Diplomarbeit-Absolventenverein/oqtane.framework-not-mirrored
Archived
9
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add support for IsPublic to all Setting types, enable Url Mapping for internal links

Browse Source
This commit is contained in:
Shaun Walker 2021-12-18 10:35:22 -05:00
parent e22606ae79
commit 6a2ff369ea
15 changed files with 329 additions and 259 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
Oqtane.Client/Modules/Admin/Site/Index.razor
View File

@ -476,12 +476,12 @@
site = await SiteService.UpdateSiteAsync(site);
var settings = await SettingService.GetSiteSettingsAsync(site.SiteId);
SettingService.SetSetting(settings, "SMTPHost", _smtphost);
SettingService.SetSetting(settings, "SMTPPort", _smtpport);
SettingService.SetSetting(settings, "SMTPSSL", _smtpssl);
SettingService.SetSetting(settings, "SMTPUsername", _smtpusername);
SettingService.SetSetting(settings, "SMTPPassword", _smtppassword);
SettingService.SetSetting(settings, "SMTPSender", _smtpsender);
SettingService.SetSetting(settings, "SMTPHost", _smtphost, false);
SettingService.SetSetting(settings, "SMTPPort", _smtpport, false);
SettingService.SetSetting(settings, "SMTPSSL", _smtpssl, false);
SettingService.SetSetting(settings, "SMTPUsername", _smtpusername, false);
SettingService.SetSetting(settings, "SMTPPassword", _smtppassword, false);
SettingService.SetSetting(settings, "SMTPSender", _smtpsender, false);
await SettingService.UpdateSiteSettingsAsync(settings, site.SiteId);
if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))

9
Oqtane.Client/Modules/Admin/UrlMappings/Index.razor
View File

@ -40,10 +40,10 @@ else
<td><ActionLink Action="Edit" Parameters="@($"id=" + context.UrlMappingId.ToString())" ResourceKey="Edit" /></td>
<td><ActionDialog Header="Delete Url Mapping" Message="@string.Format(Localizer["Confirm.DeleteUrlMapping"], context.Url)" Action="Delete" Security="SecurityAccessLevel.Admin" Class="btn btn-danger" OnClick="@(async () => await DeleteUrlMapping(context))" ResourceKey="DeleteUrlMapping" /></td>
<td>
<a href="" onclick="@(() => BrowseUrl(context.Url))">@context.Url</a>
<a href="@context.Url">@context.Url</a>
@if (_mapped)
{
@((MarkupString)"<br />&gt;&gt;&nbsp;")<a href="" onclick="@(() => BrowseUrl(context.MappedUrl))">@context.MappedUrl</a>
@((MarkupString)"<br />&gt;&gt;&nbsp;")<a href="@context.MappedUrl">@context.MappedUrl</a>
}
</td>
<td>@context.Requests</td>
@ -96,11 +96,6 @@ else
}
}
private void BrowseUrl(string url)
{
NavigationManager.NavigateTo(url, true);
}
private async Task DeleteUrlMapping(UrlMapping urlMapping)
{
try

8
Oqtane.Client/Services/Interfaces/IUrlMappingService.cs
View File

@ -24,6 +24,14 @@ namespace Oqtane.Services
/// <returns></returns>
Task<UrlMapping> GetUrlMappingAsync(int urlMappingId);
/// <summary>
/// Get one specific <see cref="UrlMapping"/>
/// </summary>
/// <param name="siteId">ID-reference of a <see cref="Site"/></param>
/// <param name="url">A url</param>
/// <returns></returns>
Task<UrlMapping> GetUrlMappingAsync(int siteId, string url);
/// <summary>
/// Add / save a new <see cref="UrlMapping"/> to the database.
/// </summary>

