kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #215 from sbwalker/master

Browse Source 
fix page management
This commit is contained in:
Shaun Walker 2020-02-18 17:52:08 -05:00 committed by GitHub
commit db322feb5e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 197 additions and 170 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Oqtane.Client/Modules/Admin/Pages/Add.razor
View File

@ -4,6 +4,8 @@
@inject IPageService PageService @inject IPageService PageService
@inject IThemeService ThemeService @inject IThemeService ThemeService
@if (Themes != null)
{
<table class="table table-borderless"> <table class="table table-borderless">
<tr> <tr>
<td> <td>
@ -139,8 +141,9 @@
</td> </td>
</tr> </tr>
</table> </table>
<button type="button" class="btn btn-success" @onclick="SavePage">Save</button> <button type="button" class="btn btn-success" @onclick="SavePage">Save</button>
<NavLink class="btn btn-secondary" href="@NavigateUrl()">Cancel</NavLink> <NavLink class="btn btn-secondary" href="@NavigateUrl()">Cancel</NavLink>
}
@code { @code {
public override SecurityAccessLevel SecurityAccessLevel { get { return SecurityAccessLevel.Admin; } } public override SecurityAccessLevel SecurityAccessLevel { get { return SecurityAccessLevel.Admin; } }

301
Oqtane.Client/Modules/Admin/Pages/Edit.razor
View File

@ -4,164 +4,167 @@
@inject IPageService PageService @inject IPageService PageService
@inject IThemeService ThemeService @inject IThemeService ThemeService
<table class="table table-borderless"> @if (Themes != null)
<tr> {
<td> <table class="table table-borderless">
<label for="Name" class="control-label">Name: </label> <tr>
</td> <td>
<td> <label for="Name" class="control-label">Name: </label>
<input class="form-control" @bind="@name" /> </td>
</td> <td>
</tr> <input class="form-control" @bind="@name" />
<tr> </td>
<td> </tr>
<label for="Name" class="control-label">Path: </label> <tr>
</td> <td>
<td> <label for="Name" class="control-label">Path: </label>
<input class="form-control" @bind="@path" /> </td>
</td> <td>
</tr> <input class="form-control" @bind="@path" />
<tr> </td>
<td> </tr>
<label for="Name" class="control-label">Parent: </label> <tr>
</td> <td>
<td> <label for="Name" class="control-label">Parent: </label>
<select class="form-control" @onchange="(e => ParentChanged(e))"> </td>
<option value="-1">&lt;Site Root&gt;</option> <td>
@foreach (Page page in pages) <select class="form-control" @onchange="(e => ParentChanged(e))">
{ <option value="-1">&lt;Site Root&gt;</option>
if (page.PageId.ToString() == parentid) @foreach (Page page in pages)
{ {
<option value="@(page.PageId)" selected>@(new string('-', page.Level * 2))@(page.Name)</option> if (page.PageId.ToString() == parentid)
} {
else <option value="@(page.PageId)" selected>@(new string('-', page.Level * 2))@(page.Name)</option>
{ }
<option value="@(page.PageId)">@(new string('-', page.Level * 2))@(page.Name)</option> else
} {
} <option value="@(page.PageId)">@(new string('-', page.Level * 2))@(page.Name)</option>
</select> }
</td>
</tr>
<tr>
<td>
<label for="Name" class="control-label">Move: </label>
</td>
<td>
<select class="form-control" @bind="@insert">
@if (parentid == currentparentid)
{
<option value="=">&lt;Maintain Current Location&gt;</option>
}
<option value="<<">To Beginning</option>
@if (children != null && children.Count > 0)
{
<option value="<">Before</option>
<option value=">">After</option>
}
<option value=">>">To End</option>
</select>
@if (children != null && children.Count > 0 && (insert == "<" || insert == ">"))
{
<select class="form-control" @bind="@childid">
<option value="-1">&lt;Select Page&gt;</option>
@foreach (Page page in children)
{
<option value="@(page.PageId)">@(page.Name)</option>
} }
</select> </select>
} </td>
</td> </tr>
</tr> <tr>
<tr> <td>
<td> <label for="Name" class="control-label">Move: </label>
<label for="Name" class="control-label">Navigation? </label> </td>
</td> <td>
<td> <select class="form-control" @bind="@insert">
<select class="form-control" @bind="@isnavigation"> @if (parentid == currentparentid)
<option value="True">Yes</option>
<option value="False">No</option>
</select>
</td>
</tr>
<tr>
<td>
<label for="Name" class="control-label">Personalizable? </label>
</td>
<td>
<select class="form-control" @bind="@ispersonalizable">
<option value="True">Yes</option>
<option value="False">No</option>
</select>
</td>
</tr>
<tr>
<td>
