Scope permissions by SiteId to support entity level authorization as well as improve caching and performance. Optimize GetTenant to use existing cache.
This commit is contained in:
Shaun Walker
parent
2aa6eb90e2
commit
6182b96d16
|
|
@ -137,8 +137,8 @@ namespace Oqtane.Controllers
|
||||||
{
|
{
|
||||||
var File = _files.GetFile(file.FileId, false);
|
var File = _files.GetFile(file.FileId, false);
|
||||||
if (ModelState.IsValid && file.Folder.SiteId == _alias.SiteId && File != null // ensure file exists
|
if (ModelState.IsValid && file.Folder.SiteId == _alias.SiteId && File != null // ensure file exists
|
||||||
&& _userPermissions.IsAuthorized(User, EntityNames.Folder, File.FolderId, PermissionNames.Edit) // ensure user had edit rights to original folder
|
&& _userPermissions.IsAuthorized(User, file.Folder.SiteId, EntityNames.Folder, File.FolderId, PermissionNames.Edit) // ensure user had edit rights to original folder
|
||||||
&& _userPermissions.IsAuthorized(User, EntityNames.Folder, file.FolderId, PermissionNames.Edit)) // ensure user has edit rights to new folder
|
&& _userPermissions.IsAuthorized(User, file.Folder.SiteId, EntityNames.Folder, file.FolderId, PermissionNames.Edit)) // ensure user has edit rights to new folder
|
||||||
{
|
{
|
||||||
if (File.Name != file.Name || File.FolderId != file.FolderId)
|
if (File.Name != file.Name || File.FolderId != file.FolderId)
|
||||||
{
|
{
|
||||||
|
|
@ -180,7 +180,7 @@ namespace Oqtane.Controllers
|
||||||
public void Delete(int id)
|
public void Delete(int id)
|
||||||
{
|
{
|
||||||
Models.File file = _files.GetFile(id);
|
Models.File file = _files.GetFile(id);
|
||||||
if (file != null && file.Folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Folder, file.Folder.FolderId, PermissionNames.Edit))
|
if (file != null && file.Folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, file.Folder.SiteId, EntityNames.Folder, file.Folder.FolderId, PermissionNames.Edit))
|
||||||
{
|
{
|
||||||
string filepath = _files.GetFilePath(file);
|
string filepath = _files.GetFilePath(file);
|
||||||
if (System.IO.File.Exists(filepath))
|
if (System.IO.File.Exists(filepath))
|
||||||
|
|
|
||||||
|
|
@ -157,7 +157,7 @@ namespace Oqtane.Controllers
|
||||||
[Authorize(Roles = RoleNames.Registered)]
|
[Authorize(Roles = RoleNames.Registered)]
|
||||||
public Folder Put(int id, [FromBody] Folder folder)
|
public Folder Put(int id, [FromBody] Folder folder)
|
||||||
{
|
{
|
||||||
if (ModelState.IsValid && folder.SiteId == _alias.SiteId && _folders.GetFolder(folder.FolderId, false) != null && _userPermissions.IsAuthorized(User, EntityNames.Folder, folder.FolderId, PermissionNames.Edit))
|
if (ModelState.IsValid && folder.SiteId == _alias.SiteId && _folders.GetFolder(folder.FolderId, false) != null && _userPermissions.IsAuthorized(User, folder.SiteId, EntityNames.Folder, folder.FolderId, PermissionNames.Edit))
|
||||||
{
|
{
|
||||||
if (folder.IsPathValid())
|
if (folder.IsPathValid())
|
||||||
{
|
{
|
||||||
|
|
@ -199,7 +199,7 @@ namespace Oqtane.Controllers
|
||||||
[Authorize(Roles = RoleNames.Registered)]
|
[Authorize(Roles = RoleNames.Registered)]
|
||||||
public void Put(int siteid, int folderid, int? parentid)
|
public void Put(int siteid, int folderid, int? parentid)
|
||||||
{
|
{
|
||||||
if (siteid == _alias.SiteId && _folders.GetFolder(folderid, false) != null && _userPermissions.IsAuthorized(User, EntityNames.Folder, folderid, PermissionNames.Edit))
|
if (siteid == _alias.SiteId && _folders.GetFolder(folderid, false) != null && _userPermissions.IsAuthorized(User, siteid, EntityNames.Folder, folderid, PermissionNames.Edit))
|
||||||
{
|
{
|
||||||
int order = 1;
|
int order = 1;
|
||||||
List<Folder> folders = _folders.GetFolders(siteid).ToList();
|
List<Folder> folders = _folders.GetFolders(siteid).ToList();
|
||||||
|
|
@ -228,7 +228,7 @@ namespace Oqtane.Controllers
|
||||||
public void Delete(int id)
|
public void Delete(int id)
|
||||||
{
|
{
|
||||||
var folder = _folders.GetFolder(id, false);
|
var folder = _folders.GetFolder(id, false);
|
||||||
if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Folder, id, PermissionNames.Edit))
|
if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, folder.SiteId, EntityNames.Folder, id, PermissionNames.Edit))
|
||||||
{
|
{
|
||||||
if (Directory.Exists(_folders.GetFolderPath(folder)))
|
if (Directory.Exists(_folders.GetFolderPath(folder)))
|
||||||
{
|
{
|
||||||
|
|
|
||||||
|
|
@ -121,7 +121,7 @@ namespace Oqtane.Controllers
|
||||||
[Authorize(Roles = RoleNames.Registered)]
|
[Authorize(Roles = RoleNames.Registered)]
|
||||||
public Module Post([FromBody] Module module)
|
public Module Post([FromBody] Module module)
|
||||||
{
|
{
|
||||||
if (ModelState.IsValid && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Page, module.PageId, PermissionNames.Edit))
|
if (ModelState.IsValid && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, module.SiteId, EntityNames.Page, module.PageId, PermissionNames.Edit))
|
||||||
{
|
{
|
||||||
module = _modules.AddModule(module);
|
module = _modules.AddModule(module);
|
||||||
_syncManager.AddSyncEvent(_alias.TenantId, EntityNames.Module, module.ModuleId, SyncEventActions.Create);
|
_syncManager.AddSyncEvent(_alias.TenantId, EntityNames.Module, module.ModuleId, SyncEventActions.Create);
|
||||||
|
|
@ -144,7 +144,7 @@ namespace Oqtane.Controllers
|
||||||
{
|
{
|
||||||
