions(pageModule.Module.SiteId, EntityNames.Module, pageModule.Module.ModuleId).ToList(); // permissions added foreach(Permission permission in added) { @@ -346,7 +346,7 @@ namespace Oqtane.Controllers [Authorize(Roles = RoleNames.Registered)] public void Put(int siteid, int pageid, int? parentid) { - if (siteid == _alias.SiteId && siteid == _alias.SiteId && _pages.GetPage(pageid, false) != null && _userPermissions.IsAuthorized(User, EntityNames.Page, pageid, PermissionNames.Edit)) + if (siteid == _alias.SiteId && siteid == _alias.SiteId && _pages.GetPage(pageid, false) != null && _userPermissions.IsAuthorized(User, siteid, EntityNames.Page, pageid, PermissionNames.Edit)) { int order = 1; List pages = _pages.GetPages(siteid).ToList(); @@ -377,7 +377,7 @@ namespace Oqtane.Controllers public void Delete(int id) { Page page = _pages.GetPage(id); - if (page != null && page.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Page, page.PageId, PermissionNames.Edit)) + if (page != null && page.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, page.SiteId, EntityNames.Page, page.PageId, PermissionNames.Edit)) { _pages.DeletePage(page.PageId); _syncManager.AddSyncEvent(_alias.TenantId, EntityNames.Page, page.PageId, SyncEventActions.Delete); diff --git a/Oqtane.Server/Controllers/PageModuleController.cs b/Oqtane.Server/Controllers/PageModuleController.cs index 619b7d77..af3d3890 100644 --- a/Oqtane.Server/Controllers/PageModuleController.cs +++ b/Oqtane.Server/Controllers/PageModuleController.cs @@ -73,7 +73,7 @@ namespace Oqtane.Controllers public PageModule Post([FromBody] PageModule pageModule) { var page = _pages.GetPage(pageModule.PageId); - if (ModelState.IsValid && page != null && page.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Page, pageModule.PageId, PermissionNames.Edit)) + if (ModelState.IsValid && page != null && page.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, page.SiteId, EntityNames.Page, pageModule.PageId, PermissionNames.Edit)) { pageModule = _pageModules.AddPageModule(pageModule); _syncManager.AddSyncEvent(_alias.TenantId, EntityNames.PageModule, pageModule.PageModuleId, SyncEventActions.Create); @@ -95,7 +95,7 @@ namespace Oqtane.Controllers public PageModule Put(int id, [FromBody] PageModule pageModule) { var page = _pages.GetPage(pageModule.PageId); - if (ModelState.IsValid && page != null && page.SiteId == _alias.SiteId && _pageModules.GetPageModule(pageModule.PageModuleId, false) != null && _userPermissions.IsAuthorized(User, EntityNames.Page, pageModule.PageId, PermissionNames.Edit)) + if (ModelState.IsValid && page != null && page.SiteId == _alias.SiteId && _pageModules.GetPageModule(pageModule.PageModuleId, false) != null && _userPermissions.IsAuthorized(User, page.SiteId, EntityNames.Page, pageModule.PageId, PermissionNames.Edit)) { pageModule = _pageModules.UpdatePageModule(pageModule); _syncManager.AddSyncEvent(_alias.TenantId, EntityNames.PageModule, pageModule.PageModuleId, SyncEventActions.Update); @@ -117,7 +117,7 @@ namespace Oqtane.Controllers public void Put(int pageid, string pane) { var page = _pages.GetPage(pageid); - if (page != null && page.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Page, pageid, PermissionNames.Edit)) + if (page != null && page.