kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

exclude legacy Permissions properties from serialization/API payload

Browse Source
This commit is contained in:
Shaun Walker 2023-03-09 15:51:16 -05:00
parent 9c6174e3f2
commit af3b289331
15 changed files with 307 additions and 225 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

341
Oqtane.Client/Modules/Admin/ModuleDefinitions/Edit.razor
View File

@ -9,189 +9,194 @@
@inject IStringLocalizer<Edit> Localizer
@inject IStringLocalizer<SharedResources> SharedLocalizer
<TabStrip>
<TabPanel Name="Definition" ResourceKey="Definition">
<form @ref="form" class="@(validated ? "was-validated" : "needs-validation")" novalidate>
<div class="container">
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="name" HelpText="The name of the module" ResourceKey="Name">Name: </Label>
<div class="col-sm-9">
<input id="name" class="form-control" @bind="@_name" maxlength="200" required />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="description" HelpText="The description of the module" ResourceKey="Description">Description: </Label>
<div class="col-sm-9">
<textarea id="description" class="form-control" @bind="@_description" rows="2" maxlength="2000" required></textarea>
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="categories" HelpText="Comma delimited list of module categories" ResourceKey="Categories">Categories: </Label>
<div class="col-sm-9">
<input id="categories" class="form-control" @bind="@_categories" maxlength="200" required />
</div>
</div>
</div>
</form>
<Section Name="Information" ResourceKey="Information">
<div class="container">
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="moduledefinitionname" HelpText="The internal name of the module" ResourceKey="InternalName">Internal Name: </Label>
<div class="col-sm-9">
<input id="moduledefinitionname" class="form-control" @bind="@_moduledefinitionname" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="version" HelpText="The version of the module" ResourceKey="Version">Version: </Label>
<div class="col-sm-9">
<input id="version" class="form-control" @bind="@_version" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="packagename" HelpText="The unique name of the package from which this module was installed" ResourceKey="PackageName">Package Name: </Label>
<div class="col-sm-9">
<input id="packagename" class="form-control" @bind="@_packagename" disabled />
@if (_initialized)
{
<TabStrip>
<TabPanel Name="Definition" ResourceKey="Definition">
<form @ref="form" class="@(validated ? "was-validated" : "needs-validation")" novalidate>
<div class="container">
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="name" HelpText="The name of the module" ResourceKey="Name">Name: </Label>
<div class="col-sm-9">
<input id="name" class="form-control" @bind="@_name" maxlength="200" required />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="description" HelpText="The description of the module" ResourceKey="Description">Description: </Label>
<div class="col-sm-9">
<textarea id="description" class="form-control" @bind="@_description" rows="2" maxlength="2000" required></textarea>
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="categories" HelpText="Comma delimited list of module categories" ResourceKey="Categories">Categories: </Label>
<div class="col-sm-9">
<input id="categories" class="form-control" @bind="@_categories" maxlength="200" required />
</div>
</div>
</div>
</form>
<Section Name="Information" ResourceKey="Information">
<div class="container">
