kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

exclude legacy Permissions properties from serialization/API payload

Browse Source
This commit is contained in:
Shaun Walker 2023-03-09 15:51:16 -05:00
parent 9c6174e3f2
commit af3b289331
15 changed files with 307 additions and 225 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

341
Oqtane.Client/Modules/Admin/ModuleDefinitions/Edit.razor
View File

@ -9,189 +9,194 @@
@inject IStringLocalizer<Edit> Localizer @inject IStringLocalizer<Edit> Localizer
@inject IStringLocalizer<SharedResources> SharedLocalizer @inject IStringLocalizer<SharedResources> SharedLocalizer
<TabStrip> @if (_initialized)
<TabPanel Name="Definition" ResourceKey="Definition"> {
<form @ref="form" class="@(validated ? "was-validated" : "needs-validation")" novalidate> <TabStrip>
<div class="container"> <TabPanel Name="Definition" ResourceKey="Definition">
<div class="row mb-1 align-items-center"> <form @ref="form" class="@(validated ? "was-validated" : "needs-validation")" novalidate>
<Label Class="col-sm-3" For="name" HelpText="The name of the module" ResourceKey="Name">Name: </Label> <div class="container">
<div class="col-sm-9"> <div class="row mb-1 align-items-center">
<input id="name" class="form-control" @bind="@_name" maxlength="200" required /> <Label Class="col-sm-3" For="name" HelpText="The name of the module" ResourceKey="Name">Name: </Label>
</div> <div class="col-sm-9">
</div> <input id="name" class="form-control" @bind="@_name" maxlength="200" required />
<div class="row mb-1 align-items-center"> </div>
<Label Class="col-sm-3" For="description" HelpText="The description of the module" ResourceKey="Description">Description: </Label> </div>
<div class="col-sm-9"> <div class="row mb-1 align-items-center">
<textarea id="description" class="form-control" @bind="@_description" rows="2" maxlength="2000" required></textarea> <Label Class="col-sm-3" For="description" HelpText="The description of the module" ResourceKey="Description">Description: </Label>
</div> <div class="col-sm-9">
</div> <textarea id="description" class="form-control" @bind="@_description" rows="2" maxlength="2000" required></textarea>
<div class="row mb-1 align-items-center"> </div>
<Label Class="col-sm-3" For="categories" HelpText="Comma delimited list of module categories" ResourceKey="Categories">Categories: </Label> </div>
<div class="col-sm-9"> <div class="row mb-1 align-items-center">
<input id="categories" class="form-control" @bind="@_categories" maxlength="200" required /> <Label Class="col-sm-3" For="categories" HelpText="Comma delimited list of module categories" ResourceKey="Categories">Categories: </Label>
</div> <div class="col-sm-9">
</div> <input id="categories" class="form-control" @bind="@_categories" maxlength="200" required />
</div> </div>
</form>
<Section Name="Information" ResourceKey="Information">
<div class="container">
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="moduledefinitionname" HelpText="The internal name of the module" ResourceKey="InternalName">Internal Name: </Label>
<div class="col-sm-9">
<input id="moduledefinitionname" class="form-control" @bind="@_moduledefinitionname" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="version" HelpText="The version of the module" ResourceKey="Version">Version: </Label>
<div class="col-sm-9">
<input id="version" class="form-control" @bind="@_version" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="packagename" HelpText="The unique name of the package from which this module was installed" ResourceKey="PackageName">Package Name: </Label>
<div class="col-sm-9">
<input id="packagename" class="form-control" @bind="@_packagename" disabled />
</div> </div>
</div> </div>
</form>
<Section Name="Information" ResourceKey="Information">
<div class="container">
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="moduledefinitionname" HelpText="The internal name of the module" ResourceKey="InternalName">Internal Name: </Label>
<div class="col-sm-9">
<input id="moduledefinitionname" class="form-control" @bind="@_moduledefinitionname" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="version" HelpText="The version of the module" ResourceKey="Version">Version: </Label>
<div class="col-sm-9">
<input id="version" class="form-control" @bind="@_version" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="packagename" HelpText="The unique name of the package from which this module was installed" ResourceKey="PackageName">Package Name: </Label>
<div class="col-sm-9">
<input id="packagename" class="form-control" @bind="@_packagename" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="owner" HelpText="The owner or creator of the module" ResourceKey="Owner">Owner: </Label>
<div class="col-sm-9">
<input id="owner" class="form-control" @bind="@_owner" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="url" HelpText="The reference url of the module" ResourceKey="ReferenceUrl">Reference Url: </Label>
<div class="col-sm-9">
<input id="url" class="form-control" @bind="@_url" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="contact" HelpText="The contact for the module" ResourceKey="Contact">Contact: </Label>