var _module = _modules.GetModule(module.ModuleId, false);
|
var _module = _modules.GetModule(module.ModuleId, false);
|
||||||
|
|
||||||
if (ModelState.IsValid && module.SiteId == _alias.SiteId && _module != null && _userPermissions.IsAuthorized(User, EntityNames.Module, module.ModuleId, PermissionNames.Edit))
|
if (ModelState.IsValid && module.SiteId == _alias.SiteId && _module != null && _userPermissions.IsAuthorized(User, module.SiteId, EntityNames.Module, module.ModuleId, PermissionNames.Edit))
|
||||||
{
|
{
|
||||||
module = _modules.UpdateModule(module);
|
module = _modules.UpdateModule(module);
|
||||||
|
|
||||||
|
|
@ -194,7 +194,7 @@ namespace Oqtane.Controllers
|
||||||
public void Delete(int id)
|
public void Delete(int id)
|
||||||
{
|
{
|
||||||
var module = _modules.GetModule(id);
|
var module = _modules.GetModule(id);
|
||||||
if (module != null && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Module, module.ModuleId, PermissionNames.Edit))
|
if (module != null && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, module.SiteId, EntityNames.Module, module.ModuleId, PermissionNames.Edit))
|
||||||
{
|
{
|
||||||
_modules.DeleteModule(id);
|
_modules.DeleteModule(id);
|
||||||
_syncManager.AddSyncEvent(_alias.TenantId, EntityNames.Module, module.ModuleId, SyncEventActions.Delete);
|
_syncManager.AddSyncEvent(_alias.TenantId, EntityNames.Module, module.ModuleId, SyncEventActions.Delete);
|
||||||
|
|
@ -215,7 +215,7 @@ namespace Oqtane.Controllers
|
||||||
{
|
{
|
||||||
string content = "";
|
string content = "";
|
||||||
var module = _modules.GetModule(moduleid);
|
var module = _modules.GetModule(moduleid);
|
||||||
if (module != null && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Page, pageid, PermissionNames.Edit))
|
if (module != null && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, module.SiteId, EntityNames.Page, pageid, PermissionNames.Edit))
|
||||||
{
|
{
|
||||||
content = _modules.ExportModule(moduleid);
|
content = _modules.ExportModule(moduleid);
|
||||||
if (!string.IsNullOrEmpty(content))
|
if (!string.IsNullOrEmpty(content))
|
||||||
|
|
@ -242,7 +242,7 @@ namespace Oqtane.Controllers
|
||||||
{
|
{
|
||||||
bool success = false;
|
bool success = false;
|
||||||
var module = _modules.GetModule(moduleid);
|
var module = _modules.GetModule(moduleid);
|
||||||
if (ModelState.IsValid && module != null && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Page, pageid, PermissionNames.Edit))
|
if (ModelState.IsValid && module != null && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, module.SiteId, EntityNames.Page, pageid, PermissionNames.Edit))
|
||||||
{
|
{
|
||||||
success = _modules.ImportModule(moduleid, content);
|
success = _modules.ImportModule(moduleid, content);
|
||||||
if (success)
|
if (success)
|
||||||
|
|
|
||||||
|
|
@ -253,10 +253,10 @@ namespace Oqtane.Controllers
|
||||||
// get current page
|
// get current page
|
||||||
var currentPage = _pages.GetPage(page.PageId, false);
|
var currentPage = _pages.GetPage(page.PageId, false);
|
||||||
|
|
||||||
if (ModelState.IsValid && page.SiteId == _alias.SiteId && currentPage != null && _userPermissions.IsAuthorized(User, EntityNames.Page, page.PageId, PermissionNames.Edit))
|
if (ModelState.IsValid && page.SiteId == _alias.SiteId && currentPage != null && _userPermissions.IsAuthorized(User, page.SiteId, EntityNames.Page, page.PageId, PermissionNames.Edit))
|
||||||
{
|
{
|
||||||
// get current page permissions
|
// get current page permissions
|
||||||
var currentPermissions = _permissionRepository.GetPermissions(EntityNames.Page, page.PageId).ToList();
|
var currentPermissions = _permissionRepository.GetPermissions(page.SiteId, EntityNames.Page, page.PageId).ToList();
|
||||||
|
|
||||||
page = _pages.UpdatePage(page);
|
page = _pages.UpdatePage(page);
|
||||||
|
|
||||||
|
|
@ -283,7 +283,7 @@ namespace Oqtane.Controllers
|
||||||
{
|
{
|
||||||
foreach (PageModule pageModule in _pageModules.GetPageModules(page.PageId, "").ToList())
|
foreach (PageModule pageModule in _pageModules.GetPageModules(page.PageId, "").ToList())
|
||||||
{
|
{
|
||||||
var modulePermissions = _permissionRepository.GetPermissions(EntityNames.Module, pageModule.Module.ModuleId).ToList();
|
var modulePermissions = _permissionRepository.GetPermissions(pageModule.Module.SiteId, EntityNames.Module, pageModule.Module.ModuleId).ToList();
|
||||||
// permissions added
|
// permissions added
|
||||||
foreach(Permission permission in added)
|
foreach(Permission permission in added)
|
||||||
{
|
{
|
||||||
|
|
@ -346,7 +346,7 @@ namespace Oqtane.Controllers
|
||||||
[Authorize(Roles = RoleNames.Registered)]
|
[Authorize(Roles = RoleNames.Registered)]
|
||||||
public void Put(int siteid, int pageid, int? parentid)
|
public void Put(int siteid, int pageid, int? parentid)
|
||||||
{
|
{
|
||||||
if (siteid == _alias.SiteId && siteid == _alias.SiteId && _pages.GetPage(pageid, false) != null && _userPermissions.IsAuthorized(User, EntityNames.Page, pageid, PermissionNames.Edit))
|
if (siteid == _alias.SiteId && siteid == _alias.SiteId && _pages.GetPage(pageid, false) != null && _userPermissions.IsAuthorized(User, siteid, EntityNames.Page, pageid, PermissionNames.Edit))
|
||||||
{
|
{
|
||||||
int order = 1;
|
int order = 1;
|
||||||
List<Page> pages = _pages.GetPages(siteid).ToList();
|
List<Page> pages = _pages.GetPages(siteid).ToList();
|
||||||
|
|
@ -377,7 +377,7 @@ namespace Oqtane.Controllers