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="moduledefinitionname" HelpText="The internal name of the module" ResourceKey="InternalName">Internal Name: </Label>
<div class="col-sm-9">
<input id="moduledefinitionname" class="form-control" @bind="@_moduledefinitionname" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="version" HelpText="The version of the module" ResourceKey="Version">Version: </Label>
<div class="col-sm-9">
<input id="version" class="form-control" @bind="@_version" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="packagename" HelpText="The unique name of the package from which this module was installed" ResourceKey="PackageName">Package Name: </Label>
<div class="col-sm-9">
<input id="packagename" class="form-control" @bind="@_packagename" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="owner" HelpText="The owner or creator of the module" ResourceKey="Owner">Owner: </Label>
<div class="col-sm-9">
<input id="owner" class="form-control" @bind="@_owner" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="url" HelpText="The reference url of the module" ResourceKey="ReferenceUrl">Reference Url: </Label>
<div class="col-sm-9">
<input id="url" class="form-control" @bind="@_url" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="contact" HelpText="The contact for the module" ResourceKey="Contact">Contact: </Label>
<div class="col-sm-9">
<input id="contact" class="form-control" @bind="@_contact" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="license" HelpText="The module license terms" ResourceKey="License">License: </Label>
<div class="col-sm-9">
<textarea id="license" class="form-control" @bind="@_license" rows="5" disabled></textarea>
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="runtimes" HelpText="The Blazor runtimes which this module supports" ResourceKey="Runtimes">Runtimes: </Label>
<div class="col-sm-9">
<input id="runtimes" class="form-control" @bind="@_runtimes" disabled />
</div>
</div>
</div>
</Section>
<br />
<button type="button" class="btn btn-success" @onclick="SaveModuleDefinition">@SharedLocalizer["Save"]</button>
<NavLink class="btn btn-secondary" href="@NavigateUrl()">@SharedLocalizer["Cancel"]</NavLink>
<br />
<br />
<AuditInfo CreatedBy="@_createdby" CreatedOn="@_createdon" ModifiedBy="@_modifiedby" ModifiedOn="@_modifiedon"></AuditInfo>
</TabPanel>
<TabPanel Name="Permissions" ResourceKey="Permissions">
<div class="container">
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="owner" HelpText="The owner or creator of the module" ResourceKey="Owner">Owner: </Label>
<div class="col-sm-9">
<input id="owner" class="form-control" @bind="@_owner" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="url" HelpText="The reference url of the module" ResourceKey="ReferenceUrl">Reference Url: </Label>
<div class="col-sm-9">
<input id="url" class="form-control" @bind="@_url" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="contact" HelpText="The contact for the module" ResourceKey="Contact">Contact: </Label>
<div class="col-sm-9">
<input id="contact" class="form-control" @bind="@_contact" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="license" HelpText="The module license terms" ResourceKey="License">License: </Label>
<div class="col-sm-9">
<textarea id="license" class="form-control" @bind="@_license" rows="5" disabled></textarea>
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="runtimes" HelpText="The Blazor runtimes which this module supports" ResourceKey="Runtimes">Runtimes: </Label>
<div class="col-sm-9">
<input id="runtimes" class="form-control" @bind="@_runtimes" disabled />
</div>
</div>
</div>
</Section>
<br />
