kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #215 from sbwalker/master

Browse Source 
fix page management
This commit is contained in:
Shaun Walker 2020-02-18 17:52:08 -05:00 committed by GitHub
commit db322feb5e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
8 changed files with 197 additions and 170 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
Oqtane.Client/Modules/Admin/Pages/Add.razor
View File

@ -4,6 +4,8 @@
@inject IPageService PageService
@inject IThemeService ThemeService
@if (Themes != null)
{
<table class="table table-borderless">
<tr>
<td>
@ -139,8 +141,9 @@
</td>
</tr>
</table>
<button type="button" class="btn btn-success" @onclick="SavePage">Save</button>
<NavLink class="btn btn-secondary" href="@NavigateUrl()">Cancel</NavLink>
<button type="button" class="btn btn-success" @onclick="SavePage">Save</button>
<NavLink class="btn btn-secondary" href="@NavigateUrl()">Cancel</NavLink>
}
@code {
public override SecurityAccessLevel SecurityAccessLevel { get { return SecurityAccessLevel.Admin; } }

17
Oqtane.Client/Modules/Admin/Pages/Edit.razor
View File

@ -4,7 +4,9 @@
@inject IPageService PageService
@inject IThemeService ThemeService
<table class="table table-borderless">
@if (Themes != null)
{
<table class="table table-borderless">
<tr>
<td>
<label for="Name" class="control-label">Name: </label>
@ -156,12 +158,13 @@
<PermissionGrid EntityName="Page" Permissions="@permissions" @ref="permissiongrid" />
</td>
</tr>
</table>
<button type="button" class="btn btn-success" @onclick="SavePage">Save</button>
<NavLink class="btn btn-secondary" href="@NavigateUrl()">Cancel</NavLink>
<br />
<br />
<AuditInfo CreatedBy="@createdby" CreatedOn="@createdon" ModifiedBy="@modifiedby" ModifiedOn="@modifiedon" DeletedBy="@deletedby" DeletedOn="@deletedon"></AuditInfo>
</table>
<button type="button" class="btn btn-success" @onclick="SavePage">Save</button>
<NavLink class="btn btn-secondary" href="@NavigateUrl()">Cancel</NavLink>
<br />
<br />
<AuditInfo CreatedBy="@createdby" CreatedOn="@createdon" ModifiedBy="@modifiedby" ModifiedOn="@modifiedon" DeletedBy="@deletedby" DeletedOn="@deletedon"></AuditInfo>
}
@code {
public override SecurityAccessLevel SecurityAccessLevel { get { return SecurityAccessLevel.Admin; } }

10
Oqtane.Server/Controllers/NotificationController.cs
View File

@ -5,8 +5,8 @@ using Oqtane.Repository;
using Oqtane.Models;
using Oqtane.Shared;
using Oqtane.Infrastructure;
using System.Security.Claims;
using Microsoft.AspNetCore.Http;
using Oqtane.Security;
namespace Oqtane.Controllers
{
@ -14,13 +14,13 @@ namespace Oqtane.Controllers
public class NotificationController : Controller
{
private readonly INotificationRepository Notifications;
private readonly IHttpContextAccessor Accessor;
private readonly IUserPermissions UserPermissions;
private readonly ILogManager logger;
public NotificationController(INotificationRepository Notifications, IHttpContextAccessor Accessor, ILogManager logger)
public NotificationController(INotificationRepository Notifications, IUserPermissions UserPermissions, ILogManager logger)
{
this.Notifications = Notifications;
this.Accessor = Accessor;
this.UserPermissions = UserPermissions;
this.logger = logger;
}
@ -101,7 +101,7 @@ namespace Oqtane.Controllers
bool authorized = true;
if (userid != null)
{
authorized = (int.Parse(Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid).Value) == userid);
authorized = (UserPermissions.GetUser(User).UserId == userid);
}
return authorized;
}

2
Oqtane.Server/Controllers/PageController.cs
View File

@ -107,7 +107,7 @@ namespace Oqtane.Controllers
{
Page page = null;
Page parent = Pages.GetPage(id);
if (parent != null && parent.IsPersonalizable && !string.IsNullOrEmpty(userid))
if (parent != null && parent.IsPersonalizable && UserPermissions.GetUser(User).UserId == int.Parse(userid))
{
page = new Page();
page.SiteId = parent.SiteId;