|
||||||
public void Delete(int id)
|
public void Delete(int id)
|
||||||
{
|
{
|
||||||
Page page = _pages.GetPage(id);
|
Page page = _pages.GetPage(id);
|
||||||
if (page != null && page.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Page, page.PageId, PermissionNames.Edit))
|
if (page != null && page.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, page.SiteId, EntityNames.Page, page.PageId, PermissionNames.Edit))
|
||||||
{
|
{
|
||||||
_pages.DeletePage(page.PageId);
|
_pages.DeletePage(page.PageId);
|
||||||
_syncManager.AddSyncEvent(_alias.TenantId, EntityNames.Page, page.PageId, SyncEventActions.Delete);
|
_syncManager.AddSyncEvent(_alias.TenantId, EntityNames.Page, page.PageId, SyncEventActions.Delete);
|
||||||
|
|
|
||||||
|
|
@ -73,7 +73,7 @@ namespace Oqtane.Controllers
|
||||||
public PageModule Post([FromBody] PageModule pageModule)
|
public PageModule Post([FromBody] PageModule pageModule)
|
||||||
{
|
{
|
||||||
var page = _pages.GetPage(pageModule.PageId);
|
var page = _pages.GetPage(pageModule.PageId);
|
||||||
if (ModelState.IsValid && page != null && page.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Page, pageModule.PageId, PermissionNames.Edit))
|
if (ModelState.IsValid && page != null && page.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, page.SiteId, EntityNames.Page, pageModule.PageId, PermissionNames.Edit))
|
||||||
{
|
{
|
||||||
pageModule = _pageModules.AddPageModule(pageModule);
|
pageModule = _pageModules.AddPageModule(pageModule);
|
||||||
_syncManager.AddSyncEvent(_alias.TenantId, EntityNames.PageModule, pageModule.PageModuleId, SyncEventActions.Create);
|
_syncManager.AddSyncEvent(_alias.TenantId, EntityNames.PageModule, pageModule.PageModuleId, SyncEventActions.Create);
|
||||||
|
|
@ -95,7 +95,7 @@ namespace Oqtane.Controllers
|
||||||
public PageModule Put(int id, [FromBody] PageModule pageModule)
|
public PageModule Put(int id, [FromBody] PageModule pageModule)
|
||||||
{
|
{
|
||||||
var page = _pages.GetPage(pageModule.PageId);
|
var page = _pages.GetPage(pageModule.PageId);
|
||||||
if (ModelState.IsValid && page != null && page.SiteId == _alias.SiteId && _pageModules.GetPageModule(pageModule.PageModuleId, false) != null && _userPermissions.IsAuthorized(User, EntityNames.Page, pageModule.PageId, PermissionNames.Edit))
|
if (ModelState.IsValid && page != null && page.SiteId == _alias.SiteId && _pageModules.GetPageModule(pageModule.PageModuleId, false) != null && _userPermissions.IsAuthorized(User, page.SiteId, EntityNames.Page, pageModule.PageId, PermissionNames.Edit))
|
||||||
{
|
{
|
||||||
pageModule = _pageModules.UpdatePageModule(pageModule);
|
pageModule = _pageModules.UpdatePageModule(pageModule);
|
||||||
_syncManager.AddSyncEvent(_alias.TenantId, EntityNames.PageModule, pageModule.PageModuleId, SyncEventActions.Update);
|
_syncManager.AddSyncEvent(_alias.TenantId, EntityNames.PageModule, pageModule.PageModuleId, SyncEventActions.Update);
|
||||||
|
|
@ -117,7 +117,7 @@ namespace Oqtane.Controllers
|
||||||
public void Put(int pageid, string pane)
|
public void Put(int pageid, string pane)
|
||||||
{
|
{
|
||||||
var page = _pages.GetPage(pageid);
|
var page = _pages.GetPage(pageid);
|
||||||
if (page != null && page.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Page, pageid, PermissionNames.Edit))
|
if (page != null && page.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, page.SiteId, EntityNames.Page, pageid, PermissionNames.Edit))
|
||||||
{
|
{
|
||||||
int order = 1;
|
int order = 1;
|
||||||
List<PageModule> pagemodules = _pageModules.GetPageModules(pageid, pane).OrderBy(item => item.Order).ToList();
|
List<PageModule> pagemodules = _pageModules.GetPageModules(pageid, pane).OrderBy(item => item.Order).ToList();
|
||||||
|
|
@ -147,7 +147,7 @@ namespace Oqtane.Controllers
|
||||||
public void Delete(int id)
|
public void Delete(int id)
|
||||||
{
|
{
|
||||||
PageModule pagemodule = _pageModules.GetPageModule(id);
|
PageModule pagemodule = _pageModules.GetPageModule(id);
|
||||||
if (pagemodule != null && pagemodule.Module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, EntityNames.Page, pagemodule.PageId, PermissionNames.Edit))
|
if (pagemodule != null && pagemodule.Module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, pagemodule.Module.SiteId, EntityNames.Page, pagemodule.PageId, PermissionNames.Edit))
|
||||||
{
|
{
|
||||||
_pageModules.DeletePageModule(id);
|
_pageModules.DeletePageModule(id);
|
||||||
_syncManager.AddSyncEvent(_alias.TenantId, EntityNames.PageModule, pagemodule.PageModuleId, SyncEventActions.Delete);
|
_syncManager.AddSyncEvent(_alias.TenantId, EntityNames.PageModule, pagemodule.PageModuleId, SyncEventActions.Delete);
|
||||||
|
|
|
||||||
|
|
@ -206,7 +206,7 @@ namespace Oqtane.Controllers
|
||||||
case EntityNames.Page:
|
case EntityNames.Page:
|
||||||
case EntityNames.Module:
|
case EntityNames.Module:
|
||||||
case EntityNames.Folder:
|
case EntityNames.Folder:
|
||||||
authorized = _userPermissions.IsAuthorized(User, entityName, entityId, permissionName);
|
authorized = _userPermissions.IsAuthorized(User, _alias.SiteId, entityName, entityId, permissionName);
|
||||||
break;
|
break;
|
||||||
case EntityNames.User:
|
case EntityNames.User:
|
||||||
authorized = true;
|
authorized = true;
|
||||||
|
|
@ -228,7 +228,7 @@ namespace Oqtane.Controllers
|
||||||
default: // custom entity
|
default: // custom entity
