kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #214 from sbwalker/master

Browse Source 
authorization changes
This commit is contained in:
Shaun Walker 2020-02-17 19:53:08 -05:00 committed by GitHub
commit aef1f9d236
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
44 changed files with 880 additions and 529 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
Oqtane.Client/Modules/Admin/Logs/Index.razor
View File

@ -8,56 +8,65 @@
} }
else else
{ {
<div class="form-group"> <table class="table table-borderless">
<label>Level: </label> <tr>
<select class="form-control" @onchange="(e => LevelChanged(e))"> <td>
<option value="-">&lt;All Levels&gt;</option> <label>Level: </label>
<option value="Trace">Trace</option> <select class="form-control" @onchange="(e => LevelChanged(e))">
<option value="Debug">Debug</option> <option value="-">&lt;All Levels&gt;</option>
<option value="Information">Information</option> <option value="Trace">Trace</option>
<option value="Warning">Warning</option> <option value="Debug">Debug</option>
<option value="Error">Error</option> <option value="Information">Information</option>
<option value="Critical">Critical</option> <option value="Warning">Warning</option>
</select> <option value="Error">Error</option>
<label>Function: </label> <option value="Critical">Critical</option>
<select class="form-control" @onchange="(e => FunctionChanged(e))"> </select>
<option value="-">&lt;All Functions&gt;</option> </td>
<option value="Create">Create</option> <td>
<option value="Read">Read</option> <label>Function: </label>
<option value="Update">Update</option> <select class="form-control" @onchange="(e => FunctionChanged(e))">
<option value="Delete">Delete</option> <option value="-">&lt;All Functions&gt;</option>
<option value="Security">Security</option> <option value="Create">Create</option>
<option value="Other">Other</option> <option value="Read">Read</option>
</select> <option value="Update">Update</option>
<label>Rows: </label> <option value="Delete">Delete</option>
<select class="form-control" @onchange="(e => RowsChanged(e))"> <option value="Security">Security</option>
<option value="10">10</option> <option value="Other">Other</option>
<option value="50">50</option> </select>
<option value="100">100</option> </td>
</select> <td>
</div> <label>Rows: </label>
<select class="form-control" @onchange="(e => RowsChanged(e))">
<option value="10">10</option>
<option value="50">50</option>
<option value="100">100</option>
</select>
</td>
</tr>
</table>
@if (Logs.Any()) @if (Logs.Any())
{ {
<Pager Items="@Logs"> <Pager Items="@Logs">
<Header> <Header>
<th>&nbsp;</th> <th>&nbsp;</th>
<th>Date</th> <th>Date</th>
<th>Level</th> <th>Level</th>
<th>Feature</th> <th>Feature</th>
<th>Function</th> <th>Function</th>
</Header> </Header>
<Row> <Row>
<td class="@GetClass(context.Function)"><ActionLink Action="Detail" Parameters="@($"id=" + context.LogId.ToString())" /></td> <td class="@GetClass(context.Function)"><ActionLink Action="Detail" Parameters="@($"id=" + context.LogId.ToString())" /></td>
<td class="@GetClass(context.Function)">@context.LogDate</td> <td class="@GetClass(context.Function)">@context.LogDate</td>
<td class="@GetClass(context.Function)">@context.Level</td> <td class="@GetClass(context.Function)">@context.Level</td>
<td class="@GetClass(context.Function)">@context.Feature</td> <td class="@GetClass(context.Function)">@context.Feature</td>
<td class="@GetClass(context.Function)">@context.Function</td> <td class="@GetClass(context.Function)">@context.Function</td>
</Row> </Row>
</Pager> </Pager>
} }
else else
{ {
<p><em>No Logs Match The Criteria Specified</em></p> <p><em>No Logs Match The Criteria Specified</em></p>
} }
} }
@ -159,4 +168,4 @@ else
} }
return classname; return classname;
} }
} }

4
Oqtane.Client/Modules/Admin/ModuleDefinitions/Edit.razor
View File

@ -45,7 +45,7 @@
try try
{ {
ModuleDefinitionId = Int32.Parse(PageState.QueryString["id"]); ModuleDefinitionId = Int32.Parse(PageState.QueryString["id"]);
ModuleDefinition moduledefinition = PageState.ModuleDefinitions.Where(item => item.ModuleDefinitionId == ModuleDefinitionId).FirstOrDefault(); ModuleDefinition moduledefinition = await ModuleDefinitionService.GetModuleDefinitionAsync(ModuleDefinitionId, ModuleState.SiteId);
if (moduledefinition != null) if (moduledefinition != null)
{ {
name = moduledefinition.Name; name = moduledefinition.Name;
@ -67,7 +67,7 @@
{ {
try try
{ {
ModuleDefinition moduledefinition = PageState.ModuleDefinitions.Where(item => item.ModuleDefinitionId == ModuleDefinitionId).FirstOrDefault(); ModuleDefinition moduledefinition = await ModuleDefinitionService.GetModuleDefinitionAsync(ModuleDefinitionId, ModuleState.SiteId);
moduledefinition.Permissions = permissiongrid.GetPermissions(); moduledefinition.Permissions = permissiongrid.GetPermissions();
await ModuleDefinitionService.UpdateModuleDefinitionAsync(moduledefinition); await ModuleDefinitionService.UpdateModuleDefinitionAsync(moduledefinition);
await logger.LogInformation("ModuleDefinition Saved {ModuleDefinition}", moduledefinition); await logger.LogInformation("ModuleDefinition Saved {ModuleDefinition}", moduledefinition);

2
Oqtane.Client/Modules/Admin/Modules/Settings.razor
View File

@ -81,7 +81,7 @@
containers = ThemeService.GetContainerTypes(await ThemeService.GetThemesAsync()); containers = ThemeService.GetContainerTypes(await ThemeService.GetThemesAsync());
containertype = ModuleState.ContainerType; containertype = ModuleState.ContainerType;
permissions = ModuleState.Permissions; permissions = ModuleState.Permissions;
permissionnames = PageState.ModuleDefinitions.Find(item => item.ModuleDefinitionName == ModuleState.ModuleDefinitionName).PermissionNames; permissionnames = ModuleState.ModuleDefinition.PermissionNames;
pageid = ModuleState.PageId.ToString(); pageid = ModuleState.PageId.ToString();
DynamicComponent = builder => DynamicComponent = builder =>

8
Oqtane.Client/Modules/Admin/Pages/Add.razor
View File

@ -148,6 +148,7 @@
Dictionary<string, string> themes = new Dictionary<string, string>(); Dictionary<string, string> themes = new Dictionary<string, string>();
Dictionary<string, string> panelayouts = new Dictionary<string, string>(); Dictionary<string, string> panelayouts = new Dictionary<string, string>();
List<Theme> Themes;
List<Page> pages; List<Page> pages;
string name; string name;
string path = ""; string path = "";
@ -169,13 +170,14 @@
{ {
try try
{ {
Themes = await ThemeService.GetThemesAsync();
pages = PageState.Pages; pages = PageState.Pages;
children = PageState.Pages.Where(item => item.ParentId == null).ToList(); children = PageState.Pages.Where(item => item.ParentId == null).ToList();
themes = ThemeService.GetThemeTypes(PageState.Themes); themes = ThemeService.GetThemeTypes(Themes);
themetype = PageState.Site.DefaultThemeType; themetype = PageState.Site.DefaultThemeType;
panelayouts = ThemeService.GetPaneLayoutTypes(PageState.Themes, themetype); panelayouts = ThemeService.GetPaneLayoutTypes(Themes, themetype);
layouttype = PageState.Site.DefaultLayoutType; layouttype = PageState.Site.DefaultLayoutType;
List<PermissionString> permissionstrings = new List<PermissionString>(); List<PermissionString> permissionstrings = new List<PermissionString>();
@ -219,7 +221,7 @@
themetype = (string)e.Value; themetype = (string)e.Value;
if (themetype != "") if (themetype != "")
{ {
panelayouts = ThemeService.GetPaneLayoutTypes(PageState.Themes, themetype); panelayouts = ThemeService.GetPaneLayoutTypes(Themes, themetype);
} }
else else
{ {

8
Oqtane.Client/Modules/Admin/Pages/Edit.razor
View File

@ -169,6 +169,7 @@
Dictionary<string, string> themes = new Dictionary<string, string>(); Dictionary<string, string> themes = new Dictionary<string, string>();
Dictionary<string, string> panelayouts = new Dictionary<string, string>(); Dictionary<string, string> panelayouts = new Dictionary<string, string>();
List<Theme> Themes;
List<Page> pages; List<Page> pages;
int PageId; int PageId;
string name; string name;
@ -198,10 +199,11 @@
{ {
try try
{ {
Themes = await ThemeService.GetThemesAsync();
pages = PageState.Pages; pages = PageState.Pages;
children = PageState.Pages.Where(item => item.ParentId == null).ToList(); children = PageState.Pages.Where(item => item.ParentId == null).ToList();
themes = ThemeService.GetThemeTypes(PageState.Themes); themes = ThemeService.GetThemeTypes(Themes);
PageId = Int32.Parse(PageState.QueryString["id"]); PageId = Int32.Parse(PageState.QueryString["id"]);
Page page = PageState.Pages.Where(item => item.PageId == PageId).FirstOrDefault(); Page page = PageState.Pages.Where(item => item.PageId == PageId).FirstOrDefault();
@ -226,7 +228,7 @@
ispersonalizable = page.IsPersonalizable.ToString(); ispersonalizable = page.IsPersonalizable.ToString();
mode = (page.EditMode) ? "edit" : "view"; mode = (page.EditMode) ? "edit" : "view";
themetype = page.ThemeType; themetype = page.ThemeType;
panelayouts = ThemeService.GetPaneLayoutTypes(PageState.Themes, themetype); panelayouts = ThemeService.GetPaneLayoutTypes(Themes, themetype);
layouttype = page.LayoutType; layouttype = page.LayoutType;
icon = page.Icon; icon = page.Icon;
permissions = page.Permissions; permissions = page.Permissions;
@ -282,7 +284,7 @@
themetype = (string)e.Value; themetype = (string)e.Value;
if (themetype != "") if (themetype != "")
{ {
panelayouts = ThemeService.GetPaneLayoutTypes(PageState.Themes, themetype); panelayouts = ThemeService.GetPaneLayoutTypes(Themes, themetype);
} }
else else
{ {

8
Oqtane.Client/Modules/Admin/Sites/Add.razor
View File

@ -125,6 +125,7 @@ else
Dictionary<string, string> panelayouts = new Dictionary<string, string>(); Dictionary<string, string> panelayouts = new Dictionary<string, string>();
Dictionary<string, string> containers = new Dictionary<string, string>(); Dictionary<string, string> containers = new Dictionary<string, string>();
List<Theme> Themes;
List<Tenant> tenants; List<Tenant> tenants;
string tenantid = "-1"; string tenantid = "-1";
string name = ""; string name = "";
@ -139,10 +140,11 @@ else
protected override async Task OnInitializedAsync() protected override async Task OnInitializedAsync()
{ {
Themes = await ThemeService.GetThemesAsync();
tenants = await TenantService.GetTenantsAsync(); tenants = await TenantService.GetTenantsAsync();
urls = PageState.Alias.Name; urls = PageState.Alias.Name;
themes = ThemeService.GetThemeTypes(PageState.Themes); themes = ThemeService.GetThemeTypes(Themes);
containers = ThemeService.GetContainerTypes(PageState.Themes); containers = ThemeService.GetContainerTypes(Themes);
username = Constants.HostUser; username = Constants.HostUser;
} }
@ -175,7 +177,7 @@ else
themetype = (string)e.Value; themetype = (string)e.Value;
if (themetype != "") if (themetype != "")
{ {
panelayouts = ThemeService.GetPaneLayoutTypes(PageState.Themes, themetype); panelayouts = ThemeService.GetPaneLayoutTypes(Themes, themetype);
} }
else else
{ {

16
Oqtane.Client/Modules/Admin/Sites/Edit.razor
View File

@ -157,6 +157,7 @@
Dictionary<string, string> panelayouts; Dictionary<string, string> panelayouts;
Dictionary<string, string> containers; Dictionary<string, string> containers;
List<Theme> Themes;
Alias Alias; Alias Alias;
int siteid; int siteid;
string name = ""; string name = "";
@ -186,14 +187,15 @@
{ {
try try
{ {
Alias = PageState.Aliases.Where(item => item.AliasId == Int32.Parse(PageState.QueryString["id"])).FirstOrDefault(); Themes = await ThemeService.GetThemesAsync();
aliases = await AliasService.GetAliasesAsync();
Alias = aliases.Where(item => item.AliasId == int.Parse(PageState.QueryString["id"])).FirstOrDefault();
siteid = Alias.SiteId; siteid = Alias.SiteId;
Site site = await SiteService.GetSiteAsync(siteid, Alias); Site site = await SiteService.GetSiteAsync(siteid, Alias);
if (site != null) if (site != null)
{ {
name = site.Name; name = site.Name;
aliases = PageState.Aliases.Where(item => item.SiteId == site.SiteId && item.TenantId == site.TenantId).ToList(); foreach (Alias alias in aliases.Where(item => item.SiteId == site.SiteId && item.TenantId == site.TenantId).ToList())
foreach (Alias alias in aliases)
{ {
urls += alias.Name + "\n"; urls += alias.Name + "\n";
} }
@ -202,7 +204,7 @@
logofileid = site.LogoFileId.Value; logofileid = site.LogoFileId.Value;
} }
themetype = site.DefaultThemeType; themetype = site.DefaultThemeType;
panelayouts = ThemeService.GetPaneLayoutTypes(PageState.Themes, themetype); panelayouts = ThemeService.GetPaneLayoutTypes(Themes, themetype);
layouttype = site.DefaultLayoutType; layouttype = site.DefaultLayoutType;
containertype = site.DefaultContainerType; containertype = site.DefaultContainerType;
@ -222,8 +224,8 @@
isdeleted = site.IsDeleted.ToString(); isdeleted = site.IsDeleted.ToString();
} }
themes = ThemeService.GetThemeTypes(PageState.Themes); themes = ThemeService.GetThemeTypes(Themes);
containers = ThemeService.GetContainerTypes(PageState.Themes); containers = ThemeService.GetContainerTypes(Themes);
} }
catch (Exception ex) catch (Exception ex)
{ {
@ -239,7 +241,7 @@
themetype = (string)e.Value; themetype = (string)e.Value;
if (themetype != "") if (themetype != "")
{ {
panelayouts = ThemeService.GetPaneLayoutTypes(PageState.Themes, themetype); panelayouts = ThemeService.GetPaneLayoutTypes(Themes, themetype);
} }
else else
{ {