25
Oqtane.Client/Services/SettingService.cs
View File

@ -131,22 +131,13 @@ namespace Oqtane.Services
foreach (KeyValuePair<string, string> kvp in settings)
{
string value = kvp.Value;
bool ispublic = false;
if (value.StartsWith("[Public]"))
{
switch (entityName)
{
case EntityNames.Site:
case EntityNames.ModuleDefinition:
ispublic = true;
break;
default:
ispublic = false;
break;
}
value = value.Substring(8); // remove [Public]
}
bool ispublic = true;
if (value.StartsWith("[Private]"))
{
value = value.Substring(9); // remove [Private]
ispublic = false;
}
Setting setting = settingsList.FirstOrDefault(item => item.SettingName.Equals(kvp.Key, StringComparison.OrdinalIgnoreCase));
if (setting == null)
@ -205,7 +196,7 @@ namespace Oqtane.Services
public Dictionary<string, string> SetSetting(Dictionary<string, string> settings, string settingName, string settingValue)
{
return SetSetting(settings, settingName, settingValue, false);
return SetSetting(settings, settingName, settingValue, true);
}
public Dictionary<string, string> SetSetting(Dictionary<string, string> settings, string settingName, string settingValue, bool isPublic)
@ -214,7 +205,7 @@ namespace Oqtane.Services
{
settings = new Dictionary<string, string>();
}
settingValue = (isPublic) ? "[Public]" + settingValue : settingValue;
settingValue = (isPublic) ? settingValue : "[Private]" + settingValue;
if (settings.ContainsKey(settingName))
{
settings[settingName] = settingValue;

6
Oqtane.Client/Services/UrlMappingService.cs
View File

@ -5,6 +5,7 @@ using System.Linq;
using System.Collections.Generic;
using Oqtane.Documentation;
using Oqtane.Shared;
using System.Net;
namespace Oqtane.Services
{
@ -33,6 +34,11 @@ namespace Oqtane.Services
return await GetJsonAsync<UrlMapping>($"{Apiurl}/{urlMappingId}");
}
public async Task<UrlMapping> GetUrlMappingAsync(int siteId, string url)
{
return await GetJsonAsync<UrlMapping>($"{Apiurl}/url/{siteId}?url={WebUtility.UrlEncode(url)}");
}
public async Task<UrlMapping> AddUrlMappingAsync(UrlMapping role)
{
return await PostJsonAsync<UrlMapping>(Apiurl, role);