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, page.SiteId, EntityNames.Page, pageid, PermissionNames.Edit)) { int order = 1; List pagemodules = _pageModules.GetPageModules(pageid, pane).OrderBy(item => item.Order).ToList(); @@ -147,7 +147,7 @@ namespace Oqtane.Controllers public void Delete(int id) { PageModule pagemodule = _pageModules.GetPageModule(id); - if (pagemodule != null && pagemodule.Module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Page, pagemodule.PageId, PermissionNames.Edit)) + if (pagemodule != null && pagemodule.Module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, pagemodule.Module.SiteId, EntityNames.Page, pagemodule.PageId, PermissionNames.Edit)) { _pageModules.DeletePageModule(id); _syncManager.AddSyncEvent(_alias.TenantId, EntityNames.PageModule, pagemodule.PageModuleId, SyncEventActions.Delete); diff --git a/Oqtane.Server/Controllers/SettingController.cs b/Oqtane.Server/Controllers/SettingController.cs index 092c232e..a3a04231 100644 --- a/Oqtane.Server/Controllers/SettingController.cs +++ b/Oqtane.Server/Controllers/SettingController.cs @@ -206,7 +206,7 @@ namespace Oqtane.Controllers case EntityNames.Page: case EntityNames.Module: case EntityNames.Folder: - authorized = _userPermissions.IsAuthorized(User, entityName, entityId, permissionName); + authorized = _userPermissions.IsAuthorized(User, _alias.SiteId, entityName, entityId, permissionName); break; case EntityNames.User: authorized = true; @@ -228,7 +228,7 @@ namespace Oqtane.Controllers default: // custom entity if (permissionName == PermissionNames.Edit) { - authorized = User.IsInRole(RoleNames.Admin) || _userPermissions.IsAuthorized(User, entityName, entityId, permissionName); + authorized = User.IsInRole(RoleNames.Admin) || _userPermissions.IsAuthorized(User, _alias.SiteId, entityName, entityId, permissionName); } else { @@ -255,7 +255,7 @@ namespace Oqtane.Controllers case EntityNames.Page: case EntityNames.Module: case EntityNames.Folder: - filter = !_userPermissions.IsAuthorized(User, entityName, entityId, PermissionNames.Edit); + filter = !_userPermissions.IsAuthorized(User, _alias.SiteId, entityName, entityId, PermissionNames.Edit); break; case EntityNames.User: filter = !User.IsInRole(RoleNames.Admin) && _userPermissions.GetUser(User).UserId != entityId; @@ -271,7 +271,7 @@ namespace Oqtane.Controllers } break; default: // custom entity - filter = !User.IsInRole(RoleNames.Admin) && !_userPermissions.IsAuthorized(User, entityName, entityId, PermissionNames.Edit); + filter = !User.IsInRole(RoleNames.Admin) && !_userPermissions.IsAuthorized(User, _alias.SiteId, entityName, entityId, PermissionNames.Edit); break; } return filter; diff --git a/Oqtane.Server/Infrastructure/TenantManager.cs b/Oqtane.Server/Infrastructure/TenantManager.cs index f34bd3ca..53dd8d73 100644 --- a/Oqtane.Server/Infrastructure/TenantManager.cs +++ b/Oqtane.Server/Infrastructure/TenantManager.cs @@ -72,8 +72,7 @@ namespace Oqtane.Infrastructure var alias = _siteState?.Alias; if (alias != null) { - // return tenant details - return _tenantRepository.GetTenants().ToList().FirstOrDefault(item => item.TenantId == alias.TenantId); + return _tenantRepository.GetTenant(alias.TenantId); } return null; } diff --git a/Oqtane.Server/Repository/FileRepository.cs b/Oqtane.Server/Repository/FileRepository.cs index 6dbb92fd..599bd4bd 100644 --- a/Oqtane.Server/Repository/FileRepository.cs +++ b/Oqtane.Server/Repository/FileRepository.cs @@ -28,9 +28,9 @@ namespace Oqtane.Repository public IEnumerable GetFiles(int folderId) { - IEnumerable permissions = _permissions.GetPermissions(EntityNames.Folder, folderId).ToList(); - IEnumerable files = _db.File.Where(item => item.FolderId == folderId).Include(item => item.Folder); var alias = _tenants.GetAlias(); + IEnumerable permissions = _permissions.GetPermissions(alias.SiteId, EntityNames.Folder, folderId).ToList(); + IEnumerable files = _db.File.Where(item => item.FolderId == folderId).Include(item => item.Folder); foreach (File file in