kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #214 from sbwalker/master

Browse Source 
authorization changes
This commit is contained in:
Shaun Walker 2020-02-17 19:53:08 -05:00 committed by GitHub
commit aef1f9d236
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
44 changed files with 880 additions and 529 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
Oqtane.Client/Modules/Admin/Logs/Index.razor
View File

@ -8,7 +8,9 @@
}
else
{
<div class="form-group">
<table class="table table-borderless">
<tr>
<td>
<label>Level: </label>
<select class="form-control" @onchange="(e => LevelChanged(e))">
<option value="-">&lt;All Levels&gt;</option>
@ -19,6 +21,8 @@ else
<option value="Error">Error</option>
<option value="Critical">Critical</option>
</select>
</td>
<td>
<label>Function: </label>
<select class="form-control" @onchange="(e => FunctionChanged(e))">
<option value="-">&lt;All Functions&gt;</option>
@ -29,13 +33,18 @@ else
<option value="Security">Security</option>
<option value="Other">Other</option>
</select>
</td>
<td>
<label>Rows: </label>
<select class="form-control" @onchange="(e => RowsChanged(e))">
<option value="10">10</option>
<option value="50">50</option>
<option value="100">100</option>
</select>
</div>
</td>
</tr>
</table>
@if (Logs.Any())
{
<Pager Items="@Logs">

4
Oqtane.Client/Modules/Admin/ModuleDefinitions/Edit.razor
View File

@ -45,7 +45,7 @@
try
{
ModuleDefinitionId = Int32.Parse(PageState.QueryString["id"]);
ModuleDefinition moduledefinition = PageState.ModuleDefinitions.Where(item => item.ModuleDefinitionId == ModuleDefinitionId).FirstOrDefault();
ModuleDefinition moduledefinition = await ModuleDefinitionService.GetModuleDefinitionAsync(ModuleDefinitionId, ModuleState.SiteId);
if (moduledefinition != null)
{
name = moduledefinition.Name;
@ -67,7 +67,7 @@
{
try
{
ModuleDefinition moduledefinition = PageState.ModuleDefinitions.Where(item => item.ModuleDefinitionId == ModuleDefinitionId).FirstOrDefault();
ModuleDefinition moduledefinition = await ModuleDefinitionService.GetModuleDefinitionAsync(ModuleDefinitionId, ModuleState.SiteId);
moduledefinition.Permissions = permissiongrid.GetPermissions();
await ModuleDefinitionService.UpdateModuleDefinitionAsync(moduledefinition);
await logger.LogInformation("ModuleDefinition Saved {ModuleDefinition}", moduledefinition);

2
Oqtane.Client/Modules/Admin/Modules/Settings.razor
View File

@ -81,7 +81,7 @@
containers = ThemeService.GetContainerTypes(await ThemeService.GetThemesAsync());
containertype = ModuleState.ContainerType;
permissions = ModuleState.Permissions;
permissionnames = PageState.ModuleDefinitions.Find(item => item.ModuleDefinitionName == ModuleState.ModuleDefinitionName).PermissionNames;
permissionnames = ModuleState.ModuleDefinition.PermissionNames;
pageid = ModuleState.PageId.ToString();
DynamicComponent = builder =>

8
Oqtane.Client/Modules/Admin/Pages/Add.razor
View File

@ -148,6 +148,7 @@
Dictionary<string, string> themes = new Dictionary<string, string>();
Dictionary<string, string> panelayouts = new Dictionary<string, string>();
List<Theme> Themes;
List<Page> pages;
string name;
string path = "";
@ -169,13 +170,14 @@
{
try
{
Themes = await ThemeService.GetThemesAsync();
pages = PageState.Pages;
children = PageState.Pages.Where(item => item.ParentId == null).ToList();
themes = ThemeService.GetThemeTypes(PageState.Themes);
themes = ThemeService.GetThemeTypes(Themes);
themetype = PageState.Site.DefaultThemeType;
panelayouts = ThemeService.GetPaneLayoutTypes(PageState.Themes, themetype);
panelayouts = ThemeService.GetPaneLayoutTypes(Themes, themetype);
layouttype = PageState.Site.DefaultLayoutType;
List<PermissionString> permissionstrings = new List<PermissionString>();
@ -219,7 +221,7 @@
themetype = (string)e.Value;
if (themetype != "")
{
panelayouts = ThemeService.GetPaneLayoutTypes(PageState.Themes, themetype);
panelayouts = ThemeService.GetPaneLayoutTypes(Themes, themetype);
}
else
{

8
Oqtane.Client/Modules/Admin/Pages/Edit.razor
View File

@ -169,6 +169,7 @@
Dictionary<string, string> themes = new Dictionary<string, string>();
Dictionary<string, string> panelayouts = new Dictionary<string, string>();
List<Theme> Themes;
List<Page> pages;
int PageId;
string name;
@ -198,10 +199,11 @@
{
try
{
Themes = await ThemeService.GetThemesAsync();
pages = PageState.Pages;
children = PageState.Pages.Where(item => item.ParentId == null).ToList();
themes = ThemeService.GetThemeTypes(PageState.Themes);
themes = ThemeService.GetThemeTypes(Themes);
PageId = Int32.Parse(PageState.QueryString["id"]);
Page page = PageState.Pages.Where(item => item.PageId == PageId).FirstOrDefault();
@ -226,7 +228,7 @@
ispersonalizable = page.IsPersonalizable.ToString();
mode = (page.EditMode) ? "edit" : "view";
themetype = page.ThemeType;
panelayouts = ThemeService.GetPaneLayoutTypes(PageState.Themes, themetype);
panelayouts = ThemeService.GetPaneLayoutTypes(Themes, themetype);
layouttype = page.LayoutType;
icon = page.Icon;
permissions = page.Permissions;
@ -282,7 +284,7 @@
themetype = (string)e.Value;
if (themetype != "")
{
panelayouts = ThemeService.GetPaneLayoutTypes(PageState.Themes, themetype);
panelayouts = ThemeService.GetPaneLayoutTypes(Themes, themetype);
}
else
{

8
Oqtane.Client/Modules/Admin/Sites/Add.razor
View File

@ -125,6 +125,7 @@ else
Dictionary<string, string> panelayouts = new Dictionary<string, string>();
Dictionary<string, string> containers = new Dictionary<string, string>();
List<Theme> Themes;
List<Tenant> tenants;
string tenantid = "-1";
string name = "";
@ -139,10 +140,11 @@ else
protected override async Task OnInitializedAsync()
{
Themes = await ThemeService.GetThemesAsync();
tenants = await TenantService.GetTenantsAsync();
urls = PageState.Alias.Name;
themes = ThemeService.GetThemeTypes(PageState.Themes);
containers = ThemeService.GetContainerTypes(PageState.Themes);
themes = ThemeService.GetThemeTypes(Themes);
containers = ThemeService.GetContainerTypes(Themes);
username = Constants.HostUser;
}
@ -175,7 +177,7 @@ else
themetype = (string)e.Value;
if (themetype != "")
{
panelayouts = ThemeService.GetPaneLayoutTypes(PageState.Themes, themetype);
panelayouts = ThemeService.GetPaneLayoutTypes(Themes, themetype);
}
else
{

16
Oqtane.Client/Modules/Admin/Sites/Edit.razor
View File

@ -157,6 +157,7 @@
Dictionary<string, string> panelayouts;
Dictionary<string, string> containers;
List<Theme> Themes;
Alias Alias;
int siteid;
string name = "";
@ -186,14 +187,15 @@
{
try
{
Alias = PageState.Aliases.Where(item => item.AliasId == Int32.Parse(PageState.QueryString["id"])).FirstOrDefault();
Themes = await ThemeService.GetThemesAsync();
aliases = await AliasService.GetAliasesAsync();
Alias = aliases.Where(item => item.AliasId == int.Parse(PageState.QueryString["id"])).FirstOrDefault();
siteid = Alias.SiteId;
Site site = await SiteService.GetSiteAsync(siteid, Alias);
if (site != null)
{
name = site.Name;
aliases = PageState.Aliases.Where(item => item.SiteId == site.SiteId && item.TenantId == site.TenantId).ToList();
foreach (Alias alias in aliases)
foreach (Alias alias in aliases.Where(item => item.SiteId == site.SiteId && item.TenantId == site.TenantId).ToList())
{
urls += alias.Name + "\n";
}
@ -202,7 +204,7 @@
logofileid = site.LogoFileId.Value;
}
themetype = site.DefaultThemeType;
panelayouts = ThemeService.GetPaneLayoutTypes(PageState.Themes, themetype);
panelayouts = ThemeService.GetPaneLayoutTypes(Themes, themetype);
layouttype = site.DefaultLayoutType;
containertype = site.DefaultContainerType;
@ -222,8 +224,8 @@
isdeleted = site.IsDeleted.ToString();
}
themes = ThemeService.GetThemeTypes(PageState.Themes);
containers = ThemeService.GetContainerTypes(PageState.Themes);
themes = ThemeService.GetThemeTypes(Themes);
containers = ThemeService.GetContainerTypes(Themes);
}
catch (Exception ex)
{
@ -239,7 +241,7 @@
themetype = (string)e.Value;
if (themetype != "")
{
panelayouts = ThemeService.GetPaneLayoutTypes(PageState.Themes, themetype);
panelayouts = ThemeService.GetPaneLayoutTypes(Themes, themetype);
}
else
{

5
Oqtane.Client/Modules/Admin/Sites/Index.razor
View File

@ -32,13 +32,14 @@ else
List<Alias> sites;
string scheme;
protected override void OnParametersSet()
protected override async Task OnParametersSetAsync()
{
Uri uri = new Uri(NavigationManager.Uri);
scheme = uri.Scheme + "://";
List<Alias> aliases = await AliasService.GetAliasesAsync();
sites = new List<Alias>();
foreach (Alias alias in PageState.Aliases.OrderBy(item => item.Name))
foreach (Alias alias in aliases)
{
if (!sites.Exists(item => item.TenantId == alias.TenantId && item.SiteId == alias.SiteId))
{

