kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Settings authorization

Browse Source
This commit is contained in:
Shaun Walker 2019-08-30 13:42:16 -04:00
parent c651dedffd
commit 838b48f91e
1 changed files with 23 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
Oqtane.Server/Controllers/SettingController.cs
View File

@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository; using Oqtane.Repository;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Shared; using Oqtane.Shared;
using Oqtane.Security;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -11,10 +12,12 @@ namespace Oqtane.Controllers
public class SettingController : Controller public class SettingController : Controller
{ {
private readonly ISettingRepository Settings; private readonly ISettingRepository Settings;
private readonly IUserPermissions UserPermissions;
public SettingController(ISettingRepository Settings) public SettingController(ISettingRepository Settings, IUserPermissions UserPermissions)
{ {
this.Settings = Settings; this.Settings = Settings;
this.UserPermissions = UserPermissions;
} }
// GET: api/<controller> // GET: api/<controller>
@ -33,10 +36,10 @@ namespace Oqtane.Controllers
// POST api/<controller> // POST api/<controller>
[HttpPost] [HttpPost]
[Authorize(Roles = Constants.AdminRole)] [Authorize]
public Setting Post([FromBody] Setting Setting) public Setting Post([FromBody] Setting Setting)
{ {
if (ModelState.IsValid) if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId))
{ {
Setting = Settings.AddSetting(Setting); Setting = Settings.AddSetting(Setting);
} }
@ -45,10 +48,10 @@ namespace Oqtane.Controllers
// PUT api/<controller>/5 // PUT api/<controller>/5
[HttpPut("{id}")] [HttpPut("{id}")]
[Authorize(Roles = Constants.AdminRole)] [Authorize]
public Setting Put(int id, [FromBody] Setting Setting) public Setting Put(int id, [FromBody] Setting Setting)
{ {
if (ModelState.IsValid) if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId))
{ {
Setting = Settings.UpdateSetting(Setting); Setting = Settings.UpdateSetting(Setting);
} }
@ -62,5 +65,20 @@ namespace Oqtane.Controllers
{ {
Settings.DeleteSetting(id); Settings.DeleteSetting(id);
} }
private bool IsAuthorized(string EntityName, int EntityId)
{
bool authorized = false;
switch (EntityName)
{
case "Module":
authorized = UserPermissions.IsAuthorized(User, EntityName, EntityId, "Edit");
break;
default:
authorized = User.IsInRole(Constants.AdminRole);
break;
}
return authorized;
}
} }
} }