<div class="col-sm-9">
<input id="contact" class="form-control" @bind="@_contact" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="license" HelpText="The module license terms" ResourceKey="License">License: </Label>
<div class="col-sm-9">
<textarea id="license" class="form-control" @bind="@_license" rows="5" disabled></textarea>
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="runtimes" HelpText="The Blazor runtimes which this module supports" ResourceKey="Runtimes">Runtimes: </Label>
<div class="col-sm-9">
<input id="runtimes" class="form-control" @bind="@_runtimes" disabled />
</div>
</div>
</div>
</Section>
<br />
<button type="button" class="btn btn-success" @onclick="SaveModuleDefinition">@SharedLocalizer["Save"]</button>
<NavLink class="btn btn-secondary" href="@NavigateUrl()">@SharedLocalizer["Cancel"]</NavLink>
<br />
<br />
<AuditInfo CreatedBy="@_createdby" CreatedOn="@_createdon" ModifiedBy="@_modifiedby" ModifiedOn="@_modifiedon"></AuditInfo>
</TabPanel>
<TabPanel Name="Permissions" ResourceKey="Permissions">
<div class="container">
<div class="row mb-1 align-items-center"> <div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="owner" HelpText="The owner or creator of the module" ResourceKey="Owner">Owner: </Label> <PermissionGrid EntityName="@EntityNames.ModuleDefinition" PermissionNames="@PermissionNames.Utilize" PermissionList="@_permissions" @ref="_permissionGrid" />
<div class="col-sm-9"> </div>
<input id="owner" class="form-control" @bind="@_owner" disabled /> </div>
</div> <br />
</div> <button type="button" class="btn btn-success" @onclick="SaveModuleDefinition">@SharedLocalizer["Save"]</button>
<div class="row mb-1 align-items-center"> <NavLink class="btn btn-secondary" href="@NavigateUrl()">@SharedLocalizer["Cancel"]</NavLink>
<Label Class="col-sm-3" For="url" HelpText="The reference url of the module" ResourceKey="ReferenceUrl">Reference Url: </Label> </TabPanel>
<div class="col-sm-9"> <TabPanel Name="Translations" ResourceKey="Translations">
<input id="url" class="form-control" @bind="@_url" disabled /> @if (_languages != null && _languages.Count > 0)
</div> {
</div> <Pager Items="@_languages">
<div class="row mb-1 align-items-center"> <Header>
<Label Class="col-sm-3" For="contact" HelpText="The contact for the module" ResourceKey="Contact">Contact: </Label>
<div class="col-sm-9">
<input id="contact" class="form-control" @bind="@_contact" disabled />
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="license" HelpText="The module license terms" ResourceKey="License">License: </Label>
<div class="col-sm-9">
<textarea id="license" class="form-control" @bind="@_license" rows="5" disabled></textarea>
</div>
</div>
<div class="row mb-1 align-items-center">
<Label Class="col-sm-3" For="runtimes" HelpText="The Blazor runtimes which this module supports" ResourceKey="Runtimes">Runtimes: </Label>
<div class="col-sm-9">
<input id="runtimes" class="form-control" @bind="@_runtimes" disabled />
</div>
</div>
</div>
</Section>
<br />
<button type="button" class="btn btn-success" @onclick="SaveModuleDefinition">@SharedLocalizer["Save"]</button>
<NavLink class="btn btn-secondary" href="@NavigateUrl()">@SharedLocalizer["Cancel"]</NavLink>
<br />
<br />
<AuditInfo CreatedBy="@_createdby" CreatedOn="@_createdon" ModifiedBy="@_modifiedby" ModifiedOn="@_modifiedon"></AuditInfo>
</TabPanel>
<TabPanel Name="Permissions" ResourceKey="Permissions">
<div class="container">
<div class="row mb-1 align-items-center">
<PermissionGrid EntityName="@EntityNames.ModuleDefinition" PermissionNames="@PermissionNames.Utilize" PermissionList="@_permissions" @ref="_permissionGrid" />
</div>
</div>
<button type="button" class="btn btn-success" @onclick="SaveModuleDefinition">@SharedLocalizer["Save"]</button>
<NavLink class="btn btn-secondary" href="@NavigateUrl()">@SharedLocalizer["Cancel"]</NavLink>
</TabPanel>
<TabPanel Name="Translations" ResourceKey="Translations">
@if (_languages != null && _languages.Count > 0)
{
<Pager Items="@_languages">
<Header>
<th>@SharedLocalizer["Name"]</th> <th>@SharedLocalizer["Name"]</th>
<th>@Localizer["Code"]</th> <th>@Localizer["Code"]</th>
<th style="width: 1px;">@Localizer["Version"]</th> <th style="width: 1px;">@Localizer["Version"]</th>
<th style="width: 1px;">&nbsp;</th> <th style="width: 1px;">&nbsp;</th>
</Header> </Header>
<Row> <Row>
<td>@context.Name</td> <td>@context.Name</td>
<td>@context.Code</td> <td>@context.Code</td>
<td>@((string.IsNullOrEmpty(context.Version)) ? "---" : context.Version)</td> <td>@((string.IsNullOrEmpty(context.Version)) ? "---" : context.Version)</td>
<td> <td>
@switch (TranslationAvailable(_packagename + "." + context.Code, context.Version)) @switch (TranslationAvailable(_packagename + "." + context.Code, context.Version))
{ {
case "install": case "install":
<button type="button" class="btn btn-success" @onclick=@(async () => await GetPackage(_packagename + "." + context.Code))>@SharedLocalizer["Download"]</button> <button type="button" class="btn btn-success" @onclick=@(async () => await GetPackage(_packagename + "." + context.Code))>@SharedLocalizer["Download"]</button>