|
||||||
if (permissionName == PermissionNames.Edit)
|
if (permissionName == PermissionNames.Edit)
|
||||||
{
|
{
|
||||||
authorized = User.IsInRole(RoleNames.Admin) || _userPermissions.IsAuthorized(User, entityName, entityId, permissionName);
|
authorized = User.IsInRole(RoleNames.Admin) || _userPermissions.IsAuthorized(User, _alias.SiteId, entityName, entityId, permissionName);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
|
|
@ -255,7 +255,7 @@ namespace Oqtane.Controllers
|
||||||
case EntityNames.Page:
|
case EntityNames.Page:
|
||||||
case EntityNames.Module:
|
case EntityNames.Module:
|
||||||
case EntityNames.Folder:
|
case EntityNames.Folder:
|
||||||
filter = !_userPermissions.IsAuthorized(User, entityName, entityId, PermissionNames.Edit);
|
filter = !_userPermissions.IsAuthorized(User, _alias.SiteId, entityName, entityId, PermissionNames.Edit);
|
||||||
break;
|
break;
|
||||||
case EntityNames.User:
|
case EntityNames.User:
|
||||||
filter = !User.IsInRole(RoleNames.Admin) && _userPermissions.GetUser(User).UserId != entityId;
|
filter = !User.IsInRole(RoleNames.Admin) && _userPermissions.GetUser(User).UserId != entityId;
|
||||||
|
|
@ -271,7 +271,7 @@ namespace Oqtane.Controllers
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
default: // custom entity
|
default: // custom entity
|
||||||
filter = !User.IsInRole(RoleNames.Admin) && !_userPermissions.IsAuthorized(User, entityName, entityId, PermissionNames.Edit);
|
filter = !User.IsInRole(RoleNames.Admin) && !_userPermissions.IsAuthorized(User, _alias.SiteId, entityName, entityId, PermissionNames.Edit);
|
||||||
break;
|
break;
|
||||||
}
|
}
|
||||||
return filter;
|
return filter;
|
||||||
|
|
|
||||||
|
|
@ -72,8 +72,7 @@ namespace Oqtane.Infrastructure
|
||||||
var alias = _siteState?.Alias;
|
var alias = _siteState?.Alias;
|
||||||
if (alias != null)
|
if (alias != null)
|
||||||
{
|
{
|
||||||
// return tenant details
|
return _tenantRepository.GetTenant(alias.TenantId);
|
||||||
return _tenantRepository.GetTenants().ToList().FirstOrDefault(item => item.TenantId == alias.TenantId);
|
|
||||||
}
|
}
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -28,9 +28,9 @@ namespace Oqtane.Repository
|
||||||
|
|
||||||
public IEnumerable<File> GetFiles(int folderId)
|
public IEnumerable<File> GetFiles(int folderId)
|
||||||
{
|
{
|
||||||
IEnumerable<Permission> permissions = _permissions.GetPermissions(EntityNames.Folder, folderId).ToList();
|
|
||||||
IEnumerable<File> files = _db.File.Where(item => item.FolderId == folderId).Include(item => item.Folder);
|
|
||||||
var alias = _tenants.GetAlias();
|
var alias = _tenants.GetAlias();
|
||||||
|
IEnumerable<Permission> permissions = _permissions.GetPermissions(alias.SiteId, EntityNames.Folder, folderId).ToList();
|
||||||
|
IEnumerable<File> files = _db.File.Where(item => item.FolderId == folderId).Include(item => item.Folder);
|
||||||
foreach (File file in files)
|
foreach (File file in files)
|
||||||
{
|
{
|
||||||
file.Folder.Permissions = permissions.EncodePermissions();
|
file.Folder.Permissions = permissions.EncodePermissions();
|
||||||
|
|
@ -76,7 +76,7 @@ namespace Oqtane.Repository
|
||||||
}
|
}
|
||||||
if (file != null)
|
if (file != null)
|
||||||
{
|
{
|
||||||
IEnumerable<Permission> permissions = _permissions.GetPermissions(EntityNames.Folder, file.FolderId).ToList();
|
IEnumerable<Permission> permissions = _permissions.GetPermissions(file.Folder.SiteId, EntityNames.Folder, file.FolderId).ToList();
|
||||||
file.Folder.Permissions = permissions.EncodePermissions();
|
file.Folder.Permissions = permissions.EncodePermissions();
|
||||||
file.Url = GetFileUrl(file, _tenants.GetAlias());
|
file.Url = GetFileUrl(file, _tenants.GetAlias());
|
||||||
}
|
}
|
||||||
|
|
@ -93,7 +93,7 @@ namespace Oqtane.Repository
|
||||||
|
|
||||||
if (file != null)
|
if (file != null)
|
||||||
{
|
{
|
||||||
IEnumerable<Permission> permissions = _permissions.GetPermissions(EntityNames.Folder, file.FolderId).ToList();
|
IEnumerable<Permission> permissions = _permissions.GetPermissions(file.Folder.SiteId, EntityNames.Folder, file.FolderId).ToList();
|
||||||
file.Folder.Permissions = permissions.EncodePermissions();
|
file.Folder.Permissions = permissions.EncodePermissions();
|
||||||
file.Url = GetFileUrl(file, _tenants.GetAlias());
|
file.Url = GetFileUrl(file, _tenants.GetAlias());
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -69,7 +69,7 @@ namespace Oqtane.Repository
|
||||||
}
|
}
|
||||||
if (folder != null)
|
if (folder != null)
|
||||||
{
|
{
|
||||||
folder.Permissions = _permissions.GetPermissionString(EntityNames.Folder, folder.FolderId);
|
folder.Permissions = _permissions.GetPermissions(folder.SiteId, EntityNames.Folder, folder.FolderId)?.EncodePermissions();
|
||||||
}
|
}
|
||||||
return folder;
|
return folder;
|
||||||
}
|
}
|
||||||
|
|
@ -79,7 +79,7 @@ namespace Oqtane.Repository
|
||||||
Folder folder = _db.Folder.Where(item => item.SiteId == siteId && item.Path == path).FirstOrDefault();
|
Folder folder = _db.Folder.Where(item => item.SiteId == siteId && item.Path == path).FirstOrDefault();
|
||||||
if (folder != null)
|
if (folder != null)
|
||||||
{
|
{
|
||||||
folder.Permissions = _permissions.GetPermissionString(EntityNames.Folder, folder.FolderId);
|
folder.Permissions = _permissions.GetPermissions(folder.SiteId, EntityNames.Folder, folder.FolderId)?.EncodePermissions();
|
||||||
}
|
}
|
