313 lines
10 KiB
Plaintext
313 lines
10 KiB
Plaintext
@namespace Oqtane.Modules.Controls
|
|
@inherits ModuleControlBase
|
|
@inject IRoleService RoleService
|
|
@inject IUserService UserService
|
|
@inject IUserRoleService UserRoleService
|
|
@inject IStringLocalizer<PermissionGrid> Localizer
|
|
@inject IStringLocalizer<SharedResources> SharedLocalizer
|
|
|
|
@if (_permissions != null)
|
|
{
|
|
<div class="container">
|
|
<div class="row">
|
|
<div class="col">
|
|
<table class="table table-borderless">
|
|
<tbody>
|
|
<tr>
|
|
<th scope="col">@Localizer["Role"]</th>
|
|
@foreach (PermissionString permission in _permissions)
|
|
{
|
|
<th style="text-align: center; width: 1px;">@((MarkupString)GetPermissionName(permission).Replace(" ", "<br />"))</th>
|
|
}
|
|
</tr>
|
|
@foreach (Role role in _roles)
|
|
{
|
|
<tr>
|
|
<td>@role.Name</td>
|
|
@foreach (PermissionString permission in _permissions)
|
|
{
|
|
var p = permission;
|
|
<td style="text-align: center;">
|
|
<TriStateCheckBox Value=@GetPermissionValue(p.Permissions, role.Name) Disabled="@GetPermissionDisabled(p.EntityName, p.PermissionName, role.Name)" OnChange="@(e => PermissionChanged(e, p.EntityName, p.PermissionName, role.Name))" />
|
|
</td>
|
|
}
|
|
</tr>
|
|
}
|
|
</tbody>
|
|
</table>
|
|
<br />
|
|
</div>
|
|
</div>
|
|
<div class="row">
|
|
<div class="col">
|
|
@if (_users.Count != 0)
|
|
{
|
|
<div class="row">
|
|
<div class="col">
|
|
</div>
|
|
</div>
|
|
<table class="table table-borderless">
|
|
<thead>
|
|
<tr>
|
|
<th scope="col">@Localizer["User"]</th>
|
|
@foreach (PermissionString permission in _permissions)
|
|
{
|
|
<th style="text-align: center; width: 1px;">@Localizer[permission.PermissionName]</th>
|
|
}
|
|
</tr>
|
|
</thead>
|
|
<tbody>
|
|
@foreach (User user in _users)
|
|
{
|
|
string userid = "[" + user.UserId.ToString() + "]";
|
|
<tr>
|
|
<td>@user.DisplayName</td>
|
|
@foreach (PermissionString permission in _permissions)
|
|
{
|
|
var p = permission;
|
|
<td style="text-align: center; width: 1px;">
|
|
<TriStateCheckBox Value=@GetPermissionValue(p.Permissions, userid) Disabled="@GetPermissionDisabled(p.EntityName, p.PermissionName, "")" OnChange="@(e => PermissionChanged(e, p.EntityName, p.PermissionName, userid))" />
|
|
</td>
|
|
}
|
|
</tr>
|
|
}
|
|
</tbody>
|
|
</table>
|
|
<br />
|
|
}
|
|
</div>
|
|
</div>
|
|
<div class="row">
|
|
<div class="col-11">
|
|
<AutoComplete OnSearch="GetUsers" Placeholder="@Localizer["Username.Enter"]" @ref="_user" />
|
|
</div>
|
|
<div class="col-1">
|
|
<button type="button" class="btn btn-primary" @onclick="AddUser">@SharedLocalizer["Add"]</button>
|
|
</div>
|
|
</div>
|
|
<div class="row">
|
|
<div class="col">
|
|
<ModuleMessage Type="MessageType.Warning" Message="@_message" />
|
|
</div>
|
|
</div>
|
|
</div>
|
|
}
|
|
|
|
@code {
|
|
private string _permissionnames = string.Empty;
|
|
private List<Role> _roles;
|
|
private List<PermissionString> _permissions;
|
|
private List<User> _users = new List<User>();
|
|
private AutoComplete _user;
|
|
private string _message = string.Empty;
|
|
|
|
[Parameter]
|
|
public string EntityName { get; set; }
|
|
|
|