<button type="button" class="btn btn-success" @onclick="SaveModuleDefinition">@SharedLocalizer["Save"]</button>
<NavLink class="btn btn-secondary" href="@NavigateUrl()">@SharedLocalizer["Cancel"]</NavLink>
<br />
<br />
<AuditInfo CreatedBy="@_createdby" CreatedOn="@_createdon" ModifiedBy="@_modifiedby" ModifiedOn="@_modifiedon"></AuditInfo>
</TabPanel>
<TabPanel Name="Permissions" ResourceKey="Permissions">
<div class="container">
<div class="row mb-1 align-items-center">
<PermissionGrid EntityName="@EntityNames.ModuleDefinition" PermissionNames="@PermissionNames.Utilize" PermissionList="@_permissions" @ref="_permissionGrid" />
</div>
</div>
<button type="button" class="btn btn-success" @onclick="SaveModuleDefinition">@SharedLocalizer["Save"]</button>
<NavLink class="btn btn-secondary" href="@NavigateUrl()">@SharedLocalizer["Cancel"]</NavLink>
</TabPanel>
<TabPanel Name="Translations" ResourceKey="Translations">
@if (_languages != null && _languages.Count > 0)
{
<Pager Items="@_languages">
<Header>
<PermissionGrid EntityName="@EntityNames.ModuleDefinition" PermissionNames="@PermissionNames.Utilize" PermissionList="@_permissions" @ref="_permissionGrid" />
</div>
</div>
<br />
<button type="button" class="btn btn-success" @onclick="SaveModuleDefinition">@SharedLocalizer["Save"]</button>
<NavLink class="btn btn-secondary" href="@NavigateUrl()">@SharedLocalizer["Cancel"]</NavLink>
</TabPanel>
<TabPanel Name="Translations" ResourceKey="Translations">
@if (_languages != null && _languages.Count > 0)
{
<Pager Items="@_languages">
<Header>
<th>@SharedLocalizer["Name"]</th>
<th>@Localizer["Code"]</th>
<th style="width: 1px;">@Localizer["Version"]</th>
<th style="width: 1px;">&nbsp;</th>
</Header>
<Row>
<td>@context.Name</td>
<td>@context.Code</td>
<td>@((string.IsNullOrEmpty(context.Version)) ? "---" : context.Version)</td>
<td>
@switch (TranslationAvailable(_packagename + "." + context.Code, context.Version))
{
case "install":
<button type="button" class="btn btn-success" @onclick=@(async () => await GetPackage(_packagename + "." + context.Code))>@SharedLocalizer["Download"]</button>
break;
case "upgrade":
<button type="button" class="btn btn-success" @onclick=@(async () => await GetPackage(_packagename + "." + context.Code))>@SharedLocalizer["Upgrade"]</button>
break;
}
</td>
</Row>
</Pager>
@if (_install)
{
<button type="button" class="btn btn-success" @onclick="InstallTranslations">@SharedLocalizer["Install"]</button>
</Header>
<Row>
<td>@context.Name</td>
<td>@context.Code</td>
<td>@((string.IsNullOrEmpty(context.Version)) ? "---" : context.Version)</td>
<td>
@switch (TranslationAvailable(_packagename + "." + context.Code, context.Version))
{
case "install":
<button type="button" class="btn btn-success" @onclick=@(async () => await GetPackage(_packagename + "." + context.Code))>@SharedLocalizer["Download"]</button>
break;
case "upgrade":
<button type="button" class="btn btn-success" @onclick=@(async () => await GetPackage(_packagename + "." + context.Code))>@SharedLocalizer["Upgrade"]</button>
break;
}
</td>
</Row>
</Pager>
@if (_install)
{
<button type="button" class="btn btn-success" @onclick="InstallTranslations">@SharedLocalizer["Install"]</button>
}
}
}
else
{
<br />
<div class="mx-auto text-center">
@if (string.IsNullOrEmpty(_packagename))
{
@Localizer["Search.PackageNameMissing"]
}
else
{
@Localizer["Search.NoResults"]
}
</div>
<br />
}
</TabPanel>
</TabStrip>
else
{
<br />
<div class="mx-auto text-center">
@if (string.IsNullOrEmpty(_packagename))
{
@Localizer["Search.PackageNameMissing"]
}
else
{
@Localizer["Search.NoResults"]
}
</div>
<br />
}
</TabPanel>
</TabStrip>