5
Oqtane.Client/Modules/Admin/Sites/Index.razor
View File

@ -32,13 +32,14 @@ else
List<Alias> sites; List<Alias> sites;
string scheme; string scheme;
protected override void OnParametersSet() protected override async Task OnParametersSetAsync()
{ {
Uri uri = new Uri(NavigationManager.Uri); Uri uri = new Uri(NavigationManager.Uri);
scheme = uri.Scheme + "://"; scheme = uri.Scheme + "://";
List<Alias> aliases = await AliasService.GetAliasesAsync();
sites = new List<Alias>(); sites = new List<Alias>();
foreach (Alias alias in PageState.Aliases.OrderBy(item => item.Name)) foreach (Alias alias in aliases)
{ {
if (!sites.Exists(item => item.TenantId == alias.TenantId && item.SiteId == alias.SiteId)) if (!sites.Exists(item => item.TenantId == alias.TenantId && item.SiteId == alias.SiteId))
{ {

7
Oqtane.Client/Modules/ModuleBase.cs
View File

@ -29,13 +29,6 @@ namespace Oqtane.Modules
[CascadingParameter] [CascadingParameter]
protected ModuleInstance ModuleInstance { get; set; } protected ModuleInstance ModuleInstance { get; set; }
protected ModuleDefinition ModuleDefinition
{
get
{
return PageState.ModuleDefinitions.Where(item => item.ModuleDefinitionName == ModuleState.ModuleDefinitionName).FirstOrDefault();
}
}
// optional interface properties // optional interface properties
public virtual SecurityAccessLevel SecurityAccessLevel { get { return SecurityAccessLevel.View; } set { } } // default security public virtual SecurityAccessLevel SecurityAccessLevel { get { return SecurityAccessLevel.View; } set { } } // default security

17
Oqtane.Client/Services/AliasService.cs
View File

@ -5,6 +5,8 @@ using System.Linq;
using Microsoft.AspNetCore.Components; using Microsoft.AspNetCore.Components;
using System.Collections.Generic; using System.Collections.Generic;
using Oqtane.Shared; using Oqtane.Shared;
using System.Net;
using System;
namespace Oqtane.Services namespace Oqtane.Services
{ {
@ -37,6 +39,21 @@ namespace Oqtane.Services
return await http.GetJsonAsync<Alias>(apiurl + "/" + AliasId.ToString()); return await http.GetJsonAsync<Alias>(apiurl + "/" + AliasId.ToString());
} }
public async Task<Alias> GetAliasAsync(string Url)
{
Uri uri = new Uri(Url);
string name = uri.Authority;
if (uri.Segments.Count() > 1)
{
name += "/" + uri.Segments[1];
}
if (name.EndsWith("/"))
{
name = name.Substring(0, name.Length - 1);
}
return await http.GetJsonAsync<Alias>(apiurl + "/name/" + WebUtility.UrlEncode(name));
}
public async Task<Alias> AddAliasAsync(Alias alias) public async Task<Alias> AddAliasAsync(Alias alias)
{ {
return await http.PostJsonAsync<Alias>(apiurl, alias); return await http.PostJsonAsync<Alias>(apiurl, alias);

9
Oqtane.Client/Services/FolderService.cs
View File

@ -87,6 +87,15 @@ namespace Oqtane.Services
}; };
Folders = Folders.OrderBy(item => item.Order).ToList(); Folders = Folders.OrderBy(item => item.Order).ToList();
GetPath(Folders, null); GetPath(Folders, null);
// add any non-hierarchical items to the end of the list
foreach(Folder folder in Folders)
{
if (hierarchy.Find(item => item.FolderId == folder.FolderId) == null)
{
hierarchy.Add(folder);
}
}
return hierarchy; return hierarchy;
} }
} }

2
Oqtane.Client/Services/Interfaces/IAliasService.cs
View File

@ -10,6 +10,8 @@ namespace Oqtane.Services
Task<Alias> GetAliasAsync(int AliasId); Task<Alias> GetAliasAsync(int AliasId);
Task<Alias> GetAliasAsync(string Url);
Task<Alias> AddAliasAsync(Alias Alias); Task<Alias> AddAliasAsync(Alias Alias);
Task<Alias> UpdateAliasAsync(Alias Alias); Task<Alias> UpdateAliasAsync(Alias Alias);

2
Oqtane.Client/Services/Interfaces/IModuleDefinitionService.cs
View File

@ -7,8 +7,10 @@ namespace Oqtane.Services
public interface IModuleDefinitionService public interface IModuleDefinitionService
{ {
Task<List<ModuleDefinition>> GetModuleDefinitionsAsync(int SiteId); Task<List<ModuleDefinition>> GetModuleDefinitionsAsync(int SiteId);
Task<ModuleDefinition> GetModuleDefinitionAsync(int ModuleDefinitionId, int SiteId);
Task UpdateModuleDefinitionAsync(ModuleDefinition ModuleDefinition); Task UpdateModuleDefinitionAsync(ModuleDefinition ModuleDefinition);
Task InstallModuleDefinitionsAsync(); Task InstallModuleDefinitionsAsync();
Task DeleteModuleDefinitionAsync(int ModuleDefinitionId, int SiteId); Task DeleteModuleDefinitionAsync(int ModuleDefinitionId, int SiteId);
Task LoadModuleDefinitionsAsync(int SiteId);
} }
} }

1
Oqtane.Client/Services/Interfaces/IPageService.cs
View File

@ -10,6 +10,7 @@ namespace Oqtane.Services
Task<Page> GetPageAsync(int PageId); Task<Page> GetPageAsync(int PageId);
Task<Page> GetPageAsync(int PageId, int UserId); Task<Page> GetPageAsync(int PageId, int UserId);
Task<Page> AddPageAsync(Page Page); Task<Page> AddPageAsync(Page Page);
Task<Page> AddPageAsync(int PageId, int UserId);
Task<Page> UpdatePageAsync(Page Page); Task<Page> UpdatePageAsync(Page Page);
Task UpdatePageOrderAsync(int SiteId, int PageId, int? ParentId); Task UpdatePageOrderAsync(int SiteId, int PageId, int? ParentId);
Task DeletePageAsync(int PageId); Task DeletePageAsync(int PageId);

4
Oqtane.Client/Services/Interfaces/ISettingService.cs
View File

@ -30,6 +30,10 @@ namespace Oqtane.Services
Task UpdateUserSettingsAsync(Dictionary<string, string> UserSettings, int UserId); Task UpdateUserSettingsAsync(Dictionary<string, string> UserSettings, int UserId);
Task<Dictionary<string, string>> GetFolderSettingsAsync(int FolderId);
Task UpdateFolderSettingsAsync(Dictionary<string, string> FolderSettings, int FolderId);
Task<Dictionary<string, string>> GetSettingsAsync(string EntityName, int EntityId); Task<Dictionary<string, string>> GetSettingsAsync(string EntityName, int EntityId);
Task UpdateSettingsAsync(Dictionary<string, string> Settings, string EntityName, int EntityId); Task UpdateSettingsAsync(Dictionary<string, string> Settings, string EntityName, int EntityId);

45
Oqtane.Client/Services/ModuleDefinitionService.cs
View File

@ -30,8 +30,34 @@ namespace Oqtane.Services
public async Task<List<ModuleDefinition>> GetModuleDefinitionsAsync(int SiteId) public async Task<List<ModuleDefinition>> GetModuleDefinitionsAsync(int SiteId)
{ {
// get list of modules from the server
List<ModuleDefinition> moduledefinitions = await http.GetJsonAsync<List<ModuleDefinition>>(apiurl + "?siteid=" + SiteId.ToString()); List<ModuleDefinition> moduledefinitions = await http.GetJsonAsync<List<ModuleDefinition>>(apiurl + "?siteid=" + SiteId.ToString());
return moduledefinitions.OrderBy(item => item.Name).ToList();
}
public async Task<ModuleDefinition> GetModuleDefinitionAsync(int ModuleDefinitionId, int SiteId)
{
return await http.GetJsonAsync<ModuleDefinition>(apiurl + "/" + ModuleDefinitionId.ToString() + "?siteid=" + SiteId.ToString());
}
public async Task UpdateModuleDefinitionAsync(ModuleDefinition ModuleDefinition)
{
await http.PutJsonAsync(apiurl + "/" + ModuleDefinition.ModuleDefinitionId.ToString(), ModuleDefinition);
}
public async Task InstallModuleDefinitionsAsync()
{
await http.GetJsonAsync<List<string>>(apiurl + "/install");
}
public async Task DeleteModuleDefinitionAsync(int ModuleDefinitionId, int SiteId)
{
await http.DeleteAsync(apiurl + "/" + ModuleDefinitionId.ToString() + "?siteid=" + SiteId.ToString());
}
public async Task LoadModuleDefinitionsAsync(int SiteId)
{
// get list of modules from the server
List<ModuleDefinition> moduledefinitions = await GetModuleDefinitionsAsync(SiteId);
// get list of loaded assemblies on the client ( in the client-side hosting module the browser client has its own app domain ) // get list of loaded assemblies on the client ( in the client-side hosting module the browser client has its own app domain )
Assembly[] assemblies = AppDomain.CurrentDomain.GetAssemblies(); Assembly[] assemblies = AppDomain.CurrentDomain.GetAssemblies();
@ -60,23 +86,6 @@ namespace Oqtane.Services
Assembly.Load(bytes); Assembly.Load(bytes);
} }
} }
return moduledefinitions.OrderBy(item => item.Name).ToList();
}
public async Task UpdateModuleDefinitionAsync(ModuleDefinition ModuleDefinition)
{
await http.PutJsonAsync(apiurl + "/" + ModuleDefinition.ModuleDefinitionId.ToString(), ModuleDefinition);
}
public async Task InstallModuleDefinitionsAsync()
{
await http.GetJsonAsync<List<string>>(apiurl + "/install");
}
public async Task DeleteModuleDefinitionAsync(int ModuleDefinitionId, int SiteId)
{
await http.DeleteAsync(apiurl + "/" + ModuleDefinitionId.ToString() + "?siteid=" + SiteId.ToString());
} }
} }
} }

14
Oqtane.Client/Services/PageService.cs
View File

@ -49,6 +49,11 @@ namespace Oqtane.Services
return await http.PostJsonAsync<Page>(apiurl, Page); return await http.PostJsonAsync<Page>(apiurl, Page);
} }
public async Task<Page> AddPageAsync(int PageId, int UserId)
{
return await http.PostJsonAsync<Page>(apiurl + "/" + PageId.ToString() + "?userid=" + UserId.ToString(), null);
}
public async Task<Page> UpdatePageAsync(Page Page) public async Task<Page> UpdatePageAsync(Page Page)
{ {
return await http.PutJsonAsync<Page>(apiurl + "/" + Page.PageId.ToString(), Page); return await http.PutJsonAsync<Page>(apiurl + "/" + Page.PageId.ToString(), Page);
@ -92,6 +97,15 @@ namespace Oqtane.Services
}; };
Pages = Pages.OrderBy(item => item.Order).ToList(); Pages = Pages.OrderBy(item => item.Order).ToList();
GetPath(Pages, null); GetPath(Pages, null);
// add any non-hierarchical items to the end of the list
foreach (Page page in Pages)
{
if (hierarchy.Find(item => item.PageId == page.PageId) == null)
{
hierarchy.Add(page);
}
}
return hierarchy; return hierarchy;
} }
} }

10
Oqtane.Client/Services/SettingService.cs
View File

@ -86,6 +86,16 @@ namespace Oqtane.Services
await UpdateSettingsAsync(UserSettings, "User", UserId); await UpdateSettingsAsync(UserSettings, "User", UserId);
} }
public async Task<Dictionary<string, string>> GetFolderSettingsAsync(int FolderId)
{
return await GetSettingsAsync("Folder", FolderId);
}
public async Task UpdateFolderSettingsAsync(Dictionary<string, string> FolderSettings, int FolderId)
{
await UpdateSettingsAsync(FolderSettings, "Folder", FolderId);
}
public async Task<Dictionary<string, string>> GetSettingsAsync(string EntityName, int EntityId) public async Task<Dictionary<string, string>> GetSettingsAsync(string EntityName, int EntityId)
{ {
Dictionary<string, string> dictionary = new Dictionary<string, string>(); Dictionary<string, string> dictionary = new Dictionary<string, string>();

3
Oqtane.Client/Shared/PageState.cs
View File

@ -6,9 +6,6 @@ namespace Oqtane.Shared
{ {
public class PageState public class PageState
{ {
public List<ModuleDefinition> ModuleDefinitions { get; set; }
public List<Theme> Themes { get; set; }
public List<Alias> Aliases { get; set; }
public Alias Alias { get; set; } public Alias Alias { get; set; }
public Site Site { get; set; } public Site Site { get; set; }
public List<Page> Pages { get; set; } public List<Page> Pages { get; set; }