<label for="Name" class="control-label">Default Mode? </label>
</td>
<td>
<select class="form-control" @bind="@mode">
<option value="view">View Mode</option>
<option value="edit">Edit Mode</option>
</select>
</td>
</tr>
<tr>
<td>
<label for="Name" class="control-label">Theme: </label>
</td>
<td>
<select class="form-control" @onchange="(e => ThemeChanged(e))">
<option value="">&lt;Select Theme&gt;</option>
@foreach (KeyValuePair<string, string> item in themes)
{
if (item.Key == themetype)
{ {
<option value="@item.Key" selected>@item.Value</option> <option value="=">&lt;Maintain Current Location&gt;</option>
} }
else <option value="<<">To Beginning</option>
@if (children != null && children.Count > 0)
{ {
<option value="@item.Key">@item.Value</option> <option value="<">Before</option>
<option value=">">After</option>
} }
} <option value=">>">To End</option>
</select> </select>
</td> @if (children != null && children.Count > 0 && (insert == "<" || insert == ">"))
</tr>
<tr>
<td>
<label for="Name" class="control-label">Layout: </label>
</td>
<td>
<select class="form-control" @bind="@layouttype">
<option value="">&lt;Select Layout&gt;</option>
@foreach (KeyValuePair<string, string> panelayout in panelayouts)
{ {
<option value="@panelayout.Key">@panelayout.Value</option> <select class="form-control" @bind="@childid">
<option value="-1">&lt;Select Page&gt;</option>
@foreach (Page page in children)
{
<option value="@(page.PageId)">@(page.Name)</option>
}
</select>
} }
</select> </td>
</td> </tr>
</tr> <tr>
<tr> <td>
<td> <label for="Name" class="control-label">Navigation? </label>
<label for="Name" class="control-label">Icon: </label> </td>
</td> <td>
<td> <select class="form-control" @bind="@isnavigation">
<input class="form-control" @bind="@icon" /> <option value="True">Yes</option>
</td> <option value="False">No</option>
</tr> </select>
<tr> </td>
<td> </tr>
<label for="Name" class="control-label">Permissions: </label> <tr>
</td> <td>
<td> <label for="Name" class="control-label">Personalizable? </label>
<PermissionGrid EntityName="Page" Permissions="@permissions" @ref="permissiongrid" /> </td>
</td> <td>
</tr> <select class="form-control" @bind="@ispersonalizable">
</table> <option value="True">Yes</option>
<button type="button" class="btn btn-success" @onclick="SavePage">Save</button> <option value="False">No</option>
<NavLink class="btn btn-secondary" href="@NavigateUrl()">Cancel</NavLink> </select>
<br /> </td>
<br /> </tr>
<AuditInfo CreatedBy="@createdby" CreatedOn="@createdon" ModifiedBy="@modifiedby" ModifiedOn="@modifiedon" DeletedBy="@deletedby" DeletedOn="@deletedon"></AuditInfo> <tr>
<td>
<label for="Name" class="control-label">Default Mode? </label>
</td>
<td>
<select class="form-control" @bind="@mode">
<option value="view">View Mode</option>
<option value="edit">Edit Mode</option>
</select>
</td>
</tr>
<tr>
<td>
<label for="Name" class="control-label">Theme: </label>
</td>
<td>
<select class="form-control" @onchange="(e => ThemeChanged(e))">
<option value="">&lt;Select Theme&gt;</option>
@foreach (KeyValuePair<string, string> item in themes)
{
if (item.Key == themetype)
{
<option value="@item.Key" selected>@item.Value</option>
}
else
{
<option value="@item.Key">@item.Value</option>
}
}
</select>
</td>
</tr>
<tr>
<td>
<label for="Name" class="control-label">Layout: </label>
</td>
<td>
<select class="form-control" @bind="@layouttype">
<option value="">&lt;Select Layout&gt;</option>
@foreach (KeyValuePair<string, string> panelayout in panelayouts)
{
<option value="@panelayout.Key">@panelayout.Value</option>
}
</select>
</td>
</tr>
<tr>
<td>
<label for="Name" class="control-label">Icon: </label>
</td>
<td>
<input class="form-control" @bind="@icon" />
</td>
</tr>
<tr>
<td>
<label for="Name" class="control-label">Permissions: </label>
</td>
<td>
<PermissionGrid EntityName="Page" Permissions="@permissions" @ref="permissiongrid" />
</td>
</tr>
</table>
<button type="button" class="btn btn-success" @onclick="SavePage">Save</button>
<NavLink class="btn btn-secondary" href="@NavigateUrl()">Cancel</NavLink>
<br />
<br />
<AuditInfo CreatedBy="@createdby" CreatedOn="@createdon" ModifiedBy="@modifiedby" ModifiedOn="@modifiedon" DeletedBy="@deletedby" DeletedOn="@deletedon"></AuditInfo>
}
@code { @code {
public override SecurityAccessLevel SecurityAccessLevel { get { return SecurityAccessLevel.Admin; } } public override SecurityAccessLevel SecurityAccessLevel { get { return SecurityAccessLevel.Admin; } }