7
Oqtane.Client/Modules/ModuleBase.cs
View File

@ -29,13 +29,6 @@ namespace Oqtane.Modules
[CascadingParameter]
protected ModuleInstance ModuleInstance { get; set; }
protected ModuleDefinition ModuleDefinition
{
get
{
return PageState.ModuleDefinitions.Where(item => item.ModuleDefinitionName == ModuleState.ModuleDefinitionName).FirstOrDefault();
}
}
// optional interface properties
public virtual SecurityAccessLevel SecurityAccessLevel { get { return SecurityAccessLevel.View; } set { } } // default security

17
Oqtane.Client/Services/AliasService.cs
View File

@ -5,6 +5,8 @@ using System.Linq;
using Microsoft.AspNetCore.Components;
using System.Collections.Generic;
using Oqtane.Shared;
using System.Net;
using System;
namespace Oqtane.Services
{
@ -37,6 +39,21 @@ namespace Oqtane.Services
return await http.GetJsonAsync<Alias>(apiurl + "/" + AliasId.ToString());
}
public async Task<Alias> GetAliasAsync(string Url)
{
Uri uri = new Uri(Url);
string name = uri.Authority;
if (uri.Segments.Count() > 1)
{
name += "/" + uri.Segments[1];
}
if (name.EndsWith("/"))
{
name = name.Substring(0, name.Length - 1);
}
return await http.GetJsonAsync<Alias>(apiurl + "/name/" + WebUtility.UrlEncode(name));
}
public async Task<Alias> AddAliasAsync(Alias alias)
{
return await http.PostJsonAsync<Alias>(apiurl, alias);

9
Oqtane.Client/Services/FolderService.cs
View File

@ -87,6 +87,15 @@ namespace Oqtane.Services
};
Folders = Folders.OrderBy(item => item.Order).ToList();
GetPath(Folders, null);
// add any non-hierarchical items to the end of the list
foreach(Folder folder in Folders)
{
if (hierarchy.Find(item => item.FolderId == folder.FolderId) == null)
{
hierarchy.Add(folder);
}
}
return hierarchy;
}
}

2
Oqtane.Client/Services/Interfaces/IAliasService.cs
View File

@ -10,6 +10,8 @@ namespace Oqtane.Services
Task<Alias> GetAliasAsync(int AliasId);
Task<Alias> GetAliasAsync(string Url);
Task<Alias> AddAliasAsync(Alias Alias);
Task<Alias> UpdateAliasAsync(Alias Alias);

2
Oqtane.Client/Services/Interfaces/IModuleDefinitionService.cs
View File

@ -7,8 +7,10 @@ namespace Oqtane.Services
public interface IModuleDefinitionService
{
Task<List<ModuleDefinition>> GetModuleDefinitionsAsync(int SiteId);
Task<ModuleDefinition> GetModuleDefinitionAsync(int ModuleDefinitionId, int SiteId);
Task UpdateModuleDefinitionAsync(ModuleDefinition ModuleDefinition);
Task InstallModuleDefinitionsAsync();
Task DeleteModuleDefinitionAsync(int ModuleDefinitionId, int SiteId);
Task LoadModuleDefinitionsAsync(int SiteId);
}
}

1
Oqtane.Client/Services/Interfaces/IPageService.cs
View File

@ -10,6 +10,7 @@ namespace Oqtane.Services
Task<Page> GetPageAsync(int PageId);
Task<Page> GetPageAsync(int PageId, int UserId);
Task<Page> AddPageAsync(Page Page);
Task<Page> AddPageAsync(int PageId, int UserId);
Task<Page> UpdatePageAsync(Page Page);
Task UpdatePageOrderAsync(int SiteId, int PageId, int? ParentId);
Task DeletePageAsync(int PageId);

4
Oqtane.Client/Services/Interfaces/ISettingService.cs
View File

@ -30,6 +30,10 @@ namespace Oqtane.Services
Task UpdateUserSettingsAsync(Dictionary<string, string> UserSettings, int UserId);
Task<Dictionary<string, string>> GetFolderSettingsAsync(int FolderId);
Task UpdateFolderSettingsAsync(Dictionary<string, string> FolderSettings, int FolderId);
Task<Dictionary<string, string>> GetSettingsAsync(string EntityName, int EntityId);
Task UpdateSettingsAsync(Dictionary<string, string> Settings, string EntityName, int EntityId);

45
Oqtane.Client/Services/ModuleDefinitionService.cs
View File

@ -30,8 +30,34 @@ namespace Oqtane.Services
public async Task<List<ModuleDefinition>> GetModuleDefinitionsAsync(int SiteId)
{
// get list of modules from the server
List<ModuleDefinition> moduledefinitions = await http.GetJsonAsync<List<ModuleDefinition>>(apiurl + "?siteid=" + SiteId.ToString());
return moduledefinitions.OrderBy(item => item.Name).ToList();
}
public async Task<ModuleDefinition> GetModuleDefinitionAsync(int ModuleDefinitionId, int SiteId)
{
return await http.GetJsonAsync<ModuleDefinition>(apiurl + "/" + ModuleDefinitionId.ToString() + "?siteid=" + SiteId.ToString());
}
public async Task UpdateModuleDefinitionAsync(ModuleDefinition ModuleDefinition)
{
await http.PutJsonAsync(apiurl + "/" + ModuleDefinition.ModuleDefinitionId.ToString(), ModuleDefinition);
}
public async Task InstallModuleDefinitionsAsync()
{
await http.GetJsonAsync<List<string>>(apiurl + "/install");
}
public async Task DeleteModuleDefinitionAsync(int ModuleDefinitionId, int SiteId)
{
await http.DeleteAsync(apiurl + "/" + ModuleDefinitionId.ToString() + "?siteid=" + SiteId.ToString());
}
public async Task LoadModuleDefinitionsAsync(int SiteId)
{
// get list of modules from the server
List<ModuleDefinition> moduledefinitions = await GetModuleDefinitionsAsync(SiteId);
// get list of loaded assemblies on the client ( in the client-side hosting module the browser client has its own app domain )
Assembly[] assemblies = AppDomain.CurrentDomain.GetAssemblies();
@ -60,23 +86,6 @@ namespace Oqtane.Services
Assembly.Load(bytes);
}
}
return moduledefinitions.OrderBy(item => item.Name).ToList();
}
public async Task UpdateModuleDefinitionAsync(ModuleDefinition ModuleDefinition)
{
await http.PutJsonAsync(apiurl + "/" + ModuleDefinition.ModuleDefinitionId.ToString(), ModuleDefinition);
}
public async Task InstallModuleDefinitionsAsync()
{
await http.GetJsonAsync<List<string>>(apiurl + "/install");
}
public async Task DeleteModuleDefinitionAsync(int ModuleDefinitionId, int SiteId)
{
await http.DeleteAsync(apiurl + "/" + ModuleDefinitionId.ToString() + "?siteid=" + SiteId.ToString());
}
}
}

14
Oqtane.Client/Services/PageService.cs
View File

@ -49,6 +49,11 @@ namespace Oqtane.Services
return await http.PostJsonAsync<Page>(apiurl, Page);
}
public async Task<Page> AddPageAsync(int PageId, int UserId)
{
return await http.PostJsonAsync<Page>(apiurl + "/" + PageId.ToString() + "?userid=" + UserId.ToString(), null);
}
public async Task<Page> UpdatePageAsync(Page Page)
{
return await http.PutJsonAsync<Page>(apiurl + "/" + Page.PageId.ToString(), Page);
@ -92,6 +97,15 @@ namespace Oqtane.Services
};
Pages = Pages.OrderBy(item => item.Order).ToList();
GetPath(Pages, null);
// add any non-hierarchical items to the end of the list
foreach (Page page in Pages)
{
if (hierarchy.Find(item => item.PageId == page.PageId) == null)
{
hierarchy.Add(page);
}
}
return hierarchy;
}
}

10
Oqtane.Client/Services/SettingService.cs
View File

@ -86,6 +86,16 @@ namespace Oqtane.Services
await UpdateSettingsAsync(UserSettings, "User", UserId);
}
public async Task<Dictionary<string, string>> GetFolderSettingsAsync(int FolderId)
{
return await GetSettingsAsync("Folder", FolderId);
}
public async Task UpdateFolderSettingsAsync(Dictionary<string, string> FolderSettings, int FolderId)
{
await UpdateSettingsAsync(FolderSettings, "Folder", FolderId);
}
public async Task<Dictionary<string, string>> GetSettingsAsync(string EntityName, int EntityId)
{
Dictionary<string, string> dictionary = new Dictionary<string, string>();

3
Oqtane.Client/Shared/PageState.cs
View File

@ -6,9 +6,6 @@ namespace Oqtane.Shared
{
public class PageState
{
public List<ModuleDefinition> ModuleDefinitions { get; set; }
public List<Theme> Themes { get; set; }
public List<Alias> Aliases { get; set; }
public Alias Alias { get; set; }
public Site Site { get; set; }
public List<Page> Pages { get; set; }