263
Oqtane.Client/UI/SiteRouter.razor
View File

@ -9,6 +9,7 @@
@inject IPageService PageService
@inject IUserService UserService
@inject IModuleService ModuleService
@inject IUrlMappingService UrlMappingService
@inject ILogService LogService
@implements IHandleAfterRender
@ -83,133 +84,133 @@
var querystring = ParseQueryString(route.Query);
// reload the client application if there is a forced reload or the user navigated to a site with a different alias
if (querystring.ContainsKey("reload") || (!route.AbsolutePath.Substring(1).ToLower().StartsWith(SiteState.Alias.Path.ToLower()) && !string.IsNullOrEmpty(SiteState.Alias.Path)))
{
NavigationManager.NavigateTo(_absoluteUri.Replace("?reload", ""), true);
return;
}
else
{
// the refresh parameter is used to refresh the PageState
if (querystring.ContainsKey("refresh"))
{
refresh = UI.Refresh.Site;
}
}
if (querystring.ContainsKey("reload") || (!route.AbsolutePath.Substring(1).ToLower().StartsWith(SiteState.Alias.Path.ToLower()) && !string.IsNullOrEmpty(SiteState.Alias.Path)))
{
NavigationManager.NavigateTo(_absoluteUri.Replace("?reload", ""), true);
return;
}
else
{
// the refresh parameter is used to refresh the PageState
if (querystring.ContainsKey("refresh"))
{
refresh = UI.Refresh.Site;
}
}
if (PageState != null)
{
editmode = PageState.EditMode;
lastsyncdate = PageState.LastSyncDate;
}
if (PageState != null)
{
editmode = PageState.EditMode;
lastsyncdate = PageState.LastSyncDate;
}
// process any sync events
var sync = await SyncService.GetSyncAsync(lastsyncdate);
lastsyncdate = sync.SyncDate;
if (sync.SyncEvents.Any())
{
// reload client application if server was restarted or site runtime/rendermode was modified
if (PageState != null && sync.SyncEvents.Exists(item => (item.TenantId == -1 || item.EntityName == EntityNames.Site && item.EntityId == SiteState.Alias.SiteId) && item.Reload))
{
NavigationManager.NavigateTo(_absoluteUri, true);
return;
}
if (sync.SyncEvents.Exists(item => item.EntityName == EntityNames.Site && item.EntityId == SiteState.Alias.SiteId))
{
refresh = UI.Refresh.Site;
}
}
var sync = await SyncService.GetSyncAsync(lastsyncdate);
lastsyncdate = sync.SyncDate;
if (sync.SyncEvents.Any())
{
// reload client application if server was restarted or site runtime/rendermode was modified
if (PageState != null && sync.SyncEvents.Exists(item => (item.TenantId == -1 || item.EntityName == EntityNames.Site && item.EntityId == SiteState.Alias.SiteId) && item.Reload))
{
NavigationManager.NavigateTo(_absoluteUri, true);
return;
}
if (sync.SyncEvents.Exists(item => item.EntityName == EntityNames.Site && item.EntityId == SiteState.Alias.SiteId))
{
refresh = UI.Refresh.Site;
}
}
if (refresh == UI.Refresh.Site || PageState == null || PageState.Alias.SiteId != SiteState.Alias.SiteId)
{
site = await SiteService.GetSiteAsync(SiteState.Alias.SiteId);
refresh = UI.Refresh.Site;
}
else
{
site = PageState.Site;
}
if (refresh == UI.Refresh.Site || PageState == null || PageState.Alias.SiteId != SiteState.Alias.SiteId)
{
site = await SiteService.GetSiteAsync(SiteState.Alias.SiteId);
refresh = UI.Refresh.Site;
}
else
{
site = PageState.Site;
}
if (site != null)
{
if (PageState == null || refresh == UI.Refresh.Site)
{
// get user
var authState = await AuthenticationStateProvider.GetAuthenticationStateAsync();
if (authState.User.Identity.IsAuthenticated)
{
user = await UserService.GetUserAsync(authState.User.Identity.Name, site.SiteId);
user.IsAuthenticated = authState.User.Identity.IsAuthenticated;
}
}
else
{
user = PageState.User;
}
if (site != null)
{
if (PageState == null || refresh == UI.Refresh.Site)
{
// get user
var authState = await AuthenticationStateProvider.GetAuthenticationStateAsync();
if (authState.User.Identity.IsAuthenticated)
{
user = await UserService.GetUserAsync(authState.User.Identity.Name, site.SiteId);
user.IsAuthenticated = authState.User.Identity.IsAuthenticated;
}
}
else
{
user = PageState.User;
}
// process any sync events for user
if (refresh != UI.Refresh.Site && user != null && sync.SyncEvents.Any())
{
if (sync.SyncEvents.Exists(item => item.EntityName == EntityNames.User && item.EntityId == user.UserId))
{
refresh = UI.Refresh.Site;
}
}
// process any sync events for user
if (refresh != UI.Refresh.Site && user != null && sync.SyncEvents.Any())
{