10
Oqtane.Server/Controllers/NotificationController.cs
View File

@ -5,8 +5,8 @@ using Oqtane.Repository;
using Oqtane.Models; using Oqtane.Models;
using Oqtane.Shared; using Oqtane.Shared;
using Oqtane.Infrastructure; using Oqtane.Infrastructure;
using System.Security.Claims;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using Oqtane.Security;
namespace Oqtane.Controllers namespace Oqtane.Controllers
{ {
@ -14,13 +14,13 @@ namespace Oqtane.Controllers
public class NotificationController : Controller public class NotificationController : Controller
{ {
private readonly INotificationRepository Notifications; private readonly INotificationRepository Notifications;
private readonly IHttpContextAccessor Accessor; private readonly IUserPermissions UserPermissions;
private readonly ILogManager logger; private readonly ILogManager logger;
public NotificationController(INotificationRepository Notifications, IHttpContextAccessor Accessor, ILogManager logger) public NotificationController(INotificationRepository Notifications, IUserPermissions UserPermissions, ILogManager logger)
{ {
this.Notifications = Notifications; this.Notifications = Notifications;
this.Accessor = Accessor; this.UserPermissions = UserPermissions;
this.logger = logger; this.logger = logger;
} }
@ -101,7 +101,7 @@ namespace Oqtane.Controllers
bool authorized = true; bool authorized = true;
if (userid != null) if (userid != null)
{ {
authorized = (int.Parse(Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid).Value) == userid); authorized = (UserPermissions.GetUser(User).UserId == userid);
} }
return authorized; return authorized;
} }