129
Oqtane.Client/Shared/SiteRouter.razor
View File

@ -10,7 +10,6 @@
@inject IUserService UserService @inject IUserService UserService
@inject IModuleService ModuleService @inject IModuleService ModuleService
@inject IModuleDefinitionService ModuleDefinitionService @inject IModuleDefinitionService ModuleDefinitionService
@inject IThemeService ThemeService
@implements IHandleAfterRender @implements IHandleAfterRender
@DynamicComponent @DynamicComponent
@ -67,9 +66,6 @@
private async Task Refresh() private async Task Refresh()
{ {
List<ModuleDefinition> moduledefinitions;
List<Models.Theme> themes;
List<Alias> aliases;
Alias alias; Alias alias;
Site site; Site site;
List<Page> pages; List<Page> pages;
@ -107,21 +103,18 @@
if (PageState == null || reload == Reload.Application) if (PageState == null || reload == Reload.Application)
{ {
themes = await ThemeService.GetThemesAsync();
aliases = await AliasService.GetAliasesAsync();
alias = null; alias = null;
} }
else else
{ {
themes = PageState.Themes;
aliases = PageState.Aliases;
alias = PageState.Alias; alias = PageState.Alias;
} }
// check if site has changed // check if site has changed
if (alias == null || GetAlias(_absoluteUri, aliases).Name != alias.Name) Alias current = await AliasService.GetAliasAsync(_absoluteUri);
if (alias == null || current.Name != alias.Name)
{ {
alias = GetAlias(_absoluteUri, aliases); alias = current;
SiteState.Alias = alias; // set state for services SiteState.Alias = alias; // set state for services
reload = Reload.Site; reload = Reload.Site;
} }
@ -137,12 +130,13 @@
{ {
if (PageState == null || reload >= Reload.Site) if (PageState == null || reload >= Reload.Site)
{ {
moduledefinitions = await ModuleDefinitionService.GetModuleDefinitionsAsync(site.SiteId); #if WASM
ModuleDefinitionService.LoadModuleDefinitionsAsync(site.SiteId); // download assemblies to browser when running client-side
#endif
pages = await PageService.GetPagesAsync(site.SiteId); pages = await PageService.GetPagesAsync(site.SiteId);
} }
else else
{ {
moduledefinitions = PageState.ModuleDefinitions;
pages = PageState.Pages; pages = PageState.Pages;
} }
@ -192,7 +186,7 @@
} }
// check if page has changed // check if page has changed
if (page.Path != path) if (page != null && page.Path != path)
{ {
page = pages.Where(item => item.Path == path).FirstOrDefault(); page = pages.Where(item => item.Path == path).FirstOrDefault();
reload = Reload.Page; reload = Reload.Page;
@ -226,9 +220,6 @@
page = await ProcessPage(page, site, user); page = await ProcessPage(page, site, user);
pagestate = new PageState(); pagestate = new PageState();
pagestate.ModuleDefinitions = moduledefinitions;
pagestate.Themes = themes;
pagestate.Aliases = aliases;
pagestate.Alias = alias; pagestate.Alias = alias;
pagestate.Site = site; pagestate.Site = site;
pagestate.Pages = pages; pagestate.Pages = pages;
@ -247,7 +238,7 @@
if (PageState == null || reload >= Reload.Page) if (PageState == null || reload >= Reload.Page)
{ {
modules = await ModuleService.GetModulesAsync(site.SiteId); modules = await ModuleService.GetModulesAsync(site.SiteId);
modules = ProcessModules(modules, moduledefinitions, page.PageId, pagestate.ModuleId, pagestate.Action, page.Panes, site.DefaultContainerType); modules = ProcessModules(modules, page.PageId, pagestate.ModuleId, pagestate.Action, page.Panes, site.DefaultContainerType);
} }
else else
{ {
@ -270,7 +261,10 @@
else else
{ {
// page does not exist // page does not exist
NavigationManager.NavigateTo(""); if (path != "")
{
NavigationManager.NavigateTo("");
}
} }
} }
else else
@ -353,58 +347,52 @@
return page; return page;
} }
private List<Module> ProcessModules(List<Module> modules, List<ModuleDefinition> moduledefinitions, int pageid, int moduleid, string control, string panes, string defaultcontainertype) private List<Module> ProcessModules(List<Module> modules, int pageid, int moduleid, string control, string panes, string defaultcontainertype)
{ {
ModuleDefinition moduledefinition;
Dictionary<string, int> paneindex = new Dictionary<string, int>(); Dictionary<string, int> paneindex = new Dictionary<string, int>();
foreach (Module module in modules) foreach (Module module in modules)
{ {
// set the type based on the template and action string typename = module.ModuleDefinition.ControlTypeTemplate;
moduledefinition = moduledefinitions.Where(item => item.ModuleDefinitionName == module.ModuleDefinitionName).FirstOrDefault(); if (module.ModuleId == moduleid && control != "")
if (moduledefinition != null)
{ {
string typename = moduledefinition.ControlTypeTemplate; // check if the module defines custom routes
if (module.ModuleId == moduleid && control != "") if (module.ModuleDefinition.ControlTypeRoutes != "")
{ {
// check if the module defines custom routes foreach (string route in module.ModuleDefinition.ControlTypeRoutes.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
if (moduledefinition.ControlTypeRoutes != "")
{ {
foreach (string route in moduledefinition.ControlTypeRoutes.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries)) if (route.StartsWith(control + "="))
{ {
if (route.StartsWith(control + "=")) typename = route.Replace(control + "=", "");
{
typename = route.Replace(control + "=", "");
}
}
}
module.ModuleType = typename.Replace(Constants.ActionToken, control);
// admin controls need to load additional metadata from the IModuleControl interface
if (moduleid == module.ModuleId)
{
typename = module.ModuleType;
// check for core module actions component
if (Constants.DefaultModuleActions.Contains(control))
{
typename = Constants.DefaultModuleActionsTemplate.Replace(Constants.ActionToken, control);
}
Type moduletype = Type.GetType(typename);
if (moduletype != null)
{
var moduleobject = Activator.CreateInstance(moduletype);
module.SecurityAccessLevel = (SecurityAccessLevel)moduletype.GetProperty("SecurityAccessLevel").GetValue(moduleobject, null);
module.ControlTitle = (string)moduletype.GetProperty("Title").GetValue(moduleobject);
module.Actions = (string)moduletype.GetProperty("Actions").GetValue(moduleobject);
module.UseAdminContainer = (bool)moduletype.GetProperty("UseAdminContainer").GetValue(moduleobject);
} }
} }
} }
else module.ModuleType = typename.Replace(Constants.ActionToken, control);
{
module.ModuleType = typename.Replace(Constants.ActionToken, Constants.DefaultAction);
}
// admin controls need to load additional metadata from the IModuleControl interface
if (moduleid == module.ModuleId)
{
typename = module.ModuleType;
// check for core module actions component
if (Constants.DefaultModuleActions.Contains(control))
{
typename = Constants.DefaultModuleActionsTemplate.Replace(Constants.ActionToken, control);
}
Type moduletype = Type.GetType(typename);
if (moduletype != null)
{
var moduleobject = Activator.CreateInstance(moduletype);
module.SecurityAccessLevel = (SecurityAccessLevel)moduletype.GetProperty("SecurityAccessLevel").GetValue(moduleobject, null);
module.ControlTitle = (string)moduletype.GetProperty("Title").GetValue(moduleobject);
module.Actions = (string)moduletype.GetProperty("Actions").GetValue(moduleobject);
module.UseAdminContainer = (bool)moduletype.GetProperty("UseAdminContainer").GetValue(moduleobject);
}
}
} }
else
{
module.ModuleType = typename.Replace(Constants.ActionToken, Constants.DefaultAction);
}
if (module.PageId == pageid) if (module.PageId == pageid)
{ {
@ -442,31 +430,4 @@
return modules; return modules;
} }
private Alias GetAlias(string absoluteUri, List<Alias> aliases)
{
string aliasname;
Alias alias = null;
Uri uri = new Uri(absoluteUri);
if (uri.Segments.Count() > 1)
{
// check if first path segment is an alias ( ie. a subfolder - www.domain.com/subfolder )
aliasname = uri.Authority + "/" + uri.Segments[1];
if (aliasname.EndsWith("/")) { aliasname = aliasname.Substring(0, aliasname.Length - 1); }
alias = aliases.Where(item => item.Name == aliasname).FirstOrDefault();
}
if (alias == null)
{
aliasname = uri.Authority;
alias = aliases.Where(item => item.Name == aliasname).FirstOrDefault();
}
if (alias == null && aliases.Count > 0)
{
// use first alias if Uri does not exist
alias = aliases.FirstOrDefault();
}
return alias;
}
} }

8
Oqtane.Client/Themes/ContainerBase.cs
View File

@ -18,14 +18,6 @@ namespace Oqtane.Themes
[CascadingParameter] [CascadingParameter]
protected Module ModuleState { get; set; } protected Module ModuleState { get; set; }
protected ModuleDefinition ModuleDefinition
{
get
{
return PageState.ModuleDefinitions.Where(item => item.ModuleDefinitionName == ModuleState.ModuleDefinitionName).FirstOrDefault();
}
}
public virtual string Name { get; set; } public virtual string Name { get; set; }
public string ThemePath() public string ThemePath()

83
Oqtane.Client/Themes/Controls/ControlPanel.razor
View File

@ -80,7 +80,7 @@
<option value="-">&lt;Select Module&gt;</option> <option value="-">&lt;Select Module&gt;</option>
@foreach (var moduledefinition in moduledefinitions) @foreach (var moduledefinition in moduledefinitions)
{ {
if (moduledefinition.Permissions == "[]" || UserSecurity.IsAuthorized(PageState.User, "Utilize", moduledefinition.Permissions)) if (UserSecurity.IsAuthorized(PageState.User, "Utilize", moduledefinition.Permissions))
{ {
<option value="@moduledefinition.ModuleDefinitionName">@moduledefinition.Name</option> <option value="@moduledefinition.ModuleDefinitionName">@moduledefinition.Name</option>
} }
@ -199,6 +199,7 @@
bool deleteconfirmation = false; bool deleteconfirmation = false;
string moduletype = "new"; string moduletype = "new";
List<string> categories = new List<string>(); List<string> categories = new List<string>();
List<ModuleDefinition> ModuleDefinitions;
List<ModuleDefinition> moduledefinitions; List<ModuleDefinition> moduledefinitions;
List<Page> pages = new List<Page>(); List<Page> pages = new List<Page>();
string pageid = ""; string pageid = "";
@ -212,7 +213,7 @@
string display = "display: none;"; string display = "display: none;";
string message = ""; string message = "";
protected override void OnParametersSet() protected override async Task OnParametersSetAsync()
{ {
if (string.IsNullOrEmpty(ButtonClass)) if (string.IsNullOrEmpty(ButtonClass))
{ {
@ -235,7 +236,8 @@
{ {
pages?.Clear(); pages?.Clear();
foreach (ModuleDefinition moduledefinition in PageState.ModuleDefinitions) ModuleDefinitions = await ModuleDefinitionService.GetModuleDefinitionsAsync(PageState.Site.SiteId);
foreach (ModuleDefinition moduledefinition in ModuleDefinitions)
{ {
if (moduledefinition.Categories != "") if (moduledefinition.Categories != "")
{ {
@ -248,7 +250,7 @@
} }
} }
} }
moduledefinitions = PageState.ModuleDefinitions.Where(item => item.Categories == "").ToList(); moduledefinitions = ModuleDefinitions.Where(item => item.Categories == "").ToList();
foreach (Page p in PageState.Pages) foreach (Page p in PageState.Pages)
{ {
if (UserSecurity.IsAuthorized(PageState.User, "View", p.Permissions)) if (UserSecurity.IsAuthorized(PageState.User, "View", p.Permissions))
@ -258,7 +260,8 @@
} }
var panes = PageState.Page.Panes.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries); var panes = PageState.Page.Panes.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries);
pane = panes.Count() == 1 ? panes.SingleOrDefault() : ""; pane = panes.Count() == 1 ? panes.SingleOrDefault() : "";
containers = ThemeService.GetContainerTypes(PageState.Themes); List<Theme> themes = await ThemeService.GetThemesAsync();
containers = ThemeService.GetContainerTypes(themes);
containertype = PageState.Site.DefaultContainerType; containertype = PageState.Site.DefaultContainerType;
} }
} }
@ -268,11 +271,11 @@
string category = (string)e.Value; string category = (string)e.Value;
if (category == "-") if (category == "-")
{ {
moduledefinitions = PageState.ModuleDefinitions.Where(item => item.Categories == "").ToList(); moduledefinitions = ModuleDefinitions.Where(item => item.Categories == "").ToList();
} }
else else
{ {
moduledefinitions = PageState.ModuleDefinitions.Where(item => item.Categories.Contains(category)).ToList(); moduledefinitions = ModuleDefinitions.Where(item => item.Categories.Contains(category)).ToList();
} }
moduledefinitionname = "-"; moduledefinitionname = "-";
StateHasChanged(); StateHasChanged();
@ -304,6 +307,7 @@
{ {
Module module = new Module(); Module module = new Module();
module.SiteId = PageState.Site.SiteId; module.SiteId = PageState.Site.SiteId;
module.PageId = PageState.Page.PageId;
module.ModuleDefinitionName = moduledefinitionname; module.ModuleDefinitionName = moduledefinitionname;
module.Permissions = PageState.Page.Permissions; module.Permissions = PageState.Page.Permissions;
module = await ModuleService.AddModuleAsync(module); module = await ModuleService.AddModuleAsync(module);
@ -367,7 +371,7 @@
{ {
if (PageState.Page.IsPersonalizable && PageState.User != null) if (PageState.Page.IsPersonalizable && PageState.User != null)
{ {
await CreatePersonalizedPage(); await PageService.AddPageAsync(PageState.Page.PageId, PageState.User.UserId);
PageState.EditMode = true; PageState.EditMode = true;
NavigationManager.NavigateTo(NavigateUrl(PageState.Page.Path, "edit=" + ((PageState.EditMode) ? "1" : "0"), Reload.Page)); NavigationManager.NavigateTo(NavigateUrl(PageState.Page.Path, "edit=" + ((PageState.EditMode) ? "1" : "0"), Reload.Page));
} }
@ -458,67 +462,4 @@
await logger.Log(page.PageId, null, PageState.User.UserId, this.GetType().AssemblyQualifiedName, "ControlPanel", LogFunction.Delete, LogLevel.Information, ex, "Page Deleted {Page} {Error}", page, ex.Message); await logger.Log(page.PageId, null, PageState.User.UserId, this.GetType().AssemblyQualifiedName, "ControlPanel", LogFunction.Delete, LogLevel.Information, ex, "Page Deleted {Page} {Error}", page, ex.Message);
} }
} }
private async Task CreatePersonalizedPage()
{
Page page = new Page();
page.SiteId = PageState.Page.SiteId;
page.Name = PageState.Page.Name;
page.Path = PageState.Page.Path;
page.ParentId = PageState.Page.ParentId;
page.Order = 0;
page.IsNavigation = false;
page.EditMode = false;
page.ThemeType = PageState.Page.ThemeType;
if (page.ThemeType == PageState.Site.DefaultThemeType)
{
page.ThemeType = "";
}
page.LayoutType = PageState.Page.LayoutType;
if (page.LayoutType == PageState.Site.DefaultLayoutType)
{
page.LayoutType = "";
}
page.Icon = PageState.Page.Icon;
List<PermissionString> permissions = new List<PermissionString>();
permissions.Add(new PermissionString { PermissionName = "View", Permissions = "[" + PageState.User.UserId.ToString() + "]" });
permissions.Add(new PermissionString { PermissionName = "Edit", Permissions = "[" + PageState.User.UserId.ToString() + "]" });
page.Permissions = UserSecurity.SetPermissionStrings(permissions);
page.IsPersonalizable = false;
page.UserId = PageState.User.UserId;
page = await PageService.AddPageAsync(page);
// copy modules
foreach (Module m in PageState.Modules.Where(item => item.PageId == PageState.Page.PageId && !item.IsDeleted))
{
Module module = new Module();
module.SiteId = m.SiteId;
module.ModuleDefinitionName = m.ModuleDefinitionName;
permissions = new List<PermissionString>();
permissions.Add(new PermissionString { PermissionName = "View", Permissions = "[" + PageState.User.UserId.ToString() + "]" });
permissions.Add(new PermissionString { PermissionName = "Edit", Permissions = "[" + PageState.User.UserId.ToString() + "]" });
module.Permissions = UserSecurity.SetPermissionStrings(permissions);
module = await ModuleService.AddModuleAsync(module);
string content = await ModuleService.ExportModuleAsync(m.ModuleId);
if (content != "")
{
await ModuleService.ImportModuleAsync(module.ModuleId, content);
}
PageModule pagemodule = new PageModule();
pagemodule.PageId = page.PageId;
pagemodule.ModuleId = module.ModuleId;
pagemodule.Title = m.Title;
pagemodule.Pane = m.Pane;
pagemodule.Order = m.Order;
pagemodule.ContainerType = m.ContainerType;
if (pagemodule.ContainerType == PageState.Site.DefaultContainerType)
{
pagemodule.ContainerType = "";
}
await PageModuleService.AddPageModuleAsync(pagemodule);
}
}
} }

