Merge pull request #215 from sbwalker/master

fix page management
2020-02-18 17:52:08 -05:00 · 2020-02-18 17:52:08 -05:00 · db322feb5e
commit db322feb5e
parent 44d855e6d4 05eaf12003
8 changed files with 197 additions and 170 deletions
--- a/Oqtane.Client/Modules/Admin/Pages/Add.razor
+++ b/Oqtane.Client/Modules/Admin/Pages/Add.razor
@ -4,6 +4,8 @@
@inject IPageService PageService
@inject IThemeService  ThemeService
@if (Themes != null)
 {
    <table class="table table-borderless">
        <tr>
            <td>
@ -141,6 +143,7 @@
    </table>
    <button type="button" class="btn btn-success" @onclick="SavePage">Save</button>
    <NavLink class="btn btn-secondary" href="@NavigateUrl()">Cancel</NavLink>
 }
@code {
    public override SecurityAccessLevel SecurityAccessLevel { get { return SecurityAccessLevel.Admin; } }
--- a/Oqtane.Client/Modules/Admin/Pages/Edit.razor
+++ b/Oqtane.Client/Modules/Admin/Pages/Edit.razor
@ -4,6 +4,8 @@
@inject IPageService PageService
@inject IThemeService  ThemeService
@if (Themes != null)
 {
    <table class="table table-borderless">
        <tr>
            <td>
@ -162,6 +164,7 @@
    <br />
    <br />
    <AuditInfo CreatedBy="@createdby" CreatedOn="@createdon" ModifiedBy="@modifiedby" ModifiedOn="@modifiedon" DeletedBy="@deletedby" DeletedOn="@deletedon"></AuditInfo>
 }
@code {
    public override SecurityAccessLevel SecurityAccessLevel { get { return SecurityAccessLevel.Admin; } }
--- a/Oqtane.Server/Controllers/NotificationController.cs
+++ b/Oqtane.Server/Controllers/NotificationController.cs
@ -5,8 +5,8 @@ using Oqtane.Repository;
 using Oqtane.Models;
 using Oqtane.Shared;
 using Oqtane.Infrastructure;
 using System.Security.Claims;
 using Microsoft.AspNetCore.Http;
 using Oqtane.Security;
 namespace Oqtane.Controllers
 {
@ -14,13 +14,13 @@ namespace Oqtane.Controllers
    public class NotificationController : Controller
    {
        private readonly INotificationRepository Notifications;
-        private readonly IHttpContextAccessor Accessor;
+        private readonly IUserPermissions UserPermissions;
        private readonly ILogManager logger;
-        public NotificationController(INotificationRepository Notifications, IHttpContextAccessor Accessor, ILogManager logger)
+        public NotificationController(INotificationRepository Notifications, IUserPermissions UserPermissions, ILogManager logger)
        {
            this.Notifications = Notifications;
-            this.Accessor = Accessor;
+            this.UserPermissions = UserPermissions;
            this.logger = logger;
        }
@ -101,7 +101,7 @@ namespace Oqtane.Controllers
            bool authorized = true;
            if (userid != null)
            {
-                authorized = (int.Parse(Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid).Value) == userid);
+                authorized = (UserPermissions.GetUser(User).UserId == userid);
            }
            return authorized;
        }
--- a/Oqtane.Server/Controllers/PageController.cs
+++ b/Oqtane.Server/Controllers/PageController.cs
@ -107,7 +107,7 @@ namespace Oqtane.Controllers
        {
            Page page = null;
            Page parent = Pages.GetPage(id);
-            if (parent != null && parent.IsPersonalizable && !string.IsNullOrEmpty(userid))
+            if (parent != null && parent.IsPersonalizable && UserPermissions.GetUser(User).UserId == int.Parse(userid))
            {
                page = new Page();
                page.SiteId = parent.SiteId;
--- a/Oqtane.Server/Controllers/SettingController.cs
+++ b/Oqtane.Server/Controllers/SettingController.cs
@ -6,7 +6,6 @@ using Oqtane.Shared;
 using Oqtane.Security;
 using Oqtane.Infrastructure;
 using System.Linq;
 using System.Security.Claims;
 using Microsoft.AspNetCore.Http;
 namespace Oqtane.Controllers
@ -17,15 +16,13 @@ namespace Oqtane.Controllers
        private readonly ISettingRepository Settings;
        private readonly IPageModuleRepository PageModules;
        private readonly IUserPermissions UserPermissions;
        private readonly IHttpContextAccessor Accessor;
        private readonly ILogManager logger;
-        public SettingController(ISettingRepository Settings, IPageModuleRepository PageModules, IUserPermissions UserPermissions, IHttpContextAccessor Accessor, ILogManager logger)
+        public SettingController(ISettingRepository Settings, IPageModuleRepository PageModules, IUserPermissions UserPermissions, ILogManager logger)
        {
            this.Settings = Settings;
            this.PageModules = PageModules;
            this.UserPermissions = UserPermissions;
            this.Accessor = Accessor;
            this.logger = logger;
        }
@ -141,7 +138,7 @@ namespace Oqtane.Controllers
                    authorized = true;
