diff --git a/Oqtane.Client/Modules/Admin/Roles/Index.razor b/Oqtane.Client/Modules/Admin/Roles/Index.razor index 40bc1a86..2bb4ac87 100644 --- a/Oqtane.Client/Modules/Admin/Roles/Index.razor +++ b/Oqtane.Client/Modules/Admin/Roles/Index.razor @@ -59,7 +59,7 @@ else if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host)) { _roles = await RoleService.GetRolesAsync(PageState.Site.SiteId, true); - _roles = _roles.Where(item => item.Name != RoleNames.Everyone).ToList(); + _roles.RemoveAll(item => item.Name == RoleNames.Everyone || item.Name == RoleNames.Unauthenticated); } else { diff --git a/Oqtane.Client/Modules/Admin/Users/Roles.razor b/Oqtane.Client/Modules/Admin/Users/Roles.razor index 4b90b902..0fcc3229 100644 --- a/Oqtane.Client/Modules/Admin/Users/Roles.razor +++ b/Oqtane.Client/Modules/Admin/Users/Roles.razor @@ -88,15 +88,17 @@ else userid = Int32.Parse(PageState.QueryString["id"]); User user = await UserService.GetUserAsync(userid, PageState.Site.SiteId); name = user.DisplayName; + if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host)) { roles = await RoleService.GetRolesAsync(PageState.Site.SiteId, true); - roles = roles.Where(item => item.Name != RoleNames.Everyone).ToList(); + roles.RemoveAll(item => item.Name == RoleNames.Everyone || item.Name == RoleNames.Unauthenticated); } else { roles = await RoleService.GetRolesAsync(PageState.Site.SiteId); } + await GetUserRoles(); } catch (Exception ex) diff --git a/Oqtane.Client/Modules/Controls/PermissionGrid.razor b/Oqtane.Client/Modules/Controls/PermissionGrid.razor index d1777a68..c2e6f87a 100644 --- a/Oqtane.Client/Modules/Controls/PermissionGrid.razor +++ b/Oqtane.Client/Modules/Controls/PermissionGrid.razor @@ -127,11 +127,10 @@ _permissionnames = PermissionNames; } - _roles = await RoleService.GetRolesAsync(ModuleState.SiteId); - _roles.Insert(0, new Role { Name = RoleNames.Everyone }); - if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host)) + _roles = await RoleService.GetRolesAsync(ModuleState.SiteId, true); + if (!UserSecurity.IsAuthorized(PageState.User, RoleNames.Host)) { - _roles.Add(new Role { Name = RoleNames.Host }); + _roles.RemoveAll(item => item.Name == RoleNames.Host); } _permissions = new List(); @@ -254,6 +253,7 @@ permission = _permissions[i]; List ids = permission.Permissions.Split(';', StringSplitOptions.RemoveEmptyEntries).ToList(); ids.Remove("!" + RoleNames.Everyone); // remove deny all users + ids.Remove("!" + RoleNames.Unauthenticated); // remove deny unauthenticated ids.Remove("!" + RoleNames.Registered); // remove deny registered users if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host)) { diff --git a/Oqtane.Server/Infrastructure/UpgradeManager.cs b/Oqtane.Server/Infrastructure/UpgradeManager.cs index 124652c9..2074dd0e 100644 --- a/Oqtane.Server/Infrastructure/UpgradeManager.cs +++ b/Oqtane.Server/Infrastructure/UpgradeManager.cs @@ -50,6 +50,9 @@ namespace Oqtane.Infrastructure case "3.0.1": Upgrade_3_0_1(tenant, scope); break; + case "3.1.3": + Upgrade_3_1_3(tenant, scope); + break; } } } @@ -182,5 +185,15 @@ namespace Oqtane.Infrastructure sites.CreatePages(site, pageTemplates); } } + + private void Upgrade_3_1_3(Tenant tenant, IServiceScope scope) + { + var roles = scope.ServiceProvider.GetRequiredService(); + if (!roles.GetRoles(-1, true).ToList().Where(item => item.Name == RoleNames.Unauthenticated).Any()) + { + roles.AddRole(new Role { SiteId = null, Name = RoleNames.Unauthenticated, Description = RoleNames.Unauthenticated, IsAutoAssigned = false, IsSystem = true }); + } + } + } } diff --git a/Oqtane.Server/Repository/SiteRepository.cs b/Oqtane.Server/Repository/SiteRepository.cs index e5ca3265..ded32453 100644 --- a/Oqtane.Server/Repository/SiteRepository.cs +++ b/Oqtane.Server/Repository/SiteRepository.cs @@ -94,16 +94,18 @@ namespace Oqtane.Repository List roles = _roleRepository.GetRoles(site.SiteId, true).ToList(); if (!roles.Where(item => item.Name == RoleNames.Everyone).Any()) { - _roleRepository.AddRole(new Role {SiteId = null, Name = RoleNames.Everyone, Description = "All Users", IsAutoAssigned = false, IsSystem = true}); + _roleRepository.AddRole(new Role {SiteId = null, Name = RoleNames.Everyone, Description = RoleNames.Everyone, IsAutoAssigned = false, IsSystem = true}); + } + if (!roles.Where(item => item.Name == RoleNames.Unauthenticated).Any()) + { + _roleRepository.AddRole(new Role { SiteId = null, Name = RoleNames.Unauthenticated, Description = RoleNames.Unauthenticated, IsAutoAssigned = false, IsSystem = true }); } - if (!roles.Where(item => item.Name == RoleNames.Host).Any()) { - _roleRepository.AddRole(new Role {SiteId = null, Name = RoleNames.Host, Description = "Application Administrators", IsAutoAssigned = false, IsSystem = true}); + _roleRepository.AddRole(new Role {SiteId = null, Name = RoleNames.Host, Description = RoleNames.Host, IsAutoAssigned = false, IsSystem = true}); } - - _roleRepository.AddRole(new Role {SiteId = site.SiteId, Name = RoleNames.Registered, Description = "Registered Users", IsAutoAssigned = true, IsSystem = true}); - _roleRepository.AddRole(new Role {SiteId = site.SiteId, Name = RoleNames.Admin, Description = "Site Administrators", IsAutoAssigned = false, IsSystem = true}); + _roleRepository.AddRole(new Role {SiteId = site.SiteId, Name = RoleNames.Registered, Description = RoleNames.Registered, IsAutoAssigned = true, IsSystem = true}); + _roleRepository.AddRole(new Role {SiteId = site.SiteId, Name = RoleNames.Admin, Description = RoleNames.Admin, IsAutoAssigned = false, IsSystem = true}); _profileRepository.AddProfile(new Profile {SiteId = site.SiteId, Name = "FirstName", Title = "First Name", Description = "Your First Or Given Name", Category = "Name", ViewOrder = 1, MaxLength = 50, DefaultValue = "", IsRequired = false, IsPrivate = false, Options = ""}); diff --git a/Oqtane.Shared/Security/UserSecurity.cs b/Oqtane.Shared/Security/UserSecurity.cs index 1830765f..bda57c59 100644 --- a/Oqtane.Shared/Security/UserSecurity.cs +++ b/Oqtane.Shared/Security/UserSecurity.cs @@ -104,11 +104,14 @@ namespace Oqtane.Security private static bool IsAllowed(int userId, string roles, string permission) { + if (permission == RoleNames.Unauthenticated) + { + return userId == -1; + } if ("[" + userId + "]" == permission) { return true; } - if (roles != null) { return roles.IndexOf(";" + permission + ";") != -1; diff --git a/Oqtane.Shared/Shared/Constants.cs b/Oqtane.Shared/Shared/Constants.cs index 66a0f9c0..1d1b4fe7 100644 --- a/Oqtane.Shared/Shared/Constants.cs +++ b/Oqtane.Shared/Shared/Constants.cs @@ -4,8 +4,8 @@ namespace Oqtane.Shared { public class Constants { - public static readonly string Version = "3.1.2"; - public const string ReleaseVersions = "1.0.0,1.0.1,1.0.2,1.0.3,1.0.4,2.0.0,2.0.1,2.0.2,2.1.0,2.2.0,2.3.0,2.3.1,3.0.0,3.0.1,3.0.2,3.0.3,3.1.0,3.1.1,3.1.2"; + public static readonly string Version = "3.1.3"; + public const string ReleaseVersions = "1.0.0,1.0.1,1.0.2,1.0.3,1.0.4,2.0.0,2.0.1,2.0.2,2.1.0,2.2.0,2.3.0,2.3.1,3.0.0,3.0.1,3.0.2,3.0.3,3.1.0,3.1.1,3.1.2,3.1.3"; public const string PackageId = "Oqtane.Framework"; public const string UpdaterPackageId = "Oqtane.Updater"; public const string PackageRegistryUrl = "https://www.oqtane.net"; diff --git a/Oqtane.Shared/Shared/RoleNames.cs b/Oqtane.Shared/Shared/RoleNames.cs index f526d613..4c935c50 100644 --- a/Oqtane.Shared/Shared/RoleNames.cs +++ b/Oqtane.Shared/Shared/RoleNames.cs @@ -1,8 +1,9 @@ -namespace Oqtane.Shared { +namespace Oqtane.Shared { public class RoleNames { public const string Everyone = "All Users"; public const string Host = "Host Users"; public const string Admin = "Administrators"; public const string Registered = "Registered Users"; + public const string Unauthenticated = "Unauthenticated Users"; } }