files) { file.Folder.Permissions = permissions.EncodePermissions(); @@ -76,7 +76,7 @@ namespace Oqtane.Repository } if (file != null) { - IEnumerable permissions = _permissions.GetPermissions(EntityNames.Folder, file.FolderId).ToList(); + IEnumerable permissions = _permissions.GetPermissions(file.Folder.SiteId, EntityNames.Folder, file.FolderId).ToList(); file.Folder.Permissions = permissions.EncodePermissions(); file.Url = GetFileUrl(file, _tenants.GetAlias()); } @@ -93,7 +93,7 @@ namespace Oqtane.Repository if (file != null) { - IEnumerable permissions = _permissions.GetPermissions(EntityNames.Folder, file.FolderId).ToList(); + IEnumerable permissions = _permissions.GetPermissions(file.Folder.SiteId, EntityNames.Folder, file.FolderId).ToList(); file.Folder.Permissions = permissions.EncodePermissions(); file.Url = GetFileUrl(file, _tenants.GetAlias()); } diff --git a/Oqtane.Server/Repository/FolderRepository.cs b/Oqtane.Server/Repository/FolderRepository.cs index 7059f389..d82ac0e4 100644 --- a/Oqtane.Server/Repository/FolderRepository.cs +++ b/Oqtane.Server/Repository/FolderRepository.cs @@ -69,7 +69,7 @@ namespace Oqtane.Repository } if (folder != null) { - folder.Permissions = _permissions.GetPermissionString(EntityNames.Folder, folder.FolderId); + folder.Permissions = _permissions.GetPermissions(folder.SiteId, EntityNames.Folder, folder.FolderId)?.EncodePermissions(); } return folder; } @@ -79,7 +79,7 @@ namespace Oqtane.Repository Folder folder = _db.Folder.Where(item => item.SiteId == siteId && item.Path == path).FirstOrDefault(); if (folder != null) { - folder.Permissions = _permissions.GetPermissionString(EntityNames.Folder, folder.FolderId); + folder.Permissions = _permissions.GetPermissions(folder.SiteId, EntityNames.Folder, folder.FolderId)?.EncodePermissions(); } return folder; } diff --git a/Oqtane.Server/Repository/Interfaces/IModuleDefinitionRepository.cs b/Oqtane.Server/Repository/Interfaces/IModuleDefinitionRepository.cs index 81b31b50..5373e467 100644 --- a/Oqtane.Server/Repository/Interfaces/IModuleDefinitionRepository.cs +++ b/Oqtane.Server/Repository/Interfaces/IModuleDefinitionRepository.cs @@ -8,7 +8,6 @@ namespace Oqtane.Repository IEnumerable GetModuleDefinitions(); IEnumerable GetModuleDefinitions(int siteId); ModuleDefinition GetModuleDefinition(int moduleDefinitionId, int siteId); - ModuleDefinition GetModuleDefinition(int moduleDefinitionId, bool tracking); void UpdateModuleDefinition(ModuleDefinition moduleDefinition); void DeleteModuleDefinition(int moduleDefinitionId); } diff --git a/Oqtane.Server/Repository/Interfaces/IPermissionRepository.cs b/Oqtane.Server/Repository/Interfaces/IPermissionRepository.cs index a5a25464..8ba2c9b0 100644 --- a/Oqtane.Server/Repository/Interfaces/IPermissionRepository.cs +++ b/Oqtane.Server/Repository/Interfaces/IPermissionRepository.cs @@ -8,13 +8,10 @@ namespace Oqtane.Repository public interface IPermissionRepository { IEnumerable GetPermissions(int siteId, string entityName); - IEnumerable GetPermissions(string entityName, int entityId); - IEnumerable GetPermissions(string entityName, int entityId, string permissionName); - - string GetPermissionString(int siteId, string entityName); - string GetPermissionString(string entityName, int entityId); - string GetPermissionString(string entityName, int entityId, string permissionName); - + IEnumerable GetPermissions(int siteId, string entityName, string permissionName); + IEnumerable GetPermissions(int siteId, string entityName, int entityId); + IEnumerable GetPermissions(int siteId, string entityName, int entityId, string permissionName); + Permission AddPermission(Permission