break; break;
case "upgrade": case "upgrade":
<button type="button" class="btn btn-success" @onclick=@(async () => await GetPackage(_packagename + "." + context.Code))>@SharedLocalizer["Upgrade"]</button> <button type="button" class="btn btn-success" @onclick=@(async () => await GetPackage(_packagename + "." + context.Code))>@SharedLocalizer["Upgrade"]</button>
break; break;
} }
</td> </td>
</Row> </Row>
</Pager> </Pager>
@if (_install) @if (_install)
{ {
<button type="button" class="btn btn-success" @onclick="InstallTranslations">@SharedLocalizer["Install"]</button> <button type="button" class="btn btn-success" @onclick="InstallTranslations">@SharedLocalizer["Install"]</button>
}
} }
} else
else {
{ <br />
<br /> <div class="mx-auto text-center">
<div class="mx-auto text-center"> @if (string.IsNullOrEmpty(_packagename))
@if (string.IsNullOrEmpty(_packagename)) {
{ @Localizer["Search.PackageNameMissing"]
@Localizer["Search.PackageNameMissing"] }
} else
else {
{ @Localizer["Search.NoResults"]
@Localizer["Search.NoResults"] }
} </div>
</div> <br />
<br /> }
} </TabPanel>
</TabPanel> </TabStrip>
</TabStrip>
@if (_package != null) @if (_package != null)
{ {
<div class="app-actiondialog"> <div class="app-actiondialog">
<div class="modal" tabindex="-1" role="dialog"> <div class="modal" tabindex="-1" role="dialog">
<div class="modal-dialog"> <div class="modal-dialog">
<div class="modal-content"> <div class="modal-content">
<div class="modal-header"> <div class="modal-header">
<h5 class="modal-title">@SharedLocalizer["Review License Terms"]</h5> <h5 class="modal-title">@SharedLocalizer["Review License Terms"]</h5>
<button type="button" class="btn-close" aria-label="Close" @onclick="HideModal"></button> <button type="button" class="btn-close" aria-label="Close" @onclick="HideModal"></button>
</div> </div>
<div class="modal-body"> <div class="modal-body">
<p style="height: 200px; overflow-y: scroll;"> <p style="height: 200px; overflow-y: scroll;">
<h4 style="display: inline;"><a href="@_package.ProductUrl" target="_new">@_package.Name</a></h4><br /> <h4 style="display: inline;"><a href="@_package.ProductUrl" target="_new">@_package.Name</a></h4><br />
@SharedLocalizer["Search.By"]:&nbsp;&nbsp;<strong><a href="@_package.OwnerUrl" target="new">@_package.Owner</a></strong><br /> @SharedLocalizer["Search.By"]:&nbsp;&nbsp;<strong><a href="@_package.OwnerUrl" target="new">@_package.Owner</a></strong><br />
@(_package.Description.Length > 400 ? (_package.Description.Substring(0, 400) + "...") : _package.Description)<br /> @(_package.Description.Length > 400 ? (_package.Description.Substring(0, 400) + "...") : _package.Description)<br />
<strong>@(String.Format("{0:n0}", _package.Downloads))</strong> @SharedLocalizer["Search.Downloads"]&nbsp;&nbsp;|&nbsp;&nbsp; <strong>@(String.Format("{0:n0}", _package.Downloads))</strong> @SharedLocalizer["Search.Downloads"]&nbsp;&nbsp;|&nbsp;&nbsp;
@SharedLocalizer["Search.Released"]: <strong>@_package.ReleaseDate.ToString("MMM dd, yyyy")</strong>&nbsp;&nbsp;|&nbsp;&nbsp; @SharedLocalizer["Search.Released"]: <strong>@_package.ReleaseDate.ToString("MMM dd, yyyy")</strong>&nbsp;&nbsp;|&nbsp;&nbsp;
@SharedLocalizer["Search.Version"]: <strong>@_package.Version</strong> @SharedLocalizer["Search.Version"]: <strong>@_package.Version</strong>
@((MarkupString)(!string.IsNullOrEmpty(_package.PackageUrl) ? "&nbsp;&nbsp;|&nbsp;&nbsp;" + SharedLocalizer["Search.Source"] + ": <strong>" + new Uri(_package.PackageUrl).Host + "</strong>" : "")) @((MarkupString)(!string.IsNullOrEmpty(_package.PackageUrl) ? "&nbsp;&nbsp;|&nbsp;&nbsp;" + SharedLocalizer["Search.Source"] + ": <strong>" + new Uri(_package.PackageUrl).Host + "</strong>" : ""))
<br /><br /> <br /><br />
@if (!string.IsNullOrEmpty(_package.License)) @if (!string.IsNullOrEmpty(_package.License))
{ {
@((MarkupString)_package.License.Replace("\n", "<br />")) @((MarkupString)_package.License.Replace("\n", "<br />"))
} }
else else
{ {
@SharedLocalizer["License Not Specified"] @SharedLocalizer["License Not Specified"]
} }
</p> </p>
</div> </div>
<div class="modal-footer"> <div class="modal-footer">
<button type="button" class="btn btn-success" @onclick="DownloadPackage">@SharedLocalizer["Accept"]</button> <button type="button" class="btn btn-success" @onclick="DownloadPackage">@SharedLocalizer["Accept"]</button>
<button type="button" class="btn btn-secondary" @onclick="HideModal">@SharedLocalizer["Cancel"]</button> <button type="button" class="btn btn-secondary" @onclick="HideModal">@SharedLocalizer["Cancel"]</button>
</div>
</div> </div>
</div> </div>
</div> </div>
</div> </div>
</div> }
} }
@code { @code {
private bool _initialized = false;
private ElementReference form; private ElementReference form;
private bool validated = false; private bool validated = false;
private int _moduleDefinitionId; private int _moduleDefinitionId;
@ -262,6 +267,8 @@
} }
_languages = _languages.OrderBy(item => item.Name).ToList(); _languages = _languages.OrderBy(item => item.Name).ToList();
} }
_initialized = true;
} }
} }
catch (Exception ex) catch (Exception ex)