if (sync.SyncEvents.Exists(item => item.EntityName == EntityNames.User && item.EntityId == user.UserId))
{
refresh = UI.Refresh.Site;
}
}
if (PageState == null || refresh == UI.Refresh.Site)
{
pages = await PageService.GetPagesAsync(site.SiteId);
}
else
{
pages = PageState.Pages;
}
if (PageState == null || refresh == UI.Refresh.Site)
{
pages = await PageService.GetPagesAsync(site.SiteId);
}
else
{
pages = PageState.Pages;
}
if (PageState == null || refresh == UI.Refresh.Site)
{
page = pages.FirstOrDefault(item => item.Path.Equals(route.PagePath, StringComparison.OrdinalIgnoreCase));
}
else
{
page = PageState.Page;
}
if (PageState == null || refresh == UI.Refresh.Site)
{
page = pages.FirstOrDefault(item => item.Path.Equals(route.PagePath, StringComparison.OrdinalIgnoreCase));
}
else
{
page = PageState.Page;
}
// get the page if the path has changed
if (page == null || page.Path != route.PagePath)
{
page = pages.FirstOrDefault(item => item.Path.Equals(route.PagePath, StringComparison.OrdinalIgnoreCase));
// get the page if the path has changed
if (page == null || page.Path != route.PagePath)
{
page = pages.FirstOrDefault(item => item.Path.Equals(route.PagePath, StringComparison.OrdinalIgnoreCase));
// if the home page path does not exist then use the first page in the collection (a future enhancement would allow the admin to specify the home page)
if (page == null && route.PagePath == "")
{
page = pages.FirstOrDefault();
}
editmode = false;
}
editmode = false;
}
if (page != null)
{
if (PageState == null)
{
editmode = false;
}
if (page != null)
{
if (PageState == null)
{
editmode = false;
}
// check if user is authorized to view page
if (UserSecurity.IsAuthorized(user, PermissionNames.View, page.Permissions))
{
page = await ProcessPage(page, site, user);
// check if user is authorized to view page
if (UserSecurity.IsAuthorized(user, PermissionNames.View, page.Permissions))
{
page = await ProcessPage(page, site, user);
if (PageState == null || refresh == UI.Refresh.Site)
{
modules = await ModuleService.GetModulesAsync(site.SiteId);
}
else
{
modules = PageState.Modules;
}
if (PageState == null || refresh == UI.Refresh.Site)
{
modules = await ModuleService.GetModulesAsync(site.SiteId);
}
else
{
modules = PageState.Modules;
}
(page, modules) = ProcessModules(page, modules, moduleid, action, (!string.IsNullOrEmpty(page.DefaultContainerType)) ? page.DefaultContainerType : site.DefaultContainerType);
(page, modules) = ProcessModules(page, modules, moduleid, action, (!string.IsNullOrEmpty(page.DefaultContainerType)) ? page.DefaultContainerType : site.DefaultContainerType);
_pagestate = new PageState
_pagestate = new PageState
{
Alias = SiteState.Alias,
Site = site,
@ -228,25 +229,33 @@
VisitorId = VisitorId
};
OnStateChange?.Invoke(_pagestate);
}
}
else
{
if (user == null)
{
// redirect to login page
NavigationManager.NavigateTo(Utilities.NavigateUrl(SiteState.Alias.Path, "login", "?returnurl=" + route.AbsolutePath));
}
else
{
await LogService.Log(null, null, user.UserId, GetType().AssemblyQualifiedName, Utilities.GetTypeNameLastSegment(GetType().AssemblyQualifiedName, 1), LogFunction.Security, LogLevel.Error, null, "Page Does Not Exist Or User Is Not Authorized To View Page {Path}", route.PagePath);
if (route.PagePath != "")
{
// redirect to home page
NavigationManager.NavigateTo(Utilities.NavigateUrl(SiteState.Alias.Path, "", ""));
}
}
OnStateChange?.Invoke(_pagestate);
}
}
else // page not found
{
var urlMapping = await UrlMappingService.GetUrlMappingAsync(site.SiteId, route.SiteUrl + "/" + route.PagePath);
if (urlMapping != null && !string.IsNullOrEmpty(urlMapping.MappedUrl))
{
NavigationManager.NavigateTo(urlMapping.MappedUrl, false);
}
else // not mapped
{
if (user == null)
{
// redirect to login page if user not logged in as they may need to be authenticated
NavigationManager.NavigateTo(Utilities.NavigateUrl(SiteState.Alias.Path, "login", "?returnurl=" + route.AbsolutePath));
}
else
{
await LogService.Log(null, null, user.UserId, GetType().AssemblyQualifiedName, Utilities.GetTypeNameLastSegment(GetType().AssemblyQualifiedName, 1), LogFunction.Security, LogLevel.Error, null, "Page Does Not Exist Or User Is Not Authorized To View Page {Path}", route.PagePath);
if (route.PagePath != "")
{
// redirect to home page
NavigationManager.NavigateTo(Utilities.NavigateUrl(SiteState.Alias.Path, "", ""));
}
}
}
}
}
else