2
Oqtane.Server/Controllers/PageController.cs
View File

@ -107,7 +107,7 @@ namespace Oqtane.Controllers
{ {
Page page = null; Page page = null;
Page parent = Pages.GetPage(id); Page parent = Pages.GetPage(id);
if (parent != null && parent.IsPersonalizable && !string.IsNullOrEmpty(userid)) if (parent != null && parent.IsPersonalizable && UserPermissions.GetUser(User).UserId == int.Parse(userid))
{ {
page = new Page(); page = new Page();
page.SiteId = parent.SiteId; page.SiteId = parent.SiteId;

7
Oqtane.Server/Controllers/SettingController.cs
View File

@ -6,7 +6,6 @@ using Oqtane.Shared;
using Oqtane.Security; using Oqtane.Security;
using Oqtane.Infrastructure; using Oqtane.Infrastructure;
using System.Linq; using System.Linq;
using System.Security.Claims;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
namespace Oqtane.Controllers namespace Oqtane.Controllers
@ -17,15 +16,13 @@ namespace Oqtane.Controllers
private readonly ISettingRepository Settings; private readonly ISettingRepository Settings;
private readonly IPageModuleRepository PageModules; private readonly IPageModuleRepository PageModules;
private readonly IUserPermissions UserPermissions; private readonly IUserPermissions UserPermissions;
private readonly IHttpContextAccessor Accessor;
private readonly ILogManager logger; private readonly ILogManager logger;
public SettingController(ISettingRepository Settings, IPageModuleRepository PageModules, IUserPermissions UserPermissions, IHttpContextAccessor Accessor, ILogManager logger) public SettingController(ISettingRepository Settings, IPageModuleRepository PageModules, IUserPermissions UserPermissions, ILogManager logger)
{ {
this.Settings = Settings; this.Settings = Settings;
this.PageModules = PageModules; this.PageModules = PageModules;
this.UserPermissions = UserPermissions; this.UserPermissions = UserPermissions;
this.Accessor = Accessor;
this.logger = logger; this.logger = logger;
} }
@ -141,7 +138,7 @@ namespace Oqtane.Controllers
authorized = true; authorized = true;
if (PermissionName == "Edit") if (PermissionName == "Edit")
{ {
authorized = User.IsInRole(Constants.AdminRole) || (int.Parse(Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid).Value) == EntityId); authorized = User.IsInRole(Constants.AdminRole) || (UserPermissions.GetUser(User).UserId == EntityId);
} }
break; break;
} }

12
Oqtane.Server/Infrastructure/LogManager.cs
View File

@ -5,8 +5,8 @@ using System.Text.Json;
using Oqtane.Repository; using Oqtane.Repository;
using Microsoft.Extensions.Configuration; using Microsoft.Extensions.Configuration;
using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Http;
using System.Security.Claims;
using System.Collections.Generic; using System.Collections.Generic;
using Oqtane.Security;
namespace Oqtane.Infrastructure namespace Oqtane.Infrastructure
{ {
@ -15,13 +15,15 @@ namespace Oqtane.Infrastructure
private readonly ILogRepository Logs; private readonly ILogRepository Logs;
private readonly ITenantResolver TenantResolver; private readonly ITenantResolver TenantResolver;
private readonly IConfigurationRoot Config; private readonly IConfigurationRoot Config;
private readonly IUserPermissions UserPermissions;
private readonly IHttpContextAccessor Accessor; private readonly IHttpContextAccessor Accessor;
public LogManager(ILogRepository Logs, ITenantResolver TenantResolver, IConfigurationRoot Config, IHttpContextAccessor Accessor) public LogManager(ILogRepository Logs, ITenantResolver TenantResolver, IConfigurationRoot Config, IUserPermissions UserPermissions, IHttpContextAccessor Accessor)
{ {
this.Logs = Logs; this.Logs = Logs;
this.TenantResolver = TenantResolver; this.TenantResolver = TenantResolver;
this.Config = Config; this.Config = Config;
this.UserPermissions = UserPermissions;
this.Accessor = Accessor; this.Accessor = Accessor;
} }
@ -37,9 +39,11 @@ namespace Oqtane.Infrastructure
log.SiteId = alias.SiteId; log.SiteId = alias.SiteId;
log.PageId = null; log.PageId = null;
log.ModuleId = null; log.ModuleId = null;
if (Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid) != null) log.UserId = null;
User user = UserPermissions.GetUser();
if (user != null)
{ {
log.UserId = int.Parse(Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid).Value); log.UserId = user.UserId;
} }
HttpRequest request = Accessor.HttpContext.Request; HttpRequest request = Accessor.HttpContext.Request;
if (request != null) if (request != null)