2
Oqtane.Client/Themes/Controls/ModuleActions.razor
View File

@ -31,7 +31,7 @@
{ {
actions = new List<ActionViewModel>(); actions = new List<ActionViewModel>();
actions.Add(new ActionViewModel { Action = "settings", Name = "Manage Settings" }); actions.Add(new ActionViewModel { Action = "settings", Name = "Manage Settings" });
if (ModuleDefinition.ServerAssemblyName != "") if (ModuleState.ModuleDefinition.ServerAssemblyName != "")
{ {
actions.Add(new ActionViewModel { Action = "import", Name = "Import Content" }); actions.Add(new ActionViewModel { Action = "import", Name = "Import Content" });
actions.Add(new ActionViewModel { Action = "export", Name = "Export Content" }); actions.Add(new ActionViewModel { Action = "export", Name = "Export Content" });

24
Oqtane.Server/Controllers/AliasController.cs
View File

@ -5,6 +5,8 @@ using Oqtane.Repository;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Shared; using Oqtane.Shared;
using Oqtane.Infrastructure; using Oqtane.Infrastructure;
using System.Linq;
using System;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -22,6 +24,7 @@ namespace Oqtane.Controllers
// GET: api/<controller> // GET: api/<controller>
[HttpGet] [HttpGet]
[Authorize(Roles = Constants.AdminRole)]
public IEnumerable<Alias> Get() public IEnumerable<Alias> Get()
{ {
return Aliases.GetAliases(); return Aliases.GetAliases();
@ -29,11 +32,32 @@ namespace Oqtane.Controllers
// GET api/<controller>/5 // GET api/<controller>/5
[HttpGet("{id}")] [HttpGet("{id}")]
[Authorize(Roles = Constants.AdminRole)]
public Alias Get(int id) public Alias Get(int id)
{ {
return Aliases.GetAlias(id); return Aliases.GetAlias(id);
} }
// GET api/<controller>/name/localhost:12345
[HttpGet("name/{name}")]
public Alias Get(string name)
{
List<Alias> aliases = Aliases.GetAliases().ToList();
Alias alias = null;
alias = aliases.Where(item => item.Name == name).FirstOrDefault();
if (alias == null && name.Contains("/"))
{
// lookup alias without folder name
alias = aliases.Where(item => item.Name == name.Substring(name.IndexOf("/") + 1)).FirstOrDefault();
}
if (alias == null && aliases.Count > 0)
{
// use first alias if name does not exist
alias = aliases.FirstOrDefault();
}
return alias;
}
// POST api/<controller> // POST api/<controller>
[HttpPost] [HttpPost]
[Authorize(Roles = Constants.AdminRole)] [Authorize(Roles = Constants.AdminRole)]

38
Oqtane.Server/Controllers/FileController.cs
View File

@ -72,7 +72,17 @@ namespace Oqtane.Controllers
[HttpGet("{id}")] [HttpGet("{id}")]
public Models.File Get(int id) public Models.File Get(int id)
{ {
return Files.GetFile(id); Models.File file = Files.GetFile(id);
if (UserPermissions.IsAuthorized(User, "View", file.Folder.Permissions))
{
return file;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access File {File}", file);
HttpContext.Response.StatusCode = 401;
return null;
}
} }
// PUT api/<controller>/5 // PUT api/<controller>/5
@ -85,6 +95,12 @@ namespace Oqtane.Controllers
File = Files.UpdateFile(File); File = Files.UpdateFile(File);
logger.Log(LogLevel.Information, this, LogFunction.Update, "File Updated {File}", File); logger.Log(LogLevel.Information, this, LogFunction.Update, "File Updated {File}", File);
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update File {File}", File);
HttpContext.Response.StatusCode = 401;
File = null;
}
return File; return File;
} }
@ -105,6 +121,11 @@ namespace Oqtane.Controllers
} }
logger.Log(LogLevel.Information, this, LogFunction.Delete, "File Deleted {File}", File); logger.Log(LogLevel.Information, this, LogFunction.Delete, "File Deleted {File}", File);
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete File {FileId}", id);
HttpContext.Response.StatusCode = 401;
}
} }
// GET api/<controller>/upload?url=x&folderid=y // GET api/<controller>/upload?url=x&folderid=y
@ -130,6 +151,12 @@ namespace Oqtane.Controllers
logger.Log(LogLevel.Error, this, LogFunction.Create, "File Could Not Be Downloaded From Url {Url}", url); logger.Log(LogLevel.Error, this, LogFunction.Create, "File Could Not Be Downloaded From Url {Url}", url);
} }
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Download File {Url} {FolderId}", url, folderid);
HttpContext.Response.StatusCode = 401;
file = null;
}
return file; return file;
} }
@ -170,6 +197,11 @@ namespace Oqtane.Controllers
Files.AddFile(new Models.File { Name = upload, FolderId = folderid, Extension = fileinfo.Extension.Replace(".", ""), Size = (int)fileinfo.Length }); Files.AddFile(new Models.File { Name = upload, FolderId = folderid, Extension = fileinfo.Extension.Replace(".", ""), Size = (int)fileinfo.Length });
} }
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Upload File {Folder} {File}", folder, file);
HttpContext.Response.StatusCode = 401;
}
} }
} }
@ -293,7 +325,9 @@ namespace Oqtane.Controllers
} }
else else
{ {
return NotFound(); logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access File {FileId}", id);
HttpContext.Response.StatusCode = 401;
return null;
} }
} }

73
Oqtane.Server/Controllers/FolderController.cs
View File

@ -28,21 +28,32 @@ namespace Oqtane.Controllers
[HttpGet] [HttpGet]
public IEnumerable<Folder> Get(string siteid) public IEnumerable<Folder> Get(string siteid)
{ {
if (siteid == "") List<Folder> folders = new List<Folder>();
foreach(Folder folder in Folders.GetFolders(int.Parse(siteid)))
{ {
return Folders.GetFolders(); if (UserPermissions.IsAuthorized(User, "Browse", folder.Permissions))
} {
else folders.Add(folder);
{ }
return Folders.GetFolders(int.Parse(siteid));
} }
return folders;
} }
// GET api/<controller>/5 // GET api/<controller>/5
[HttpGet("{id}")] [HttpGet("{id}")]
public Folder Get(int id) public Folder Get(int id)
{ {
return Folders.GetFolder(id); Folder folder = Folders.GetFolder(id);
if (UserPermissions.IsAuthorized(User, "Browse", folder.Permissions))
{
return folder;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Folder {Folder}", folder);
HttpContext.Response.StatusCode = 401;
return null;
}
} }
// POST api/<controller> // POST api/<controller>
@ -50,16 +61,33 @@ namespace Oqtane.Controllers
[Authorize(Roles = Constants.RegisteredRole)] [Authorize(Roles = Constants.RegisteredRole)]
public Folder Post([FromBody] Folder Folder) public Folder Post([FromBody] Folder Folder)
{ {
if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Edit", Folder.Permissions)) if (ModelState.IsValid)
{ {
Folder.Path = ""; string permissions;
if (string.IsNullOrEmpty(Folder.Path) && Folder.ParentId != null) if (Folder.ParentId != null)
{ {
Folder parent = Folders.GetFolder(Folder.ParentId.Value); permissions = Folders.GetFolder(Folder.ParentId.Value).Permissions;
Folder.Path = parent.Path + Folder.Name + "\\"; }
else
{
permissions = UserSecurity.SetPermissionStrings(new List<PermissionString> { new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole } });
}
if (UserPermissions.IsAuthorized(User, "Edit", permissions))
{
if (string.IsNullOrEmpty(Folder.Path) && Folder.ParentId != null)
{
Folder parent = Folders.GetFolder(Folder.ParentId.Value);
Folder.Path = parent.Path + Folder.Name + "\\";
}
Folder = Folders.AddFolder(Folder);
logger.Log(LogLevel.Information, this, LogFunction.Create, "Folder Added {Folder}", Folder);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Folder {Folder}", Folder);
HttpContext.Response.StatusCode = 401;
Folder = null;
} }
Folder = Folders.AddFolder(Folder);
logger.Log(LogLevel.Information, this, LogFunction.Create, "Folder Added {Folder}", Folder);
} }
return Folder; return Folder;
} }
@ -71,7 +99,6 @@ namespace Oqtane.Controllers
{ {
if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Folder", Folder.FolderId, "Edit")) if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Folder", Folder.FolderId, "Edit"))
{ {
Folder.Path = "";
if (string.IsNullOrEmpty(Folder.Path) && Folder.ParentId != null) if (string.IsNullOrEmpty(Folder.Path) && Folder.ParentId != null)
{ {
Folder parent = Folders.GetFolder(Folder.ParentId.Value); Folder parent = Folders.GetFolder(Folder.ParentId.Value);
@ -80,6 +107,12 @@ namespace Oqtane.Controllers
Folder = Folders.UpdateFolder(Folder); Folder = Folders.UpdateFolder(Folder);
logger.Log(LogLevel.Information, this, LogFunction.Update, "Folder Updated {Folder}", Folder); logger.Log(LogLevel.Information, this, LogFunction.Update, "Folder Updated {Folder}", Folder);
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Folder {Folder}", Folder);
HttpContext.Response.StatusCode = 401;
Folder = null;
}
return Folder; return Folder;
} }
@ -103,6 +136,11 @@ namespace Oqtane.Controllers
} }
logger.Log(LogLevel.Information, this, LogFunction.Update, "Folder Order Updated {SiteId} {FolderId} {ParentId}", siteid, folderid, parentid); logger.Log(LogLevel.Information, this, LogFunction.Update, "Folder Order Updated {SiteId} {FolderId} {ParentId}", siteid, folderid, parentid);
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Folder Order {SiteId} {FolderId} {ParentId}", siteid, folderid, parentid);
HttpContext.Response.StatusCode = 401;
}
} }
// DELETE api/<controller>/5 // DELETE api/<controller>/5
@ -115,6 +153,11 @@ namespace Oqtane.Controllers
Folders.DeleteFolder(id); Folders.DeleteFolder(id);
logger.Log(LogLevel.Information, this, LogFunction.Delete, "Folder Deleted {FolderId}", id); logger.Log(LogLevel.Information, this, LogFunction.Delete, "Folder Deleted {FolderId}", id);
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete Folder {FolderId}", id);
HttpContext.Response.StatusCode = 401;
}
} }
} }
} }

