Fix #2230 - add support for an Unauthenticated User global role

Oqtane.Client/Modules/Admin/Roles/Index.razor

@@ -59,7 +59,7 @@ else
         if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
         {
             _roles = await RoleService.GetRolesAsync(PageState.Site.SiteId, true);
-            _roles = _roles.Where(item => item.Name != RoleNames.Everyone).ToList();
+			_roles.RemoveAll(item => item.Name == RoleNames.Everyone || item.Name == RoleNames.Unauthenticated);
         }
         else
         {

Oqtane.Client/Modules/Admin/Users/Roles.razor

@@ -88,15 +88,17 @@ else
             userid = Int32.Parse(PageState.QueryString["id"]);
             User user = await UserService.GetUserAsync(userid, PageState.Site.SiteId);
             name = user.DisplayName;
+
             if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
             {
                 roles = await RoleService.GetRolesAsync(PageState.Site.SiteId, true);
-                roles = roles.Where(item => item.Name != RoleNames.Everyone).ToList();
+				roles.RemoveAll(item => item.Name == RoleNames.Everyone || item.Name == RoleNames.Unauthenticated);
             }
             else
             {
                 roles = await RoleService.GetRolesAsync(PageState.Site.SiteId);
             }
+
             await GetUserRoles();
         }
         catch (Exception ex)

Oqtane.Client/Modules/Controls/PermissionGrid.razor

@@ -127,11 +127,10 @@
 			_permissionnames = PermissionNames;
 		}
 
-		_roles = await RoleService.GetRolesAsync(ModuleState.SiteId);
-		_roles.Insert(0, new Role { Name = RoleNames.Everyone });
-		if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
+		_roles = await RoleService.GetRolesAsync(ModuleState.SiteId, true);
+		if (!UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
 		{
-			_roles.Add(new Role { Name = RoleNames.Host });
+			_roles.RemoveAll(item => item.Name == RoleNames.Host);
 		}
 
 		_permissions = new List<PermissionString>();
@@ -254,6 +253,7 @@
 			permission = _permissions[i];
 			List<string> ids = permission.Permissions.Split(';', StringSplitOptions.RemoveEmptyEntries).ToList();
 			ids.Remove("!" + RoleNames.Everyone); // remove deny all users
+			ids.Remove("!" + RoleNames.Unauthenticated); // remove deny unauthenticated
 			ids.Remove("!" + RoleNames.Registered); // remove deny registered users
 			if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
 			{

Oqtane.Server/Infrastructure/UpgradeManager.cs

@@ -50,6 +50,9 @@ namespace Oqtane.Infrastructure
                     case "3.0.1":
                         Upgrade_3_0_1(tenant, scope);
                         break;
+                    case "3.1.3":
+                        Upgrade_3_1_3(tenant, scope);
+                        break;
                 }
             }
         }
@@ -182,5 +185,15 @@ namespace Oqtane.Infrastructure
                 sites.CreatePages(site, pageTemplates);
             }
         }
+
+        private void Upgrade_3_1_3(Tenant tenant, IServiceScope scope)
+        {
+            var roles = scope.ServiceProvider.GetRequiredService<IRoleRepository>();
+            if (!roles.GetRoles(-1, true).ToList().Where(item => item.Name == RoleNames.Unauthenticated).Any())
+            {
+                roles.AddRole(new Role { SiteId = null, Name = RoleNames.Unauthenticated, Description = RoleNames.Unauthenticated, IsAutoAssigned = false, IsSystem = true });
+            }
+        }
+
     }
 }