||||||
return folder;
|
return folder;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -8,7 +8,6 @@ namespace Oqtane.Repository
|
||||||
IEnumerable<ModuleDefinition> GetModuleDefinitions();
|
IEnumerable<ModuleDefinition> GetModuleDefinitions();
|
||||||
IEnumerable<ModuleDefinition> GetModuleDefinitions(int siteId);
|
IEnumerable<ModuleDefinition> GetModuleDefinitions(int siteId);
|
||||||
ModuleDefinition GetModuleDefinition(int moduleDefinitionId, int siteId);
|
ModuleDefinition GetModuleDefinition(int moduleDefinitionId, int siteId);
|
||||||
ModuleDefinition GetModuleDefinition(int moduleDefinitionId, bool tracking);
|
|
||||||
void UpdateModuleDefinition(ModuleDefinition moduleDefinition);
|
void UpdateModuleDefinition(ModuleDefinition moduleDefinition);
|
||||||
void DeleteModuleDefinition(int moduleDefinitionId);
|
void DeleteModuleDefinition(int moduleDefinitionId);
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -8,13 +8,10 @@ namespace Oqtane.Repository
|
||||||
public interface IPermissionRepository
|
public interface IPermissionRepository
|
||||||
{
|
{
|
||||||
IEnumerable<Permission> GetPermissions(int siteId, string entityName);
|
IEnumerable<Permission> GetPermissions(int siteId, string entityName);
|
||||||
IEnumerable<Permission> GetPermissions(string entityName, int entityId);
|
IEnumerable<Permission> GetPermissions(int siteId, string entityName, string permissionName);
|
||||||
IEnumerable<Permission> GetPermissions(string entityName, int entityId, string permissionName);
|
IEnumerable<Permission> GetPermissions(int siteId, string entityName, int entityId);
|
||||||
|
IEnumerable<Permission> GetPermissions(int siteId, string entityName, int entityId, string permissionName);
|
||||||
string GetPermissionString(int siteId, string entityName);
|
|
||||||
string GetPermissionString(string entityName, int entityId);
|
|
||||||
string GetPermissionString(string entityName, int entityId, string permissionName);
|
|
||||||
|
|
||||||
Permission AddPermission(Permission permission);
|
Permission AddPermission(Permission permission);
|
||||||
Permission UpdatePermission(Permission permission);
|
Permission UpdatePermission(Permission permission);
|
||||||
void UpdatePermissions(int siteId, string entityName, int entityId, string permissionStrings);
|
void UpdatePermissions(int siteId, string entityName, int entityId, string permissionStrings);
|
||||||
|
|
|
||||||
|
|
@ -42,24 +42,6 @@ namespace Oqtane.Repository
|
||||||
return moduledefinitions.Find(item => item.ModuleDefinitionId == moduleDefinitionId);
|
return moduledefinitions.Find(item => item.ModuleDefinitionId == moduleDefinitionId);
|
||||||
}
|
}
|
||||||
|
|
||||||
public ModuleDefinition GetModuleDefinition(int moduleDefinitionId, bool tracking)
|
|
||||||
{
|
|
||||||
ModuleDefinition moduledefinition;
|
|
||||||
if (tracking)
|
|
||||||
{
|
|
||||||
moduledefinition = _db.ModuleDefinition.Find(moduleDefinitionId);
|
|
||||||
}
|
|
||||||
else
|
|
||||||
{
|
|
||||||
moduledefinition = _db.ModuleDefinition.AsNoTracking().FirstOrDefault(item => item.ModuleDefinitionId == moduleDefinitionId);
|
|
||||||
}
|
|
||||||
if (moduledefinition != null)
|
|
||||||
{
|
|
||||||
moduledefinition.Permissions = _permissions.GetPermissionString(EntityNames.ModuleDefinition, moduledefinition.ModuleDefinitionId);
|
|
||||||
}
|
|
||||||
return moduledefinition;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void UpdateModuleDefinition(ModuleDefinition moduleDefinition)
|
public void UpdateModuleDefinition(ModuleDefinition moduleDefinition)
|
||||||
{
|
{
|
||||||
_db.Entry(moduleDefinition).State = EntityState.Modified;
|
_db.Entry(moduleDefinition).State = EntityState.Modified;
|
||||||
|
|
|
||||||
|
|
@ -4,6 +4,7 @@ using System.Linq;
|
||||||
using System.Text.Json;
|
using System.Text.Json;
|
||||||
using Microsoft.EntityFrameworkCore;
|
using Microsoft.EntityFrameworkCore;
|
||||||
using Microsoft.Extensions.DependencyInjection;
|
using Microsoft.Extensions.DependencyInjection;
|
||||||
|
using Oqtane.Extensions;
|
||||||
using Oqtane.Models;
|
using Oqtane.Models;
|
||||||
using Oqtane.Modules;
|
using Oqtane.Modules;
|
||||||
using Oqtane.Shared;
|
using Oqtane.Shared;
|
||||||
|
|
@ -67,7 +68,7 @@ namespace Oqtane.Repository
|
||||||
}
|
}
|
||||||
if (module != null)
|
if (module != null)
|
||||||
{
|
{
|
||||||
module.Permissions = _permissions.GetPermissionString(EntityNames.Module, module.ModuleId);
|
module.Permissions = _permissions.GetPermissions(module.SiteId, EntityNames.Module, module.ModuleId)?.EncodePermissions();
|
||||||
}
|
}
|
||||||
return module;
|
return module;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -89,7 +89,7 @@ namespace Oqtane.Repository
|
||||||
}
|
}
|
||||||
if (pagemodule != null)
|
if (pagemodule != null)
|
||||||
{
|
{
|
||||||
pagemodule.Module.Permissions = _permissions.GetPermissionString(EntityNames.Module, pagemodule.ModuleId);
|
pagemodule.Module.Permissions = _permissions.GetPermissions(pagemodule.Module.SiteId, EntityNames.Module, pagemodule.ModuleId)?.EncodePermissions();
|
||||||
}
|
}
|
||||||
return pagemodule;
|
return pagemodule;
|
||||||
}
|
}
|
||||||
|
|
@ -100,7 +100,7 @@ namespace Oqtane.Repository
|
||||||
.SingleOrDefault(item => item.PageId == pageId && item.ModuleId == moduleId);
|
.SingleOrDefault(item => item.PageId == pageId && item.ModuleId == moduleId);
|
||||||
if (pagemodule != null)
|
