oqtane.framework/Oqtane.Client/Modules/Controls/ActionLink.razor

@using Microsoft.AspNetCore.Components.Routing
@using Oqtane.Modules
@using Oqtane.Services
@using Oqtane.Shared
@using Oqtane.Security
@inherits ModuleBase
@inject IUserService UserService

@if (authorized)
{
    <NavLink class="@classname" href="@url" style="@style">@text</NavLink>
}

@code {
    [Parameter]
    public string Action { get; set; }

    [Parameter]
    public string Text { get; set; } // optional

    [Parameter]
    public string Parameters { get; set; } // optional

    [Parameter]
    public string Class { get; set; } // optional

    [Parameter]
    public string Style { get; set; } // optional

    string text = "";
    string url = "";
    string parameters = "";
    string classname = "btn btn-primary";
    string style = "";
    bool authorized = false;

    protected override void OnInitialized()
    {
        text = Action;
        if (!String.IsNullOrEmpty(Text))
        {
            text = Text;
        }

        if (!String.IsNullOrEmpty(Parameters))
        {
            parameters = Parameters;
        }

        if (!string.IsNullOrEmpty(Class))
        {
           classname = Class;
        }

        if (!string.IsNullOrEmpty(Style))
        {
           style = Style;
        }

        url = EditUrl(Action, parameters);

        string typename = ModuleState.ModuleType.Replace(Utilities.GetTypeNameClass(ModuleState.ModuleType) + ",", Action + ",");
        Type moduleType = Type.GetType(typename);
        if (moduleType != null)
        {
            var moduleobject = Activator.CreateInstance(moduleType);
            SecurityAccessLevel SecurityAccessLevel = (SecurityAccessLevel)moduleType.GetProperty("SecurityAccessLevel").GetValue(moduleobject, null);
            switch (SecurityAccessLevel)
            {
                case SecurityAccessLevel.Anonymous:
                    authorized = true;
                    break;
                case SecurityAccessLevel.View:
                    authorized = UserSecurity.IsAuthorized(PageState.User, "View", ModuleState.Permissions);
                    break;
                case SecurityAccessLevel.Edit:
                    authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", ModuleState.Permissions);
                    break;
                case SecurityAccessLevel.Admin:
                    authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.AdminRole));
                    break;
                case SecurityAccessLevel.Host:
                    authorized = UserSecurity.IsAuthorized(PageState.User, "Edit", UserSecurity.SetPermissions("Edit", Constants.HostRole));
                    break;
            }
        }
    }
}