Oqtane.Server/Repository/SiteRepository.cs

@@ -94,16 +94,18 @@ namespace Oqtane.Repository
             List<Role> roles = _roleRepository.GetRoles(site.SiteId, true).ToList();
             if (!roles.Where(item => item.Name == RoleNames.Everyone).Any())
             {
-                _roleRepository.AddRole(new Role {SiteId = null, Name = RoleNames.Everyone, Description = "All Users", IsAutoAssigned = false, IsSystem = true});
+                _roleRepository.AddRole(new Role {SiteId = null, Name = RoleNames.Everyone, Description = RoleNames.Everyone, IsAutoAssigned = false, IsSystem = true});
+            }
+            if (!roles.Where(item => item.Name == RoleNames.Unauthenticated).Any())
+            {
+                _roleRepository.AddRole(new Role { SiteId = null, Name = RoleNames.Unauthenticated, Description = RoleNames.Unauthenticated, IsAutoAssigned = false, IsSystem = true });
             }
-
             if (!roles.Where(item => item.Name == RoleNames.Host).Any())
             {
-                _roleRepository.AddRole(new Role {SiteId = null, Name = RoleNames.Host, Description = "Application Administrators", IsAutoAssigned = false, IsSystem = true});
+                _roleRepository.AddRole(new Role {SiteId = null, Name = RoleNames.Host, Description = RoleNames.Host, IsAutoAssigned = false, IsSystem = true});
             }
-
-            _roleRepository.AddRole(new Role {SiteId = site.SiteId, Name = RoleNames.Registered, Description = "Registered Users", IsAutoAssigned = true, IsSystem = true});
-            _roleRepository.AddRole(new Role {SiteId = site.SiteId, Name = RoleNames.Admin, Description = "Site Administrators", IsAutoAssigned = false, IsSystem = true});
+            _roleRepository.AddRole(new Role {SiteId = site.SiteId, Name = RoleNames.Registered, Description = RoleNames.Registered, IsAutoAssigned = true, IsSystem = true});
+            _roleRepository.AddRole(new Role {SiteId = site.SiteId, Name = RoleNames.Admin, Description = RoleNames.Admin, IsAutoAssigned = false, IsSystem = true});
 
             _profileRepository.AddProfile(new Profile
                 {SiteId = site.SiteId, Name = "FirstName", Title = "First Name", Description = "Your First Or Given Name", Category = "Name", ViewOrder = 1, MaxLength = 50, DefaultValue = "", IsRequired = false, IsPrivate = false, Options = ""});

Oqtane.Shared/Security/UserSecurity.cs

@@ -104,11 +104,14 @@ namespace Oqtane.Security
 
         private static bool IsAllowed(int userId, string roles, string permission)
         {
+            if (permission == RoleNames.Unauthenticated)
+            {
+                return userId == -1;
+            }
             if ("[" + userId + "]" == permission)
             {
                 return true;
             }
-
             if (roles != null)
             {
                 return roles.IndexOf(";" + permission + ";") != -1;

Oqtane.Shared/Shared/Constants.cs

@@ -4,8 +4,8 @@ namespace Oqtane.Shared
 {
     public class Constants
     {
-        public static readonly string Version = "3.1.2";
-        public const string ReleaseVersions = "1.0.0,1.0.1,1.0.2,1.0.3,1.0.4,2.0.0,2.0.1,2.0.2,2.1.0,2.2.0,2.3.0,2.3.1,3.0.0,3.0.1,3.0.2,3.0.3,3.1.0,3.1.1,3.1.2";
+        public static readonly string Version = "3.1.3";
+        public const string ReleaseVersions = "1.0.0,1.0.1,1.0.2,1.0.3,1.0.4,2.0.0,2.0.1,2.0.2,2.1.0,2.2.0,2.3.0,2.3.1,3.0.0,3.0.1,3.0.2,3.0.3,3.1.0,3.1.1,3.1.2,3.1.3";
         public const string PackageId = "Oqtane.Framework";
         public const string UpdaterPackageId = "Oqtane.Updater";
         public const string PackageRegistryUrl = "https://www.oqtane.net";

Oqtane.Shared/Shared/RoleNames.cs

@@ -1,8 +1,9 @@
-namespace Oqtane.Shared {
+namespace Oqtane.Shared {
     public class RoleNames {
         public const string Everyone = "All Users";
         public const string Host = "Host Users";
         public const string Admin = "Administrators";
         public const string Registered = "Registered Users";
+        public const string Unauthenticated = "Unauthenticated Users";
     }
 }