if (pagemodule != null)
|
||||||
{
|
{
|
||||||
pagemodule.Module.Permissions = _permissions.GetPermissionString(EntityNames.Module, pagemodule.ModuleId);
|
pagemodule.Module.Permissions = _permissions.GetPermissions(pagemodule.Module.SiteId, EntityNames.Module, pagemodule.ModuleId)?.EncodePermissions();
|
||||||
}
|
}
|
||||||
return pagemodule;
|
return pagemodule;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -66,7 +66,7 @@ namespace Oqtane.Repository
|
||||||
}
|
}
|
||||||
if (page != null)
|
if (page != null)
|
||||||
{
|
{
|
||||||
page.Permissions = _permissions.GetPermissionString(EntityNames.Page, page.PageId);
|
page.Permissions = _permissions.GetPermissions(page.SiteId, EntityNames.Page, page.PageId)?.EncodePermissions();
|
||||||
}
|
}
|
||||||
return page;
|
return page;
|
||||||
}
|
}
|
||||||
|
|
@ -81,7 +81,7 @@ namespace Oqtane.Repository
|
||||||
{
|
{
|
||||||
page = personalized;
|
page = personalized;
|
||||||
}
|
}
|
||||||
page.Permissions = _permissions.GetPermissionString(EntityNames.Page, page.PageId);
|
page.Permissions = _permissions.GetPermissions(page.SiteId, EntityNames.Page, page.PageId)?.EncodePermissions();
|
||||||
}
|
}
|
||||||
return page;
|
return page;
|
||||||
}
|
}
|
||||||
|
|
@ -91,7 +91,7 @@ namespace Oqtane.Repository
|
||||||
Page page = _db.Page.FirstOrDefault(item => item.Path == path && item.SiteId == siteId);
|
Page page = _db.Page.FirstOrDefault(item => item.Path == path && item.SiteId == siteId);
|
||||||
if (page != null)
|
if (page != null)
|
||||||
{
|
{
|
||||||
page.Permissions = _permissions.GetPermissionString(EntityNames.Page, page.PageId);
|
page.Permissions = _permissions.GetPermissions(page.SiteId, EntityNames.Page, page.PageId)?.EncodePermissions();
|
||||||
}
|
}
|
||||||
return page;
|
return page;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -4,7 +4,6 @@ using System.Linq;
|
||||||
using System.Text;
|
using System.Text;
|
||||||
using System.Text.Json;
|
using System.Text.Json;
|
||||||
using Microsoft.EntityFrameworkCore;
|
using Microsoft.EntityFrameworkCore;
|
||||||
using Oqtane.Extensions;
|
|
||||||
using Oqtane.Models;
|
using Oqtane.Models;
|
||||||
using Microsoft.Extensions.Caching.Memory;
|
using Microsoft.Extensions.Caching.Memory;
|
||||||
using Oqtane.Infrastructure;
|
using Oqtane.Infrastructure;
|
||||||
|
|
@ -29,58 +28,44 @@ namespace Oqtane.Repository
|
||||||
public IEnumerable<Permission> GetPermissions(int siteId, string entityName)
|
public IEnumerable<Permission> GetPermissions(int siteId, string entityName)
|
||||||
{
|
{
|
||||||
var alias = _siteState?.Alias;
|
var alias = _siteState?.Alias;
|
||||||
if (alias != null && alias.SiteId != -1)
|
if (alias != null)
|
||||||
{
|
{
|
||||||
return _cache.GetOrCreate($"permissions:{alias.SiteKey}:{entityName}", entry =>
|
return _cache.GetOrCreate($"permissions:{alias.TenantId}:{siteId}:{entityName}", entry =>
|
||||||
{
|
{
|
||||||
entry.SlidingExpiration = TimeSpan.FromMinutes(30);
|
entry.SlidingExpiration = TimeSpan.FromMinutes(30);
|
||||||
return _db.Permission.Where(item => item.SiteId == alias.SiteId)
|
return _db.Permission.Where(item => item.SiteId == siteId)
|
||||||
.Where(item => item.EntityName == entityName)
|
.Where(item => item.EntityName == entityName)
|
||||||
.Include(item => item.Role).ToList(); // eager load roles
|
.Include(item => item.Role).ToList(); // eager load roles
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
else
|
return null;
|
||||||
{
|
|
||||||
return _db.Permission.Where(item => item.SiteId == siteId || siteId == -1)
|
|
||||||
.Where(item => item.EntityName == entityName)
|
|
||||||
.Include(item => item.Role).ToList(); // eager load roles
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public IEnumerable<Permission> GetPermissions(string entityName, int entityId)
|
public IEnumerable<Permission> GetPermissions(int siteId, string entityName, string permissionName)
|
||||||
{
|
{
|
||||||
var permissions = GetPermissions(-1, entityName);
|
var permissions = GetPermissions(siteId, entityName);
|
||||||
|
return permissions.Where(item => item.PermissionName == permissionName);
|
||||||
|
}
|
||||||
|
|
||||||
|
public IEnumerable<Permission> GetPermissions(int siteId, string entityName, int entityId)
|
||||||
|
{
|
||||||
|
var permissions = GetPermissions(siteId, entityName);
|
||||||
return permissions.Where(item => item.EntityId == entityId);
|
return permissions.Where(item => item.EntityId == entityId);
|
||||||
}
|
}
|
||||||
|
|
||||||
public IEnumerable<Permission> GetPermissions(string entityName, int entityId, string permissionName)
|
public IEnumerable<Permission> GetPermissions(int siteId, string entityName, int entityId, string permissionName)
|
||||||
{
|
{
|
||||||
var permissions = GetPermissions(-1, entityName);
|
var permissions = GetPermissions(siteId, entityName);
|
||||||
return permissions.Where(item => item.EntityId == entityId)
|
return permissions.Where(item => item.EntityId == entityId)
|
||||||
.Where(item => item.PermissionName == permissionName);
|
.Where(item => item.PermissionName == permissionName);
|
||||||
}
|
}
|
||||||
|
|
||||||
public string GetPermissionString(int siteId, string entityName)
|
|
||||||
{
|
|
||||||
return GetPermissions(siteId, entityName)?.EncodePermissions();
|
|
||||||
}
|
|
||||||
|
|
||||||
public string GetPermissionString(string entityName, int entityId)
|
|
||||||
{
|
|
||||||