permission); Permission UpdatePermission(Permission permission); void UpdatePermissions(int siteId, string entityName, int entityId, string permissionStrings); diff --git a/Oqtane.Server/Repository/ModuleDefinitionRepository.cs b/Oqtane.Server/Repository/ModuleDefinitionRepository.cs index 26a6d231..c137d958 100644 --- a/Oqtane.Server/Repository/ModuleDefinitionRepository.cs +++ b/Oqtane.Server/Repository/ModuleDefinitionRepository.cs @@ -42,24 +42,6 @@ namespace Oqtane.Repository return moduledefinitions.Find(item => item.ModuleDefinitionId == moduleDefinitionId); } - public ModuleDefinition GetModuleDefinition(int moduleDefinitionId, bool tracking) - { - ModuleDefinition moduledefinition; - if (tracking) - { - moduledefinition = _db.ModuleDefinition.Find(moduleDefinitionId); - } - else - { - moduledefinition = _db.ModuleDefinition.AsNoTracking().FirstOrDefault(item => item.ModuleDefinitionId == moduleDefinitionId); - } - if (moduledefinition != null) - { - moduledefinition.Permissions = _permissions.GetPermissionString(EntityNames.ModuleDefinition, moduledefinition.ModuleDefinitionId); - } - return moduledefinition; - } - public void UpdateModuleDefinition(ModuleDefinition moduleDefinition) { _db.Entry(moduleDefinition).State = EntityState.Modified; diff --git a/Oqtane.Server/Repository/ModuleRepository.cs b/Oqtane.Server/Repository/ModuleRepository.cs index bb974817..214e179a 100644 --- a/Oqtane.Server/Repository/ModuleRepository.cs +++ b/Oqtane.Server/Repository/ModuleRepository.cs @@ -4,6 +4,7 @@ using System.Linq; using System.Text.Json; using Microsoft.EntityFrameworkCore; using Microsoft.Extensions.DependencyInjection; +using Oqtane.Extensions; using Oqtane.Models; using Oqtane.Modules; using Oqtane.Shared; @@ -67,7 +68,7 @@ namespace Oqtane.Repository } if (module != null) { - module.Permissions = _permissions.GetPermissionString(EntityNames.Module, module.ModuleId); + module.Permissions = _permissions.GetPermissions(module.SiteId, EntityNames.Module, module.ModuleId)?.EncodePermissions(); } return module; } diff --git a/Oqtane.Server/Repository/PageModuleRepository.cs b/Oqtane.Server/Repository/PageModuleRepository.cs index a99e49a0..fa4ba0d2 100644 --- a/Oqtane.Server/Repository/PageModuleRepository.cs +++ b/Oqtane.Server/Repository/PageModuleRepository.cs @@ -89,7 +89,7 @@ namespace Oqtane.Repository } if (pagemodule != null) { - pagemodule.Module.Permissions = _permissions.GetPermissionString(EntityNames.Module, pagemodule.ModuleId); + pagemodule.Module.Permissions = _permissions.GetPermissions(pagemodule.Module.SiteId, EntityNames.Module, pagemodule.ModuleId)?.EncodePermissions(); } return pagemodule; } @@ -100,7 +100,7 @@ namespace Oqtane.Repository .SingleOrDefault(item => item.PageId == pageId && item.ModuleId == moduleId); if (pagemodule != null) { - pagemodule.Module.Permissions = _permissions.GetPermissionString(EntityNames.Module, pagemodule.ModuleId); + pagemodule.Module.Permissions = _permissions.GetPermissions(pagemodule.Module.SiteId, EntityNames.Module, pagemodule.ModuleId)?.EncodePermissions(); } return pagemodule; } diff --git a/Oqtane.Server/Repository/PageRepository.cs b/Oqtane.Server/Repository/PageRepository.cs index ac89a444..0ed89159 100644 --- a/Oqtane.Server/Repository/PageRepository.cs +++ b/Oqtane.Server/Repository/PageRepository.cs @@ -66,7 +66,7 @@ namespace Oqtane.Repository } if (page != null) { - page.Permissions = _permissions.GetPermissionString(EntityNames.Page, page.PageId); + page.Permissions = _permissions.GetPermissions(page.SiteId, EntityNames.Page, page.PageId)?.EncodePermissions(); } return page; } @@ -81,7 +81,7 @@ namespace Oqtane.Repository { page = personalized; } - page.Permissions = _permissions.GetPermissionString(EntityNames.Page, page.PageId); + page.Permissions = _permissions.GetPermissions(page.SiteId, EntityNames.Page, page.PageId)?.EncodePermissions(); } return page; } @@ -91,7 +91,7 @@ namespace Oqtane.Repository Page page = _db.Page.FirstOrDefault(item => item.Path == path && item.SiteId == siteId); if (page != null) { - page.Permissions = _permissions.GetPermissionString(EntityNames.Page, page.PageId); + page.Permissions = _permissions.GetPermissions(page.SiteId, EntityNames.Page, page.PageId)?.EncodePermissions(); } return page; } diff --git a/Oqtane.Server/Repository/PermissionRepository.cs b/Oqtane.Server/Repository/PermissionRepository.cs index 3028488e..7db1a807 100644 --- a/Oqtane.Server/Repository/PermissionRepository.cs +++ b/Oqtane.Server/Repository/PermissionRepository.cs @@ -4,7 +4,6 @@ using System.Linq; using System.Text; using System.Text.Json; using Microsoft.EntityFrameworkCore; -using Oqtane.Extensions; using Oqtane.Models; using Microsoft.Extensions.Caching.Memory; using Oqtane.Infrastructure; @@ -29,58 +28,44 @@ namespace Oqtane.Repository public IEnumerable GetPermissions(int siteId, string entityName) { var alias = _siteState?.Alias; - if (alias != null && alias.SiteId != -1) + if (alias != null) { - return _cache.GetOrCreate($"permissions:{alias.SiteKey}:{entityName}", entry => + return _cache.GetOrCreate($"permissions:{alias.TenantId}:{siteId}:{entityName}", entry => { entry.SlidingExpiration = TimeSpan.FromMinutes(30); - return _db.Permission.Where(item => item.SiteId == alias.SiteId) + return _db.Permission.Where(item => item.SiteId == siteId) .Where(item => item.EntityName == entityName) .Include(item => item.Role).ToList(); // eager load roles }); } - else - { - return _db.Permission.Where(item => item.SiteId == siteId || siteId == -1) - .Where(item => item.EntityName == entityName) - .Include(item => item.Role).ToList(); // eager load roles - } + return null; } - public IEnumerable GetPermissions(string entityName, int entityId) + public IEnumerable GetPermissions(int siteId, string entityName, string permissionName) { - var permissions = GetPermissions(-1, entityName); + var permissions = GetPermissions(siteId, entityName); + return permissions.Where(item => item.PermissionName == permissionName); + } + + public IEnumerable GetPermissions(int siteId, string entityName, int entityId) + { + var permissions = GetPermissions(siteId, entityName); return permissions.Where(item => item.EntityId == entityId); } - public IEnumerable GetPermissions(string entityName, int entityId, string permissionName) + public IEnumerable GetPermissions(int siteId, string entityName, int entityId, string permissionName) { - var permissions = GetPermissions(-1, entityName); + var permissions = GetPermissions(siteId, entityName); return permissions.Where(item => item.EntityId == entityId) .Where(item => item.PermissionName == permissionName); } - public string GetPermissionString(int siteId, string entityName) - { - return GetPermissions(siteId, entityName)?.EncodePermissions(); - } - - public string GetPermissionString(string entityName, int entityId) - { - return GetPermissions(entityName, entityId)?.EncodePermissions(); - } - - public string GetPermissionString(string entityName, int entityId, string permissionName) - { - return GetPermissions(entityName, entityId, permissionName)?.EncodePermissions(); - } - public Permission AddPermission(Permission permission) { _db.Permission.Add(permission); _db.SaveChanges(); - ClearCache(permission.EntityName); + ClearCache(permission.SiteId, permission.EntityName); return