[Parameter]
|
|
public string PermissionNames { get; set; }
|
|
|
|
[Parameter]
|
|
public string Permissions { get; set; }
|
|
|
|
protected override async Task OnInitializedAsync()
|
|
{
|
|
if (string.IsNullOrEmpty(PermissionNames))
|
|
{
|
|
_permissionnames = Shared.PermissionNames.View + "," + Shared.PermissionNames.Edit;
|
|
}
|
|
else
|
|
{
|
|
_permissionnames = PermissionNames;
|
|
}
|
|
|
|
_roles = await RoleService.GetRolesAsync(ModuleState.SiteId, true);
|
|
if (!UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
|
|
{
|
|
_roles.RemoveAll(item => item.Name == RoleNames.Host);
|
|
}
|
|
|
|
_permissions = new List<PermissionString>();
|
|
|
|
foreach (string permissionname in _permissionnames.Split(',', StringSplitOptions.RemoveEmptyEntries))
|
|
{
|
|
// permission names can be in the form of "EntityName:PermissionName:Roles"
|
|
if (permissionname.Contains(":"))
|
|
{
|
|
var segments = permissionname.Split(':');
|
|
if (segments.Length == 3)
|
|
{
|
|
if (!segments[2].Contains(RoleNames.Admin))
|
|
{
|
|
segments[2] = RoleNames.Admin + ";" + segments[2]; // ensure admin access
|
|
}
|
|
_permissions.Add(new PermissionString { EntityName = segments[0], PermissionName = segments[1], Permissions = segments[2] });
|
|
}
|
|
}
|
|
else
|
|
{
|
|
_permissions.Add(new PermissionString { EntityName = EntityName, PermissionName = permissionname, Permissions = RoleNames.Admin });
|
|
}
|
|
}
|
|
|
|
if (!string.IsNullOrEmpty(Permissions))
|
|
{
|
|
// populate permissions
|
|
foreach (PermissionString permissionstring in UserSecurity.GetPermissionStrings(Permissions))
|
|
{
|
|
int index = _permissions.FindIndex(item => item.EntityName == permissionstring.EntityName && item.PermissionName == permissionstring.PermissionName);
|
|
if (index != -1)
|
|
{
|
|
_permissions[index].Permissions = permissionstring.Permissions;
|
|
}
|
|
|
|
if (permissionstring.Permissions.Contains("["))
|
|
{
|
|
foreach (string user in permissionstring.Permissions.Split('[', StringSplitOptions.RemoveEmptyEntries))
|
|
{
|
|
if (user.Contains("]"))
|
|
{
|
|
var userid = int.Parse(user.Substring(0, user.IndexOf("]")));
|
|
if (_users.Where(item => item.UserId == userid).FirstOrDefault() == null)
|
|
{
|
|
_users.Add(await UserService.GetUserAsync(userid, ModuleState.SiteId));
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
}
|
|
|
|
private string GetPermissionName(PermissionString permission)
|
|
{
|
|
var permissionname = Localizer[permission.PermissionName].ToString();
|
|
if (!string.IsNullOrEmpty(EntityName))
|
|
{
|
|
permissionname += " " + Localizer[permission.EntityName].ToString();
|
|
}
|
|
return permissionname;
|
|
}
|
|
|
|
private bool? GetPermissionValue(string permissions, string securityKey)
|
|
{
|
|
if ((";" + permissions + ";").Contains(";" + "!" + securityKey + ";"))
|
|
{
|
|
return false; // deny permission
|
|
}
|
|
else
|
|
{
|
|
if ((";" + permissions + ";").Contains(";" + securityKey + ";"))
|
|
{
|
|
return true; // grant permission
|
|
}
|
|
else
|
|
{
|
|
return null; // not specified
|
|
}
|
|
}
|
|
}
|
|
|
|
private bool GetPermissionDisabled(string entityName, string permissionName, string roleName)