7
Oqtane.Server/Controllers/SettingController.cs
View File

@ -6,7 +6,6 @@ using Oqtane.Shared;
using Oqtane.Security;
using Oqtane.Infrastructure;
using System.Linq;
using System.Security.Claims;
using Microsoft.AspNetCore.Http;
namespace Oqtane.Controllers
@ -17,15 +16,13 @@ namespace Oqtane.Controllers
private readonly ISettingRepository Settings;
private readonly IPageModuleRepository PageModules;
private readonly IUserPermissions UserPermissions;
private readonly IHttpContextAccessor Accessor;
private readonly ILogManager logger;
public SettingController(ISettingRepository Settings, IPageModuleRepository PageModules, IUserPermissions UserPermissions, IHttpContextAccessor Accessor, ILogManager logger)
public SettingController(ISettingRepository Settings, IPageModuleRepository PageModules, IUserPermissions UserPermissions, ILogManager logger)
{
this.Settings = Settings;
this.PageModules = PageModules;
this.UserPermissions = UserPermissions;
this.Accessor = Accessor;
this.logger = logger;
}
@ -141,7 +138,7 @@ namespace Oqtane.Controllers
authorized = true;
if (PermissionName == "Edit")
{
authorized = User.IsInRole(Constants.AdminRole) || (int.Parse(Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid).Value) == EntityId);
authorized = User.IsInRole(Constants.AdminRole) || (UserPermissions.GetUser(User).UserId == EntityId);
}
break;
}

12
Oqtane.Server/Infrastructure/LogManager.cs
View File

@ -5,8 +5,8 @@ using System.Text.Json;
using Oqtane.Repository;
using Microsoft.Extensions.Configuration;
using Microsoft.AspNetCore.Http;
using System.Security.Claims;
using System.Collections.Generic;
using Oqtane.Security;
namespace Oqtane.Infrastructure
{
@ -15,13 +15,15 @@ namespace Oqtane.Infrastructure
private readonly ILogRepository Logs;
private readonly ITenantResolver TenantResolver;
private readonly IConfigurationRoot Config;
private readonly IUserPermissions UserPermissions;
private readonly IHttpContextAccessor Accessor;
public LogManager(ILogRepository Logs, ITenantResolver TenantResolver, IConfigurationRoot Config, IHttpContextAccessor Accessor)
public LogManager(ILogRepository Logs, ITenantResolver TenantResolver, IConfigurationRoot Config, IUserPermissions UserPermissions, IHttpContextAccessor Accessor)
{
this.Logs = Logs;
this.TenantResolver = TenantResolver;
this.Config = Config;
this.UserPermissions = UserPermissions;
this.Accessor = Accessor;
}
@ -37,9 +39,11 @@ namespace Oqtane.Infrastructure
log.SiteId = alias.SiteId;
log.PageId = null;
log.ModuleId = null;
if (Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid) != null)
log.UserId = null;
User user = UserPermissions.GetUser();
if (user != null)
{
log.UserId = int.Parse(Accessor.HttpContext.User.FindFirst(ClaimTypes.PrimarySid).Value);
log.UserId = user.UserId;
}
HttpRequest request = Accessor.HttpContext.Request;
if (request != null)

5
Oqtane.Server/Security/IUserPermissions.cs
View File

@ -1,4 +1,5 @@
using System.Security.Claims;
using Oqtane.Models;
using System.Security.Claims;
namespace Oqtane.Security
{
@ -6,5 +7,7 @@ namespace Oqtane.Security
{
bool IsAuthorized(ClaimsPrincipal User, string EntityName, int EntityId, string PermissionName);
bool IsAuthorized(ClaimsPrincipal User, string PermissionName, string Permissions);
User GetUser(ClaimsPrincipal User);
User GetUser();
}
}

23
Oqtane.Server/Security/UserPermissions.cs
View File

@ -1,4 +1,5 @@
using Oqtane.Models;
using Microsoft.AspNetCore.Http;
using Oqtane.Models;
using Oqtane.Repository;
using System.Linq;
using System.Security.Claims;
@ -8,10 +9,12 @@ namespace Oqtane.Security
public class UserPermissions : IUserPermissions
{
private readonly IPermissionRepository Permissions;
private readonly IHttpContextAccessor Accessor;
public UserPermissions(IPermissionRepository Permissions)
public UserPermissions(IPermissionRepository Permissions, IHttpContextAccessor Accessor)
{
this.Permissions = Permissions;
this.Accessor = Accessor;
}
public bool IsAuthorized(ClaimsPrincipal User, string EntityName, int EntityId, string PermissionName)
@ -20,13 +23,22 @@ namespace Oqtane.Security
}
public bool IsAuthorized(ClaimsPrincipal User, string PermissionName, string Permissions)
{
return UserSecurity.IsAuthorized(GetUser(User), PermissionName, Permissions);
}
public User GetUser(ClaimsPrincipal User)
{
User user = new User();
user.Username = "";
user.IsAuthenticated = false;
user.UserId = -1;
user.Roles = "";
if (User != null)
{
user.Username = User.Identity.Name;
user.IsAuthenticated = User.Identity.IsAuthenticated;
var idclaim = User.Claims.Where(item => item.Type == ClaimTypes.PrimarySid).FirstOrDefault();
if (idclaim != null)
{
@ -39,7 +51,12 @@ namespace Oqtane.Security
}
}
return UserSecurity.IsAuthorized(user, PermissionName, Permissions);
return user;
}
public User GetUser()
{
return GetUser(Accessor.HttpContext.User);
}
}
}