2
Oqtane.Server/Controllers/InstallationController.cs
View File

@ -269,7 +269,7 @@ namespace Oqtane.Controllers
var result = dbUpgrade.PerformUpgrade(); var result = dbUpgrade.PerformUpgrade();
if (!result.Successful) if (!result.Successful)
{ {
// TODO: log result.Error.Message; // TODO: log result.Error.Message - problem is logger is not available here
} }
} }
} }

2
Oqtane.Server/Controllers/JobController.cs
View File

@ -27,6 +27,7 @@ namespace Oqtane.Controllers
// GET: api/<controller> // GET: api/<controller>
[HttpGet] [HttpGet]
[Authorize(Roles = Constants.HostRole)]
public IEnumerable<Job> Get() public IEnumerable<Job> Get()
{ {
return Jobs.GetJobs(); return Jobs.GetJobs();
@ -34,6 +35,7 @@ namespace Oqtane.Controllers
// GET api/<controller>/5 // GET api/<controller>/5
[HttpGet("{id}")] [HttpGet("{id}")]
[Authorize(Roles = Constants.HostRole)]
public Job Get(int id) public Job Get(int id)
{ {
return Jobs.GetJob(id); return Jobs.GetJob(id);

179
Oqtane.Server/Controllers/ModuleController.cs
View File

@ -6,10 +6,6 @@ using Oqtane.Models;
using Oqtane.Shared; using Oqtane.Shared;
using System.Linq; using System.Linq;
using System.Reflection; using System.Reflection;
using System;
using Oqtane.Modules;
using Microsoft.Extensions.DependencyInjection;
using System.Text.Json;
using Oqtane.Infrastructure; using Oqtane.Infrastructure;
using Oqtane.Security; using Oqtane.Security;
@ -21,16 +17,14 @@ namespace Oqtane.Controllers
private readonly IModuleRepository Modules; private readonly IModuleRepository Modules;
private readonly IPageModuleRepository PageModules; private readonly IPageModuleRepository PageModules;
private readonly IModuleDefinitionRepository ModuleDefinitions; private readonly IModuleDefinitionRepository ModuleDefinitions;
private readonly IServiceProvider ServiceProvider;
private readonly IUserPermissions UserPermissions; private readonly IUserPermissions UserPermissions;
private readonly ILogManager logger; private readonly ILogManager logger;
public ModuleController(IModuleRepository Modules, IPageModuleRepository PageModules, IModuleDefinitionRepository ModuleDefinitions, IServiceProvider ServiceProvider, IUserPermissions UserPermissions, ILogManager logger) public ModuleController(IModuleRepository Modules, IPageModuleRepository PageModules, IModuleDefinitionRepository ModuleDefinitions, IUserPermissions UserPermissions, ILogManager logger)
{ {
this.Modules = Modules; this.Modules = Modules;
this.PageModules = PageModules; this.PageModules = PageModules;
this.ModuleDefinitions = ModuleDefinitions; this.ModuleDefinitions = ModuleDefinitions;
this.ServiceProvider = ServiceProvider;
this.UserPermissions = UserPermissions; this.UserPermissions = UserPermissions;
this.logger = logger; this.logger = logger;
} }
@ -39,36 +33,55 @@ namespace Oqtane.Controllers
[HttpGet] [HttpGet]
public IEnumerable<Models.Module> Get(string siteid) public IEnumerable<Models.Module> Get(string siteid)
{ {
List<Models.Module> modulelist = new List<Models.Module>(); List<ModuleDefinition> moduledefinitions = ModuleDefinitions.GetModuleDefinitions(int.Parse(siteid)).ToList();
List<Models.Module> modules = new List<Models.Module>();
foreach (PageModule pagemodule in PageModules.GetPageModules(int.Parse(siteid))) foreach (PageModule pagemodule in PageModules.GetPageModules(int.Parse(siteid)))
{ {
Models.Module module = new Models.Module(); if (UserPermissions.IsAuthorized(User, "View", pagemodule.Module.Permissions))
module.SiteId = pagemodule.Module.SiteId; {
module.ModuleDefinitionName = pagemodule.Module.ModuleDefinitionName; Models.Module module = new Models.Module();
module.Permissions = pagemodule.Module.Permissions; module.SiteId = pagemodule.Module.SiteId;
module.CreatedBy = pagemodule.Module.CreatedBy; module.ModuleDefinitionName = pagemodule.Module.ModuleDefinitionName;
module.CreatedOn = pagemodule.Module.CreatedOn; module.Permissions = pagemodule.Module.Permissions;
module.ModifiedBy = pagemodule.Module.ModifiedBy; module.CreatedBy = pagemodule.Module.CreatedBy;
module.ModifiedOn = pagemodule.Module.ModifiedOn; module.CreatedOn = pagemodule.Module.CreatedOn;
module.IsDeleted = pagemodule.IsDeleted; module.ModifiedBy = pagemodule.Module.ModifiedBy;
module.ModifiedOn = pagemodule.Module.ModifiedOn;
module.IsDeleted = pagemodule.IsDeleted;
module.PageModuleId = pagemodule.PageModuleId; module.PageModuleId = pagemodule.PageModuleId;
module.ModuleId = pagemodule.ModuleId; module.ModuleId = pagemodule.ModuleId;
module.PageId = pagemodule.PageId; module.PageId = pagemodule.PageId;
module.Title = pagemodule.Title; module.Title = pagemodule.Title;
module.Pane = pagemodule.Pane; module.Pane = pagemodule.Pane;
module.Order = pagemodule.Order; module.Order = pagemodule.Order;
module.ContainerType = pagemodule.ContainerType; module.ContainerType = pagemodule.ContainerType;
modulelist.Add(module);
module.ModuleDefinition = moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName);
modules.Add(module);
}
} }
return modulelist; return modules;
} }
// GET api/<controller>/5 // GET api/<controller>/5
[HttpGet("{id}")] [HttpGet("{id}")]
public Models.Module Get(int id) public Models.Module Get(int id)
{ {
return Modules.GetModule(id); Models.Module module = Modules.GetModule(id);
if (UserPermissions.IsAuthorized(User, "View", module.Permissions))
{
List<ModuleDefinition> moduledefinitions = ModuleDefinitions.GetModuleDefinitions(module.SiteId).ToList();
module.ModuleDefinition = moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName);
return module;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Module {Module}", module);
HttpContext.Response.StatusCode = 401;
return null;
}
} }
// POST api/<controller> // POST api/<controller>
@ -76,11 +89,17 @@ namespace Oqtane.Controllers
[Authorize(Roles = Constants.RegisteredRole)] [Authorize(Roles = Constants.RegisteredRole)]
public Models.Module Post([FromBody] Models.Module Module) public Models.Module Post([FromBody] Models.Module Module)
{ {
if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Edit", Module.Permissions)) if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Page", Module.PageId, "Edit"))
{ {
Module = Modules.AddModule(Module); Module = Modules.AddModule(Module);
logger.Log(LogLevel.Information, this, LogFunction.Create, "Module Added {Module}", Module); logger.Log(LogLevel.Information, this, LogFunction.Create, "Module Added {Module}", Module);
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Module {Module}", Module);
HttpContext.Response.StatusCode = 401;
Module = null;
}
return Module; return Module;
} }
@ -94,6 +113,12 @@ namespace Oqtane.Controllers
Module = Modules.UpdateModule(Module); Module = Modules.UpdateModule(Module);
logger.Log(LogLevel.Information, this, LogFunction.Update, "Module Updated {Module}", Module); logger.Log(LogLevel.Information, this, LogFunction.Update, "Module Updated {Module}", Module);
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Module {Module}", Module);
HttpContext.Response.StatusCode = 401;
Module = null;
}
return Module; return Module;
} }
@ -107,6 +132,11 @@ namespace Oqtane.Controllers
Modules.DeleteModule(id); Modules.DeleteModule(id);
logger.Log(LogLevel.Information, this, LogFunction.Delete, "Module Deleted {ModuleId}", id); logger.Log(LogLevel.Information, this, LogFunction.Delete, "Module Deleted {ModuleId}", id);
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete Module {ModuleId}", id);
HttpContext.Response.StatusCode = 401;
}
} }
// GET api/<controller>/export?moduleid=x // GET api/<controller>/export?moduleid=x
@ -115,48 +145,14 @@ namespace Oqtane.Controllers
public string Export(int moduleid) public string Export(int moduleid)
{ {
string content = ""; string content = "";
if (UserPermissions.IsAuthorized(User, "Module", moduleid, "View")) if (UserPermissions.IsAuthorized(User, "Module", moduleid, "Edit"))
{ {
try content = Modules.ExportModule(moduleid);
{ }
Models.Module module = Modules.GetModule(moduleid); else
if (module != null) {
{ logger.Log(LogLevel.Error, this, LogFunction.Other, "User Not Authorized To Export Module {ModuleId}", moduleid);
List<ModuleDefinition> moduledefinitions = ModuleDefinitions.GetModuleDefinitions(module.SiteId).ToList(); HttpContext.Response.StatusCode = 401;
ModuleDefinition moduledefinition = moduledefinitions.Where(item => item.ModuleDefinitionName == module.ModuleDefinitionName).FirstOrDefault();
if (moduledefinition != null)
{
ModuleContent modulecontent = new ModuleContent();
modulecontent.ModuleDefinitionName = moduledefinition.ModuleDefinitionName;
modulecontent.Version = moduledefinition.Version;
modulecontent.Content = "";
if (moduledefinition.ServerAssemblyName != "")
{
Assembly assembly = AppDomain.CurrentDomain.GetAssemblies()
.Where(item => item.FullName.StartsWith(moduledefinition.ServerAssemblyName)).FirstOrDefault();
if (assembly != null)
{
Type moduletype = assembly.GetTypes()
.Where(item => item.Namespace != null)
.Where(item => item.Namespace.StartsWith(moduledefinition.ModuleDefinitionName.Substring(0, moduledefinition.ModuleDefinitionName.IndexOf(","))))
.Where(item => item.GetInterfaces().Contains(typeof(IPortable))).FirstOrDefault();
if (moduletype != null)
{
var moduleobject = ActivatorUtilities.CreateInstance(ServiceProvider, moduletype);
modulecontent.Content = ((IPortable)moduleobject).ExportModule(module);
}
}
}
content = JsonSerializer.Serialize(modulecontent);
logger.Log(LogLevel.Information, this, LogFunction.Read, "Module Content Exported {ModuleId}", moduleid);
}
}
}
catch
{
// error occurred during export
}
} }
return content; return content;
} }
@ -169,45 +165,12 @@ namespace Oqtane.Controllers
bool success = false; bool success = false;
if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Module", moduleid, "Edit")) if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Module", moduleid, "Edit"))
{ {
try success = Modules.ImportModule(moduleid, Content);
{ }
Models.Module module = Modules.GetModule(moduleid); else
if (module != null) {
{ logger.Log(LogLevel.Error, this, LogFunction.Other, "User Not Authorized To Import Module {ModuleId}", moduleid);
List<ModuleDefinition> moduledefinitions = ModuleDefinitions.GetModuleDefinitions(module.SiteId).ToList(); HttpContext.Response.StatusCode = 401;
ModuleDefinition moduledefinition = moduledefinitions.Where(item => item.ModuleDefinitionName == module.ModuleDefinitionName).FirstOrDefault();
if (moduledefinition != null)
{
ModuleContent modulecontent = JsonSerializer.Deserialize<ModuleContent>(Content);
if (modulecontent.ModuleDefinitionName == moduledefinition.ModuleDefinitionName)
{
if (moduledefinition.ServerAssemblyName != "")
{
Assembly assembly = AppDomain.CurrentDomain.GetAssemblies()
.Where(item => item.FullName.StartsWith(moduledefinition.ServerAssemblyName)).FirstOrDefault();
if (assembly != null)
{
Type moduletype = assembly.GetTypes()
.Where(item => item.Namespace != null)
.Where(item => item.Namespace.StartsWith(moduledefinition.ModuleDefinitionName.Substring(0, moduledefinition.ModuleDefinitionName.IndexOf(","))))
.Where(item => item.GetInterfaces().Contains(typeof(IPortable))).FirstOrDefault();
if (moduletype != null)
{
var moduleobject = ActivatorUtilities.CreateInstance(ServiceProvider, moduletype);
((IPortable)moduleobject).ImportModule(module, modulecontent.Content, modulecontent.Version);
success = true;
logger.Log(LogLevel.Information, this, LogFunction.Update, "Module Content Imported {ModuleId}", moduleid);
}
}
}
}
}
}
}
catch
{
// error occurred during import
}
} }
return success; return success;
} }