2
Oqtane.Client/Modules/Controls/ActionDialog.razor
View File

@ -62,7 +62,7 @@
public SecurityAccessLevel? Security { get; set; } // optional - can be used to explicitly specify SecurityAccessLevel public SecurityAccessLevel? Security { get; set; } // optional - can be used to explicitly specify SecurityAccessLevel
[Parameter] [Parameter]
public string Permissions { get; set; } // optional - can be used to specify permissions (deprecated - use PermissionList) public string Permissions { get; set; } // deprecated - use PermissionList instead
[Parameter] [Parameter]
public List<Permission> PermissionList { get; set; } // optional - can be used to specify permissions public List<Permission> PermissionList { get; set; } // optional - can be used to specify permissions

2
Oqtane.Client/Modules/Controls/ActionLink.razor
View File

@ -53,7 +53,7 @@
public SecurityAccessLevel? Security { get; set; } // optional - can be used to explicitly specify SecurityAccessLevel public SecurityAccessLevel? Security { get; set; } // optional - can be used to explicitly specify SecurityAccessLevel
[Parameter] [Parameter]
public string Permissions { get; set; } // optional - can be used to specify permissions (deprecated - use PermissionList) public string Permissions { get; set; } // deprecated - use PermissionList instead
[Parameter] [Parameter]
public List<Permission> PermissionList { get; set; } // optional - can be used to specify permissions public List<Permission> PermissionList { get; set; } // optional - can be used to specify permissions

2
Oqtane.Client/Modules/Controls/PermissionGrid.razor
View File

@ -138,7 +138,7 @@
// initialize permissions // initialize permissions
_permissions = new List<Permission>(); _permissions = new List<Permission>();
if (PermissionList.Any()) if (PermissionList != null && PermissionList.Any())
{ {
foreach (var permission in PermissionList) foreach (var permission in PermissionList)
{ {

2
Oqtane.Client/Themes/Controls/Container/ModuleActionsBase.cs
View File

@ -44,7 +44,7 @@ namespace Oqtane.Themes.Controls
} }
actionList.Add(new ActionViewModel { Icon = Icons.Trash, Name = "Delete Module", Action = async (u, m) => await DeleteModule(u, m) }); actionList.Add(new ActionViewModel { Icon = Icons.Trash, Name = "Delete Module", Action = async (u, m) => await DeleteModule(u, m) });
if (ModuleState.ModuleDefinition != null && ModuleState.ModuleDefinition.ServerManagerType != "") if (ModuleState.ModuleDefinition != null && ModuleState.ModuleDefinition.IsPortable)
{ {
actionList.Add(new ActionViewModel { Name = "" }); actionList.Add(new ActionViewModel { Name = "" });
actionList.Add(new ActionViewModel { Icon = Icons.CloudUpload, Name = "Import Content", Action = async (u, m) => await EditUrlAsync(u, m.ModuleId, "Import") }); actionList.Add(new ActionViewModel { Icon = Icons.CloudUpload, Name = "Import Content", Action = async (u, m) => await EditUrlAsync(u, m.ModuleId, "Import") });