69
Oqtane.Client/Shared/SiteRouter.razor
View File

@ -10,7 +10,6 @@
@inject IUserService UserService
@inject IModuleService ModuleService
@inject IModuleDefinitionService ModuleDefinitionService
@inject IThemeService ThemeService
@implements IHandleAfterRender
@DynamicComponent
@ -67,9 +66,6 @@
private async Task Refresh()
{
List<ModuleDefinition> moduledefinitions;
List<Models.Theme> themes;
List<Alias> aliases;
Alias alias;
Site site;
List<Page> pages;
@ -107,21 +103,18 @@
if (PageState == null || reload == Reload.Application)
{
themes = await ThemeService.GetThemesAsync();
aliases = await AliasService.GetAliasesAsync();
alias = null;
}
else
{
themes = PageState.Themes;
aliases = PageState.Aliases;
alias = PageState.Alias;
}
// check if site has changed
if (alias == null || GetAlias(_absoluteUri, aliases).Name != alias.Name)
Alias current = await AliasService.GetAliasAsync(_absoluteUri);
if (alias == null || current.Name != alias.Name)
{
alias = GetAlias(_absoluteUri, aliases);
alias = current;
SiteState.Alias = alias; // set state for services
reload = Reload.Site;
}
@ -137,12 +130,13 @@
{
if (PageState == null || reload >= Reload.Site)
{
moduledefinitions = await ModuleDefinitionService.GetModuleDefinitionsAsync(site.SiteId);
#if WASM
ModuleDefinitionService.LoadModuleDefinitionsAsync(site.SiteId); // download assemblies to browser when running client-side
#endif
pages = await PageService.GetPagesAsync(site.SiteId);
}
else
{
moduledefinitions = PageState.ModuleDefinitions;
pages = PageState.Pages;
}
@ -192,7 +186,7 @@
}
// check if page has changed
if (page.Path != path)
if (page != null && page.Path != path)
{
page = pages.Where(item => item.Path == path).FirstOrDefault();
reload = Reload.Page;
@ -226,9 +220,6 @@
page = await ProcessPage(page, site, user);
pagestate = new PageState();
pagestate.ModuleDefinitions = moduledefinitions;
pagestate.Themes = themes;
pagestate.Aliases = aliases;
pagestate.Alias = alias;
pagestate.Site = site;
pagestate.Pages = pages;
@ -247,7 +238,7 @@
if (PageState == null || reload >= Reload.Page)
{
modules = await ModuleService.GetModulesAsync(site.SiteId);
modules = ProcessModules(modules, moduledefinitions, page.PageId, pagestate.ModuleId, pagestate.Action, page.Panes, site.DefaultContainerType);
modules = ProcessModules(modules, page.PageId, pagestate.ModuleId, pagestate.Action, page.Panes, site.DefaultContainerType);
}
else
{
@ -270,9 +261,12 @@
else
{
// page does not exist
if (path != "")
{
NavigationManager.NavigateTo("");
}
}
}
else
{
// site does not exist
@ -353,23 +347,18 @@
return page;
}
private List<Module> ProcessModules(List<Module> modules, List<ModuleDefinition> moduledefinitions, int pageid, int moduleid, string control, string panes, string defaultcontainertype)
private List<Module> ProcessModules(List<Module> modules, int pageid, int moduleid, string control, string panes, string defaultcontainertype)
{
ModuleDefinition moduledefinition;
Dictionary<string, int> paneindex = new Dictionary<string, int>();
foreach (Module module in modules)
{
// set the type based on the template and action
moduledefinition = moduledefinitions.Where(item => item.ModuleDefinitionName == module.ModuleDefinitionName).FirstOrDefault();
if (moduledefinition != null)
{
string typename = moduledefinition.ControlTypeTemplate;
string typename = module.ModuleDefinition.ControlTypeTemplate;
if (module.ModuleId == moduleid && control != "")
{
// check if the module defines custom routes
if (moduledefinition.ControlTypeRoutes != "")
if (module.ModuleDefinition.ControlTypeRoutes != "")
{
foreach (string route in moduledefinition.ControlTypeRoutes.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
foreach (string route in module.ModuleDefinition.ControlTypeRoutes.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries))
{
if (route.StartsWith(control + "="))
{
@ -404,7 +393,6 @@
module.ModuleType = typename.Replace(Constants.ActionToken, Constants.DefaultAction);
}
}
if (module.PageId == pageid)
{
@ -442,31 +430,4 @@
return modules;
}
private Alias GetAlias(string absoluteUri, List<Alias> aliases)
{
string aliasname;
Alias alias = null;
Uri uri = new Uri(absoluteUri);
if (uri.Segments.Count() > 1)
{
// check if first path segment is an alias ( ie. a subfolder - www.domain.com/subfolder )
aliasname = uri.Authority + "/" + uri.Segments[1];
if (aliasname.EndsWith("/")) { aliasname = aliasname.Substring(0, aliasname.Length - 1); }
alias = aliases.Where(item => item.Name == aliasname).FirstOrDefault();
}
if (alias == null)
{
aliasname = uri.Authority;
alias = aliases.Where(item => item.Name == aliasname).FirstOrDefault();
}
if (alias == null && aliases.Count > 0)
{
// use first alias if Uri does not exist
alias = aliases.FirstOrDefault();
}
return alias;
}
}

8
Oqtane.Client/Themes/ContainerBase.cs
View File

@ -18,14 +18,6 @@ namespace Oqtane.Themes
[CascadingParameter]
protected Module ModuleState { get; set; }
protected ModuleDefinition ModuleDefinition
{
get
{
return PageState.ModuleDefinitions.Where(item => item.ModuleDefinitionName == ModuleState.ModuleDefinitionName).FirstOrDefault();
}
}
public virtual string Name { get; set; }
public string ThemePath()

83
Oqtane.Client/Themes/Controls/ControlPanel.razor
View File

@ -80,7 +80,7 @@
<option value="-">&lt;Select Module&gt;</option>
@foreach (var moduledefinition in moduledefinitions)
{
if (moduledefinition.Permissions == "[]" || UserSecurity.IsAuthorized(PageState.User, "Utilize", moduledefinition.Permissions))
if (UserSecurity.IsAuthorized(PageState.User, "Utilize", moduledefinition.Permissions))
{
<option value="@moduledefinition.ModuleDefinitionName">@moduledefinition.Name</option>
}
@ -199,6 +199,7 @@
bool deleteconfirmation = false;
string moduletype = "new";
List<string> categories = new List<string>();
List<ModuleDefinition> ModuleDefinitions;
List<ModuleDefinition> moduledefinitions;
List<Page> pages = new List<Page>();
string pageid = "";
@ -212,7 +213,7 @@
string display = "display: none;";
string message = "";
protected override void OnParametersSet()
protected override async Task OnParametersSetAsync()
{
if (string.IsNullOrEmpty(ButtonClass))
{
@ -235,7 +236,8 @@
{
pages?.Clear();
foreach (ModuleDefinition moduledefinition in PageState.ModuleDefinitions)
ModuleDefinitions = await ModuleDefinitionService.GetModuleDefinitionsAsync(PageState.Site.SiteId);
foreach (ModuleDefinition moduledefinition in ModuleDefinitions)
{
if (moduledefinition.Categories != "")
{
@ -248,7 +250,7 @@
}
}
}
moduledefinitions = PageState.ModuleDefinitions.Where(item => item.Categories == "").ToList();
moduledefinitions = ModuleDefinitions.Where(item => item.Categories == "").ToList();
foreach (Page p in PageState.Pages)
{
if (UserSecurity.IsAuthorized(PageState.User, "View", p.Permissions))
@ -258,7 +260,8 @@
}
var panes = PageState.Page.Panes.Split(new[] { ';' }, StringSplitOptions.RemoveEmptyEntries);
pane = panes.Count() == 1 ? panes.SingleOrDefault() : "";
containers = ThemeService.GetContainerTypes(PageState.Themes);
List<Theme> themes = await ThemeService.GetThemesAsync();
containers = ThemeService.GetContainerTypes(themes);
containertype = PageState.Site.DefaultContainerType;
}
}
@ -268,11 +271,11 @@
string category = (string)e.Value;
if (category == "-")
{
moduledefinitions = PageState.ModuleDefinitions.Where(item => item.Categories == "").ToList();
moduledefinitions = ModuleDefinitions.Where(item => item.Categories == "").ToList();
}
else
{
moduledefinitions = PageState.ModuleDefinitions.Where(item => item.Categories.Contains(category)).ToList();
moduledefinitions = ModuleDefinitions.Where(item => item.Categories.Contains(category)).ToList();
}
moduledefinitionname = "-";
StateHasChanged();
@ -304,6 +307,7 @@
{
Module module = new Module();
module.SiteId = PageState.Site.SiteId;
module.PageId = PageState.Page.PageId;
module.ModuleDefinitionName = moduledefinitionname;
module.Permissions = PageState.Page.Permissions;
module = await ModuleService.AddModuleAsync(module);
@ -367,7 +371,7 @@
{
if (PageState.Page.IsPersonalizable && PageState.User != null)
{
await CreatePersonalizedPage();
await PageService.AddPageAsync(PageState.Page.PageId, PageState.User.UserId);
PageState.EditMode = true;
NavigationManager.NavigateTo(NavigateUrl(PageState.Page.Path, "edit=" + ((PageState.EditMode) ? "1" : "0"), Reload.Page));
}
@ -458,67 +462,4 @@
await logger.Log(page.PageId, null, PageState.User.UserId, this.GetType().AssemblyQualifiedName, "ControlPanel", LogFunction.Delete, LogLevel.Information, ex, "Page Deleted {Page} {Error}", page, ex.Message);
}
}
private async Task CreatePersonalizedPage()
{
Page page = new Page();
page.SiteId = PageState.Page.SiteId;
page.Name = PageState.Page.Name;
page.Path = PageState.Page.Path;
page.ParentId = PageState.Page.ParentId;
page.Order = 0;
page.IsNavigation = false;
page.EditMode = false;
page.ThemeType = PageState.Page.ThemeType;
if (page.ThemeType == PageState.Site.DefaultThemeType)
{
page.ThemeType = "";
}
page.LayoutType = PageState.Page.LayoutType;
if (page.LayoutType == PageState.Site.DefaultLayoutType)
{
page.LayoutType = "";
}
page.Icon = PageState.Page.Icon;
List<PermissionString> permissions = new List<PermissionString>();
permissions.Add(new PermissionString { PermissionName = "View", Permissions = "[" + PageState.User.UserId.ToString() + "]" });
permissions.Add(new PermissionString { PermissionName = "Edit", Permissions = "[" + PageState.User.UserId.ToString() + "]" });
page.Permissions = UserSecurity.SetPermissionStrings(permissions);
page.IsPersonalizable = false;
page.UserId = PageState.User.UserId;
page = await PageService.AddPageAsync(page);
// copy modules
foreach (Module m in PageState.Modules.Where(item => item.PageId == PageState.Page.PageId && !item.IsDeleted))
{
Module module = new Module();
module.SiteId = m.SiteId;
module.ModuleDefinitionName = m.ModuleDefinitionName;
permissions = new List<PermissionString>();
permissions.Add(new PermissionString { PermissionName = "View", Permissions = "[" + PageState.User.UserId.ToString() + "]" });
permissions.Add(new PermissionString { PermissionName = "Edit", Permissions = "[" + PageState.User.UserId.ToString() + "]" });
module.Permissions = UserSecurity.SetPermissionStrings(permissions);
module = await ModuleService.AddModuleAsync(module);
string content = await ModuleService.ExportModuleAsync(m.ModuleId);
if (content != "")
{
await ModuleService.ImportModuleAsync(module.ModuleId, content);
}
PageModule pagemodule = new PageModule();
pagemodule.PageId = page.PageId;
pagemodule.ModuleId = module.ModuleId;
pagemodule.Title = m.Title;
pagemodule.Pane = m.Pane;
pagemodule.Order = m.Order;
pagemodule.ContainerType = m.ContainerType;
if (pagemodule.ContainerType == PageState.Site.DefaultContainerType)
{
pagemodule.ContainerType = "";
}
await PageModuleService.AddPageModuleAsync(pagemodule);
}
}
}