34
Oqtane.Server/Controllers/ModuleDefinitionController.cs
View File

@ -9,6 +9,7 @@ using System.IO;
using System.Reflection; using System.Reflection;
using System.Linq; using System.Linq;
using Microsoft.AspNetCore.Hosting; using Microsoft.AspNetCore.Hosting;
using Oqtane.Security;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -16,13 +17,15 @@ namespace Oqtane.Controllers
public class ModuleDefinitionController : Controller public class ModuleDefinitionController : Controller
{ {
private readonly IModuleDefinitionRepository ModuleDefinitions; private readonly IModuleDefinitionRepository ModuleDefinitions;
private readonly IUserPermissions UserPermissions;
private readonly IInstallationManager InstallationManager; private readonly IInstallationManager InstallationManager;
private readonly IWebHostEnvironment environment; private readonly IWebHostEnvironment environment;
private readonly ILogManager logger; private readonly ILogManager logger;
public ModuleDefinitionController(IModuleDefinitionRepository ModuleDefinitions, IInstallationManager InstallationManager, IWebHostEnvironment environment, ILogManager logger) public ModuleDefinitionController(IModuleDefinitionRepository ModuleDefinitions, IUserPermissions UserPermissions, IInstallationManager InstallationManager, IWebHostEnvironment environment, ILogManager logger)
{ {
this.ModuleDefinitions = ModuleDefinitions; this.ModuleDefinitions = ModuleDefinitions;
this.UserPermissions = UserPermissions;
this.InstallationManager = InstallationManager; this.InstallationManager = InstallationManager;
this.environment = environment; this.environment = environment;
this.logger = logger; this.logger = logger;
@ -32,9 +35,35 @@ namespace Oqtane.Controllers
[HttpGet] [HttpGet]
public IEnumerable<ModuleDefinition> Get(int siteid) public IEnumerable<ModuleDefinition> Get(int siteid)
{ {
return ModuleDefinitions.GetModuleDefinitions(siteid); List<ModuleDefinition> moduledefinitions = new List<ModuleDefinition>();
foreach(ModuleDefinition moduledefinition in ModuleDefinitions.GetModuleDefinitions(siteid))
{
if (UserPermissions.IsAuthorized(User, "Utilize", moduledefinition.Permissions))
{
moduledefinitions.Add(moduledefinition);
}
}
return moduledefinitions;
} }
// GET api/<controller>/5?siteid=x
[HttpGet("{id}")]
public ModuleDefinition Get(int id, string siteid)
{
ModuleDefinition moduledefinition = ModuleDefinitions.GetModuleDefinition(id, int.Parse(siteid));
if (UserPermissions.IsAuthorized(User, "Utilize", moduledefinition.Permissions))
{
return moduledefinition;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access ModuleDefinition {ModuleDefinition}", moduledefinition);
HttpContext.Response.StatusCode = 401;
return null;
}
}
// GET api/<controller>/filename // GET api/<controller>/filename
[HttpGet("{filename}")] [HttpGet("{filename}")]
public IActionResult Get(string assemblyname) public IActionResult Get(string assemblyname)
@ -93,5 +122,6 @@ namespace Oqtane.Controllers
InstallationManager.RestartApplication(); InstallationManager.RestartApplication();
} }
} }
} }
} }

137
Oqtane.Server/Controllers/PageController.cs
View File

@ -14,12 +14,16 @@ namespace Oqtane.Controllers
public class PageController : Controller public class PageController : Controller
{ {
private readonly IPageRepository Pages; private readonly IPageRepository Pages;
private readonly IModuleRepository Modules;
private readonly IPageModuleRepository PageModules;
private readonly IUserPermissions UserPermissions; private readonly IUserPermissions UserPermissions;
private readonly ILogManager logger; private readonly ILogManager logger;
public PageController(IPageRepository Pages, IUserPermissions UserPermissions, ILogManager logger) public PageController(IPageRepository Pages, IModuleRepository Modules, IPageModuleRepository PageModules, IUserPermissions UserPermissions, ILogManager logger)
{ {
this.Pages = Pages; this.Pages = Pages;
this.Modules = Modules;
this.PageModules = PageModules;
this.UserPermissions = UserPermissions; this.UserPermissions = UserPermissions;
this.logger = logger; this.logger = logger;
} }
@ -28,27 +32,39 @@ namespace Oqtane.Controllers
[HttpGet] [HttpGet]
public IEnumerable<Page> Get(string siteid) public IEnumerable<Page> Get(string siteid)
{ {
if (siteid == "") List<Page> pages = new List<Page>();
foreach (Page page in Pages.GetPages(int.Parse(siteid)))
{ {
return Pages.GetPages(); if (UserPermissions.IsAuthorized(User, "View", page.Permissions))
} {
else pages.Add(page);
{ }
return Pages.GetPages(int.Parse(siteid));
} }
return pages;
} }
// GET api/<controller>/5?userid=x // GET api/<controller>/5?userid=x
[HttpGet("{id}")] [HttpGet("{id}")]
public Page Get(int id, string userid) public Page Get(int id, string userid)
{ {
Page page;
if (string.IsNullOrEmpty(userid)) if (string.IsNullOrEmpty(userid))
{ {
return Pages.GetPage(id); page = Pages.GetPage(id);
} }
else else
{ {
return Pages.GetPage(id, int.Parse(userid)); page = Pages.GetPage(id, int.Parse(userid));
}
if (UserPermissions.IsAuthorized(User, "View", page.Permissions))
{
return page;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Page {Page}", page);
HttpContext.Response.StatusCode = 401;
return null;
} }
} }
@ -57,14 +73,95 @@ namespace Oqtane.Controllers
[Authorize(Roles = Constants.RegisteredRole)] [Authorize(Roles = Constants.RegisteredRole)]
public Page Post([FromBody] Page Page) public Page Post([FromBody] Page Page)
{ {
if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Edit", Page.Permissions)) if (ModelState.IsValid)
{ {
Page = Pages.AddPage(Page); string permissions;
logger.Log(LogLevel.Information, this, LogFunction.Create, "Page Added {Page}", Page); if (Page.ParentId != null)
{
permissions = Pages.GetPage(Page.ParentId.Value).Permissions;
}
else
{
permissions = UserSecurity.SetPermissionStrings(new List<PermissionString> { new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole } });
}
if (UserPermissions.IsAuthorized(User, "Edit", permissions))
{
Page = Pages.AddPage(Page);
logger.Log(LogLevel.Information, this, LogFunction.Create, "Page Added {Page}", Page);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Page {Page}", Page);
HttpContext.Response.StatusCode = 401;
Page = null;
}
} }
return Page; return Page;
} }
// POST api/<controller>/5?userid=x
[HttpPost("{id}")]
[Authorize(Roles = Constants.RegisteredRole)]
public Page Post(int id, string userid)
{
Page page = null;
Page parent = Pages.GetPage(id);
if (parent != null && parent.IsPersonalizable && !string.IsNullOrEmpty(userid))
{
page = new Page();
page.SiteId = parent.SiteId;
page.Name = parent.Name;
page.Path = parent.Path;
page.ParentId = parent.PageId;
page.Order = 0;
page.IsNavigation = false;
page.EditMode = false;
page.ThemeType = parent.ThemeType;
page.LayoutType = parent.LayoutType;
page.Icon = parent.Icon;
List<PermissionString> permissions = new List<PermissionString>();
permissions.Add(new PermissionString { PermissionName = "View", Permissions = "[" + userid + "]" });
permissions.Add(new PermissionString { PermissionName = "Edit", Permissions = "[" + userid + "]" });
page.Permissions = UserSecurity.SetPermissionStrings(permissions);
page.IsPersonalizable = false;
page.UserId = int.Parse(userid);
page = Pages.AddPage(page);
// copy modules
List<PageModule> pagemodules = PageModules.GetPageModules(page.SiteId).ToList();
foreach (PageModule pm in pagemodules.Where(item => item.PageId == parent.PageId && !item.IsDeleted))
{
Module module = new Module();
module.SiteId = page.SiteId;
module.PageId = page.PageId;
module.ModuleDefinitionName = pm.Module.ModuleDefinitionName;
permissions = new List<PermissionString>();
permissions.Add(new PermissionString { PermissionName = "View", Permissions = "[" + userid + "]" });
permissions.Add(new PermissionString { PermissionName = "Edit", Permissions = "[" + userid + "]" });
module.Permissions = UserSecurity.SetPermissionStrings(permissions);
module = Modules.AddModule(module);
string content = Modules.ExportModule(pm.ModuleId);
if (content != "")
{
Modules.ImportModule(module.ModuleId, content);
}
PageModule pagemodule = new PageModule();
pagemodule.PageId = page.PageId;
pagemodule.ModuleId = module.ModuleId;
pagemodule.Title = pm.Title;
pagemodule.Pane = pm.Pane;
pagemodule.Order = pm.Order;
pagemodule.ContainerType = pm.ContainerType;
PageModules.AddPageModule(pagemodule);
}
}
return page;
}
// PUT api/<controller>/5 // PUT api/<controller>/5
[HttpPut("{id}")] [HttpPut("{id}")]
[Authorize(Roles = Constants.RegisteredRole)] [Authorize(Roles = Constants.RegisteredRole)]
@ -75,6 +172,12 @@ namespace Oqtane.Controllers
Page = Pages.UpdatePage(Page); Page = Pages.UpdatePage(Page);
logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Updated {Page}", Page); logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Updated {Page}", Page);
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Page {Page}", Page);
HttpContext.Response.StatusCode = 401;
Page = null;
}
return Page; return Page;
} }
@ -98,6 +201,11 @@ namespace Oqtane.Controllers
} }
logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Order Updated {SiteId} {PageId} {ParentId}", siteid, pageid, parentid); logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Order Updated {SiteId} {PageId} {ParentId}", siteid, pageid, parentid);
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Page Order {SiteId} {PageId} {ParentId}", siteid, pageid, parentid);
HttpContext.Response.StatusCode = 401;
}
} }
// DELETE api/<controller>/5 // DELETE api/<controller>/5
@ -110,6 +218,11 @@ namespace Oqtane.Controllers
Pages.DeletePage(id); Pages.DeletePage(id);
logger.Log(LogLevel.Information, this, LogFunction.Delete, "Page Deleted {PageId}", id); logger.Log(LogLevel.Information, this, LogFunction.Delete, "Page Deleted {PageId}", id);
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete Page {PageId}", id);
HttpContext.Response.StatusCode = 401;
}
} }
} }
} }

52
Oqtane.Server/Controllers/PageModuleController.cs
View File

@ -14,12 +14,14 @@ namespace Oqtane.Controllers
public class PageModuleController : Controller public class PageModuleController : Controller
{ {
private readonly IPageModuleRepository PageModules; private readonly IPageModuleRepository PageModules;
private readonly IModuleRepository Modules;
private readonly IUserPermissions UserPermissions; private readonly IUserPermissions UserPermissions;
private readonly ILogManager logger; private readonly ILogManager logger;
public PageModuleController(IPageModuleRepository PageModules, IUserPermissions UserPermissions, ILogManager logger) public PageModuleController(IPageModuleRepository PageModules, IModuleRepository Modules, IUserPermissions UserPermissions, ILogManager logger)
{ {
this.PageModules = PageModules; this.PageModules = PageModules;
this.Modules = Modules;
this.UserPermissions = UserPermissions; this.UserPermissions = UserPermissions;
this.logger = logger; this.logger = logger;
} }
@ -28,14 +30,34 @@ namespace Oqtane.Controllers
[HttpGet("{id}")] [HttpGet("{id}")]
public PageModule Get(int id) public PageModule Get(int id)
{ {
return PageModules.GetPageModule(id); PageModule pagemodule = PageModules.GetPageModule(id);
if (UserPermissions.IsAuthorized(User, "View", pagemodule.Module.Permissions))
{
return pagemodule;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access PageModule {PageModule}", pagemodule);
HttpContext.Response.StatusCode = 401;
return null;
}
} }
// GET: api/<controller>/pageid/moduleid // GET: api/<controller>/pageid/moduleid
[HttpGet("{pageid}/{moduleid}")] [HttpGet("{pageid}/{moduleid}")]
public PageModule Get(int pageid, int moduleid) public PageModule Get(int pageid, int moduleid)
{ {
return PageModules.GetPageModule(pageid, moduleid); PageModule pagemodule = PageModules.GetPageModule(pageid, moduleid);
if (UserPermissions.IsAuthorized(User, "View", pagemodule.Module.Permissions))
{
return pagemodule;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access PageModule {PageModule}", pagemodule);
HttpContext.Response.StatusCode = 401;
return null;
}
} }
// POST api/<controller> // POST api/<controller>
@ -48,6 +70,12 @@ namespace Oqtane.Controllers
PageModule = PageModules.AddPageModule(PageModule); PageModule = PageModules.AddPageModule(PageModule);
logger.Log(LogLevel.Information, this, LogFunction.Create, "Page Module Added {PageModule}", PageModule); logger.Log(LogLevel.Information, this, LogFunction.Create, "Page Module Added {PageModule}", PageModule);
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add PageModule {PageModule}", PageModule);
HttpContext.Response.StatusCode = 401;
PageModule = null;
}
return PageModule; return PageModule;
} }
@ -56,11 +84,17 @@ namespace Oqtane.Controllers
[Authorize(Roles = Constants.RegisteredRole)] [Authorize(Roles = Constants.RegisteredRole)]
public PageModule Put(int id, [FromBody] PageModule PageModule) public PageModule Put(int id, [FromBody] PageModule PageModule)
{ {
if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Page", PageModule.PageId, "Edit")) if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Module", PageModule.ModuleId, "Edit"))
{ {
PageModule = PageModules.UpdatePageModule(PageModule); PageModule = PageModules.UpdatePageModule(PageModule);
logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Module Updated {PageModule}", PageModule); logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Module Updated {PageModule}", PageModule);
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update PageModule {PageModule}", PageModule);
HttpContext.Response.StatusCode = 401;
PageModule = null;
}
return PageModule; return PageModule;
} }
@ -84,6 +118,11 @@ namespace Oqtane.Controllers
} }
logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Module Order Updated {PageId} {Pane}", pageid, pane); logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Module Order Updated {PageId} {Pane}", pageid, pane);
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Page Module Order {PageId} {Pane}", pageid, pane);
HttpContext.Response.StatusCode = 401;
}
} }
// DELETE api/<controller>/5 // DELETE api/<controller>/5
@ -97,6 +136,11 @@ namespace Oqtane.Controllers
PageModules.DeletePageModule(id); PageModules.DeletePageModule(id);
logger.Log(LogLevel.Information, this, LogFunction.Delete, "Page Module Deleted {PageModuleId}", id); logger.Log(LogLevel.Information, this, LogFunction.Delete, "Page Module Deleted {PageModuleId}", id);
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete PageModule {PageModuleId}", id);
HttpContext.Response.StatusCode = 401;
}
} }
} }
} }