                    if (PermissionName == "Edit")
                    {
-                        authorized = User.IsInRole(Constants.AdminRole) || (int.Parse(Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid).Value) == EntityId);
+                        authorized = User.IsInRole(Constants.AdminRole) || (UserPermissions.GetUser(User).UserId == EntityId);
                    }
                    break;
            }
--- a/Oqtane.Server/Infrastructure/LogManager.cs
+++ b/Oqtane.Server/Infrastructure/LogManager.cs
@ -5,8 +5,8 @@ using System.Text.Json;
 using Oqtane.Repository;
 using Microsoft.Extensions.Configuration;
 using Microsoft.AspNetCore.Http;
 using System.Security.Claims;
 using System.Collections.Generic;
 using Oqtane.Security;
 namespace Oqtane.Infrastructure
 {
@ -15,13 +15,15 @@ namespace Oqtane.Infrastructure
        private readonly ILogRepository Logs;
        private readonly ITenantResolver TenantResolver;
        private readonly IConfigurationRoot Config;
        private readonly IUserPermissions UserPermissions;
        private readonly IHttpContextAccessor Accessor;
-        public LogManager(ILogRepository Logs, ITenantResolver TenantResolver, IConfigurationRoot Config, IHttpContextAccessor Accessor)
+        public LogManager(ILogRepository Logs, ITenantResolver TenantResolver, IConfigurationRoot Config, IUserPermissions UserPermissions, IHttpContextAccessor Accessor)
        {
            this.Logs = Logs;
            this.TenantResolver = TenantResolver;
            this.Config = Config;
            this.UserPermissions = UserPermissions;
            this.Accessor = Accessor;
        }
@ -37,9 +39,11 @@ namespace Oqtane.Infrastructure
            log.SiteId = alias.SiteId;
            log.PageId = null;
            log.ModuleId = null;
-            if (Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid) != null)
+            log.UserId = null;
            User user = UserPermissions.GetUser();
            if (user != null)
            {
-                log.UserId = int.Parse(Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid).Value);
+                log.UserId = user.UserId;
            }
            HttpRequest request = Accessor.HttpContext.Request;
            if (request != null)
--- a/Oqtane.Server/Security/IUserPermissions.cs
+++ b/Oqtane.Server/Security/IUserPermissions.cs
@ -1,4 +1,5 @@
-using System.Security.Claims;
+using Oqtane.Models;
 using System.Security.Claims;
 namespace Oqtane.Security
 {
@ -6,5 +7,7 @@ namespace Oqtane.Security
    {
        bool IsAuthorized(ClaimsPrincipal User, string EntityName, int EntityId, string PermissionName);
        bool IsAuthorized(ClaimsPrincipal User, string PermissionName, string Permissions);
        User GetUser(ClaimsPrincipal User);
        User GetUser();
    }
 }
--- a/Oqtane.Server/Security/UserPermissions.cs
+++ b/Oqtane.Server/Security/UserPermissions.cs
@ -1,4 +1,5 @@
-using Oqtane.Models;
+using Microsoft.AspNetCore.Http;
 using Oqtane.Models;
 using Oqtane.Repository;
 using System.Linq;
 using System.Security.Claims;
@ -8,10 +9,12 @@ namespace Oqtane.Security
    public class UserPermissions : IUserPermissions
    {
        private readonly IPermissionRepository Permissions;
        private readonly IHttpContextAccessor Accessor;
-        public UserPermissions(IPermissionRepository Permissions)
+        public UserPermissions(IPermissionRepository Permissions, IHttpContextAccessor Accessor)
        {
            this.Permissions = Permissions;
            this.Accessor = Accessor;
        }
        public bool IsAuthorized(ClaimsPrincipal User, string EntityName, int EntityId, string PermissionName)
@ -20,13 +23,22 @@ namespace Oqtane.Security
        }
        public bool IsAuthorized(ClaimsPrincipal User, string PermissionName, string Permissions)
        {
            return UserSecurity.IsAuthorized(GetUser(User), PermissionName, Permissions);
        }
        public User GetUser(ClaimsPrincipal User)
        {
            User user = new User();
            user.Username = "";
            user.IsAuthenticated = false;
            user.UserId = -1;
            user.Roles = "";
            if (User != null)
            {
                user.Username = User.Identity.Name;
                user.IsAuthenticated = User.Identity.IsAuthenticated;
                var idclaim = User.Claims.Where(item => item.Type == ClaimTypes.PrimarySid).FirstOrDefault();
                if (idclaim != null)
                {
@ -39,7 +51,12 @@ namespace Oqtane.Security
                }
            }
-            return UserSecurity.IsAuthorized(user, PermissionName, Permissions);
+            return user;
        }
        public User GetUser()
        {
            return GetUser(Accessor.HttpContext.User);
        }
    }
 }