From 5973c3d1a0020b65bf9e5b0db6bb33b7a1fdcd2c Mon Sep 17 00:00:00 2001 From: Leigh Pointer Date: Mon, 10 Jul 2023 14:40:00 +0200 Subject: [PATCH 1/4] Remove Build for Oqtane Server in ConfigManger Remove Build for Oqtane Server in ConfigManger --- .../wwwroot/Themes/Templates/External/[Owner].Theme.[Theme].sln | 2 -- 1 file changed, 2 deletions(-) diff --git a/Oqtane.Server/wwwroot/Themes/Templates/External/[Owner].Theme.[Theme].sln b/Oqtane.Server/wwwroot/Themes/Templates/External/[Owner].Theme.[Theme].sln index 94aa3841..cd9d50da 100644 --- a/Oqtane.Server/wwwroot/Themes/Templates/External/[Owner].Theme.[Theme].sln +++ b/Oqtane.Server/wwwroot/Themes/Templates/External/[Owner].Theme.[Theme].sln @@ -16,9 +16,7 @@ Global EndGlobalSection GlobalSection(ProjectConfigurationPlatforms) = postSolution {3AB6FCC9-EFEB-4C0E-A2CF-8103914C5196}.Debug|Any CPU.ActiveCfg = Debug|Any CPU - {3AB6FCC9-EFEB-4C0E-A2CF-8103914C5196}.Debug|Any CPU.Build.0 = Debug|Any CPU {3AB6FCC9-EFEB-4C0E-A2CF-8103914C5196}.Release|Any CPU.ActiveCfg = Release|Any CPU - {3AB6FCC9-EFEB-4C0E-A2CF-8103914C5196}.Release|Any CPU.Build.0 = Release|Any CPU {AA8E58A1-CD09-4208-BF66-A8BB341FD669}.Debug|Any CPU.ActiveCfg = Debug|Any CPU {AA8E58A1-CD09-4208-BF66-A8BB341FD669}.Debug|Any CPU.Build.0 = Debug|Any CPU {AA8E58A1-CD09-4208-BF66-A8BB341FD669}.Release|Any CPU.ActiveCfg = Release|Any CPU From c597c4c23489e43500557d698d7514158117a0a3 Mon Sep 17 00:00:00 2001 From: sbwalker Date: Mon, 10 Jul 2023 08:44:14 -0400 Subject: [PATCH 2/4] add API method to get File based on name, and fix permission validation for Folder --- Oqtane.Client/Services/FileService.cs | 5 +++++ .../Services/Interfaces/IFileService.cs | 10 ++++++++++ Oqtane.Server/Controllers/FileController.cs | 16 ++++++++++++++++ Oqtane.Server/Controllers/FolderController.cs | 6 +++--- 4 files changed, 34 insertions(+), 3 deletions(-) diff --git a/Oqtane.Client/Services/FileService.cs b/Oqtane.Client/Services/FileService.cs index 3fef5c6e..05d3adff 100644 --- a/Oqtane.Client/Services/FileService.cs +++ b/Oqtane.Client/Services/FileService.cs @@ -46,6 +46,11 @@ namespace Oqtane.Services return await GetJsonAsync($"{Apiurl}/{fileId}"); } + public async Task GetFileAsync(int folderId, string name) + { + return await GetJsonAsync($"{Apiurl}/name/{name}/{folderId}"); + } + public async Task AddFileAsync(File file) { return await PostJsonAsync(Apiurl, file); diff --git a/Oqtane.Client/Services/Interfaces/IFileService.cs b/Oqtane.Client/Services/Interfaces/IFileService.cs index 66553b0c..1174947f 100644 --- a/Oqtane.Client/Services/Interfaces/IFileService.cs +++ b/Oqtane.Client/Services/Interfaces/IFileService.cs @@ -1,5 +1,6 @@ using Oqtane.Models; using System.Collections.Generic; +using System.Diagnostics.CodeAnalysis; using System.Threading.Tasks; namespace Oqtane.Services @@ -33,6 +34,15 @@ namespace Oqtane.Services /// Task GetFileAsync(int fileId); + /// + /// Get a based on the and file name. + /// + /// Reference to the + /// name of the file + /// + /// + Task GetFileAsync(int folderId, string name); + /// /// Add / store a record. /// This does not contain the file contents. diff --git a/Oqtane.Server/Controllers/FileController.cs b/Oqtane.Server/Controllers/FileController.cs index 30cbab26..63f0366b 100644 --- a/Oqtane.Server/Controllers/FileController.cs +++ b/Oqtane.Server/Controllers/FileController.cs @@ -129,6 +129,22 @@ namespace Oqtane.Controllers } } + [HttpGet("name/{name}/{folderId}")] + public Models.File Get(string name, int folderId) + { + Models.File file = _files.GetFile(folderId, name); + if (file != null && file.Folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, file.Folder.PermissionList)) + { + return file; + } + else + { + _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Get Attempt {Name} For Folder {FolderId}", name, folderId); + HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; + return null; + } + } + // PUT api//5 [HttpPut("{id}")] [Authorize(Roles = RoleNames.Registered)] diff --git a/Oqtane.Server/Controllers/FolderController.cs b/Oqtane.Server/Controllers/FolderController.cs index b95f97f8..18c85c35 100644 --- a/Oqtane.Server/Controllers/FolderController.cs +++ b/Oqtane.Server/Controllers/FolderController.cs @@ -43,7 +43,7 @@ namespace Oqtane.Controllers { foreach (Folder folder in _folders.GetFolders(SiteId)) { - if (_userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.PermissionList)) + if (_userPermissions.IsAuthorized(User, PermissionNames.View, folder.PermissionList)) { folders.Add(folder); } @@ -64,7 +64,7 @@ namespace Oqtane.Controllers public Folder Get(int id) { Folder folder = _folders.GetFolder(id); - if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.PermissionList)) + if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, folder.PermissionList)) { return folder; } @@ -85,7 +85,7 @@ namespace Oqtane.Controllers folderPath += "/"; } Folder folder = _folders.GetFolder(siteId, folderPath); - if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.PermissionList)) + if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, folder.PermissionList)) { return folder; } From b87eddeedad79371e6a6820f70eaa913be5ab151 Mon Sep 17 00:00:00 2001 From: sbwalker Date: Mon, 10 Jul 2023 08:59:09 -0400 Subject: [PATCH 3/4] fix migration error caused by new IsRead field in Notifications. Microsoft.Data.SqlClient.SqlException: 'ALTER TABLE only allows columns to be added that can contain nulls, or have a DEFAULT definition specified.' --- .../Migrations/Tenant/04000101_AddNotificationIsRead.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/Oqtane.Server/Migrations/Tenant/04000101_AddNotificationIsRead.cs b/Oqtane.Server/Migrations/Tenant/04000101_AddNotificationIsRead.cs index 8b97308c..16c2a5f3 100644 --- a/Oqtane.Server/Migrations/Tenant/04000101_AddNotificationIsRead.cs +++ b/Oqtane.Server/Migrations/Tenant/04000101_AddNotificationIsRead.cs @@ -19,7 +19,7 @@ namespace Oqtane.Migrations.Tenant protected override void Up(MigrationBuilder migrationBuilder) { var notificationEntityBuilder = new NotificationEntityBuilder(migrationBuilder, ActiveDatabase); - notificationEntityBuilder.AddBooleanColumn("IsRead", false); + notificationEntityBuilder.AddBooleanColumn("IsRead", true); notificationEntityBuilder.UpdateColumn("IsRead", "1", "bool", ""); } From 2ccb814223418aaab851ffe90ebe541dbc9a84d3 Mon Sep 17 00:00:00 2001 From: sbwalker Date: Mon, 10 Jul 2023 10:09:57 -0400 Subject: [PATCH 4/4] fix validation issue in FileManager related to Browse permissions --- Oqtane.Client/Modules/Controls/FileManager.razor | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/Oqtane.Client/Modules/Controls/FileManager.razor b/Oqtane.Client/Modules/Controls/FileManager.razor index 97363437..361bffbd 100644 --- a/Oqtane.Client/Modules/Controls/FileManager.razor +++ b/Oqtane.Client/Modules/Controls/FileManager.razor @@ -219,7 +219,14 @@ if (folder != null) { _haseditpermission = UserSecurity.IsAuthorized(PageState.User, PermissionNames.Edit, folder.PermissionList); - _files = await FileService.GetFilesAsync(FolderId); + if (UserSecurity.IsAuthorized(PageState.User, PermissionNames.Browse, folder.PermissionList)) + { + _files = await FileService.GetFilesAsync(FolderId); + } + else + { + _files = new List(); + } } else {