72
Oqtane.Server/Controllers/PermissionController.cs
View File

@ -1,72 +0,0 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using Oqtane.Infrastructure;
namespace Oqtane.Controllers
{
[Route("{site}/api/[controller]")]
public class PermissionController : Controller
{
private readonly IPermissionRepository Permissions;
private readonly ILogManager logger;
public PermissionController(IPermissionRepository Permissions, ILogManager logger)
{
this.Permissions = Permissions;
this.logger = logger;
}
// GET: api/<controller>
[HttpGet]
public IEnumerable<Permission> Get(string entityname, int entityid, string permissionname)
{
return Permissions.GetPermissions(entityname, entityid, permissionname);
}
// GET api/<controller>/5
[HttpGet("{id}")]
public Permission Get(int id)
{
return Permissions.GetPermission(id);
}
// POST api/<controller>
[HttpPost]
[Authorize(Roles = Constants.AdminRole)]
public Permission Post([FromBody] Permission Permission)
{
if (ModelState.IsValid)
{
Permission = Permissions.AddPermission(Permission);
logger.Log(LogLevel.Information, this, LogFunction.Create, "Permission Added {Permission}", Permission);
}
return Permission;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = Constants.AdminRole)]
public Permission Put(int id, [FromBody] Permission Permission)
{
if (ModelState.IsValid)
{
Permission = Permissions.UpdatePermission(Permission);
logger.Log(LogLevel.Information, this, LogFunction.Update, "Permission Updated {Permission}", Permission);
}
return Permission;
}
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize(Roles = Constants.AdminRole)]
public void Delete(int id)
{
Permissions.DeletePermission(id);
logger.Log(LogLevel.Information, this, LogFunction.Delete, "Permission Deleted {PermissionId}", id);
}
}
}

2
Oqtane.Server/Controllers/RoleController.cs
View File

@ -22,6 +22,7 @@ namespace Oqtane.Controllers
// GET: api/<controller>?siteid=x // GET: api/<controller>?siteid=x
[HttpGet] [HttpGet]
[Authorize(Roles = Constants.RegisteredRole)]
public IEnumerable<Role> Get(string siteid) public IEnumerable<Role> Get(string siteid)
{ {
return Roles.GetRoles(int.Parse(siteid)); return Roles.GetRoles(int.Parse(siteid));
@ -29,6 +30,7 @@ namespace Oqtane.Controllers
// GET api/<controller>/5 // GET api/<controller>/5
[HttpGet("{id}")] [HttpGet("{id}")]
[Authorize(Roles = Constants.RegisteredRole)]
public Role Get(int id) public Role Get(int id)
{ {
return Roles.GetRole(id); return Roles.GetRole(id);

91
Oqtane.Server/Controllers/SettingController.cs
View File

@ -1,11 +1,13 @@
using System.Collections.Generic; using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository; using Oqtane.Repository;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Shared; using Oqtane.Shared;
using Oqtane.Security; using Oqtane.Security;
using Oqtane.Infrastructure; using Oqtane.Infrastructure;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNetCore.Http;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -13,13 +15,17 @@ namespace Oqtane.Controllers
public class SettingController : Controller public class SettingController : Controller
{ {
private readonly ISettingRepository Settings; private readonly ISettingRepository Settings;
private readonly IPageModuleRepository PageModules;
private readonly IUserPermissions UserPermissions; private readonly IUserPermissions UserPermissions;
private readonly IHttpContextAccessor Accessor;
private readonly ILogManager logger; private readonly ILogManager logger;
public SettingController(ISettingRepository Settings, IUserPermissions UserPermissions, ILogManager logger) public SettingController(ISettingRepository Settings, IPageModuleRepository PageModules, IUserPermissions UserPermissions, IHttpContextAccessor Accessor, ILogManager logger)
{ {
this.Settings = Settings; this.Settings = Settings;
this.PageModules = PageModules;
this.UserPermissions = UserPermissions; this.UserPermissions = UserPermissions;
this.Accessor = Accessor;
this.logger = logger; this.logger = logger;
} }
@ -27,62 +33,117 @@ namespace Oqtane.Controllers
[HttpGet] [HttpGet]
public IEnumerable<Setting> Get(string entityname, int entityid) public IEnumerable<Setting> Get(string entityname, int entityid)
{ {
return Settings.GetSettings(entityname, entityid); List<Setting> settings = new List<Setting>();
if (IsAuthorized(entityname, entityid, "View"))
{
settings = Settings.GetSettings(entityname, entityid).ToList();
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Settings {EntityName} {EntityId}", entityname, entityid);
HttpContext.Response.StatusCode = 401;
}
return settings;
} }
// GET api/<controller>/5 // GET api/<controller>/5
[HttpGet("{id}")] [HttpGet("{id}")]
public Setting Get(int id) public Setting Get(int id)
{ {
return Settings.GetSetting(id); Setting setting = Settings.GetSetting(id);
if (IsAuthorized(setting.EntityName, setting.EntityId, "View"))
{
return setting;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Setting {Setting}", setting);
HttpContext.Response.StatusCode = 401;
return null;
}
} }
// POST api/<controller> // POST api/<controller>
[HttpPost] [HttpPost]
[Authorize]
public Setting Post([FromBody] Setting Setting) public Setting Post([FromBody] Setting Setting)
{ {
if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId)) if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId, "Edit"))
{ {
Setting = Settings.AddSetting(Setting); Setting = Settings.AddSetting(Setting);
logger.Log(LogLevel.Information, this, LogFunction.Create, "Setting Added {Setting}", Setting); logger.Log(LogLevel.Information, this, LogFunction.Create, "Setting Added {Setting}", Setting);
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Setting {Setting}", Setting);
HttpContext.Response.StatusCode = 401;
Setting = null;
}
return Setting; return Setting;
} }
// PUT api/<controller>/5 // PUT api/<controller>/5
[HttpPut("{id}")] [HttpPut("{id}")]
[Authorize]
public Setting Put(int id, [FromBody] Setting Setting) public Setting Put(int id, [FromBody] Setting Setting)
{ {
if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId)) if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId, "Edit"))
{ {
Setting = Settings.UpdateSetting(Setting); Setting = Settings.UpdateSetting(Setting);
logger.Log(LogLevel.Information, this, LogFunction.Update, "Setting Updated {Setting}", Setting); logger.Log(LogLevel.Information, this, LogFunction.Update, "Setting Updated {Setting}", Setting);
} }
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Setting {Setting}", Setting);
HttpContext.Response.StatusCode = 401;
Setting = null;
}
return Setting; return Setting;
} }
// DELETE api/<controller>/5 // DELETE api/<controller>/5
[HttpDelete("{id}")] [HttpDelete("{id}")]
[Authorize(Roles = Constants.AdminRole)]
public void Delete(int id) public void Delete(int id)
{ {
Settings.DeleteSetting(id); Setting setting = Settings.GetSetting(id);
logger.Log(LogLevel.Information, this, LogFunction.Delete, "Setting Deleted {SettingId}", id); if (IsAuthorized(setting.EntityName, setting.EntityId, "Edit"))
{
Settings.DeleteSetting(id);
logger.Log(LogLevel.Information, this, LogFunction.Delete, "Setting Deleted {Setting}", setting);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete Setting {Setting}", setting);
HttpContext.Response.StatusCode = 401;
}
} }
private bool IsAuthorized(string EntityName, int EntityId) private bool IsAuthorized(string EntityName, int EntityId, string PermissionName)
{ {
bool authorized = false; bool authorized = false;
if (EntityName == "PageModule")
{
EntityName = "Module";
EntityId = PageModules.GetPageModule(EntityId).ModuleId;
}
switch (EntityName) switch (EntityName)
{ {
case "Module": case "Host":
authorized = UserPermissions.IsAuthorized(User, EntityName, EntityId, "Edit"); authorized = User.IsInRole(Constants.HostRole);
break; break;
default: case "Site":
authorized = User.IsInRole(Constants.AdminRole); authorized = User.IsInRole(Constants.AdminRole);
break; break;
case "Page":
case "Module":
case "Folder":
authorized = UserPermissions.IsAuthorized(User, EntityName, EntityId, PermissionName);
break;
case "User":
authorized = true;
if (PermissionName == "Edit")
{
authorized = User.IsInRole(Constants.AdminRole) || (int.Parse(Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid).Value) == EntityId);
}
break;
} }
return authorized; return authorized;
} }

1
Oqtane.Server/Controllers/SiteController.cs
View File

@ -29,6 +29,7 @@ namespace Oqtane.Controllers
// GET: api/<controller> // GET: api/<controller>
[HttpGet] [HttpGet]
[Authorize(Roles = Constants.HostRole)]
public IEnumerable<Site> Get() public IEnumerable<Site> Get()
{ {
return Sites.GetSites(); return Sites.GetSites();

1
Oqtane.Server/Controllers/ThemeController.cs
View File

@ -30,6 +30,7 @@ namespace Oqtane.Controllers
// GET: api/<controller> // GET: api/<controller>
[HttpGet] [HttpGet]
[Authorize(Roles = Constants.RegisteredRole)]
public IEnumerable<Theme> Get() public IEnumerable<Theme> Get()
{ {
return Themes.GetThemes(); return Themes.GetThemes();

26
Oqtane.Server/Controllers/UserController.cs
View File

@ -44,6 +44,7 @@ namespace Oqtane.Controllers
// GET api/<controller>/5?siteid=x // GET api/<controller>/5?siteid=x
[HttpGet("{id}")] [HttpGet("{id}")]
[Authorize]
public User Get(int id, string siteid) public User Get(int id, string siteid)
{ {
User user = Users.GetUser(id); User user = Users.GetUser(id);
@ -172,18 +173,27 @@ namespace Oqtane.Controllers
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
{ {
if (User.Password != "") if (base.User.IsInRole(Constants.AdminRole) || base.User.Identity.Name == User.Username)
{ {
IdentityUser identityuser = await IdentityUserManager.FindByNameAsync(User.Username); if (User.Password != "")
if (identityuser != null)
{ {
identityuser.PasswordHash = IdentityUserManager.PasswordHasher.HashPassword(identityuser, User.Password); IdentityUser identityuser = await IdentityUserManager.FindByNameAsync(User.Username);
await IdentityUserManager.UpdateAsync(identityuser); if (identityuser != null)
{
identityuser.PasswordHash = IdentityUserManager.PasswordHasher.HashPassword(identityuser, User.Password);
await IdentityUserManager.UpdateAsync(identityuser);
}
} }
User = Users.UpdateUser(User);
User.Password = ""; // remove sensitive information
logger.Log(LogLevel.Information, this, LogFunction.Update, "User Updated {User}", User);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update User {User}", User);
HttpContext.Response.StatusCode = 401;
User = null;
} }
User = Users.UpdateUser(User);
User.Password = ""; // remove sensitive information
logger.Log(LogLevel.Information, this, LogFunction.Update, "User Updated {User}", User);
} }
return User; return User;
} }

2
Oqtane.Server/Controllers/UserRoleController.cs
View File

@ -22,6 +22,7 @@ namespace Oqtane.Controllers
// GET: api/<controller>?userid=x // GET: api/<controller>?userid=x
[HttpGet] [HttpGet]
[Authorize]
public IEnumerable<UserRole> Get(string siteid) public IEnumerable<UserRole> Get(string siteid)
{ {
return UserRoles.GetUserRoles(int.Parse(siteid)); return UserRoles.GetUserRoles(int.Parse(siteid));
@ -29,6 +30,7 @@ namespace Oqtane.Controllers
// GET api/<controller>/5 // GET api/<controller>/5
[HttpGet("{id}")] [HttpGet("{id}")]
[Authorize]
public UserRole Get(int id) public UserRole Get(int id)
{ {
return UserRoles.GetUserRole(id); return UserRoles.GetUserRole(id);

2
Oqtane.Server/Repository/Interfaces/IModuleDefinitionRepository.cs
View File

@ -6,8 +6,8 @@ namespace Oqtane.Repository
public interface IModuleDefinitionRepository public interface IModuleDefinitionRepository
{ {
IEnumerable<ModuleDefinition> GetModuleDefinitions(int SideId); IEnumerable<ModuleDefinition> GetModuleDefinitions(int SideId);
ModuleDefinition GetModuleDefinition(int ModuleDefinitionId, int SideId);
void UpdateModuleDefinition(ModuleDefinition ModuleDefinition); void UpdateModuleDefinition(ModuleDefinition ModuleDefinition);
void DeleteModuleDefinition(int ModuleDefinitionId, int SiteId); void DeleteModuleDefinition(int ModuleDefinitionId, int SiteId);
} }
} }

2
Oqtane.Server/Repository/Interfaces/IModuleRepository.cs
View File

@ -10,5 +10,7 @@ namespace Oqtane.Repository
Module UpdateModule(Module Module); Module UpdateModule(Module Module);
Module GetModule(int ModuleId); Module GetModule(int ModuleId);
void DeleteModule(int ModuleId); void DeleteModule(int ModuleId);
string ExportModule(int ModuleId);
bool ImportModule(int ModuleId, string Content);
} }
} }