permission; } @@ -88,7 +73,7 @@ namespace Oqtane.Repository { _db.Entry(permission).State = EntityState.Modified; _db.SaveChanges(); - ClearCache(permission.EntityName); + ClearCache(permission.SiteId, permission.EntityName); return permission; } @@ -110,7 +95,7 @@ namespace Oqtane.Repository _db.Permission.Add(permission); } _db.SaveChanges(); - ClearCache(entityName); + ClearCache(siteId, entityName); } public Permission GetPermission(int permissionId) @@ -123,7 +108,7 @@ namespace Oqtane.Repository Permission permission = _db.Permission.Find(permissionId); _db.Permission.Remove(permission); _db.SaveChanges(); - ClearCache(permission.EntityName); + ClearCache(permission.SiteId, permission.EntityName); } public void DeletePermissions(int siteId, string entityName, int entityId) @@ -137,15 +122,15 @@ namespace Oqtane.Repository _db.Permission.Remove(permission); } _db.SaveChanges(); - ClearCache(entityName); + ClearCache(siteId, entityName); } - private void ClearCache(string entityName) + private void ClearCache(int siteId, string entityName) { var alias = _siteState?.Alias; - if (alias != null && alias.SiteId != -1) + if (alias != null) { - _cache.Remove($"permissions:{alias.SiteKey}:{entityName}"); + _cache.Remove($"permissions:{alias.TenantId}:{siteId}:{entityName}"); } } diff --git a/Oqtane.Server/Repository/TenantRepository.cs b/Oqtane.Server/Repository/TenantRepository.cs index 7df0cbe2..25687f48 100644 --- a/Oqtane.Server/Repository/TenantRepository.cs +++ b/Oqtane.Server/Repository/TenantRepository.cs @@ -1,4 +1,4 @@ -using System; +using System; using System.Collections.Generic; using System.Linq; using Microsoft.EntityFrameworkCore; @@ -53,7 +53,7 @@ namespace Oqtane.Repository public Tenant GetTenant(int tenantId) { - return _db.Tenant.Find(tenantId); + return GetTenants().FirstOrDefault(item => item.TenantId == tenantId); } public void DeleteTenant(int tenantId) diff --git a/Oqtane.Server/Security/PermissionHandler.cs b/Oqtane.Server/Security/PermissionHandler.cs index b441691b..e171df6a 100644 --- a/Oqtane.Server/Security/PermissionHandler.cs +++ b/Oqtane.Server/Security/PermissionHandler.cs @@ -2,6 +2,7 @@ using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Oqtane.Enums; +using Oqtane.Extensions; using Oqtane.Infrastructure; using Oqtane.Shared; @@ -9,24 +10,30 @@ namespace Oqtane.Security { public class PermissionHandler : AuthorizationHandler { - private readonly IHttpContextAccessor _httpContextAccessor; + private readonly IHttpContextAccessor _accessor; private readonly IUserPermissions _userPermissions; private readonly ILogManager _logger; - public PermissionHandler(IHttpContextAccessor httpContextAccessor, IUserPermissions userPermissions, ILogManager logger) + public PermissionHandler(IHttpContextAccessor accessor, IUserPermissions userPermissions, ILogManager logger) { - _httpContextAccessor = httpContextAccessor; + _accessor = accessor; _userPermissions = userPermissions; _logger = logger; } protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement) { - // permission is scoped based on entitynames and ids passed as querystring parameters - var ctx = _httpContextAccessor.HttpContext; + // permission is scoped based on entity name and in some cases entity id + var ctx = _accessor.HttpContext; if (ctx != null) { - // get entityid based on a parameter format of auth{entityname}id (ie. authmoduleid ) + int siteId = -1; + if (ctx.GetAlias() != null) + { + siteId = ctx.GetAlias().SiteId; + } + + // get entityid from querystring based on a parameter format of auth{entityname}id (ie. authmoduleid ) int entityId = -1; if (ctx.Request.Query.ContainsKey("auth" + requirement.EntityName.ToLower() + "id")) { @@ -36,7 +43,7 @@ namespace Oqtane.Security } } - // legacy support + // legacy support for deprecated CreateAuthorizationPolicyUrl(string url, int entityId) if (entityId == -1) { if (ctx.Request.Query.ContainsKey("entityid")) @@ -49,13 +56,20 @@ namespace Oqtane.Security } // validate permissions - if (entityId != -1 && _userPermissions.IsAuthorized(context.User, requirement.EntityName, entityId, requirement.PermissionName)) + if (_userPermissions.IsAuthorized(context.User, siteId, requirement.EntityName, entityId, requirement.PermissionName)) { context.Succeed(requirement); } else { - _logger.Log(LogLevel.Error, this, LogFunction.Security, "User {User} Does Not Have {PermissionName} Permission For {EntityName}:{EntityId}", context.User, requirement.PermissionName, requirement.EntityName, entityId); + if (entityId == -1) + { + _logger.Log(LogLevel.Error, this, LogFunction.Security, "User {User} Does Not Have {PermissionName} Permission For {EntityName} Entity", context.User.Identity.Name, requirement.PermissionName, requirement.EntityName); + } + else + { + _logger.Log(LogLevel.Error, this, LogFunction.Security, "User {User} Does Not Have {PermissionName} Permission For {EntityName} Entity With ID {EntityId}", context.User.Identity.Name, requirement.PermissionName, requirement.EntityName, entityId); + } } } return Task.CompletedTask; diff --git a/Oqtane.Server/Security/UserPermissions.cs b/Oqtane.Server/Security/UserPermissions.cs index 147f9035..a40e9e84 100644 --- a/Oqtane.Server/Security/UserPermissions.cs +++ b/Oqtane.Server/Security/UserPermissions.cs @@ -3,15 +3,20 @@ using Oqtane.Models; using System.Linq; using System.Security.Claims; using Oqtane.Repository; +using Oqtane.Extensions; +using System; namespace Oqtane.Security { public interface IUserPermissions { - bool IsAuthorized(ClaimsPrincipal user, string entityName, int entityId, string permissionName); + bool IsAuthorized(ClaimsPrincipal user, int siteId, string entityName, int entityId, string permissionName); bool IsAuthorized(ClaimsPrincipal user, string permissionName, string permissions); User GetUser(ClaimsPrincipal user); User GetUser(); + + [Obsolete("IsAuthorized(ClaimsPrincipal principal, string entityName, int entityId, string permissionName) is deprecated. Use IsAuthorized(ClaimsPrincipal principal, int siteId, string entityName, int entityId, string permissionName) instead.", false)] + bool IsAuthorized(ClaimsPrincipal user, string entityName, int entityId, string permissionName); } public class UserPermissions : IUserPermissions @@ -25,9 +30,9 @@ namespace Oqtane.Security _accessor = accessor; } - public bool IsAuthorized(ClaimsPrincipal principal, string entityName, int entityId, string permissionName) + public bool IsAuthorized(ClaimsPrincipal principal, int siteId, string entityName, int entityId, string permissionName) { - return IsAuthorized(principal, permissionName, _permissions.GetPermissionString(entityName, entityId, permissionName)); + return IsAuthorized(principal, permissionName, _permissions.GetPermissions(siteId, entityName, entityId, permissionName)?.EncodePermissions()); } public bool IsAuthorized(ClaimsPrincipal principal, string permissionName, string permissions) @@ -73,5 +78,11 @@ namespace Oqtane.Security return null; } } + + // deprecated + public bool IsAuthorized(ClaimsPrincipal principal, string entityName, int entityId, string permissionName) + { + return IsAuthorized(principal, permissionName, _permissions.GetPermissions(_accessor.HttpContext.GetAlias().SiteId, entityName, entityId, permissionName)?.EncodePermissions()); + } } }