2
Oqtane.Client/Themes/Controls/ModuleActions.razor
View File

@ -31,7 +31,7 @@
{
actions = new List<ActionViewModel>();
actions.Add(new ActionViewModel { Action = "settings", Name = "Manage Settings" });
if (ModuleDefinition.ServerAssemblyName != "")
if (ModuleState.ModuleDefinition.ServerAssemblyName != "")
{
actions.Add(new ActionViewModel { Action = "import", Name = "Import Content" });
actions.Add(new ActionViewModel { Action = "export", Name = "Export Content" });

24
Oqtane.Server/Controllers/AliasController.cs
View File

@ -5,6 +5,8 @@ using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using Oqtane.Infrastructure;
using System.Linq;
using System;
namespace Oqtane.Controllers
{
@ -22,6 +24,7 @@ namespace Oqtane.Controllers
// GET: api/<controller>
[HttpGet]
[Authorize(Roles = Constants.AdminRole)]
public IEnumerable<Alias> Get()
{
return Aliases.GetAliases();
@ -29,11 +32,32 @@ namespace Oqtane.Controllers
// GET api/<controller>/5
[HttpGet("{id}")]
[Authorize(Roles = Constants.AdminRole)]
public Alias Get(int id)
{
return Aliases.GetAlias(id);
}
// GET api/<controller>/name/localhost:12345
[HttpGet("name/{name}")]
public Alias Get(string name)
{
List<Alias> aliases = Aliases.GetAliases().ToList();
Alias alias = null;
alias = aliases.Where(item => item.Name == name).FirstOrDefault();
if (alias == null && name.Contains("/"))
{
// lookup alias without folder name
alias = aliases.Where(item => item.Name == name.Substring(name.IndexOf("/") + 1)).FirstOrDefault();
}
if (alias == null && aliases.Count > 0)
{
// use first alias if name does not exist
alias = aliases.FirstOrDefault();
}
return alias;
}
// POST api/<controller>
[HttpPost]
[Authorize(Roles = Constants.AdminRole)]

38
Oqtane.Server/Controllers/FileController.cs
View File

@ -72,7 +72,17 @@ namespace Oqtane.Controllers
[HttpGet("{id}")]
public Models.File Get(int id)
{
return Files.GetFile(id);
Models.File file = Files.GetFile(id);
if (UserPermissions.IsAuthorized(User, "View", file.Folder.Permissions))
{
return file;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access File {File}", file);
HttpContext.Response.StatusCode = 401;
return null;
}
}
// PUT api/<controller>/5
@ -85,6 +95,12 @@ namespace Oqtane.Controllers
File = Files.UpdateFile(File);
logger.Log(LogLevel.Information, this, LogFunction.Update, "File Updated {File}", File);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update File {File}", File);
HttpContext.Response.StatusCode = 401;
File = null;
}
return File;
}
@ -105,6 +121,11 @@ namespace Oqtane.Controllers
}
logger.Log(LogLevel.Information, this, LogFunction.Delete, "File Deleted {File}", File);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete File {FileId}", id);
HttpContext.Response.StatusCode = 401;
}
}
// GET api/<controller>/upload?url=x&folderid=y
@ -130,6 +151,12 @@ namespace Oqtane.Controllers
logger.Log(LogLevel.Error, this, LogFunction.Create, "File Could Not Be Downloaded From Url {Url}", url);
}
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Download File {Url} {FolderId}", url, folderid);
HttpContext.Response.StatusCode = 401;
file = null;
}
return file;
}
@ -170,6 +197,11 @@ namespace Oqtane.Controllers
Files.AddFile(new Models.File { Name = upload, FolderId = folderid, Extension = fileinfo.Extension.Replace(".", ""), Size = (int)fileinfo.Length });
}
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Upload File {Folder} {File}", folder, file);
HttpContext.Response.StatusCode = 401;
}
}
}
@ -293,7 +325,9 @@ namespace Oqtane.Controllers
}
else
{
return NotFound();
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access File {FileId}", id);
HttpContext.Response.StatusCode = 401;
return null;
}
}

61
Oqtane.Server/Controllers/FolderController.cs
View File

@ -28,21 +28,32 @@ namespace Oqtane.Controllers
[HttpGet]
public IEnumerable<Folder> Get(string siteid)
{
if (siteid == "")
List<Folder> folders = new List<Folder>();
foreach(Folder folder in Folders.GetFolders(int.Parse(siteid)))
{
return Folders.GetFolders();
}
else
if (UserPermissions.IsAuthorized(User, "Browse", folder.Permissions))
{
return Folders.GetFolders(int.Parse(siteid));
folders.Add(folder);
}
}
return folders;
}
// GET api/<controller>/5
[HttpGet("{id}")]
public Folder Get(int id)
{
return Folders.GetFolder(id);
Folder folder = Folders.GetFolder(id);
if (UserPermissions.IsAuthorized(User, "Browse", folder.Permissions))
{
return folder;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Folder {Folder}", folder);
HttpContext.Response.StatusCode = 401;
return null;
}
}
// POST api/<controller>
@ -50,9 +61,19 @@ namespace Oqtane.Controllers
[Authorize(Roles = Constants.RegisteredRole)]
public Folder Post([FromBody] Folder Folder)
{
if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Edit", Folder.Permissions))
if (ModelState.IsValid)
{
string permissions;
if (Folder.ParentId != null)
{
permissions = Folders.GetFolder(Folder.ParentId.Value).Permissions;
}
else
{
permissions = UserSecurity.SetPermissionStrings(new List<PermissionString> { new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole } });
}
if (UserPermissions.IsAuthorized(User, "Edit", permissions))
{
Folder.Path = "";
if (string.IsNullOrEmpty(Folder.Path) && Folder.ParentId != null)
{
Folder parent = Folders.GetFolder(Folder.ParentId.Value);
@ -61,6 +82,13 @@ namespace Oqtane.Controllers
Folder = Folders.AddFolder(Folder);
logger.Log(LogLevel.Information, this, LogFunction.Create, "Folder Added {Folder}", Folder);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Folder {Folder}", Folder);
HttpContext.Response.StatusCode = 401;
Folder = null;
}
}
return Folder;
}
@ -71,7 +99,6 @@ namespace Oqtane.Controllers
{
if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Folder", Folder.FolderId, "Edit"))
{
Folder.Path = "";
if (string.IsNullOrEmpty(Folder.Path) && Folder.ParentId != null)
{
Folder parent = Folders.GetFolder(Folder.ParentId.Value);
@ -80,6 +107,12 @@ namespace Oqtane.Controllers
Folder = Folders.UpdateFolder(Folder);
logger.Log(LogLevel.Information, this, LogFunction.Update, "Folder Updated {Folder}", Folder);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Folder {Folder}", Folder);
HttpContext.Response.StatusCode = 401;
Folder = null;
}
return Folder;
}
@ -103,6 +136,11 @@ namespace Oqtane.Controllers
}
logger.Log(LogLevel.Information, this, LogFunction.Update, "Folder Order Updated {SiteId} {FolderId} {ParentId}", siteid, folderid, parentid);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Folder Order {SiteId} {FolderId} {ParentId}", siteid, folderid, parentid);
HttpContext.Response.StatusCode = 401;
}
}
// DELETE api/<controller>/5
@ -115,6 +153,11 @@ namespace Oqtane.Controllers
Folders.DeleteFolder(id);
logger.Log(LogLevel.Information, this, LogFunction.Delete, "Folder Deleted {FolderId}", id);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete Folder {FolderId}", id);
HttpContext.Response.StatusCode = 401;
}
}
}
}

2
Oqtane.Server/Controllers/InstallationController.cs
View File

@ -269,7 +269,7 @@ namespace Oqtane.Controllers
var result = dbUpgrade.PerformUpgrade();
if (!result.Successful)
{
// TODO: log result.Error.Message;
// TODO: log result.Error.Message - problem is logger is not available here
}
}
}

2
Oqtane.Server/Controllers/JobController.cs
View File

@ -27,6 +27,7 @@ namespace Oqtane.Controllers
// GET: api/<controller>
[HttpGet]
[Authorize(Roles = Constants.HostRole)]
public IEnumerable<Job> Get()
{
return Jobs.GetJobs();
@ -34,6 +35,7 @@ namespace Oqtane.Controllers
// GET api/<controller>/5
[HttpGet("{id}")]
[Authorize(Roles = Constants.HostRole)]
public Job Get(int id)
{
return Jobs.GetJob(id);