return GetPermissions(entityName, entityId)?.EncodePermissions();
|
|
||||||
}
|
|
||||||
|
|
||||||
public string GetPermissionString(string entityName, int entityId, string permissionName)
|
|
||||||
{
|
|
||||||
return GetPermissions(entityName, entityId, permissionName)?.EncodePermissions();
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
public Permission AddPermission(Permission permission)
|
public Permission AddPermission(Permission permission)
|
||||||
{
|
{
|
||||||
_db.Permission.Add(permission);
|
_db.Permission.Add(permission);
|
||||||
_db.SaveChanges();
|
_db.SaveChanges();
|
||||||
ClearCache(permission.EntityName);
|
ClearCache(permission.SiteId, permission.EntityName);
|
||||||
return permission;
|
return permission;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -88,7 +73,7 @@ namespace Oqtane.Repository
|
||||||
{
|
{
|
||||||
_db.Entry(permission).State = EntityState.Modified;
|
_db.Entry(permission).State = EntityState.Modified;
|
||||||
_db.SaveChanges();
|
_db.SaveChanges();
|
||||||
ClearCache(permission.EntityName);
|
ClearCache(permission.SiteId, permission.EntityName);
|
||||||
return permission;
|
return permission;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -110,7 +95,7 @@ namespace Oqtane.Repository
|
||||||
_db.Permission.Add(permission);
|
_db.Permission.Add(permission);
|
||||||
}
|
}
|
||||||
_db.SaveChanges();
|
_db.SaveChanges();
|
||||||
ClearCache(entityName);
|
ClearCache(siteId, entityName);
|
||||||
}
|
}
|
||||||
|
|
||||||
public Permission GetPermission(int permissionId)
|
public Permission GetPermission(int permissionId)
|
||||||
|
|
@ -123,7 +108,7 @@ namespace Oqtane.Repository
|
||||||
Permission permission = _db.Permission.Find(permissionId);
|
Permission permission = _db.Permission.Find(permissionId);
|
||||||
_db.Permission.Remove(permission);
|
_db.Permission.Remove(permission);
|
||||||
_db.SaveChanges();
|
_db.SaveChanges();
|
||||||
ClearCache(permission.EntityName);
|
ClearCache(permission.SiteId, permission.EntityName);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void DeletePermissions(int siteId, string entityName, int entityId)
|
public void DeletePermissions(int siteId, string entityName, int entityId)
|
||||||
|
|
@ -137,15 +122,15 @@ namespace Oqtane.Repository
|
||||||
_db.Permission.Remove(permission);
|
_db.Permission.Remove(permission);
|
||||||
}
|
}
|
||||||
_db.SaveChanges();
|
_db.SaveChanges();
|
||||||
ClearCache(entityName);
|
ClearCache(siteId, entityName);
|
||||||
}
|
}
|
||||||
|
|
||||||
private void ClearCache(string entityName)
|
private void ClearCache(int siteId, string entityName)
|
||||||
{
|
{
|
||||||
var alias = _siteState?.Alias;
|
var alias = _siteState?.Alias;
|
||||||
if (alias != null && alias.SiteId != -1)
|
if (alias != null)
|
||||||
{
|
{
|
||||||
_cache.Remove($"permissions:{alias.SiteKey}:{entityName}");
|
_cache.Remove($"permissions:{alias.TenantId}:{siteId}:{entityName}");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -1,4 +1,4 @@
|
||||||
using System;
|
using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
using Microsoft.EntityFrameworkCore;
|
using Microsoft.EntityFrameworkCore;
|
||||||
|
|
@ -53,7 +53,7 @@ namespace Oqtane.Repository
|
||||||
|
|
||||||
public Tenant GetTenant(int tenantId)
|
public Tenant GetTenant(int tenantId)
|
||||||
{
|
{
|
||||||
return _db.Tenant.Find(tenantId);
|
return GetTenants().FirstOrDefault(item => item.TenantId == tenantId);
|
||||||
}
|
}
|
||||||
|
|
||||||
public void DeleteTenant(int tenantId)
|
public void DeleteTenant(int tenantId)
|
||||||
|
|
|
||||||
|
|
@ -2,6 +2,7 @@ using System.Threading.Tasks;
|
||||||
using Microsoft.AspNetCore.Authorization;
|
using Microsoft.AspNetCore.Authorization;
|
||||||
using Microsoft.AspNetCore.Http;
|
using Microsoft.AspNetCore.Http;
|
||||||
using Oqtane.Enums;
|
using Oqtane.Enums;
|
||||||
|
using Oqtane.Extensions;
|
||||||
using Oqtane.Infrastructure;
|
using Oqtane.Infrastructure;
|
||||||
using Oqtane.Shared;
|
using Oqtane.Shared;
|
||||||
|
|
||||||
|
|
@ -9,24 +10,30 @@ namespace Oqtane.Security
|
||||||
{
|
{
|
||||||
public class PermissionHandler : AuthorizationHandler<PermissionRequirement>
|
public class PermissionHandler : AuthorizationHandler<PermissionRequirement>
|
||||||
{
|
{
|
||||||
private readonly IHttpContextAccessor _httpContextAccessor;
|
private readonly IHttpContextAccessor _accessor;
|
||||||
private readonly IUserPermissions _userPermissions;
|
private readonly IUserPermissions _userPermissions;
|
||||||
private readonly ILogManager _logger;
|
private readonly ILogManager _logger;
|
||||||
|
|
||||||
public PermissionHandler(IHttpContextAccessor httpContextAccessor, IUserPermissions userPermissions, ILogManager logger)
|
public PermissionHandler(IHttpContextAccessor accessor, IUserPermissions userPermissions, ILogManager logger)
|
||||||
{
|
{
|
||||||
_httpContextAccessor = httpContextAccessor;
|
_accessor = accessor;
|
||||||
_userPermissions = userPermissions;
|
_userPermissions = userPermissions;
|
||||||
_logger = logger;
|
_logger = logger;
|
||||||
}
|
}
|
||||||
|
|
||||||
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement)
|
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement)
|
||||||
{
|
{
|
||||||
// permission is scoped based on entitynames and ids passed as querystring parameters
|
// permission is scoped based on entity name and in some cases entity id
|
||||||
var ctx = _httpContextAccessor.HttpContext;