28
Oqtane.Server/Controllers/ModuleController.cs
View File

@ -47,6 +47,7 @@ namespace Oqtane.Controllers
int SiteId; int SiteId;
if (int.TryParse(siteid, out SiteId) && SiteId == _alias.SiteId) if (int.TryParse(siteid, out SiteId) && SiteId == _alias.SiteId)
{ {
List<ModuleDefinition> moduledefinitions = _moduleDefinitions.GetModuleDefinitions(SiteId).ToList();
List<Setting> settings = _settings.GetSettings(EntityNames.Module).ToList(); List<Setting> settings = _settings.GetSettings(EntityNames.Module).ToList();
foreach (PageModule pagemodule in _pageModules.GetPageModules(SiteId)) foreach (PageModule pagemodule in _pageModules.GetPageModules(SiteId))
@ -74,6 +75,8 @@ namespace Oqtane.Controllers
module.Order = pagemodule.Order; module.Order = pagemodule.Order;
module.ContainerType = pagemodule.ContainerType; module.ContainerType = pagemodule.ContainerType;
module.ModuleDefinition = FilterModuleDefinition(moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName));
module.Settings = settings.Where(item => item.EntityId == pagemodule.ModuleId) module.Settings = settings.Where(item => item.EntityId == pagemodule.ModuleId)
.Where(item => !item.IsPrivate || _userPermissions.IsAuthorized(User, PermissionNames.Edit, pagemodule.Module.PermissionList)) .Where(item => !item.IsPrivate || _userPermissions.IsAuthorized(User, PermissionNames.Edit, pagemodule.Module.PermissionList))
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue); .ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
@ -92,6 +95,29 @@ namespace Oqtane.Controllers
return modules; return modules;
} }
private ModuleDefinition FilterModuleDefinition(ModuleDefinition moduleDefinition)
{
if (moduleDefinition != null)
{
moduleDefinition.Description = "";
moduleDefinition.Categories = "";
moduleDefinition.Version = "";
moduleDefinition.Owner = "";
moduleDefinition.Url = "";
moduleDefinition.Contact = "";
moduleDefinition.License = "";
moduleDefinition.Dependencies = "";
moduleDefinition.PermissionNames = "";
moduleDefinition.ServerManagerType = "";
moduleDefinition.ReleaseVersions = "";
moduleDefinition.PackageName = "";
moduleDefinition.AssemblyName = "";
moduleDefinition.PermissionList = null;
moduleDefinition.Template = "";
}
return moduleDefinition;
}
// GET api/<controller>/5 // GET api/<controller>/5
[HttpGet("{id}")] [HttpGet("{id}")]
public Module Get(int id) public Module Get(int id)
@ -100,7 +126,7 @@ namespace Oqtane.Controllers
if (module != null && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User,PermissionNames.View, module.PermissionList)) if (module != null && module.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User,PermissionNames.View, module.PermissionList))
{ {
List<ModuleDefinition> moduledefinitions = _moduleDefinitions.GetModuleDefinitions(module.SiteId).ToList(); List<ModuleDefinition> moduledefinitions = _moduleDefinitions.GetModuleDefinitions(module.SiteId).ToList();
module.ModuleDefinition = moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName); module.ModuleDefinition = FilterModuleDefinition(moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName));
module.Settings = _settings.GetSettings(EntityNames.Module, id) module.Settings = _settings.GetSettings(EntityNames.Module, id)
.Where(item => !item.IsPrivate || _userPermissions.IsAuthorized(User, PermissionNames.Edit, module.PermissionList)) .Where(item => !item.IsPrivate || _userPermissions.IsAuthorized(User, PermissionNames.Edit, module.PermissionList))
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue); .ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);

27
Oqtane.Server/Controllers/SiteController.cs
View File

@ -13,6 +13,7 @@ using System.Globalization;
using Microsoft.Extensions.Caching.Memory; using Microsoft.Extensions.Caching.Memory;
using Oqtane.Extensions; using Oqtane.Extensions;
using System; using System;
using System.ComponentModel.DataAnnotations.Schema;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -128,7 +129,8 @@ namespace Oqtane.Controllers
module.Order = pagemodule.Order; module.Order = pagemodule.Order;
module.ContainerType = pagemodule.ContainerType; module.ContainerType = pagemodule.ContainerType;
module.ModuleDefinition = moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName); module.ModuleDefinition = FilterModuleDefinition(moduledefinitions.Find(item => item.ModuleDefinitionName == module.ModuleDefinitionName));
module.Settings = settings.Where(item => item.EntityId == pagemodule.ModuleId) module.Settings = settings.Where(item => item.EntityId == pagemodule.ModuleId)
.Where(item => !item.IsPrivate || _userPermissions.IsAuthorized(User, PermissionNames.Edit, pagemodule.Module.PermissionList)) .Where(item => !item.IsPrivate || _userPermissions.IsAuthorized(User, PermissionNames.Edit, pagemodule.Module.PermissionList))
.ToDictionary(setting => setting.SettingName, setting => setting.SettingValue); .ToDictionary(setting => setting.SettingName, setting => setting.SettingValue);
@ -152,6 +154,29 @@ namespace Oqtane.Controllers
} }
} }
private ModuleDefinition FilterModuleDefinition(ModuleDefinition moduleDefinition)
{
if (moduleDefinition != null)
{
moduleDefinition.Description = "";
moduleDefinition.Categories = "";
moduleDefinition.Version = "";
moduleDefinition.Owner = "";
moduleDefinition.Url = "";
moduleDefinition.Contact = "";
moduleDefinition.License = "";
moduleDefinition.Dependencies = "";
moduleDefinition.PermissionNames = "";
moduleDefinition.ServerManagerType = "";
moduleDefinition.ReleaseVersions = "";
moduleDefinition.PackageName = "";
moduleDefinition.AssemblyName = "";
moduleDefinition.PermissionList = null;
moduleDefinition.Template = "";
}
return moduleDefinition;
}
// POST api/<controller> // POST api/<controller>
[HttpPost] [HttpPost]
[Authorize(Roles = RoleNames.Host)] [Authorize(Roles = RoleNames.Host)]