139
Oqtane.Server/Controllers/ModuleController.cs
View File

@ -6,10 +6,6 @@ using Oqtane.Models;
using Oqtane.Shared;
using System.Linq;
using System.Reflection;
using System;
using Oqtane.Modules;
using Microsoft.Extensions.DependencyInjection;
using System.Text.Json;
using Oqtane.Infrastructure;
using Oqtane.Security;
@ -21,16 +17,14 @@ namespace Oqtane.Controllers
private readonly IModuleRepository Modules;
private readonly IPageModuleRepository PageModules;
private readonly IModuleDefinitionRepository ModuleDefinitions;
private readonly IServiceProvider ServiceProvider;
private readonly IUserPermissions UserPermissions;
private readonly ILogManager logger;
public ModuleController(IModuleRepository Modules, IPageModuleRepository PageModules, IModuleDefinitionRepository ModuleDefinitions, IServiceProvider ServiceProvider, IUserPermissions UserPermissions, ILogManager logger)
public ModuleController(IModuleRepository Modules, IPageModuleRepository PageModules, IModuleDefinitionRepository ModuleDefinitions, IUserPermissions UserPermissions, ILogManager logger)
{
this.Modules = Modules;
this.PageModules = PageModules;
this.ModuleDefinitions = ModuleDefinitions;
this.ServiceProvider = ServiceProvider;
this.UserPermissions = UserPermissions;
this.logger = logger;
}
@ -39,8 +33,11 @@ namespace Oqtane.Controllers
[HttpGet]
public IEnumerable<Models.Module> Get(string siteid)
{
List<Models.Module> modulelist = new List<Models.Module>();
List<ModuleDefinition> moduledefinitions = ModuleDefinitions.GetModuleDefinitions(int.Parse(siteid)).ToList();
List<Models.Module> modules = new List<Models.Module>();
foreach (PageModule pagemodule in PageModules.GetPageModules(int.Parse(siteid)))
{
if (UserPermissions.IsAuthorized(User, "View", pagemodule.Module.Permissions))
{
Models.Module module = new Models.Module();
module.SiteId = pagemodule.Module.SiteId;
@ -59,16 +56,32 @@ namespace Oqtane.Controllers
module.Pane = pagemodule.Pane;
module.Order = pagemodule.Order;
module.ContainerType = pagemodule.ContainerType;
modulelist.Add(module);
module.ModuleDefinition = moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName);
modules.Add(module);
}
return modulelist;
}
return modules;
}
// GET api/<controller>/5
[HttpGet("{id}")]
public Models.Module Get(int id)
{
return Modules.GetModule(id);
Models.Module module = Modules.GetModule(id);
if (UserPermissions.IsAuthorized(User, "View", module.Permissions))
{
List<ModuleDefinition> moduledefinitions = ModuleDefinitions.GetModuleDefinitions(module.SiteId).ToList();
module.ModuleDefinition = moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName);
return module;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Module {Module}", module);
HttpContext.Response.StatusCode = 401;
return null;
}
}
// POST api/<controller>
@ -76,11 +89,17 @@ namespace Oqtane.Controllers
[Authorize(Roles = Constants.RegisteredRole)]
public Models.Module Post([FromBody] Models.Module Module)
{
if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Edit", Module.Permissions))
if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Page", Module.PageId, "Edit"))
{
Module = Modules.AddModule(Module);
logger.Log(LogLevel.Information, this, LogFunction.Create, "Module Added {Module}", Module);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Module {Module}", Module);
HttpContext.Response.StatusCode = 401;
Module = null;
}
return Module;
}
@ -94,6 +113,12 @@ namespace Oqtane.Controllers
Module = Modules.UpdateModule(Module);
logger.Log(LogLevel.Information, this, LogFunction.Update, "Module Updated {Module}", Module);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Module {Module}", Module);
HttpContext.Response.StatusCode = 401;
Module = null;
}
return Module;
}
@ -107,6 +132,11 @@ namespace Oqtane.Controllers
Modules.DeleteModule(id);
logger.Log(LogLevel.Information, this, LogFunction.Delete, "Module Deleted {ModuleId}", id);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete Module {ModuleId}", id);
HttpContext.Response.StatusCode = 401;
}
}
// GET api/<controller>/export?moduleid=x
@ -115,48 +145,14 @@ namespace Oqtane.Controllers
public string Export(int moduleid)
{
string content = "";
if (UserPermissions.IsAuthorized(User, "Module", moduleid, "View"))
if (UserPermissions.IsAuthorized(User, "Module", moduleid, "Edit"))
{
try
{
Models.Module module = Modules.GetModule(moduleid);
if (module != null)
{
List<ModuleDefinition> moduledefinitions = ModuleDefinitions.GetModuleDefinitions(module.SiteId).ToList();
ModuleDefinition moduledefinition = moduledefinitions.Where(item => item.ModuleDefinitionName == module.ModuleDefinitionName).FirstOrDefault();
if (moduledefinition != null)
{
ModuleContent modulecontent = new ModuleContent();
modulecontent.ModuleDefinitionName = moduledefinition.ModuleDefinitionName;
modulecontent.Version = moduledefinition.Version;
modulecontent.Content = "";
if (moduledefinition.ServerAssemblyName != "")
{
Assembly assembly = AppDomain.CurrentDomain.GetAssemblies()
.Where(item => item.FullName.StartsWith(moduledefinition.ServerAssemblyName)).FirstOrDefault();
if (assembly != null)
{
Type moduletype = assembly.GetTypes()
.Where(item => item.Namespace != null)
.Where(item => item.Namespace.StartsWith(moduledefinition.ModuleDefinitionName.Substring(0, moduledefinition.ModuleDefinitionName.IndexOf(","))))
.Where(item => item.GetInterfaces().Contains(typeof(IPortable))).FirstOrDefault();
if (moduletype != null)
{
var moduleobject = ActivatorUtilities.CreateInstance(ServiceProvider, moduletype);
modulecontent.Content = ((IPortable)moduleobject).ExportModule(module);
content = Modules.ExportModule(moduleid);
}
}
}
content = JsonSerializer.Serialize(modulecontent);
logger.Log(LogLevel.Information, this, LogFunction.Read, "Module Content Exported {ModuleId}", moduleid);
}
}
}
catch
else
{
// error occurred during export
}
logger.Log(LogLevel.Error, this, LogFunction.Other, "User Not Authorized To Export Module {ModuleId}", moduleid);
HttpContext.Response.StatusCode = 401;
}
return content;
}
@ -169,45 +165,12 @@ namespace Oqtane.Controllers
bool success = false;
if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Module", moduleid, "Edit"))
{
try
{
Models.Module module = Modules.GetModule(moduleid);
if (module != null)
{
List<ModuleDefinition> moduledefinitions = ModuleDefinitions.GetModuleDefinitions(module.SiteId).ToList();
ModuleDefinition moduledefinition = moduledefinitions.Where(item => item.ModuleDefinitionName == module.ModuleDefinitionName).FirstOrDefault();
if (moduledefinition != null)
{
ModuleContent modulecontent = JsonSerializer.Deserialize<ModuleContent>(Content);
if (modulecontent.ModuleDefinitionName == moduledefinition.ModuleDefinitionName)
{
if (moduledefinition.ServerAssemblyName != "")
{
Assembly assembly = AppDomain.CurrentDomain.GetAssemblies()
.Where(item => item.FullName.StartsWith(moduledefinition.ServerAssemblyName)).FirstOrDefault();
if (assembly != null)
{
Type moduletype = assembly.GetTypes()
.Where(item => item.Namespace != null)
.Where(item => item.Namespace.StartsWith(moduledefinition.ModuleDefinitionName.Substring(0, moduledefinition.ModuleDefinitionName.IndexOf(","))))
.Where(item => item.GetInterfaces().Contains(typeof(IPortable))).FirstOrDefault();
if (moduletype != null)
{
var moduleobject = ActivatorUtilities.CreateInstance(ServiceProvider, moduletype);
((IPortable)moduleobject).ImportModule(module, modulecontent.Content, modulecontent.Version);
success = true;
logger.Log(LogLevel.Information, this, LogFunction.Update, "Module Content Imported {ModuleId}", moduleid);
success = Modules.ImportModule(moduleid, Content);
}
}
}
}
}
}
}
catch
else
{
// error occurred during import
}
logger.Log(LogLevel.Error, this, LogFunction.Other, "User Not Authorized To Import Module {ModuleId}", moduleid);
HttpContext.Response.StatusCode = 401;
}
return success;
}

34
Oqtane.Server/Controllers/ModuleDefinitionController.cs
View File

@ -9,6 +9,7 @@ using System.IO;
using System.Reflection;
using System.Linq;
using Microsoft.AspNetCore.Hosting;
using Oqtane.Security;
namespace Oqtane.Controllers
{
@ -16,13 +17,15 @@ namespace Oqtane.Controllers
public class ModuleDefinitionController : Controller
{
private readonly IModuleDefinitionRepository ModuleDefinitions;
private readonly IUserPermissions UserPermissions;
private readonly IInstallationManager InstallationManager;
private readonly IWebHostEnvironment environment;
private readonly ILogManager logger;
public ModuleDefinitionController(IModuleDefinitionRepository ModuleDefinitions, IInstallationManager InstallationManager, IWebHostEnvironment environment, ILogManager logger)
public ModuleDefinitionController(IModuleDefinitionRepository ModuleDefinitions, IUserPermissions UserPermissions, IInstallationManager InstallationManager, IWebHostEnvironment environment, ILogManager logger)
{
this.ModuleDefinitions = ModuleDefinitions;
this.UserPermissions = UserPermissions;
this.InstallationManager = InstallationManager;
this.environment = environment;
this.logger = logger;
@ -32,8 +35,34 @@ namespace Oqtane.Controllers
[HttpGet]
public IEnumerable<ModuleDefinition> Get(int siteid)
{
return ModuleDefinitions.GetModuleDefinitions(siteid);
List<ModuleDefinition> moduledefinitions = new List<ModuleDefinition>();
foreach(ModuleDefinition moduledefinition in ModuleDefinitions.GetModuleDefinitions(siteid))
{
if (UserPermissions.IsAuthorized(User, "Utilize", moduledefinition.Permissions))
{
moduledefinitions.Add(moduledefinition);
}
}
return moduledefinitions;
}
// GET api/<controller>/5?siteid=x
[HttpGet("{id}")]
public ModuleDefinition Get(int id, string siteid)
{
ModuleDefinition moduledefinition = ModuleDefinitions.GetModuleDefinition(id, int.Parse(siteid));
if (UserPermissions.IsAuthorized(User, "Utilize", moduledefinition.Permissions))
{
return moduledefinition;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access ModuleDefinition {ModuleDefinition}", moduledefinition);
HttpContext.Response.StatusCode = 401;
return null;
}
}
// GET api/<controller>/filename
[HttpGet("{filename}")]
@ -93,5 +122,6 @@ namespace Oqtane.Controllers
InstallationManager.RestartApplication();
}
}
}
}