4
Oqtane.Server/Controllers/ModuleController.cs
View File

@ -75,6 +75,7 @@ namespace Oqtane.Controllers
module.ModuleDefinition = moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName);
module.Settings = settings.Where(item => item.EntityId == pagemodule.ModuleId)
.Where(item => item.IsPublic || _userPermissions.IsAuthorized(User, PermissionNames.Edit, pagemodule.Module.Permissions))
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
modules.Add(module);
@ -101,7 +102,8 @@ namespace Oqtane.Controllers
List<ModuleDefinition> moduledefinitions = _moduleDefinitions.GetModuleDefinitions(module.SiteId).ToList();
module.ModuleDefinition = moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName);
module.Settings = _settings.GetSettings(EntityNames.Module, id)
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
.Where(item => item.IsPublic || _userPermissions.IsAuthorized(User, PermissionNames.Edit, module.Permissions))
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
return module;
}
else

28
Oqtane.Server/Controllers/PageController.cs
View File

@ -57,6 +57,7 @@ namespace Oqtane.Controllers
if (_userPermissions.IsAuthorized(User, PermissionNames.View, page.Permissions))
{
page.Settings = settings.Where(item => item.EntityId == page.PageId)
.Where(item => item.IsPublic || _userPermissions.IsAuthorized(User, PermissionNames.Edit, page.Permissions))
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
pages.Add(page);
}
@ -85,15 +86,16 @@ namespace Oqtane.Controllers
{
page = _pages.GetPage(id, int.Parse(userid));
}
if (_userPermissions.IsAuthorized(User,PermissionNames.View, page.Permissions))
if (page != null && page.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User,PermissionNames.View, page.Permissions))
{
page.Settings = _settings.GetSettings(EntityNames.Page, page.PageId)
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
.Where(item => item.IsPublic || _userPermissions.IsAuthorized(User, PermissionNames.Edit, page.Permissions))
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
return page;
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Page Get Attempt {Page}", page);
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Page Get Attempt {PageId} {UserId}", id, userid);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return null;
}
@ -104,24 +106,16 @@ namespace Oqtane.Controllers
public Page Get(string path, int siteid)
{
Page page = _pages.GetPage(WebUtility.UrlDecode(path), siteid);
if (page != null && page.SiteId == _alias.SiteId)
if (page != null && page.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, page.Permissions))
{
if (_userPermissions.IsAuthorized(User,PermissionNames.View, page.Permissions))
{
page.Settings = _settings.GetSettings(EntityNames.Page, page.PageId)
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
return page;
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Page Get Attempt {Page}", page);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return null;
}
page.Settings = _settings.GetSettings(EntityNames.Page, page.PageId)
.Where(item => item.IsPublic || _userPermissions.IsAuthorized(User, PermissionNames.Edit, page.Permissions))
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
return page;
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Page Get Attempt {Path} for Site {SiteId}", path, siteid);
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Page Get Attempt {SiteId} {Path}", siteid, path);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return null;
}

105
Oqtane.Server/Controllers/SettingController.cs
View File

@ -20,6 +20,7 @@ namespace Oqtane.Controllers
private readonly ISyncManager _syncManager;
private readonly ILogManager _logger;
private readonly Alias _alias;
private readonly string _visitorCookie;
public SettingController(ISettingRepository settings, IPageModuleRepository pageModules, IUserPermissions userPermissions, ITenantManager tenantManager, ISyncManager syncManager, ILogManager logger)
{
@ -29,39 +30,25 @@ namespace Oqtane.Controllers
_syncManager = syncManager;
_logger = logger;
_alias = tenantManager.GetAlias();
_visitorCookie = "APP_VISITOR_" + _alias.SiteId.ToString();
}
// GET: api/<controller>
[HttpGet]
public IEnumerable<Setting> Get(string entityName, int entityid)
public IEnumerable<Setting> Get(string entityName, int entityId)
{
List<Setting> settings = new List<Setting>();
if (IsAuthorized(entityName, entityid, PermissionNames.View))
if (IsAuthorized(entityName, entityId, PermissionNames.View))
{
settings = _settings.GetSettings(entityName, entityid).ToList();
// ispublic filter
switch (entityName)
settings = _settings.GetSettings(entityName, entityId).ToList();
if (FilterPublic(entityName, entityId))
{
case EntityNames.Tenant:
case EntityNames.ModuleDefinition:
case EntityNames.Host:
if (!User.IsInRole(RoleNames.Host))
{
settings = settings.Where(item => item.IsPublic).ToList();
}
break;
case EntityNames.Site:
if (!User.IsInRole(RoleNames.Admin))
{
settings = settings.Where(item => item.IsPublic).ToList();
}
break;
settings = settings.Where(item => item.IsPublic).ToList();
}
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Settings {EntityName} {EntityId}", entityName, entityid);
_logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Settings {EntityName} {EntityId}", entityName, entityId);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
return settings;
@ -74,30 +61,15 @@ namespace Oqtane.Controllers
Setting setting = _settings.GetSetting(entityName, id);
if (IsAuthorized(setting.EntityName, setting.EntityId, PermissionNames.View))
{
// ispublic filter
switch (entityName)
if (FilterPublic(entityName, id) && !setting.IsPublic)
{
case EntityNames.Tenant:
case EntityNames.ModuleDefinition:
case EntityNames.Host:
if (!User.IsInRole(RoleNames.Host) && !setting.IsPublic)
{
setting = null;
}
break;
case EntityNames.Site:
if (!User.IsInRole(RoleNames.Admin) && !setting.IsPublic)
{
setting = null;
}
break;
setting = null;
}
return setting;
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Setting {Setting}", setting);
_logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Setting {EntityName} {SettingId}", entityName, id);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return null;
}
@ -204,20 +176,67 @@ namespace Oqtane.Controllers
}
break;
case EntityNames.Visitor:
var visitorCookie = "APP_VISITOR_" + _alias.SiteId.ToString();
if (int.TryParse(Request.Cookies[visitorCookie], out int visitorId))
authorized = User.IsInRole(RoleNames.Admin);
if (!authorized)
{
authorized = (visitorId == entityId);
if (int.TryParse(Request.Cookies[_visitorCookie], out int visitorId))
{
authorized = (visitorId == entityId);
}
}
break;
default: // custom entity
if (permissionName == PermissionNames.Edit)
{
authorized = User.IsInRole(RoleNames.Admin);
}
else
{
authorized = User.IsInRole(RoleNames.Admin);
authorized = true;
}
break;
}
return authorized;
}
private bool FilterPublic(string entityName, int entityId)
{
bool filter = false;
switch (entityName)
{
case EntityNames.Tenant:
case EntityNames.ModuleDefinition:
case EntityNames.Host:
filter = !User.IsInRole(RoleNames.Host);
break;
case EntityNames.Site:
filter = !User.IsInRole(RoleNames.Admin);
break;
case EntityNames.Page:
case EntityNames.Module:
case EntityNames.Folder:
filter = !_userPermissions.IsAuthorized(User, entityName, entityId, PermissionNames.Edit);
break;
case EntityNames.User:
filter = !User.IsInRole(RoleNames.Admin) && _userPermissions.GetUser(User).UserId != entityId;
break;
case EntityNames.Visitor:
if (!User.IsInRole(RoleNames.Admin))
{
filter = true;
if (int.TryParse(Request.Cookies[_visitorCookie], out int visitorId))
{
filter = (visitorId != entityId);
}
}
break;
default: // custom entity
filter = !User.IsInRole(RoleNames.Admin);
break;
}
return filter;
}
private void AddSyncEvent(string EntityName)
{
switch (EntityName)