14
Oqtane.Server/Repository/ModuleDefinitionRepository.cs
View File

@ -4,14 +4,10 @@ using System.Diagnostics;
using System.IO; using System.IO;
using System.Linq; using System.Linq;
using System.Reflection; using System.Reflection;
using System.Security.Policy;
using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Caching.Memory; using Microsoft.Extensions.Caching.Memory;
using Oqtane.Extensions;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Modules; using Oqtane.Modules;
using Oqtane.Modules.Admin.Roles;
using Oqtane.Modules.Admin.Users;
using Oqtane.Shared; using Oqtane.Shared;
namespace Oqtane.Repository namespace Oqtane.Repository
@ -239,6 +235,16 @@ namespace Oqtane.Repository
moduledefinition.ControlTypeTemplate = modulecontroltype.Namespace + "." + Constants.ActionToken + ", " + modulecontroltype.Assembly.GetName().Name; moduledefinition.ControlTypeTemplate = modulecontroltype.Namespace + "." + Constants.ActionToken + ", " + modulecontroltype.Assembly.GetName().Name;
moduledefinition.AssemblyName = assembly.GetName().Name; moduledefinition.AssemblyName = assembly.GetName().Name;
moduledefinition.IsPortable = false;
if (!string.IsNullOrEmpty(moduledefinition.ServerManagerType))
{
Type servertype = Type.GetType(moduledefinition.ServerManagerType);
if (servertype != null && servertype.GetInterface("IPortable") != null)
{
moduledefinition.IsPortable = true;
}
}
if (string.IsNullOrEmpty(moduledefinition.Categories)) if (string.IsNullOrEmpty(moduledefinition.Categories))
{ {
moduledefinition.Categories = "Common"; moduledefinition.Categories = "Common";

15
Oqtane.Server/Security/UserPermissions.cs
View File

@ -52,14 +52,9 @@ namespace Oqtane.Security
return IsAuthorized(principal, permissionName, _permissions.GetPermissions(siteId, entityName, entityId, permissionName).ToList()); return IsAuthorized(principal, permissionName, _permissions.GetPermissions(siteId, entityName, entityId, permissionName).ToList());
} }
public bool IsAuthorized(ClaimsPrincipal principal, string permissionName, List<Permission> permissions) public bool IsAuthorized(ClaimsPrincipal principal, string permissionName, List<Permission> permissionList)
{ {
return UserSecurity.IsAuthorized(GetUser(principal), permissionName, permissions); return UserSecurity.IsAuthorized(GetUser(principal), permissionName, permissionList);
}
public bool IsAuthorized(ClaimsPrincipal principal, string permissionName, string permissions)
{
return UserSecurity.IsAuthorized(GetUser(principal), permissionName, JsonSerializer.Deserialize<List<Permission>>(permissions));
} }
public User GetUser(ClaimsPrincipal principal) public User GetUser(ClaimsPrincipal principal)
@ -106,5 +101,11 @@ namespace Oqtane.Security
{ {
return IsAuthorized(principal, permissionName, _permissions.GetPermissions(_accessor.HttpContext.GetAlias().SiteId, entityName, entityId, permissionName).ToList()); return IsAuthorized(principal, permissionName, _permissions.GetPermissions(_accessor.HttpContext.GetAlias().SiteId, entityName, entityId, permissionName).ToList());
} }
[Obsolete("IsAuthorized(ClaimsPrincipal principal, string permissionName, string permissions) is deprecated. Use IsAuthorized(ClaimsPrincipal principal, string permissionName, List<Permission> permissionList) instead", false)]
public bool IsAuthorized(ClaimsPrincipal principal, string permissionName, string permissions)
{
return UserSecurity.IsAuthorized(GetUser(principal), permissionName, JsonSerializer.Deserialize<List<Permission>>(permissions));
}
} }
} }

10
Oqtane.Shared/Models/Folder.cs
View File

@ -2,6 +2,7 @@ using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.ComponentModel.DataAnnotations.Schema; using System.ComponentModel.DataAnnotations.Schema;
using System.Text.Json; using System.Text.Json;
using System.Text.Json.Serialization;
namespace Oqtane.Models namespace Oqtane.Models
{ {
@ -85,18 +86,19 @@ namespace Oqtane.Models
[NotMapped] [NotMapped]
public bool HasChildren { get; set; } public bool HasChildren { get; set; }
#region Deprecated Properties
[Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)] [Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
[NotMapped] [NotMapped]
[JsonIgnore] // exclude from API payload
public string Permissions public string Permissions
{ {
get get
{ {
return JsonSerializer.Serialize(PermissionList); return JsonSerializer.Serialize(PermissionList);
} }
set
{
PermissionList = JsonSerializer.Deserialize<List<Permission>>(Permissions);
}
} }
#endregion
} }
} }