64
Oqtane.Server/Repository/ModuleDefinitionRepository.cs
View File

@ -23,7 +23,33 @@ namespace Oqtane.Repository
this.Permissions = Permissions; this.Permissions = Permissions;
} }
private List<ModuleDefinition> LoadModuleDefinitions(int SiteId) public IEnumerable<ModuleDefinition> GetModuleDefinitions(int SiteId)
{
return LoadModuleDefinitions(SiteId);
}
public ModuleDefinition GetModuleDefinition(int ModuleDefinitionId, int SiteId)
{
List<ModuleDefinition> moduledefinitions = LoadModuleDefinitions(SiteId);
return moduledefinitions.Find(item => item.ModuleDefinitionId == ModuleDefinitionId);
}
public void UpdateModuleDefinition(ModuleDefinition ModuleDefinition)
{
Permissions.UpdatePermissions(ModuleDefinition.SiteId, "ModuleDefinition", ModuleDefinition.ModuleDefinitionId, ModuleDefinition.Permissions);
_cache.Remove("moduledefinitions");
}
public void DeleteModuleDefinition(int ModuleDefinitionId, int SiteId)
{
ModuleDefinition ModuleDefinition = db.ModuleDefinition.Find(ModuleDefinitionId);
Permissions.DeletePermissions(SiteId, "ModuleDefinition", ModuleDefinitionId);
db.ModuleDefinition.Remove(ModuleDefinition);
db.SaveChanges();
_cache.Remove("moduledefinitions");
}
public List<ModuleDefinition> LoadModuleDefinitions(int SiteId)
{ {
List<ModuleDefinition> ModuleDefinitions; List<ModuleDefinition> ModuleDefinitions;
@ -35,9 +61,9 @@ namespace Oqtane.Repository
// sync module definitions with database // sync module definitions with database
List<ModuleDefinition> moduledefs = db.ModuleDefinition.ToList(); List<ModuleDefinition> moduledefs = db.ModuleDefinition.ToList();
List<Permission> permissions = Permissions.GetPermissions(SiteId, "ModuleDefinition").ToList();
foreach (ModuleDefinition moduledefinition in ModuleDefinitions) foreach (ModuleDefinition moduledefinition in ModuleDefinitions)
{ {
IEnumerable<Permission> permissions = Permissions.GetPermissions(SiteId, "ModuleDefinition").ToList();
ModuleDefinition moduledef = moduledefs.Where(item => item.ModuleDefinitionName == moduledefinition.ModuleDefinitionName).FirstOrDefault(); ModuleDefinition moduledef = moduledefs.Where(item => item.ModuleDefinitionName == moduledefinition.ModuleDefinitionName).FirstOrDefault();
if (moduledef == null) if (moduledef == null)
{ {
@ -47,6 +73,10 @@ namespace Oqtane.Repository
if (moduledefinition.Permissions != "") if (moduledefinition.Permissions != "")
{ {
Permissions.UpdatePermissions(SiteId, "ModuleDefinition", moduledef.ModuleDefinitionId, moduledefinition.Permissions); Permissions.UpdatePermissions(SiteId, "ModuleDefinition", moduledef.ModuleDefinitionId, moduledefinition.Permissions);
foreach(Permission permission in Permissions.GetPermissions("ModuleDefinition", moduledef.ModuleDefinitionId))
{
permissions.Add(permission);
}
} }
} }
else else
@ -65,6 +95,7 @@ namespace Oqtane.Repository
// any remaining module definitions are orphans // any remaining module definitions are orphans
foreach (ModuleDefinition moduledefinition in moduledefs) foreach (ModuleDefinition moduledefinition in moduledefs)
{ {
Permissions.DeletePermissions(SiteId, "ModuleDefinition", moduledefinition.ModuleDefinitionId);
db.ModuleDefinition.Remove(moduledefinition); // delete db.ModuleDefinition.Remove(moduledefinition); // delete
} }
@ -128,7 +159,7 @@ namespace Oqtane.Repository
ControlTypeTemplate = ModuleType + "." + Constants.ActionToken + ", " + typename[1], ControlTypeTemplate = ModuleType + "." + Constants.ActionToken + ", " + typename[1],
ControlTypeRoutes = "", ControlTypeRoutes = "",
AssemblyName = assembly.FullName.Split(",")[0], AssemblyName = assembly.FullName.Split(",")[0],
Permissions = "" Permissions = "[{\"PermissionName\":\"Utilize\",\"Permissions\":\"Administrators\"}]"
}; };
} }
else else
@ -150,8 +181,13 @@ namespace Oqtane.Repository
ControlTypeTemplate = ModuleType + "." + Constants.ActionToken + ", " + typename[1], ControlTypeTemplate = ModuleType + "." + Constants.ActionToken + ", " + typename[1],
ControlTypeRoutes = "", ControlTypeRoutes = "",
AssemblyName = assembly.FullName.Split(",")[0], AssemblyName = assembly.FullName.Split(",")[0],
Permissions = ((QualifiedModuleType.StartsWith("Oqtane.Modules.Admin.")) ? "[{\"PermissionName\":\"Utilize\",\"Permissions\":\"Administrators\"}]" : "") Permissions = "[{\"PermissionName\":\"Utilize\",\"Permissions\":\"" + Constants.AdminRole + "\"}]"
}; };
// make non-admin modules available by default to registered users on personalized pages
if (moduledefinition.Categories != "Admin")
{
moduledefinition.Permissions = "[{\"PermissionName\":\"Utilize\",\"Permissions\":\"" + Constants.AdminRole + ";" + Constants.RegisteredRole + "\"}]";
}
} }
moduledefinitions.Add(moduledefinition); moduledefinitions.Add(moduledefinition);
index = moduledefinitions.FindIndex(item => item.ModuleDefinitionName == QualifiedModuleType); index = moduledefinitions.FindIndex(item => item.ModuleDefinitionName == QualifiedModuleType);
@ -162,7 +198,7 @@ namespace Oqtane.Repository
string actions = (string)modulecontroltype.GetProperty("Actions").GetValue(modulecontrolobject); string actions = (string)modulecontroltype.GetProperty("Actions").GetValue(modulecontrolobject);
if (actions != "") if (actions != "")
{ {
foreach(string action in actions.Split(',')) foreach (string action in actions.Split(','))
{ {
moduledefinition.ControlTypeRoutes += (action + "=" + modulecontroltype.FullName + ", " + typename[1] + ";"); moduledefinition.ControlTypeRoutes += (action + "=" + modulecontroltype.FullName + ", " + typename[1] + ";");
} }
@ -183,23 +219,5 @@ namespace Oqtane.Repository
} }
return Value; return Value;
} }
public IEnumerable<ModuleDefinition> GetModuleDefinitions(int SiteId)
{
return LoadModuleDefinitions(SiteId);
}
public void UpdateModuleDefinition(ModuleDefinition ModuleDefinition)
{
Permissions.UpdatePermissions(ModuleDefinition.SiteId, "ModuleDefinition", ModuleDefinition.ModuleDefinitionId, ModuleDefinition.Permissions);
}
public void DeleteModuleDefinition(int ModuleDefinitionId, int SiteId)
{
ModuleDefinition ModuleDefinition = db.ModuleDefinition.Find(ModuleDefinitionId);
Permissions.DeletePermissions(SiteId, "ModuleDefinition", ModuleDefinitionId);
db.ModuleDefinition.Remove(ModuleDefinition);
db.SaveChanges();
}
} }
} }

113
Oqtane.Server/Repository/ModuleRepository.cs
View File

@ -2,6 +2,11 @@
using System.Collections.Generic; using System.Collections.Generic;
using System.Linq; using System.Linq;
using Oqtane.Models; using Oqtane.Models;
using System.Reflection;
using System;
using Oqtane.Modules;
using Microsoft.Extensions.DependencyInjection;
using System.Text.Json;
namespace Oqtane.Repository namespace Oqtane.Repository
{ {
@ -9,19 +14,23 @@ namespace Oqtane.Repository
{ {
private TenantDBContext db; private TenantDBContext db;
private readonly IPermissionRepository Permissions; private readonly IPermissionRepository Permissions;
private readonly IModuleDefinitionRepository ModuleDefinitions;
private readonly IServiceProvider ServiceProvider;
public ModuleRepository(TenantDBContext context, IPermissionRepository Permissions) public ModuleRepository(TenantDBContext context, IPermissionRepository Permissions, IModuleDefinitionRepository ModuleDefinitions, IServiceProvider ServiceProvider)
{ {
db = context; db = context;
this.Permissions = Permissions; this.Permissions = Permissions;
this.ModuleDefinitions = ModuleDefinitions;
this.ServiceProvider = ServiceProvider;
} }
public IEnumerable<Module> GetModules() public IEnumerable<Models.Module> GetModules()
{ {
return db.Module; return db.Module;
} }
public Module AddModule(Module Module) public Models.Module AddModule(Models.Module Module)
{ {
db.Module.Add(Module); db.Module.Add(Module);
db.SaveChanges(); db.SaveChanges();
@ -29,7 +38,7 @@ namespace Oqtane.Repository
return Module; return Module;
} }
public Module UpdateModule(Module Module) public Models.Module UpdateModule(Models.Module Module)
{ {
db.Entry(Module).State = EntityState.Modified; db.Entry(Module).State = EntityState.Modified;
db.SaveChanges(); db.SaveChanges();
@ -37,9 +46,9 @@ namespace Oqtane.Repository
return Module; return Module;
} }
public Module GetModule(int ModuleId) public Models.Module GetModule(int ModuleId)
{ {
Module module = db.Module.Find(ModuleId); Models.Module module = db.Module.Find(ModuleId);
if (module != null) if (module != null)
{ {
List<Permission> permissions = Permissions.GetPermissions("Module", module.ModuleId).ToList(); List<Permission> permissions = Permissions.GetPermissions("Module", module.ModuleId).ToList();
@ -50,10 +59,100 @@ namespace Oqtane.Repository
public void DeleteModule(int ModuleId) public void DeleteModule(int ModuleId)
{ {
Module Module = db.Module.Find(ModuleId); Models.Module Module = db.Module.Find(ModuleId);
Permissions.DeletePermissions(Module.SiteId, "Module", ModuleId); Permissions.DeletePermissions(Module.SiteId, "Module", ModuleId);
db.Module.Remove(Module); db.Module.Remove(Module);
db.SaveChanges(); db.SaveChanges();
} }
public string ExportModule(int ModuleId)
{
string content = "";
try
{
Models.Module module = GetModule(ModuleId);
if (module != null)
{
List<ModuleDefinition> moduledefinitions = ModuleDefinitions.GetModuleDefinitions(module.SiteId).ToList();
ModuleDefinition moduledefinition = moduledefinitions.Where(item => item.ModuleDefinitionName == module.ModuleDefinitionName).FirstOrDefault();
if (moduledefinition != null)
{
ModuleContent modulecontent = new ModuleContent();
modulecontent.ModuleDefinitionName = moduledefinition.ModuleDefinitionName;
modulecontent.Version = moduledefinition.Version;
modulecontent.Content = "";
if (moduledefinition.ServerAssemblyName != "")
{
Assembly assembly = AppDomain.CurrentDomain.GetAssemblies()
.Where(item => item.FullName.StartsWith(moduledefinition.ServerAssemblyName)).FirstOrDefault();
if (assembly != null)
{
Type moduletype = assembly.GetTypes()
.Where(item => item.Namespace != null)
.Where(item => item.Namespace.StartsWith(moduledefinition.ModuleDefinitionName.Substring(0, moduledefinition.ModuleDefinitionName.IndexOf(","))))
.Where(item => item.GetInterfaces().Contains(typeof(IPortable))).FirstOrDefault();
if (moduletype != null)
{
var moduleobject = ActivatorUtilities.CreateInstance(ServiceProvider, moduletype);
modulecontent.Content = ((IPortable)moduleobject).ExportModule(module);
}
}
}
content = JsonSerializer.Serialize(modulecontent);
}
}
}
catch
{
// error occurred during export
}
return content;
}
public bool ImportModule(int ModuleId, string Content)
{
bool success = false;
try
{
Models.Module module = GetModule(ModuleId);
if (module != null)
{
List<ModuleDefinition> moduledefinitions = ModuleDefinitions.GetModuleDefinitions(module.SiteId).ToList();
ModuleDefinition moduledefinition = moduledefinitions.Where(item => item.ModuleDefinitionName == module.ModuleDefinitionName).FirstOrDefault();
if (moduledefinition != null)
{
ModuleContent modulecontent = JsonSerializer.Deserialize<ModuleContent>(Content);
if (modulecontent.ModuleDefinitionName == moduledefinition.ModuleDefinitionName)
{
if (moduledefinition.ServerAssemblyName != "")
{
Assembly assembly = AppDomain.CurrentDomain.GetAssemblies()
.Where(item => item.FullName.StartsWith(moduledefinition.ServerAssemblyName)).FirstOrDefault();
if (assembly != null)
{
Type moduletype = assembly.GetTypes()
.Where(item => item.Namespace != null)
.Where(item => item.Namespace.StartsWith(moduledefinition.ModuleDefinitionName.Substring(0, moduledefinition.ModuleDefinitionName.IndexOf(","))))
.Where(item => item.GetInterfaces().Contains(typeof(IPortable))).FirstOrDefault();
if (moduletype != null)
{
var moduleobject = ActivatorUtilities.CreateInstance(ServiceProvider, moduletype);
((IPortable)moduleobject).ImportModule(module, modulecontent.Content, modulecontent.Version);
success = true;
}
}
}
}
}
}
}
catch
{
// error occurred during import
}
return success;
}
} }
} }

4
Oqtane.Shared/Models/Module.cs
View File

@ -49,6 +49,10 @@ namespace Oqtane.Models
[NotMapped] [NotMapped]
public int PaneModuleCount { get; set; } public int PaneModuleCount { get; set; }
// ModuleDefinition
[NotMapped]
public ModuleDefinition ModuleDefinition { get; set; }
// IModuleControl properties // IModuleControl properties
[NotMapped] [NotMapped]
public SecurityAccessLevel SecurityAccessLevel { get; set; } public SecurityAccessLevel SecurityAccessLevel { get; set; }