@if (_package != null)
{
<div class="app-actiondialog">
<div class="modal" tabindex="-1" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">@SharedLocalizer["Review License Terms"]</h5>
<button type="button" class="btn-close" aria-label="Close" @onclick="HideModal"></button>
</div>
<div class="modal-body">
<p style="height: 200px; overflow-y: scroll;">
<h4 style="display: inline;"><a href="@_package.ProductUrl" target="_new">@_package.Name</a></h4><br />
@SharedLocalizer["Search.By"]:&nbsp;&nbsp;<strong><a href="@_package.OwnerUrl" target="new">@_package.Owner</a></strong><br />
@(_package.Description.Length > 400 ? (_package.Description.Substring(0, 400) + "...") : _package.Description)<br />
<strong>@(String.Format("{0:n0}", _package.Downloads))</strong> @SharedLocalizer["Search.Downloads"]&nbsp;&nbsp;|&nbsp;&nbsp;
@SharedLocalizer["Search.Released"]: <strong>@_package.ReleaseDate.ToString("MMM dd, yyyy")</strong>&nbsp;&nbsp;|&nbsp;&nbsp;
@SharedLocalizer["Search.Version"]: <strong>@_package.Version</strong>
@((MarkupString)(!string.IsNullOrEmpty(_package.PackageUrl) ? "&nbsp;&nbsp;|&nbsp;&nbsp;" + SharedLocalizer["Search.Source"] + ": <strong>" + new Uri(_package.PackageUrl).Host + "</strong>" : ""))
<br /><br />
@if (!string.IsNullOrEmpty(_package.License))
{
@((MarkupString)_package.License.Replace("\n", "<br />"))
}
else
{
@SharedLocalizer["License Not Specified"]
}
</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-success" @onclick="DownloadPackage">@SharedLocalizer["Accept"]</button>
<button type="button" class="btn btn-secondary" @onclick="HideModal">@SharedLocalizer["Cancel"]</button>
@if (_package != null)
{
<div class="app-actiondialog">
<div class="modal" tabindex="-1" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-header">
<h5 class="modal-title">@SharedLocalizer["Review License Terms"]</h5>
<button type="button" class="btn-close" aria-label="Close" @onclick="HideModal"></button>
</div>
<div class="modal-body">
<p style="height: 200px; overflow-y: scroll;">
<h4 style="display: inline;"><a href="@_package.ProductUrl" target="_new">@_package.Name</a></h4><br />
@SharedLocalizer["Search.By"]:&nbsp;&nbsp;<strong><a href="@_package.OwnerUrl" target="new">@_package.Owner</a></strong><br />
@(_package.Description.Length > 400 ? (_package.Description.Substring(0, 400) + "...") : _package.Description)<br />
<strong>@(String.Format("{0:n0}", _package.Downloads))</strong> @SharedLocalizer["Search.Downloads"]&nbsp;&nbsp;|&nbsp;&nbsp;
@SharedLocalizer["Search.Released"]: <strong>@_package.ReleaseDate.ToString("MMM dd, yyyy")</strong>&nbsp;&nbsp;|&nbsp;&nbsp;
@SharedLocalizer["Search.Version"]: <strong>@_package.Version</strong>
@((MarkupString)(!string.IsNullOrEmpty(_package.PackageUrl) ? "&nbsp;&nbsp;|&nbsp;&nbsp;" + SharedLocalizer["Search.Source"] + ": <strong>" + new Uri(_package.PackageUrl).Host + "</strong>" : ""))
<br /><br />
@if (!string.IsNullOrEmpty(_package.License))
{
@((MarkupString)_package.License.Replace("\n", "<br />"))
}
else
{
@SharedLocalizer["License Not Specified"]
}
</p>
</div>
<div class="modal-footer">
<button type="button" class="btn btn-success" @onclick="DownloadPackage">@SharedLocalizer["Accept"]</button>
<button type="button" class="btn btn-secondary" @onclick="HideModal">@SharedLocalizer["Cancel"]</button>
</div>
</div>
</div>
</div>
</div>
</div>
}
}
@code {
private bool _initialized = false;
private ElementReference form;
private bool validated = false;
private int _moduleDefinitionId;
@ -262,6 +267,8 @@
}
_languages = _languages.OrderBy(item => item.Name).ToList();
}
_initialized = true;
}
}
catch (Exception ex)