10
Oqtane.Shared/Models/Module.cs
View File

@ -3,6 +3,7 @@ using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.ComponentModel.DataAnnotations.Schema; using System.ComponentModel.DataAnnotations.Schema;
using System.Text.Json; using System.Text.Json;
using System.Text.Json.Serialization;
namespace Oqtane.Models namespace Oqtane.Models
{ {
@ -109,18 +110,19 @@ namespace Oqtane.Models
#endregion #endregion
#region Deprecated Properties
[Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)] [Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
[NotMapped] [NotMapped]
[JsonIgnore] // exclude from API payload
public string Permissions public string Permissions
{ {
get get
{ {
return JsonSerializer.Serialize(PermissionList); return JsonSerializer.Serialize(PermissionList);
} }
set
{
PermissionList = JsonSerializer.Deserialize<List<Permission>>(Permissions);
}
} }
#endregion
} }
} }

29
Oqtane.Shared/Models/ModuleDefinition.cs
View File

@ -2,6 +2,7 @@ using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.ComponentModel.DataAnnotations.Schema; using System.ComponentModel.DataAnnotations.Schema;
using System.Text.Json; using System.Text.Json;
using System.Text.Json.Serialization;
using Oqtane.Documentation; using Oqtane.Documentation;
namespace Oqtane.Models namespace Oqtane.Models
@ -68,55 +69,75 @@ namespace Oqtane.Models
// additional IModule properties // additional IModule properties
[NotMapped] [NotMapped]
public string Owner { get; set; } public string Owner { get; set; }
[NotMapped] [NotMapped]
public string Url { get; set; } public string Url { get; set; }
[NotMapped] [NotMapped]
public string Contact { get; set; } public string Contact { get; set; }
[NotMapped] [NotMapped]
public string License { get; set; } public string License { get; set; }
[NotMapped] [NotMapped]
public string Runtimes { get; set; } public string Runtimes { get; set; }
[NotMapped] [NotMapped]
public string Dependencies { get; set; } public string Dependencies { get; set; }
[NotMapped] [NotMapped]
public string PermissionNames { get; set; } public string PermissionNames { get; set; }
[NotMapped] [NotMapped]
public string ServerManagerType { get; set; } public string ServerManagerType { get; set; }
[NotMapped] [NotMapped]
public string ControlTypeRoutes { get; set; } public string ControlTypeRoutes { get; set; }
[NotMapped] [NotMapped]
public string ReleaseVersions { get; set; } public string ReleaseVersions { get; set; }
[NotMapped] [NotMapped]
public string DefaultAction { get; set; } public string DefaultAction { get; set; }
[NotMapped] [NotMapped]
public string SettingsType { get; set; } // added in 2.0.2 public string SettingsType { get; set; } // added in 2.0.2
[NotMapped] [NotMapped]
public string PackageName { get; set; } // added in 2.1.0 public string PackageName { get; set; } // added in 2.1.0
// internal properties // internal properties
[NotMapped] [NotMapped]
public int SiteId { get; set; } public int SiteId { get; set; }
[NotMapped] [NotMapped]
public string ControlTypeTemplate { get; set; } public string ControlTypeTemplate { get; set; }
[NotMapped] [NotMapped]
public string AssemblyName { get; set; } public string AssemblyName { get; set; }
[NotMapped] [NotMapped]
public List<Permission> PermissionList { get; set; } public List<Permission> PermissionList { get; set; }
[NotMapped] [NotMapped]
public string Template { get; set; } public string Template { get; set; }
[NotMapped]
public bool IsPortable { get; set; }
#region Deprecated Properties
[Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)] [Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
[NotMapped] [NotMapped]
[JsonIgnore] // exclude from API payload
public string Permissions public string Permissions
{ {
get get
{ {
return JsonSerializer.Serialize(PermissionList); return JsonSerializer.Serialize(PermissionList);
} }
set
{
PermissionList = JsonSerializer.Deserialize<List<Permission>>(Permissions);
}
} }
#endregion
} }
} }