131
Oqtane.Server/Controllers/PageController.cs
View File

@ -14,12 +14,16 @@ namespace Oqtane.Controllers
public class PageController : Controller
{
private readonly IPageRepository Pages;
private readonly IModuleRepository Modules;
private readonly IPageModuleRepository PageModules;
private readonly IUserPermissions UserPermissions;
private readonly ILogManager logger;
public PageController(IPageRepository Pages, IUserPermissions UserPermissions, ILogManager logger)
public PageController(IPageRepository Pages, IModuleRepository Modules, IPageModuleRepository PageModules, IUserPermissions UserPermissions, ILogManager logger)
{
this.Pages = Pages;
this.Modules = Modules;
this.PageModules = PageModules;
this.UserPermissions = UserPermissions;
this.logger = logger;
}
@ -28,27 +32,39 @@ namespace Oqtane.Controllers
[HttpGet]
public IEnumerable<Page> Get(string siteid)
{
if (siteid == "")
List<Page> pages = new List<Page>();
foreach (Page page in Pages.GetPages(int.Parse(siteid)))
{
return Pages.GetPages();
}
else
if (UserPermissions.IsAuthorized(User, "View", page.Permissions))
{
return Pages.GetPages(int.Parse(siteid));
pages.Add(page);
}
}
return pages;
}
// GET api/<controller>/5?userid=x
[HttpGet("{id}")]
public Page Get(int id, string userid)
{
Page page;
if (string.IsNullOrEmpty(userid))
{
return Pages.GetPage(id);
page = Pages.GetPage(id);
}
else
{
return Pages.GetPage(id, int.Parse(userid));
page = Pages.GetPage(id, int.Parse(userid));
}
if (UserPermissions.IsAuthorized(User, "View", page.Permissions))
{
return page;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Page {Page}", page);
HttpContext.Response.StatusCode = 401;
return null;
}
}
@ -57,14 +73,95 @@ namespace Oqtane.Controllers
[Authorize(Roles = Constants.RegisteredRole)]
public Page Post([FromBody] Page Page)
{
if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Edit", Page.Permissions))
if (ModelState.IsValid)
{
string permissions;
if (Page.ParentId != null)
{
permissions = Pages.GetPage(Page.ParentId.Value).Permissions;
}
else
{
permissions = UserSecurity.SetPermissionStrings(new List<PermissionString> { new PermissionString { PermissionName = "Edit", Permissions = Constants.AdminRole } });
}
if (UserPermissions.IsAuthorized(User, "Edit", permissions))
{
Page = Pages.AddPage(Page);
logger.Log(LogLevel.Information, this, LogFunction.Create, "Page Added {Page}", Page);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Page {Page}", Page);
HttpContext.Response.StatusCode = 401;
Page = null;
}
}
return Page;
}
// POST api/<controller>/5?userid=x
[HttpPost("{id}")]
[Authorize(Roles = Constants.RegisteredRole)]
public Page Post(int id, string userid)
{
Page page = null;
Page parent = Pages.GetPage(id);
if (parent != null && parent.IsPersonalizable && !string.IsNullOrEmpty(userid))
{
page = new Page();
page.SiteId = parent.SiteId;
page.Name = parent.Name;
page.Path = parent.Path;
page.ParentId = parent.PageId;
page.Order = 0;
page.IsNavigation = false;
page.EditMode = false;
page.ThemeType = parent.ThemeType;
page.LayoutType = parent.LayoutType;
page.Icon = parent.Icon;
List<PermissionString> permissions = new List<PermissionString>();
permissions.Add(new PermissionString { PermissionName = "View", Permissions = "[" + userid + "]" });
permissions.Add(new PermissionString { PermissionName = "Edit", Permissions = "[" + userid + "]" });
page.Permissions = UserSecurity.SetPermissionStrings(permissions);
page.IsPersonalizable = false;
page.UserId = int.Parse(userid);
page = Pages.AddPage(page);
// copy modules
List<PageModule> pagemodules = PageModules.GetPageModules(page.SiteId).ToList();
foreach (PageModule pm in pagemodules.Where(item => item.PageId == parent.PageId && !item.IsDeleted))
{
Module module = new Module();
module.SiteId = page.SiteId;
module.PageId = page.PageId;
module.ModuleDefinitionName = pm.Module.ModuleDefinitionName;
permissions = new List<PermissionString>();
permissions.Add(new PermissionString { PermissionName = "View", Permissions = "[" + userid + "]" });
permissions.Add(new PermissionString { PermissionName = "Edit", Permissions = "[" + userid + "]" });
module.Permissions = UserSecurity.SetPermissionStrings(permissions);
module = Modules.AddModule(module);
string content = Modules.ExportModule(pm.ModuleId);
if (content != "")
{
Modules.ImportModule(module.ModuleId, content);
}
PageModule pagemodule = new PageModule();
pagemodule.PageId = page.PageId;
pagemodule.ModuleId = module.ModuleId;
pagemodule.Title = pm.Title;
pagemodule.Pane = pm.Pane;
pagemodule.Order = pm.Order;
pagemodule.ContainerType = pm.ContainerType;
PageModules.AddPageModule(pagemodule);
}
}
return page;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = Constants.RegisteredRole)]
@ -75,6 +172,12 @@ namespace Oqtane.Controllers
Page = Pages.UpdatePage(Page);
logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Updated {Page}", Page);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Page {Page}", Page);
HttpContext.Response.StatusCode = 401;
Page = null;
}
return Page;
}
@ -98,6 +201,11 @@ namespace Oqtane.Controllers
}
logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Order Updated {SiteId} {PageId} {ParentId}", siteid, pageid, parentid);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Page Order {SiteId} {PageId} {ParentId}", siteid, pageid, parentid);
HttpContext.Response.StatusCode = 401;
}
}
// DELETE api/<controller>/5
@ -110,6 +218,11 @@ namespace Oqtane.Controllers
Pages.DeletePage(id);
logger.Log(LogLevel.Information, this, LogFunction.Delete, "Page Deleted {PageId}", id);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete Page {PageId}", id);
HttpContext.Response.StatusCode = 401;
}
}
}
}

52
Oqtane.Server/Controllers/PageModuleController.cs
View File

@ -14,12 +14,14 @@ namespace Oqtane.Controllers
public class PageModuleController : Controller
{
private readonly IPageModuleRepository PageModules;
private readonly IModuleRepository Modules;
private readonly IUserPermissions UserPermissions;
private readonly ILogManager logger;
public PageModuleController(IPageModuleRepository PageModules, IUserPermissions UserPermissions, ILogManager logger)
public PageModuleController(IPageModuleRepository PageModules, IModuleRepository Modules, IUserPermissions UserPermissions, ILogManager logger)
{
this.PageModules = PageModules;
this.Modules = Modules;
this.UserPermissions = UserPermissions;
this.logger = logger;
}
@ -28,14 +30,34 @@ namespace Oqtane.Controllers
[HttpGet("{id}")]
public PageModule Get(int id)
{
return PageModules.GetPageModule(id);
PageModule pagemodule = PageModules.GetPageModule(id);
if (UserPermissions.IsAuthorized(User, "View", pagemodule.Module.Permissions))
{
return pagemodule;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access PageModule {PageModule}", pagemodule);
HttpContext.Response.StatusCode = 401;
return null;
}
}
// GET: api/<controller>/pageid/moduleid
[HttpGet("{pageid}/{moduleid}")]
public PageModule Get(int pageid, int moduleid)
{
return PageModules.GetPageModule(pageid, moduleid);
PageModule pagemodule = PageModules.GetPageModule(pageid, moduleid);
if (UserPermissions.IsAuthorized(User, "View", pagemodule.Module.Permissions))
{
return pagemodule;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access PageModule {PageModule}", pagemodule);
HttpContext.Response.StatusCode = 401;
return null;
}
}
// POST api/<controller>
@ -48,6 +70,12 @@ namespace Oqtane.Controllers
PageModule = PageModules.AddPageModule(PageModule);
logger.Log(LogLevel.Information, this, LogFunction.Create, "Page Module Added {PageModule}", PageModule);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add PageModule {PageModule}", PageModule);
HttpContext.Response.StatusCode = 401;
PageModule = null;
}
return PageModule;
}
@ -56,11 +84,17 @@ namespace Oqtane.Controllers
[Authorize(Roles = Constants.RegisteredRole)]
public PageModule Put(int id, [FromBody] PageModule PageModule)
{
if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Page", PageModule.PageId, "Edit"))
if (ModelState.IsValid && UserPermissions.IsAuthorized(User, "Module", PageModule.ModuleId, "Edit"))
{
PageModule = PageModules.UpdatePageModule(PageModule);
logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Module Updated {PageModule}", PageModule);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update PageModule {PageModule}", PageModule);
HttpContext.Response.StatusCode = 401;
PageModule = null;
}
return PageModule;
}
@ -84,6 +118,11 @@ namespace Oqtane.Controllers
}
logger.Log(LogLevel.Information, this, LogFunction.Update, "Page Module Order Updated {PageId} {Pane}", pageid, pane);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Page Module Order {PageId} {Pane}", pageid, pane);
HttpContext.Response.StatusCode = 401;
}
}
// DELETE api/<controller>/5
@ -97,6 +136,11 @@ namespace Oqtane.Controllers
PageModules.DeletePageModule(id);
logger.Log(LogLevel.Information, this, LogFunction.Delete, "Page Module Deleted {PageModuleId}", id);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete PageModule {PageModuleId}", id);
HttpContext.Response.StatusCode = 401;
}
}
}
}

72
Oqtane.Server/Controllers/PermissionController.cs
View File

@ -1,72 +0,0 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using Oqtane.Infrastructure;
namespace Oqtane.Controllers
{
[Route("{site}/api/[controller]")]
public class PermissionController : Controller
{
private readonly IPermissionRepository Permissions;
private readonly ILogManager logger;
public PermissionController(IPermissionRepository Permissions, ILogManager logger)
{
this.Permissions = Permissions;
this.logger = logger;
}
// GET: api/<controller>
[HttpGet]
public IEnumerable<Permission> Get(string entityname, int entityid, string permissionname)
{
return Permissions.GetPermissions(entityname, entityid, permissionname);
}
// GET api/<controller>/5
[HttpGet("{id}")]
public Permission Get(int id)
{
return Permissions.GetPermission(id);
}
// POST api/<controller>
[HttpPost]
[Authorize(Roles = Constants.AdminRole)]
public Permission Post([FromBody] Permission Permission)
{
if (ModelState.IsValid)
{
Permission = Permissions.AddPermission(Permission);
logger.Log(LogLevel.Information, this, LogFunction.Create, "Permission Added {Permission}", Permission);
}
return Permission;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize(Roles = Constants.AdminRole)]
public Permission Put(int id, [FromBody] Permission Permission)
{
if (ModelState.IsValid)
{
Permission = Permissions.UpdatePermission(Permission);
logger.Log(LogLevel.Information, this, LogFunction.Update, "Permission Updated {Permission}", Permission);
}
return Permission;
}
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize(Roles = Constants.AdminRole)]
public void Delete(int id)
{
Permissions.DeletePermission(id);
logger.Log(LogLevel.Information, this, LogFunction.Delete, "Permission Deleted {PermissionId}", id);
}
}
}