2
Oqtane.Client/Modules/Controls/ActionDialog.razor
View File

@ -62,7 +62,7 @@
public SecurityAccessLevel? Security { get; set; } // optional - can be used to explicitly specify SecurityAccessLevel
[Parameter]
public string Permissions { get; set; } // optional - can be used to specify permissions (deprecated - use PermissionList)
public string Permissions { get; set; } // deprecated - use PermissionList instead
[Parameter]
public List<Permission> PermissionList { get; set; } // optional - can be used to specify permissions

2
Oqtane.Client/Modules/Controls/ActionLink.razor
View File

@ -53,7 +53,7 @@
public SecurityAccessLevel? Security { get; set; } // optional - can be used to explicitly specify SecurityAccessLevel
[Parameter]
public string Permissions { get; set; } // optional - can be used to specify permissions (deprecated - use PermissionList)
public string Permissions { get; set; } // deprecated - use PermissionList instead
[Parameter]
public List<Permission> PermissionList { get; set; } // optional - can be used to specify permissions

2
Oqtane.Client/Modules/Controls/PermissionGrid.razor
View File

@ -138,7 +138,7 @@
// initialize permissions
_permissions = new List<Permission>();
if (PermissionList.Any())
if (PermissionList != null && PermissionList.Any())
{
foreach (var permission in PermissionList)
{

2
Oqtane.Client/Themes/Controls/Container/ModuleActionsBase.cs
View File

@ -44,7 +44,7 @@ namespace Oqtane.Themes.Controls
}
actionList.Add(new ActionViewModel { Icon = Icons.Trash, Name = "Delete Module", Action = async (u, m) => await DeleteModule(u, m) });
if (ModuleState.ModuleDefinition != null && ModuleState.ModuleDefinition.ServerManagerType != "")
if (ModuleState.ModuleDefinition != null && ModuleState.ModuleDefinition.IsPortable)
{
actionList.Add(new ActionViewModel { Name = "" });
actionList.Add(new ActionViewModel { Icon = Icons.CloudUpload, Name = "Import Content", Action = async (u, m) => await EditUrlAsync(u, m.ModuleId, "Import") });

28
Oqtane.Server/Controllers/ModuleController.cs
View File

@ -47,6 +47,7 @@ namespace Oqtane.Controllers
int SiteId;
if (int.TryParse(siteid, out SiteId) && SiteId == _alias.SiteId)
{
List<ModuleDefinition> moduledefinitions = _moduleDefinitions.GetModuleDefinitions(SiteId).ToList();
List<Setting> settings = _settings.GetSettings(EntityNames.Module).ToList();
foreach (PageModule pagemodule in _pageModules.GetPageModules(SiteId))
@ -74,6 +75,8 @@ namespace Oqtane.Controllers
module.Order = pagemodule.Order;
module.ContainerType = pagemodule.ContainerType;
module.ModuleDefinition = FilterModuleDefinition(moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName));
module.Settings = settings.Where(item => item.EntityId == pagemodule.ModuleId)
.Where(item => !item.IsPrivate || _userPermissions.IsAuthorized(User, PermissionNames.Edit, pagemodule.Module.PermissionList))
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
@ -92,6 +95,29 @@ namespace Oqtane.Controllers
return modules;
}
private ModuleDefinition FilterModuleDefinition(ModuleDefinition moduleDefinition)
{
if (moduleDefinition != null)
{
moduleDefinition.Description = "";
moduleDefinition.Categories = "";
moduleDefinition.Version = "";
moduleDefinition.Owner = "";
moduleDefinition.Url = "";
moduleDefinition.Contact = "";
moduleDefinition.License = "";
moduleDefinition.Dependencies = "";
moduleDefinition.PermissionNames = "";
moduleDefinition.ServerManagerType = "";
moduleDefinition.ReleaseVersions = "";
moduleDefinition.PackageName = "";
moduleDefinition.AssemblyName = "";
moduleDefinition.PermissionList = null;
moduleDefinition.Template = "";
}
return moduleDefinition;
}
// GET api/<controller>/5
[HttpGet("{id}")]
public Module Get(int id)
@ -100,7 +126,7 @@ namespace Oqtane.Controllers
if (module != null && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User,PermissionNames.View, module.PermissionList))
{
List<ModuleDefinition> moduledefinitions = _moduleDefinitions.GetModuleDefinitions(module.SiteId).ToList();
module.ModuleDefinition = moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName);
module.ModuleDefinition = FilterModuleDefinition(moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName));
module.Settings = _settings.GetSettings(EntityNames.Module, id)
.Where(item => !item.IsPrivate || _userPermissions.IsAuthorized(User, PermissionNames.Edit, module.PermissionList))
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);

