diff --git a/Oqtane.Client/Modules/Admin/UserProfile/Index.razor b/Oqtane.Client/Modules/Admin/UserProfile/Index.razor
index 91a31585..d21f9541 100644
--- a/Oqtane.Client/Modules/Admin/UserProfile/Index.razor
+++ b/Oqtane.Client/Modules/Admin/UserProfile/Index.razor
@@ -230,13 +230,13 @@
@if (context.IsRead)
{
- | @context.FromDisplayName |
+ @(string.IsNullOrEmpty(context.FromDisplayName) ? SharedLocalizer["System"] : context.FromDisplayName) |
@context.Subject |
@string.Format("{0:dd-MMM-yyyy HH:mm:ss}", @context.CreatedOn) |
}
else
{
- @context.FromDisplayName |
+ @(string.IsNullOrEmpty(context.FromDisplayName) ? SharedLocalizer["System"] : context.FromDisplayName) |
@context.Subject |
@string.Format("{0:dd-MMM-yyyy HH:mm:ss}", @context.CreatedOn) |
}
diff --git a/Oqtane.Client/Modules/Admin/UserProfile/View.razor b/Oqtane.Client/Modules/Admin/UserProfile/View.razor
index 3f104710..5e7205d4 100644
--- a/Oqtane.Client/Modules/Admin/UserProfile/View.razor
+++ b/Oqtane.Client/Modules/Admin/UserProfile/View.razor
@@ -128,7 +128,7 @@
createdon = notification.CreatedOn.ToString();
body = notification.Body;
- if (title == "From")
+ if (title == "From" && !notification.IsRead)
{
notification.IsRead = true;
notification = await NotificationService.UpdateNotificationAsync(notification);
diff --git a/Oqtane.Client/Resources/Modules/Admin/Site/Index.resx b/Oqtane.Client/Resources/Modules/Admin/Site/Index.resx
index 1f3bf2c6..670a4cba 100644
--- a/Oqtane.Client/Resources/Modules/Admin/Site/Index.resx
+++ b/Oqtane.Client/Resources/Modules/Admin/Site/Index.resx
@@ -435,4 +435,7 @@
Functionality
+
+ System
+
\ No newline at end of file
diff --git a/Oqtane.Server/Controllers/NotificationController.cs b/Oqtane.Server/Controllers/NotificationController.cs
index 5f7ee353..8e439fd2 100644
--- a/Oqtane.Server/Controllers/NotificationController.cs
+++ b/Oqtane.Server/Controllers/NotificationController.cs
@@ -183,7 +183,7 @@ namespace Oqtane.Controllers
{
if (ModelState.IsValid && notification.SiteId == _alias.SiteId && notification.NotificationId == id && _notifications.GetNotification(notification.NotificationId, false) != null && (IsAuthorized(notification.FromUserId) || IsAuthorized(notification.ToUserId)))
{
- if (!User.IsInRole(RoleNames.Admin))
+ if (!User.IsInRole(RoleNames.Admin) && notification.FromUserId != null)
{
// content must be HTML encoded for non-admins to prevent HTML injection
notification.Subject = WebUtility.HtmlEncode(notification.Subject);
@@ -223,7 +223,7 @@ namespace Oqtane.Controllers
private bool IsAuthorized(int? userid)
{
- bool authorized = true;
+ bool authorized = false;
if (userid != null)
{
authorized = (_userPermissions.GetUser(User).UserId == userid);
diff --git a/Oqtane.Shared/Models/Notification.cs b/Oqtane.Shared/Models/Notification.cs
index d7e08c01..bc76dfa2 100644
--- a/Oqtane.Shared/Models/Notification.cs
+++ b/Oqtane.Shared/Models/Notification.cs
@@ -144,25 +144,25 @@ namespace Oqtane.Models
{
FromUserId = from.UserId;
FromDisplayName = from.DisplayName;
- FromEmail = from.Email;
+ FromEmail = from.Email ?? "";
}
else
{
FromUserId = null;
FromDisplayName = fromDisplayName;
- FromEmail = fromEmail;
+ FromEmail = fromEmail ?? "";
}
if (to != null)
{
ToUserId = to.UserId;
ToDisplayName = to.DisplayName;
- ToEmail = to.Email;
+ ToEmail = to.Email ?? "";
}
else
{
ToUserId = null;
ToDisplayName = toDisplayName;
- ToEmail = toEmail;
+ ToEmail = toEmail ?? "";
}
Subject = subject;
Body = body;