2
Oqtane.Server/Controllers/RoleController.cs
View File

@ -22,6 +22,7 @@ namespace Oqtane.Controllers
// GET: api/<controller>?siteid=x
[HttpGet]
[Authorize(Roles = Constants.RegisteredRole)]
public IEnumerable<Role> Get(string siteid)
{
return Roles.GetRoles(int.Parse(siteid));
@ -29,6 +30,7 @@ namespace Oqtane.Controllers
// GET api/<controller>/5
[HttpGet("{id}")]
[Authorize(Roles = Constants.RegisteredRole)]
public Role Get(int id)
{
return Roles.GetRole(id);

89
Oqtane.Server/Controllers/SettingController.cs
View File

@ -1,11 +1,13 @@
using System.Collections.Generic;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using Oqtane.Security;
using Oqtane.Infrastructure;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNetCore.Http;
namespace Oqtane.Controllers
{
@ -13,13 +15,17 @@ namespace Oqtane.Controllers
public class SettingController : Controller
{
private readonly ISettingRepository Settings;
private readonly IPageModuleRepository PageModules;
private readonly IUserPermissions UserPermissions;
private readonly IHttpContextAccessor Accessor;
private readonly ILogManager logger;
public SettingController(ISettingRepository Settings, IUserPermissions UserPermissions, ILogManager logger)
public SettingController(ISettingRepository Settings, IPageModuleRepository PageModules, IUserPermissions UserPermissions, IHttpContextAccessor Accessor, ILogManager logger)
{
this.Settings = Settings;
this.PageModules = PageModules;
this.UserPermissions = UserPermissions;
this.Accessor = Accessor;
this.logger = logger;
}
@ -27,62 +33,117 @@ namespace Oqtane.Controllers
[HttpGet]
public IEnumerable<Setting> Get(string entityname, int entityid)
{
return Settings.GetSettings(entityname, entityid);
List<Setting> settings = new List<Setting>();
if (IsAuthorized(entityname, entityid, "View"))
{
settings = Settings.GetSettings(entityname, entityid).ToList();
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Settings {EntityName} {EntityId}", entityname, entityid);
HttpContext.Response.StatusCode = 401;
}
return settings;
}
// GET api/<controller>/5
[HttpGet("{id}")]
public Setting Get(int id)
{
return Settings.GetSetting(id);
Setting setting = Settings.GetSetting(id);
if (IsAuthorized(setting.EntityName, setting.EntityId, "View"))
{
return setting;
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Setting {Setting}", setting);
HttpContext.Response.StatusCode = 401;
return null;
}
}
// POST api/<controller>
[HttpPost]
[Authorize]
public Setting Post([FromBody] Setting Setting)
{
if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId))
if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId, "Edit"))
{
Setting = Settings.AddSetting(Setting);
logger.Log(LogLevel.Information, this, LogFunction.Create, "Setting Added {Setting}", Setting);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Create, "User Not Authorized To Add Setting {Setting}", Setting);
HttpContext.Response.StatusCode = 401;
Setting = null;
}
return Setting;
}
// PUT api/<controller>/5
[HttpPut("{id}")]
[Authorize]
public Setting Put(int id, [FromBody] Setting Setting)
{
if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId))
if (ModelState.IsValid && IsAuthorized(Setting.EntityName, Setting.EntityId, "Edit"))
{
Setting = Settings.UpdateSetting(Setting);
logger.Log(LogLevel.Information, this, LogFunction.Update, "Setting Updated {Setting}", Setting);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update Setting {Setting}", Setting);
HttpContext.Response.StatusCode = 401;
Setting = null;
}
return Setting;
}
// DELETE api/<controller>/5
[HttpDelete("{id}")]
[Authorize(Roles = Constants.AdminRole)]
public void Delete(int id)
{
Setting setting = Settings.GetSetting(id);
if (IsAuthorized(setting.EntityName, setting.EntityId, "Edit"))
{
Settings.DeleteSetting(id);
logger.Log(LogLevel.Information, this, LogFunction.Delete, "Setting Deleted {SettingId}", id);
logger.Log(LogLevel.Information, this, LogFunction.Delete, "Setting Deleted {Setting}", setting);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Delete, "User Not Authorized To Delete Setting {Setting}", setting);
HttpContext.Response.StatusCode = 401;
}
}
private bool IsAuthorized(string EntityName, int EntityId)
private bool IsAuthorized(string EntityName, int EntityId, string PermissionName)
{
bool authorized = false;
if (EntityName == "PageModule")
{
EntityName = "Module";
EntityId = PageModules.GetPageModule(EntityId).ModuleId;
}
switch (EntityName)
{
case "Module":
authorized = UserPermissions.IsAuthorized(User, EntityName, EntityId, "Edit");
case "Host":
authorized = User.IsInRole(Constants.HostRole);
break;
default:
case "Site":
authorized = User.IsInRole(Constants.AdminRole);
break;
case "Page":
case "Module":
case "Folder":
authorized = UserPermissions.IsAuthorized(User, EntityName, EntityId, PermissionName);
break;
case "User":
authorized = true;
if (PermissionName == "Edit")
{
authorized = User.IsInRole(Constants.AdminRole) || (int.Parse(Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid).Value) == EntityId);
}
break;
}
return authorized;
}

1
Oqtane.Server/Controllers/SiteController.cs
View File

@ -29,6 +29,7 @@ namespace Oqtane.Controllers
// GET: api/<controller>
[HttpGet]
[Authorize(Roles = Constants.HostRole)]
public IEnumerable<Site> Get()
{
return Sites.GetSites();

1
Oqtane.Server/Controllers/ThemeController.cs
View File

@ -30,6 +30,7 @@ namespace Oqtane.Controllers
// GET: api/<controller>
[HttpGet]
[Authorize(Roles = Constants.RegisteredRole)]
public IEnumerable<Theme> Get()
{
return Themes.GetThemes();

10
Oqtane.Server/Controllers/UserController.cs
View File

@ -44,6 +44,7 @@ namespace Oqtane.Controllers
// GET api/<controller>/5?siteid=x
[HttpGet("{id}")]
[Authorize]
public User Get(int id, string siteid)
{
User user = Users.GetUser(id);
@ -171,6 +172,8 @@ namespace Oqtane.Controllers
public async Task<User> Put(int id, [FromBody] User User)
{
if (ModelState.IsValid)
{
if (base.User.IsInRole(Constants.AdminRole) || base.User.Identity.Name == User.Username)
{
if (User.Password != "")
{
@ -185,6 +188,13 @@ namespace Oqtane.Controllers
User.Password = ""; // remove sensitive information
logger.Log(LogLevel.Information, this, LogFunction.Update, "User Updated {User}", User);
}
else
{
logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Update User {User}", User);
HttpContext.Response.StatusCode = 401;
User = null;
}
}
return User;
}

2
Oqtane.Server/Controllers/UserRoleController.cs
View File

@ -22,6 +22,7 @@ namespace Oqtane.Controllers
// GET: api/<controller>?userid=x
[HttpGet]
[Authorize]
public IEnumerable<UserRole> Get(string siteid)
{
return UserRoles.GetUserRoles(int.Parse(siteid));
@ -29,6 +30,7 @@ namespace Oqtane.Controllers
// GET api/<controller>/5
[HttpGet("{id}")]
[Authorize]
public UserRole Get(int id)
{
return UserRoles.GetUserRole(id);

2
Oqtane.Server/Repository/Interfaces/IModuleDefinitionRepository.cs
View File

@ -6,8 +6,8 @@ namespace Oqtane.Repository
public interface IModuleDefinitionRepository
{
IEnumerable<ModuleDefinition> GetModuleDefinitions(int SideId);
ModuleDefinition GetModuleDefinition(int ModuleDefinitionId, int SideId);
void UpdateModuleDefinition(ModuleDefinition ModuleDefinition);
void DeleteModuleDefinition(int ModuleDefinitionId, int SiteId);
}
}

2
Oqtane.Server/Repository/Interfaces/IModuleRepository.cs
View File

@ -10,5 +10,7 @@ namespace Oqtane.Repository
Module UpdateModule(Module Module);
Module GetModule(int ModuleId);
void DeleteModule(int ModuleId);
string ExportModule(int ModuleId);
bool ImportModule(int ModuleId, string Content);
}
}