27
Oqtane.Server/Controllers/SiteController.cs
View File

@ -13,6 +13,7 @@ using System.Globalization;
using Microsoft.Extensions.Caching.Memory;
using Oqtane.Extensions;
using System;
using System.ComponentModel.DataAnnotations.Schema;
namespace Oqtane.Controllers
{
@ -128,7 +129,8 @@ namespace Oqtane.Controllers
module.Order = pagemodule.Order;
module.ContainerType = pagemodule.ContainerType;
module.ModuleDefinition = moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName);
module.ModuleDefinition = FilterModuleDefinition(moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName));
module.Settings = settings.Where(item => item.EntityId == pagemodule.ModuleId)
.Where(item => !item.IsPrivate || _userPermissions.IsAuthorized(User, PermissionNames.Edit, pagemodule.Module.PermissionList))
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
@ -152,6 +154,29 @@ namespace Oqtane.Controllers
}
}
private ModuleDefinition FilterModuleDefinition(ModuleDefinition moduleDefinition)
{
if (moduleDefinition != null)
{
moduleDefinition.Description = "";
moduleDefinition.Categories = "";
moduleDefinition.Version = "";
moduleDefinition.Owner = "";
moduleDefinition.Url = "";
moduleDefinition.Contact = "";
moduleDefinition.License = "";
moduleDefinition.Dependencies = "";
moduleDefinition.PermissionNames = "";
moduleDefinition.ServerManagerType = "";
moduleDefinition.ReleaseVersions = "";
moduleDefinition.PackageName = "";
moduleDefinition.AssemblyName = "";
moduleDefinition.PermissionList = null;
moduleDefinition.Template = "";
}
return moduleDefinition;
}
// POST api/<controller>
[HttpPost]
[Authorize(Roles = RoleNames.Host)]

14
Oqtane.Server/Repository/ModuleDefinitionRepository.cs
View File

@ -4,14 +4,10 @@ using System.Diagnostics;
using System.IO;
using System.Linq;
using System.Reflection;
using System.Security.Policy;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Caching.Memory;
using Oqtane.Extensions;
using Oqtane.Models;
using Oqtane.Modules;
using Oqtane.Modules.Admin.Roles;
using Oqtane.Modules.Admin.Users;
using Oqtane.Shared;
namespace Oqtane.Repository
@ -239,6 +235,16 @@ namespace Oqtane.Repository
moduledefinition.ControlTypeTemplate = modulecontroltype.Namespace + "." + Constants.ActionToken + ", " + modulecontroltype.Assembly.GetName().Name;
moduledefinition.AssemblyName = assembly.GetName().Name;
moduledefinition.IsPortable = false;
if (!string.IsNullOrEmpty(moduledefinition.ServerManagerType))
{
Type servertype = Type.GetType(moduledefinition.ServerManagerType);
if (servertype != null && servertype.GetInterface("IPortable") != null)
{
moduledefinition.IsPortable = true;
}
}
if (string.IsNullOrEmpty(moduledefinition.Categories))
{
moduledefinition.Categories = "Common";

15
Oqtane.Server/Security/UserPermissions.cs
View File

@ -52,14 +52,9 @@ namespace Oqtane.Security
return IsAuthorized(principal, permissionName, _permissions.GetPermissions(siteId, entityName, entityId, permissionName).ToList());
}
public bool IsAuthorized(ClaimsPrincipal principal, string permissionName, List<Permission> permissions)
public bool IsAuthorized(ClaimsPrincipal principal, string permissionName, List<Permission> permissionList)
{
return UserSecurity.IsAuthorized(GetUser(principal), permissionName, permissions);
}
public bool IsAuthorized(ClaimsPrincipal principal, string permissionName, string permissions)
{
return UserSecurity.IsAuthorized(GetUser(principal), permissionName, JsonSerializer.Deserialize<List<Permission>>(permissions));
return UserSecurity.IsAuthorized(GetUser(principal), permissionName, permissionList);
}
public User GetUser(ClaimsPrincipal principal)
@ -106,5 +101,11 @@ namespace Oqtane.Security
{
return IsAuthorized(principal, permissionName, _permissions.GetPermissions(_accessor.HttpContext.GetAlias().SiteId, entityName, entityId, permissionName).ToList());
}
[Obsolete("IsAuthorized(ClaimsPrincipal principal, string permissionName, string permissions) is deprecated. Use IsAuthorized(ClaimsPrincipal principal, string permissionName, List<Permission> permissionList) instead", false)]
public bool IsAuthorized(ClaimsPrincipal principal, string permissionName, string permissions)
{
return UserSecurity.IsAuthorized(GetUser(principal), permissionName, JsonSerializer.Deserialize<List<Permission>>(permissions));
}
}
}