11
Oqtane.Shared/Models/Page.cs
View File

@ -2,6 +2,7 @@ using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.ComponentModel.DataAnnotations.Schema; using System.ComponentModel.DataAnnotations.Schema;
using System.Text.Json; using System.Text.Json;
using System.Text.Json.Serialization;
namespace Oqtane.Models namespace Oqtane.Models
{ {
@ -115,26 +116,24 @@ namespace Oqtane.Models
#region Deprecated Properties #region Deprecated Properties
[Obsolete("This property is deprecated", false)] [Obsolete("The EditMode property is deprecated", false)]
[NotMapped] [NotMapped]
public bool EditMode { get; set; } public bool EditMode { get; set; }
[Obsolete("This property is deprecated", false)] [Obsolete("The LayoutType property is deprecated", false)]
[NotMapped] [NotMapped]
public string LayoutType { get; set; } public string LayoutType { get; set; }
[Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)] [Obsolete("The Permissions property is deprecated. Use PermissionList instead", false)]
[NotMapped] [NotMapped]
[JsonIgnore] // exclude from API payload
public string Permissions { public string Permissions {
get get
{ {
return JsonSerializer.Serialize(PermissionList); return JsonSerializer.Serialize(PermissionList);
} }
set
{
PermissionList = JsonSerializer.Deserialize<List<Permission>>(Permissions);
}
} }
#endregion #endregion
} }
} }

8
Oqtane.Shared/Models/SiteTemplate.cs
View File

@ -33,10 +33,6 @@ namespace Oqtane.Models
{ {
return JsonSerializer.Serialize(PermissionList); return JsonSerializer.Serialize(PermissionList);
} }
set
{
PermissionList = JsonSerializer.Deserialize<List<Permission>>(PagePermissions);
}
} }
} }
@ -55,10 +51,6 @@ namespace Oqtane.Models
{ {
return JsonSerializer.Serialize(PermissionList); return JsonSerializer.Serialize(PermissionList);
} }
set
{
PermissionList = JsonSerializer.Deserialize<List<Permission>>(ModulePermissions);
}
} }
} }
} }

31
Oqtane.Shared/Security/UserSecurity.cs
View File

@ -20,42 +20,37 @@ namespace Oqtane.Security
return IsAuthorized(user, permissions); return IsAuthorized(user, permissions);
} }
public static bool IsAuthorized(User user, string permissionName, List<Permission> permissions) public static bool IsAuthorized(User user, string permissionName, List<Permission> permissionList)
{ {
return IsAuthorized(user, permissions.Where(item => item.PermissionName == permissionName).ToList()); return IsAuthorized(user, permissionList.Where(item => item.PermissionName == permissionName).ToList());
} }
public static bool IsAuthorized(User user, string permissionName, string permissions) public static bool IsAuthorized(User user, List<Permission> permissionList)
{
return IsAuthorized(user, JsonSerializer.Deserialize<List<Permission>>(permissions).Where(item => item.PermissionName == permissionName).ToList());
}
public static bool IsAuthorized(User user, List<Permission> permissions)
{ {
bool authorized = false; bool authorized = false;
if (permissions != null && permissions.Any()) if (permissionList != null && permissionList.Any())
{ {
if (user == null) if (user == null)
{ {
authorized = IsAuthorized(-1, "", permissions); // user is not authenticated but may have access to resource authorized = IsAuthorized(-1, "", permissionList); // user is not authenticated but may have access to resource
} }
else else
{ {
authorized = IsAuthorized(user.UserId, user.Roles, permissions); authorized = IsAuthorized(user.UserId, user.Roles, permissionList);
} }
} }
return authorized; return authorized;
} }
private static bool IsAuthorized(int userId, string roles, List<Permission> permissions) private static bool IsAuthorized(int userId, string roles, List<Permission> permissionList)
{ {
bool isAuthorized = false; bool isAuthorized = false;
if (permissions != null && permissions.Any()) if (permissionList != null && permissionList.Any())
{ {
// check if denied first // check if denied first
isAuthorized = !permissions.Where(item => !item.IsAuthorized && ( isAuthorized = !permissionList.Where(item => !item.IsAuthorized && (
(item.Role != null && ( (item.Role != null && (
(item.Role.Name == RoleNames.Everyone) || (item.Role.Name == RoleNames.Everyone) ||
(item.Role.Name == RoleNames.Unauthenticated && userId == -1) || (item.Role.Name == RoleNames.Unauthenticated && userId == -1) ||
@ -65,7 +60,7 @@ namespace Oqtane.Security
if (isAuthorized) if (isAuthorized)
{ {
// then check if authorized // then check if authorized
isAuthorized = permissions.Where(item => item.IsAuthorized && ( isAuthorized = permissionList.Where(item => item.IsAuthorized && (
(item.Role != null && ( (item.Role != null && (
(item.Role.Name == RoleNames.Everyone) || (item.Role.Name == RoleNames.Everyone) ||
(item.Role.Name == RoleNames.Unauthenticated && userId == -1) || (item.Role.Name == RoleNames.Unauthenticated && userId == -1) ||
@ -123,5 +118,11 @@ namespace Oqtane.Security
} }
return identity; return identity;
} }
[Obsolete("IsAuthorized(User user, string permissionName, string permissions) is deprecated. Use IsAuthorized(User user, string permissionName, List<Permission> permissionList) instead", false)]
public static bool IsAuthorized(User user, string permissionName, string permissions)
{
return IsAuthorized(user, JsonSerializer.Deserialize<List<Permission>>(permissions).Where(item => item.PermissionName == permissionName).ToList());
}
} }
} }