62
Oqtane.Server/Repository/ModuleDefinitionRepository.cs
View File

@ -23,7 +23,33 @@ namespace Oqtane.Repository
this.Permissions = Permissions;
}
private List<ModuleDefinition> LoadModuleDefinitions(int SiteId)
public IEnumerable<ModuleDefinition> GetModuleDefinitions(int SiteId)
{
return LoadModuleDefinitions(SiteId);
}
public ModuleDefinition GetModuleDefinition(int ModuleDefinitionId, int SiteId)
{
List<ModuleDefinition> moduledefinitions = LoadModuleDefinitions(SiteId);
return moduledefinitions.Find(item => item.ModuleDefinitionId == ModuleDefinitionId);
}
public void UpdateModuleDefinition(ModuleDefinition ModuleDefinition)
{
Permissions.UpdatePermissions(ModuleDefinition.SiteId, "ModuleDefinition", ModuleDefinition.ModuleDefinitionId, ModuleDefinition.Permissions);
_cache.Remove("moduledefinitions");
}
public void DeleteModuleDefinition(int ModuleDefinitionId, int SiteId)
{
ModuleDefinition ModuleDefinition = db.ModuleDefinition.Find(ModuleDefinitionId);
Permissions.DeletePermissions(SiteId, "ModuleDefinition", ModuleDefinitionId);
db.ModuleDefinition.Remove(ModuleDefinition);
db.SaveChanges();
_cache.Remove("moduledefinitions");
}
public List<ModuleDefinition> LoadModuleDefinitions(int SiteId)
{
List<ModuleDefinition> ModuleDefinitions;
@ -35,9 +61,9 @@ namespace Oqtane.Repository
// sync module definitions with database
List<ModuleDefinition> moduledefs = db.ModuleDefinition.ToList();
List<Permission> permissions = Permissions.GetPermissions(SiteId, "ModuleDefinition").ToList();
foreach (ModuleDefinition moduledefinition in ModuleDefinitions)
{
IEnumerable<Permission> permissions = Permissions.GetPermissions(SiteId, "ModuleDefinition").ToList();
ModuleDefinition moduledef = moduledefs.Where(item => item.ModuleDefinitionName == moduledefinition.ModuleDefinitionName).FirstOrDefault();
if (moduledef == null)
{
@ -47,6 +73,10 @@ namespace Oqtane.Repository
if (moduledefinition.Permissions != "")
{
Permissions.UpdatePermissions(SiteId, "ModuleDefinition", moduledef.ModuleDefinitionId, moduledefinition.Permissions);
foreach(Permission permission in Permissions.GetPermissions("ModuleDefinition", moduledef.ModuleDefinitionId))
{
permissions.Add(permission);
}
}
}
else
@ -65,6 +95,7 @@ namespace Oqtane.Repository
// any remaining module definitions are orphans
foreach (ModuleDefinition moduledefinition in moduledefs)
{
Permissions.DeletePermissions(SiteId, "ModuleDefinition", moduledefinition.ModuleDefinitionId);
db.ModuleDefinition.Remove(moduledefinition); // delete
}
@ -128,7 +159,7 @@ namespace Oqtane.Repository
ControlTypeTemplate = ModuleType + "." + Constants.ActionToken + ", " + typename[1],
ControlTypeRoutes = "",
AssemblyName = assembly.FullName.Split(",")[0],
Permissions = ""
Permissions = "[{\"PermissionName\":\"Utilize\",\"Permissions\":\"Administrators\"}]"
};
}
else
@ -150,8 +181,13 @@ namespace Oqtane.Repository
ControlTypeTemplate = ModuleType + "." + Constants.ActionToken + ", " + typename[1],
ControlTypeRoutes = "",
AssemblyName = assembly.FullName.Split(",")[0],
Permissions = ((QualifiedModuleType.StartsWith("Oqtane.Modules.Admin.")) ? "[{\"PermissionName\":\"Utilize\",\"Permissions\":\"Administrators\"}]" : "")
Permissions = "[{\"PermissionName\":\"Utilize\",\"Permissions\":\"" + Constants.AdminRole + "\"}]"
};
// make non-admin modules available by default to registered users on personalized pages
if (moduledefinition.Categories != "Admin")
{
moduledefinition.Permissions = "[{\"PermissionName\":\"Utilize\",\"Permissions\":\"" + Constants.AdminRole + ";" + Constants.RegisteredRole + "\"}]";
}
}
moduledefinitions.Add(moduledefinition);
index = moduledefinitions.FindIndex(item => item.ModuleDefinitionName == QualifiedModuleType);
@ -183,23 +219,5 @@ namespace Oqtane.Repository
}
return Value;
}
public IEnumerable<ModuleDefinition> GetModuleDefinitions(int SiteId)
{
return LoadModuleDefinitions(SiteId);
}
public void UpdateModuleDefinition(ModuleDefinition ModuleDefinition)
{
Permissions.UpdatePermissions(ModuleDefinition.SiteId, "ModuleDefinition", ModuleDefinition.ModuleDefinitionId, ModuleDefinition.Permissions);
}
public void DeleteModuleDefinition(int ModuleDefinitionId, int SiteId)
{
ModuleDefinition ModuleDefinition = db.ModuleDefinition.Find(ModuleDefinitionId);
Permissions.DeletePermissions(SiteId, "ModuleDefinition", ModuleDefinitionId);
db.ModuleDefinition.Remove(ModuleDefinition);
db.SaveChanges();
}
}
}

113
Oqtane.Server/Repository/ModuleRepository.cs
View File

@ -2,6 +2,11 @@
using System.Collections.Generic;
using System.Linq;
using Oqtane.Models;
using System.Reflection;
using System;
using Oqtane.Modules;
using Microsoft.Extensions.DependencyInjection;
using System.Text.Json;
namespace Oqtane.Repository
{
@ -9,19 +14,23 @@ namespace Oqtane.Repository
{
private TenantDBContext db;
private readonly IPermissionRepository Permissions;
private readonly IModuleDefinitionRepository ModuleDefinitions;
private readonly IServiceProvider ServiceProvider;
public ModuleRepository(TenantDBContext context, IPermissionRepository Permissions)
public ModuleRepository(TenantDBContext context, IPermissionRepository Permissions, IModuleDefinitionRepository ModuleDefinitions, IServiceProvider ServiceProvider)
{
db = context;
this.Permissions = Permissions;
this.ModuleDefinitions = ModuleDefinitions;
this.ServiceProvider = ServiceProvider;
}
public IEnumerable<Module> GetModules()
public IEnumerable<Models.Module> GetModules()
{
return db.Module;
}
public Module AddModule(Module Module)
public Models.Module AddModule(Models.Module Module)
{
db.Module.Add(Module);
db.SaveChanges();
@ -29,7 +38,7 @@ namespace Oqtane.Repository
return Module;
}
public Module UpdateModule(Module Module)
public Models.Module UpdateModule(Models.Module Module)
{
db.Entry(Module).State = EntityState.Modified;
db.SaveChanges();
@ -37,9 +46,9 @@ namespace Oqtane.Repository
return Module;
}
public Module GetModule(int ModuleId)
public Models.Module GetModule(int ModuleId)
{
Module module = db.Module.Find(ModuleId);
Models.Module module = db.Module.Find(ModuleId);
if (module != null)
{
List<Permission> permissions = Permissions.GetPermissions("Module", module.ModuleId).ToList();
@ -50,10 +59,100 @@ namespace Oqtane.Repository
public void DeleteModule(int ModuleId)
{
Module Module = db.Module.Find(ModuleId);
Models.Module Module = db.Module.Find(ModuleId);
Permissions.DeletePermissions(Module.SiteId, "Module", ModuleId);
db.Module.Remove(Module);
db.SaveChanges();
}
public string ExportModule(int ModuleId)
{
string content = "";
try
{
Models.Module module = GetModule(ModuleId);
if (module != null)
{
List<ModuleDefinition> moduledefinitions = ModuleDefinitions.GetModuleDefinitions(module.SiteId).ToList();
ModuleDefinition moduledefinition = moduledefinitions.Where(item => item.ModuleDefinitionName == module.ModuleDefinitionName).FirstOrDefault();
if (moduledefinition != null)
{
ModuleContent modulecontent = new ModuleContent();
modulecontent.ModuleDefinitionName = moduledefinition.ModuleDefinitionName;
modulecontent.Version = moduledefinition.Version;
modulecontent.Content = "";
if (moduledefinition.ServerAssemblyName != "")
{
Assembly assembly = AppDomain.CurrentDomain.GetAssemblies()
.Where(item => item.FullName.StartsWith(moduledefinition.ServerAssemblyName)).FirstOrDefault();
if (assembly != null)
{
Type moduletype = assembly.GetTypes()
.Where(item => item.Namespace != null)
.Where(item => item.Namespace.StartsWith(moduledefinition.ModuleDefinitionName.Substring(0, moduledefinition.ModuleDefinitionName.IndexOf(","))))
.Where(item => item.GetInterfaces().Contains(typeof(IPortable))).FirstOrDefault();
if (moduletype != null)
{
var moduleobject = ActivatorUtilities.CreateInstance(ServiceProvider, moduletype);
modulecontent.Content = ((IPortable)moduleobject).ExportModule(module);
}
}
}
content = JsonSerializer.Serialize(modulecontent);
}
}
}
catch
{
// error occurred during export
}
return content;
}
public bool ImportModule(int ModuleId, string Content)
{
bool success = false;
try
{
Models.Module module = GetModule(ModuleId);
if (module != null)
{
List<ModuleDefinition> moduledefinitions = ModuleDefinitions.GetModuleDefinitions(module.SiteId).ToList();
ModuleDefinition moduledefinition = moduledefinitions.Where(item => item.ModuleDefinitionName == module.ModuleDefinitionName).FirstOrDefault();
if (moduledefinition != null)
{
ModuleContent modulecontent = JsonSerializer.Deserialize<ModuleContent>(Content);
if (modulecontent.ModuleDefinitionName == moduledefinition.ModuleDefinitionName)
{
if (moduledefinition.ServerAssemblyName != "")
{
Assembly assembly = AppDomain.CurrentDomain.GetAssemblies()
.Where(item => item.FullName.StartsWith(moduledefinition.ServerAssemblyName)).FirstOrDefault();
if (assembly != null)
{
Type moduletype = assembly.GetTypes()
.Where(item => item.Namespace != null)
.Where(item => item.Namespace.StartsWith(moduledefinition.ModuleDefinitionName.Substring(0, moduledefinition.ModuleDefinitionName.IndexOf(","))))
.Where(item => item.GetInterfaces().Contains(typeof(IPortable))).FirstOrDefault();
if (moduletype != null)
{
var moduleobject = ActivatorUtilities.CreateInstance(ServiceProvider, moduletype);
((IPortable)moduleobject).ImportModule(module, modulecontent.Content, modulecontent.Version);
success = true;
}
}
}
}
}
}
}
catch
{
// error occurred during import
}
return success;
}
}
}

4
Oqtane.Shared/Models/Module.cs
View File

@ -49,6 +49,10 @@ namespace Oqtane.Models
[NotMapped]
public int PaneModuleCount { get; set; }
// ModuleDefinition
[NotMapped]
public ModuleDefinition ModuleDefinition { get; set; }
// IModuleControl properties
[NotMapped]
public SecurityAccessLevel SecurityAccessLevel { get; set; }