10
Oqtane.Shared/Models/Folder.cs
View File

@ -2,6 +2,7 @@ using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations.Schema;
using System.Text.Json;
using System.Text.Json.Serialization;
namespace Oqtane.Models
{
@ -85,18 +86,19 @@ namespace Oqtane.Models
[NotMapped]
public bool HasChildren { get; set; }
#region Deprecated Properties
[Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
[NotMapped]
[JsonIgnore] // exclude from API payload
public string Permissions
{
get
{
return JsonSerializer.Serialize(PermissionList);
}
set
{
PermissionList = JsonSerializer.Deserialize<List<Permission>>(Permissions);
}
}
#endregion
}
}

10
Oqtane.Shared/Models/Module.cs
View File

@ -3,6 +3,7 @@ using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations.Schema;
using System.Text.Json;
using System.Text.Json.Serialization;
namespace Oqtane.Models
{
@ -109,18 +110,19 @@ namespace Oqtane.Models
#endregion
#region Deprecated Properties
[Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
[NotMapped]
[JsonIgnore] // exclude from API payload
public string Permissions
{
get
{
return JsonSerializer.Serialize(PermissionList);
}
set
{
PermissionList = JsonSerializer.Deserialize<List<Permission>>(Permissions);
}
}
#endregion
}
}

29
Oqtane.Shared/Models/ModuleDefinition.cs
View File

@ -2,6 +2,7 @@ using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations.Schema;
using System.Text.Json;
using System.Text.Json.Serialization;
using Oqtane.Documentation;
namespace Oqtane.Models
@ -68,55 +69,75 @@ namespace Oqtane.Models
// additional IModule properties
[NotMapped]
public string Owner { get; set; }
[NotMapped]
public string Url { get; set; }
[NotMapped]
public string Contact { get; set; }
[NotMapped]
public string License { get; set; }
[NotMapped]
public string Runtimes { get; set; }
[NotMapped]
public string Dependencies { get; set; }
[NotMapped]
public string PermissionNames { get; set; }
[NotMapped]
public string ServerManagerType { get; set; }
[NotMapped]
public string ControlTypeRoutes { get; set; }
[NotMapped]
public string ReleaseVersions { get; set; }
[NotMapped]
public string DefaultAction { get; set; }
[NotMapped]
public string SettingsType { get; set; } // added in 2.0.2
[NotMapped]
public string PackageName { get; set; } // added in 2.1.0
// internal properties
[NotMapped]
public int SiteId { get; set; }
[NotMapped]
public string ControlTypeTemplate { get; set; }
[NotMapped]
public string AssemblyName { get; set; }
[NotMapped]
public List<Permission> PermissionList { get; set; }
[NotMapped]
public string Template { get; set; }
[NotMapped]
public bool IsPortable { get; set; }
#region Deprecated Properties
[Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
[NotMapped]
[JsonIgnore] // exclude from API payload
public string Permissions
{
get
{
return JsonSerializer.Serialize(PermissionList);
}
set
{
PermissionList = JsonSerializer.Deserialize<List<Permission>>(Permissions);
}
}
#endregion
}
}

11
Oqtane.Shared/Models/Page.cs
View File

@ -2,6 +2,7 @@ using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations.Schema;
using System.Text.Json;
using System.Text.Json.Serialization;
namespace Oqtane.Models
{
@ -115,26 +116,24 @@ namespace Oqtane.Models
#region Deprecated Properties
[Obsolete("This property is deprecated", false)]
[Obsolete("The EditMode property is deprecated", false)]
[NotMapped]
public bool EditMode { get; set; }
[Obsolete("This property is deprecated", false)]
[Obsolete("The LayoutType property is deprecated", false)]
[NotMapped]
public string LayoutType { get; set; }
[Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
[NotMapped]
[JsonIgnore] // exclude from API payload
public string Permissions {
get
{
return JsonSerializer.Serialize(PermissionList);
}
set
{
PermissionList = JsonSerializer.Deserialize<List<Permission>>(Permissions);
}
}
#endregion
}
}

