Merge remote-tracking branch 'oqtane/dev' into dev

Oqtane.Client/Modules/Controls/FileManager.razor

@@ -219,7 +219,14 @@
             if (folder != null)
             {
                 _haseditpermission = UserSecurity.IsAuthorized(PageState.User, PermissionNames.Edit, folder.PermissionList);
-                _files = await FileService.GetFilesAsync(FolderId);
+                if (UserSecurity.IsAuthorized(PageState.User, PermissionNames.Browse, folder.PermissionList))
+                {
+                    _files = await FileService.GetFilesAsync(FolderId);
+                }
+                else
+                {
+                    _files = new List<File>();
+                }
             }
             else
             {

Oqtane.Client/Services/FileService.cs

@@ -46,6 +46,11 @@ namespace Oqtane.Services
             return await GetJsonAsync<File>($"{Apiurl}/{fileId}");
         }
 
+        public async Task<File> GetFileAsync(int folderId, string name)
+        {
+            return await GetJsonAsync<File>($"{Apiurl}/name/{name}/{folderId}");
+        }
+
         public async Task<File> AddFileAsync(File file)
         {
             return await PostJsonAsync<File>(Apiurl, file);

Oqtane.Client/Services/Interfaces/IFileService.cs

@@ -1,5 +1,6 @@
 using Oqtane.Models;
 using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
 using System.Threading.Tasks;
 
 namespace Oqtane.Services
@@ -33,6 +34,15 @@ namespace Oqtane.Services
         /// <returns></returns>
         Task<File> GetFileAsync(int fileId);
 
+        /// <summary>
+        /// Get a <see cref="File"/> based on the <see cref="Folder"/> and file name.
+        /// </summary>
+        /// <param name="folderId">Reference to the <see cref="Folder"/></param>
+        /// <param name="name">name of the file
+        /// </param>
+        /// <returns></returns>
+        Task<File> GetFileAsync(int folderId, string name);
+
         /// <summary>
         /// Add / store a <see cref="File"/> record.
         /// This does not contain the file contents. 

Oqtane.Server/Controllers/FileController.cs

@@ -129,6 +129,22 @@ namespace Oqtane.Controllers
             }
         }
 
+        [HttpGet("name/{name}/{folderId}")]
+        public Models.File Get(string name, int folderId)
+        {
+            Models.File file = _files.GetFile(folderId, name);
+            if (file != null && file.Folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, file.Folder.PermissionList))
+            {
+                return file;
+            }
+            else
+            {
+                _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Get Attempt {Name} For Folder {FolderId}", name, folderId);
+                HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
+                return null;
+            }
+        }
+
         // PUT api/<controller>/5
         [HttpPut("{id}")]
         [Authorize(Roles = RoleNames.Registered)]

Oqtane.Server/Controllers/FolderController.cs

@@ -43,7 +43,7 @@ namespace Oqtane.Controllers
             {
                 foreach (Folder folder in _folders.GetFolders(SiteId))
                 {
-                    if (_userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.PermissionList))
+                    if (_userPermissions.IsAuthorized(User, PermissionNames.View, folder.PermissionList))
                     {
                         folders.Add(folder);
                     }
@@ -64,7 +64,7 @@ namespace Oqtane.Controllers
         public Folder Get(int id)
         {
             Folder folder = _folders.GetFolder(id);
-            if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.PermissionList))
+            if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, folder.PermissionList))
             {
                 return folder;
             }
@@ -85,7 +85,7 @@ namespace Oqtane.Controllers
                 folderPath += "/";
             }
             Folder folder = _folders.GetFolder(siteId, folderPath);
-            if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.PermissionList))
+            if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, folder.PermissionList))
             {
                 return folder;
             }

Oqtane.Server/Migrations/Tenant/04000101_AddNotificationIsRead.cs

@@ -19,7 +19,7 @@ namespace Oqtane.Migrations.Tenant
         protected override void Up(MigrationBuilder migrationBuilder)
         {
             var notificationEntityBuilder = new NotificationEntityBuilder(migrationBuilder, ActiveDatabase);
-            notificationEntityBuilder.AddBooleanColumn("IsRead", false);
+            notificationEntityBuilder.AddBooleanColumn("IsRead", true);
             notificationEntityBuilder.UpdateColumn("IsRead", "1", "bool", "");
         }
 

Oqtane.Server/wwwroot/Themes/Templates/External/[Owner].Theme.[Theme].sln

@@ -16,9 +16,7 @@ Global
 	EndGlobalSection
 	GlobalSection(ProjectConfigurationPlatforms) = postSolution
 		{3AB6FCC9-EFEB-4C0E-A2CF-8103914C5196}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
-		{3AB6FCC9-EFEB-4C0E-A2CF-8103914C5196}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{3AB6FCC9-EFEB-4C0E-A2CF-8103914C5196}.Release|Any CPU.ActiveCfg = Release|Any CPU
-		{3AB6FCC9-EFEB-4C0E-A2CF-8103914C5196}.Release|Any CPU.Build.0 = Release|Any CPU
 		{AA8E58A1-CD09-4208-BF66-A8BB341FD669}.Debug|Any CPU.ActiveCfg = Debug|Any CPU
 		{AA8E58A1-CD09-4208-BF66-A8BB341FD669}.Debug|Any CPU.Build.0 = Debug|Any CPU
 		{AA8E58A1-CD09-4208-BF66-A8BB341FD669}.Release|Any CPU.ActiveCfg = Release|Any CPU