9
Oqtane.Server/Controllers/SiteController.cs
View File

@ -44,12 +44,9 @@ namespace Oqtane.Controllers
var site = _sites.GetSite(id);
if (site.SiteId == _alias.SiteId)
{
var settings = _settings.GetSettings(EntityNames.Site, site.SiteId);
if (!User.IsInRole(RoleNames.Admin))
{
settings = settings.Where(item => item.IsPublic);
}
site.Settings = settings.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
site.Settings = _settings.GetSettings(EntityNames.Site, site.SiteId)
.Where(item => item.IsPublic || User.IsInRole(RoleNames.Admin))
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
return site;
}
else

19
Oqtane.Server/Controllers/UrlMappingController.cs
View File

@ -48,7 +48,7 @@ namespace Oqtane.Controllers
public UrlMapping Get(int id)
{
var urlMapping = _urlMappings.GetUrlMapping(id);
if (urlMapping != null && (urlMapping.SiteId == _alias.SiteId))
if (urlMapping != null && urlMapping.SiteId == _alias.SiteId)
{
return urlMapping;
}
@ -60,6 +60,23 @@ namespace Oqtane.Controllers
}
}
// GET api/<controller>/url/x?url=y
[HttpGet("url/{siteid}")]
public UrlMapping Get(int siteid, string url)
{
var urlMapping = _urlMappings.GetUrlMapping(siteid, WebUtility.UrlDecode(url));
if (urlMapping != null && urlMapping.SiteId == _alias.SiteId)
{
return urlMapping;
}
else
{
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized UrlMapping Get Attempt {SiteId} {Url}", siteid, url);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
return null;
}
}
// POST api/<controller>
[HttpPost]
[Authorize(Roles = RoleNames.Admin)]

15
Oqtane.Server/Controllers/VisitorController.cs
View File

@ -47,15 +47,14 @@ namespace Oqtane.Controllers
[HttpGet("{id}")]
public Visitor Get(int id)
{
bool authorized;
var visitorCookie = "APP_VISITOR_" + _alias.SiteId.ToString();
if (int.TryParse(Request.Cookies[visitorCookie], out int visitorId))
bool authorized = User.IsInRole(RoleNames.Admin);
if (!authorized)
{
authorized = (visitorId == id);
}
else
{
authorized = User.IsInRole(RoleNames.Admin);
var visitorCookie = "APP_VISITOR_" + _alias.SiteId.ToString();
if (int.TryParse(Request.Cookies[visitorCookie], out int visitorId))
{
authorized = (visitorId == id);
}
}
var visitor = _visitors.GetVisitor(id);