8
Oqtane.Shared/Models/SiteTemplate.cs
View File

@ -33,10 +33,6 @@ namespace Oqtane.Models
{
return JsonSerializer.Serialize(PermissionList);
}
set
{
PermissionList = JsonSerializer.Deserialize<List<Permission>>(PagePermissions);
}
}
}
@ -55,10 +51,6 @@ namespace Oqtane.Models
{
return JsonSerializer.Serialize(PermissionList);
}
set
{
PermissionList = JsonSerializer.Deserialize<List<Permission>>(ModulePermissions);
}
}
}
}

31
Oqtane.Shared/Security/UserSecurity.cs
View File

@ -20,42 +20,37 @@ namespace Oqtane.Security
return IsAuthorized(user, permissions);
}
public static bool IsAuthorized(User user, string permissionName, List<Permission> permissions)
public static bool IsAuthorized(User user, string permissionName, List<Permission> permissionList)
{
return IsAuthorized(user, permissions.Where(item => item.PermissionName == permissionName).ToList());
return IsAuthorized(user, permissionList.Where(item => item.PermissionName == permissionName).ToList());
}
public static bool IsAuthorized(User user, string permissionName, string permissions)
{
return IsAuthorized(user, JsonSerializer.Deserialize<List<Permission>>(permissions).Where(item => item.PermissionName == permissionName).ToList());
}
public static bool IsAuthorized(User user, List<Permission> permissions)
public static bool IsAuthorized(User user, List<Permission> permissionList)
{
bool authorized = false;
if (permissions != null && permissions.Any())
if (permissionList != null && permissionList.Any())
{
if (user == null)
{
authorized = IsAuthorized(-1, "", permissions); // user is not authenticated but may have access to resource
authorized = IsAuthorized(-1, "", permissionList); // user is not authenticated but may have access to resource
}
else
{
authorized = IsAuthorized(user.UserId, user.Roles, permissions);
authorized = IsAuthorized(user.UserId, user.Roles, permissionList);
}
}
return authorized;
}
private static bool IsAuthorized(int userId, string roles, List<Permission> permissions)
private static bool IsAuthorized(int userId, string roles, List<Permission> permissionList)
{
bool isAuthorized = false;
if (permissions != null && permissions.Any())
if (permissionList != null && permissionList.Any())
{
// check if denied first
isAuthorized = !permissions.Where(item => !item.IsAuthorized && (
isAuthorized = !permissionList.Where(item => !item.IsAuthorized && (
(item.Role != null && (
(item.Role.Name == RoleNames.Everyone) ||
(item.Role.Name == RoleNames.Unauthenticated && userId == -1) ||
@ -65,7 +60,7 @@ namespace Oqtane.Security
if (isAuthorized)
{
// then check if authorized
isAuthorized = permissions.Where(item => item.IsAuthorized && (
isAuthorized = permissionList.Where(item => item.IsAuthorized && (
(item.Role != null && (
(item.Role.Name == RoleNames.Everyone) ||
(item.Role.Name == RoleNames.Unauthenticated && userId == -1) ||
@ -123,5 +118,11 @@ namespace Oqtane.Security
}
return identity;
}
[Obsolete("IsAuthorized(User user, string permissionName, string permissions) is deprecated. Use IsAuthorized(User user, string permissionName, List<Permission> permissionList) instead", false)]
public static bool IsAuthorized(User user, string permissionName, string permissions)
{
return IsAuthorized(user, JsonSerializer.Deserialize<List<Permission>>(permissions).Where(item => item.PermissionName == permissionName).ToList());
}
}
}