|
|
{
|
|
if (roleName == RoleNames.Admin && !UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
|
|
{
|
|
return true;
|
|
}
|
|
else
|
|
{
|
|
if (entityName != EntityName && !UserSecurity.IsAuthorized(PageState.User, RoleNames.Admin))
|
|
{
|
|
return true;
|
|
}
|
|
else
|
|
{
|
|
return false;
|
|
}
|
|
}
|
|
}
|
|
|
|
private async Task<Dictionary<string, string>> GetUsers(string filter)
|
|
{
|
|
var users = await UserRoleService.GetUserRolesAsync(PageState.Site.SiteId, RoleNames.Registered);
|
|
return users.Where(item => item.User.DisplayName.Contains(filter, StringComparison.OrdinalIgnoreCase))
|
|
.ToDictionary(item => item.UserId.ToString(), item => item.User.DisplayName);
|
|
}
|
|
|
|
private async Task AddUser()
|
|
{
|
|
if (!string.IsNullOrEmpty(_user.Key))
|
|
{
|
|
var user = await UserService.GetUserAsync(int.Parse(_user.Key), ModuleState.SiteId);
|
|
if (user != null && !_users.Any(item => item.UserId == user.UserId))
|
|
{
|
|
_users.Add(user);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
_message = Localizer["Message.Username.DontExist"];
|
|
}
|
|
_user.Clear();
|
|
}
|
|
|
|
private void PermissionChanged(bool? value, string entityName, string permissionName, string securityId)
|
|
{
|
|
var selected = value;
|
|
int index = _permissions.FindIndex(item => item.EntityName == entityName && item.PermissionName == permissionName);
|
|
if (index != -1)
|
|
{
|
|
var permission = _permissions[index];
|
|
|
|
var ids = permission.Permissions.Split(';').ToList();
|
|
ids.Remove(securityId); // remove grant permission
|
|
ids.Remove("!" + securityId); // remove deny permission
|
|
|
|
switch (selected)
|
|
{
|
|
case true:
|
|
ids.Add(securityId); // add grant permission
|
|
break;
|
|
case false:
|
|
ids.Add("!" + securityId); // add deny permission
|
|
break;
|
|
case null:
|
|
break; // permission not specified
|
|
}
|
|
|
|
_permissions[index].Permissions = string.Join(";", ids.ToArray());
|
|
}
|
|
}
|
|
|
|
public string GetPermissions()
|
|
{
|
|
ValidatePermissions();
|
|
return UserSecurity.SetPermissionStrings(_permissions);
|
|
}
|
|
|
|
private void ValidatePermissions()
|
|
{
|
|
PermissionString permission;
|
|
for (int index = 0; index < _permissions.Count; index++)
|
|
{
|
|
permission = _permissions[index];
|
|
List<string> ids = permission.Permissions.Split(';', StringSplitOptions.RemoveEmptyEntries).ToList();
|
|
ids.Remove("!" + RoleNames.Everyone); // remove deny all users
|
|
ids.Remove("!" + RoleNames.Unauthenticated); // remove deny unauthenticated
|
|
ids.Remove("!" + RoleNames.Registered); // remove deny registered users
|
|
if (UserSecurity.IsAuthorized(PageState.User, RoleNames.Host))
|
|
{
|
|
ids.Remove("!" + RoleNames.Admin); // remove deny administrators
|
|
ids.Remove("!" + RoleNames.Host); // remove deny host users
|
|
if (!ids.Contains(RoleNames.Host) && !ids.Contains(RoleNames.Admin))
|
|
{
|
|
// add administrators role if host user role is not assigned
|
|
ids.Add(RoleNames.Admin);
|
|
}
|
|
}
|
|
permission.Permissions = string.Join(";", ids.ToArray());
|
|
_permissions[index] = permission;
|
|
}
|
|
}
|
|
}
|