30
Oqtane.Server/Migrations/Tenant/03000201_UpdateSettingIsPublic.cs Normal file
View File

@ -0,0 +1,30 @@
using Microsoft.EntityFrameworkCore.Infrastructure;
using Microsoft.EntityFrameworkCore.Migrations;
using Oqtane.Databases.Interfaces;
using Oqtane.Migrations.EntityBuilders;
using Oqtane.Repository;
using Oqtane.Shared;
namespace Oqtane.Migrations.Tenant
{
[DbContext(typeof(TenantDBContext))]
[Migration("Tenant.03.00.02.01")]
public class UpdateSettingIsPublic : MultiDatabaseMigration
{
public UpdateSettingIsPublic(IDatabase database) : base(database)
{
}
protected override void Up(MigrationBuilder migrationBuilder)
{
var settingEntityBuilder = new SettingEntityBuilder(migrationBuilder, ActiveDatabase);
settingEntityBuilder.UpdateColumn("IsPublic", "1", "bool", "SettingName NOT LIKE 'SMTP%'");
}
protected override void Down(MigrationBuilder migrationBuilder)
{
var settingEntityBuilder = new SettingEntityBuilder(migrationBuilder, ActiveDatabase);
settingEntityBuilder.UpdateColumn("IsPublic", "0", "bool", "SettingName NOT LIKE 'SMTP%'");
}
}
}

25
Oqtane.Server/Pages/_Host.cshtml.cs
View File

@ -130,30 +130,9 @@ namespace Oqtane.Pages
// page does not exist
var url = route.SiteUrl + "/" + route.PagePath;
var urlMapping = _urlMappings.GetUrlMapping(site.SiteId, url);
if (urlMapping == null)
if (urlMapping != null && !string.IsNullOrEmpty(urlMapping.MappedUrl))
{
if (site.CaptureBrokenUrls)
{
urlMapping = new UrlMapping();
urlMapping.SiteId = site.SiteId;
urlMapping.Url = url;
urlMapping.MappedUrl = "";
urlMapping.Requests = 1;
urlMapping.CreatedOn = DateTime.UtcNow;
urlMapping.RequestedOn = DateTime.UtcNow;
_urlMappings.AddUrlMapping(urlMapping);
}
}
else
{
urlMapping.Requests += 1;
urlMapping.RequestedOn = DateTime.UtcNow;
_urlMappings.UpdateUrlMapping(urlMapping);
if (!string.IsNullOrEmpty(urlMapping.MappedUrl))
{
return RedirectPermanent(urlMapping.MappedUrl);
}
return RedirectPermanent(urlMapping.MappedUrl);
}
}
}

30
Oqtane.Server/Repository/UrlMappingRepository.cs
View File

@ -9,12 +9,14 @@ namespace Oqtane.Repository
public class UrlMappingRepository : IUrlMappingRepository
{
private TenantDBContext _db;
private readonly ISiteRepository _sites;
public UrlMappingRepository(TenantDBContext context)
public UrlMappingRepository(TenantDBContext context, ISiteRepository sites)
{
_db = context;
_sites = sites;
}
public IEnumerable<UrlMapping> GetUrlMappings(int siteId, bool isMapped)
{
if (isMapped)
@ -60,7 +62,29 @@ namespace Oqtane.Repository
public UrlMapping GetUrlMapping(int siteId, string url)
{
return _db.UrlMapping.Where(item => item.SiteId == siteId && item.Url == url).FirstOrDefault();
var urlMapping = _db.UrlMapping.Where(item => item.SiteId == siteId && item.Url == url).FirstOrDefault();
if (urlMapping == null)
{
var site = _sites.GetSite(siteId);
if (site.CaptureBrokenUrls)
{
urlMapping = new UrlMapping();
urlMapping.SiteId = siteId;
urlMapping.Url = url;
urlMapping.MappedUrl = "";
urlMapping.Requests = 1;
urlMapping.CreatedOn = DateTime.UtcNow;
urlMapping.RequestedOn = DateTime.UtcNow;
urlMapping = AddUrlMapping(urlMapping);
}
}
else
{
urlMapping.Requests += 1;
urlMapping.RequestedOn = DateTime.UtcNow;
urlMapping = UpdateUrlMapping(urlMapping);
}
return urlMapping;
}
public void DeleteUrlMapping(int urlMappingId)