5
Oqtane.Server/Security/IUserPermissions.cs
View File

@ -1,4 +1,5 @@
using System.Security.Claims; using Oqtane.Models;
using System.Security.Claims;
namespace Oqtane.Security namespace Oqtane.Security
{ {
@ -6,5 +7,7 @@ namespace Oqtane.Security
{ {
bool IsAuthorized(ClaimsPrincipal User, string EntityName, int EntityId, string PermissionName); bool IsAuthorized(ClaimsPrincipal User, string EntityName, int EntityId, string PermissionName);
bool IsAuthorized(ClaimsPrincipal User, string PermissionName, string Permissions); bool IsAuthorized(ClaimsPrincipal User, string PermissionName, string Permissions);
User GetUser(ClaimsPrincipal User);
User GetUser();
} }
} }

23
Oqtane.Server/Security/UserPermissions.cs
View File

@ -1,4 +1,5 @@
using Oqtane.Models; using Microsoft.AspNetCore.Http;
using Oqtane.Models;
using Oqtane.Repository; using Oqtane.Repository;
using System.Linq; using System.Linq;
using System.Security.Claims; using System.Security.Claims;
@ -8,10 +9,12 @@ namespace Oqtane.Security
public class UserPermissions : IUserPermissions public class UserPermissions : IUserPermissions
{ {
private readonly IPermissionRepository Permissions; private readonly IPermissionRepository Permissions;
private readonly IHttpContextAccessor Accessor;
public UserPermissions(IPermissionRepository Permissions) public UserPermissions(IPermissionRepository Permissions, IHttpContextAccessor Accessor)
{ {
this.Permissions = Permissions; this.Permissions = Permissions;
this.Accessor = Accessor;
} }
public bool IsAuthorized(ClaimsPrincipal User, string EntityName, int EntityId, string PermissionName) public bool IsAuthorized(ClaimsPrincipal User, string EntityName, int EntityId, string PermissionName)
@ -20,13 +23,22 @@ namespace Oqtane.Security
} }
public bool IsAuthorized(ClaimsPrincipal User, string PermissionName, string Permissions) public bool IsAuthorized(ClaimsPrincipal User, string PermissionName, string Permissions)
{
return UserSecurity.IsAuthorized(GetUser(User), PermissionName, Permissions);
}
public User GetUser(ClaimsPrincipal User)
{ {
User user = new User(); User user = new User();
user.Username = "";
user.IsAuthenticated = false;
user.UserId = -1; user.UserId = -1;
user.Roles = ""; user.Roles = "";
if (User != null) if (User != null)
{ {
user.Username = User.Identity.Name;
user.IsAuthenticated = User.Identity.IsAuthenticated;
var idclaim = User.Claims.Where(item => item.Type == ClaimTypes.PrimarySid).FirstOrDefault(); var idclaim = User.Claims.Where(item => item.Type == ClaimTypes.PrimarySid).FirstOrDefault();
if (idclaim != null) if (idclaim != null)
{ {
@ -39,7 +51,12 @@ namespace Oqtane.Security
} }
} }
return UserSecurity.IsAuthorized(user, PermissionName, Permissions); return user;
}
public User GetUser()
{
return GetUser(Accessor.HttpContext.User);
} }
} }
} }