|
var ctx = _accessor.HttpContext;
|
||||||
if (ctx != null)
|
if (ctx != null)
|
||||||
{
|
{
|
||||||
// get entityid based on a parameter format of auth{entityname}id (ie. authmoduleid )
|
int siteId = -1;
|
||||||
|
if (ctx.GetAlias() != null)
|
||||||
|
{
|
||||||
|
siteId = ctx.GetAlias().SiteId;
|
||||||
|
}
|
||||||
|
|
||||||
|
// get entityid from querystring based on a parameter format of auth{entityname}id (ie. authmoduleid )
|
||||||
int entityId = -1;
|
int entityId = -1;
|
||||||
if (ctx.Request.Query.ContainsKey("auth" + requirement.EntityName.ToLower() + "id"))
|
if (ctx.Request.Query.ContainsKey("auth" + requirement.EntityName.ToLower() + "id"))
|
||||||
{
|
{
|
||||||
|
|
@ -36,7 +43,7 @@ namespace Oqtane.Security
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// legacy support
|
// legacy support for deprecated CreateAuthorizationPolicyUrl(string url, int entityId)
|
||||||
if (entityId == -1)
|
if (entityId == -1)
|
||||||
{
|
{
|
||||||
if (ctx.Request.Query.ContainsKey("entityid"))
|
if (ctx.Request.Query.ContainsKey("entityid"))
|
||||||
|
|
@ -49,13 +56,20 @@ namespace Oqtane.Security
|
||||||
}
|
}
|
||||||
|
|
||||||
// validate permissions
|
// validate permissions
|
||||||
if (entityId != -1 && _userPermissions.IsAuthorized(context.User, requirement.EntityName, entityId, requirement.PermissionName))
|
if (_userPermissions.IsAuthorized(context.User, siteId, requirement.EntityName, entityId, requirement.PermissionName))
|
||||||
{
|
{
|
||||||
context.Succeed(requirement);
|
context.Succeed(requirement);
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
_logger.Log(LogLevel.Error, this, LogFunction.Security, "User {User} Does Not Have {PermissionName} Permission For {EntityName}:{EntityId}", context.User, requirement.PermissionName, requirement.EntityName, entityId);
|
if (entityId == -1)
|
||||||
|
{
|
||||||
|
_logger.Log(LogLevel.Error, this, LogFunction.Security, "User {User} Does Not Have {PermissionName} Permission For {EntityName} Entity", context.User.Identity.Name, requirement.PermissionName, requirement.EntityName);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
_logger.Log(LogLevel.Error, this, LogFunction.Security, "User {User} Does Not Have {PermissionName} Permission For {EntityName} Entity With ID {EntityId}", context.User.Identity.Name, requirement.PermissionName, requirement.EntityName, entityId);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
return Task.CompletedTask;
|
return Task.CompletedTask;
|
||||||
|
|
|
||||||
|
|
@ -3,15 +3,20 @@ using Oqtane.Models;
|
||||||
using System.Linq;
|
using System.Linq;
|
||||||
using System.Security.Claims;
|
using System.Security.Claims;
|
||||||
using Oqtane.Repository;
|
using Oqtane.Repository;
|
||||||
|
using Oqtane.Extensions;
|
||||||
|
using System;
|
||||||
|
|
||||||
namespace Oqtane.Security
|
namespace Oqtane.Security
|
||||||
{
|
{
|
||||||
public interface IUserPermissions
|
public interface IUserPermissions
|
||||||
{
|
{
|
||||||
bool IsAuthorized(ClaimsPrincipal user, string entityName, int entityId, string permissionName);
|
bool IsAuthorized(ClaimsPrincipal user, int siteId, string entityName, int entityId, string permissionName);
|
||||||
bool IsAuthorized(ClaimsPrincipal user, string permissionName, string permissions);
|
bool IsAuthorized(ClaimsPrincipal user, string permissionName, string permissions);
|
||||||
User GetUser(ClaimsPrincipal user);
|
User GetUser(ClaimsPrincipal user);
|
||||||
User GetUser();
|
User GetUser();
|
||||||
|
|
||||||
|
[Obsolete("IsAuthorized(ClaimsPrincipal principal, string entityName, int entityId, string permissionName) is deprecated. Use IsAuthorized(ClaimsPrincipal principal, int siteId, string entityName, int entityId, string permissionName) instead.", false)]
|
||||||
|
bool IsAuthorized(ClaimsPrincipal user, string entityName, int entityId, string permissionName);
|
||||||
}
|
}
|
||||||
|
|
||||||
public class UserPermissions : IUserPermissions
|
public class UserPermissions : IUserPermissions
|
||||||
|
|
@ -25,9 +30,9 @@ namespace Oqtane.Security
|
||||||
_accessor = accessor;
|
_accessor = accessor;
|
||||||
}
|
}
|
||||||
|
|
||||||
public bool IsAuthorized(ClaimsPrincipal principal, string entityName, int entityId, string permissionName)
|
public bool IsAuthorized(ClaimsPrincipal principal, int siteId, string entityName, int entityId, string permissionName)
|
||||||
{
|
{
|
||||||
return IsAuthorized(principal, permissionName, _permissions.GetPermissionString(entityName, entityId, permissionName));
|
return IsAuthorized(principal, permissionName, _permissions.GetPermissions(siteId, entityName, entityId, permissionName)?.EncodePermissions());
|
||||||
}
|
}
|
||||||
|
|
||||||
public bool IsAuthorized(ClaimsPrincipal principal, string permissionName, string permissions)
|
public bool IsAuthorized(ClaimsPrincipal principal, string permissionName, string permissions)
|
||||||
|
|
@ -73,5 +78,11 @@ namespace Oqtane.Security
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// deprecated
|
||||||
|
public bool IsAuthorized(ClaimsPrincipal principal, string entityName, int entityId, string permissionName)
|
||||||
|
{
|
||||||
|
return IsAuthorized(principal, permissionName, _permissions.GetPermissions(_accessor.HttpContext.GetAlias().SiteId, entityName, entityId, permissionName)?.EncodePermissions());
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user