paul/yavsc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Blog posts Permission handling

Browse Source
This commit is contained in:
Paul Schneider
2025-02-18 20:17:06 +00:00
parent dbad529313
commit 04bcecad9e
3 changed files with 53 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
src/Yavsc/Extensions/PermissionHandler.cs
View File

@ -1,11 +1,20 @@
using System.Security.Claims;
using Microsoft.AspNetCore.Authorization;
using Microsoft.EntityFrameworkCore;
using Yavsc.Helpers;
using Yavsc.Models;
using Yavsc.Models.Blog;
using Yavsc.ViewModels.Auth;
namespace Yavsc.Extensions;
public class PermissionHandler : IAuthorizationHandler
{
ApplicationDbContext applicationDbContext;
public PermissionHandler(ApplicationDbContext applicationDbContext)
{
this.applicationDbContext = applicationDbContext;
}
public Task HandleAsync(AuthorizationHandlerContext context)
{
var pendingRequirements = context.PendingRequirements.ToList();
@ -34,13 +43,22 @@ public class PermissionHandler : IAuthorizationHandler
private static bool IsOwner(ClaimsPrincipal user, object? resource)
{
// Code omitted for brevity
return true;
if (resource is BlogPost blogPost)
{
return blogPost.AuthorId == user.GetUserId();
}
return false;
}
private static bool IsSponsor(ClaimsPrincipal user, object? resource)
private bool IsSponsor(ClaimsPrincipal user, object? resource)
{
// Code omitted for brevity
if (resource is BlogPost blogPost)
{
return applicationDbContext.CircleMembers
.Include(c => c.Circle)
.Where(m=>m.MemberId==user.GetUserId() && m.Circle.OwnerId == blogPost.OwnerId)
.Any();
}
return true;
}
}

41
src/Yavsc/ViewComponents/BlogIndexViewComponent.cs
View File

@ -3,6 +3,9 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Models;
using Yavsc.Models.Blog;
using Yavsc.Helpers;
using System.Security.Claims;
using IdentityServer8.Extensions;
namespace Yavsc.ViewComponents
{
@ -18,23 +21,39 @@ namespace Yavsc.ViewComponents
// Renders blog index ofr the specified user by name,
// grouped by title
public async Task<IViewComponentResult> InvokeAsync(string viewerId, int skip=0, int maxLen=25)
public async Task<IViewComponentResult> InvokeAsync(int skip=0, int maxLen=25)
{
long[] usercircles = await _context.Circle.Include(c=>c.Members).
Where(c=>c.Members.Any(m=>m.MemberId == viewerId))
.Select(c=>c.Id).ToArrayAsync();
IEnumerable<BlogPost> posts;
var allposts = _context.BlogSpot
if (User.IsAuthenticated())
{
string viewerId = UserClaimsPrincipal.GetUserId();
long[] usercircles = await _context.Circle.Include(c=>c.Members).
Where(c=>c.Members.Any(m=>m.MemberId == viewerId))
.Select(c=>c.Id).ToArrayAsync();
IQueryable<BlogPost> allposts = _context.BlogSpot
.Include(b => b.Author)
.Include(p=>p.ACL)
.Include(p=>p.Tags)
.Include(p=>p.Comments)
.Where(p => p.AuthorId == viewerId || p.Visible);
posts = (usercircles != null) ?
allposts.Where(p=> p.ACL.Count==0 || p.ACL.Any(a => usercircles.Contains(a.CircleId)))
: allposts.Where(p => p.ACL.Count == 0);
}
else
{
posts = _context.BlogSpot
.Include(b => b.Author)
.Include(p=>p.ACL)
.Include(p=>p.Tags)
.Include(p=>p.Comments)
.Where(p => p.AuthorId == viewerId || p.Visible).ToArray();
IEnumerable<BlogPost> posts = (usercircles != null) ?
allposts.Where(p=> p.ACL.Count==0 || p.ACL.Any(a => usercircles.Contains(a.CircleId)))
: allposts.Where(p => p.ACL.Count == 0);
.Where(p => p.Visible && p.ACL.Count == 0 ).ToArray();
}
var data = posts.OrderByDescending( p=> p.DateCreated);
var grouped = data.GroupBy(p=> p.Title).Skip(skip).Take(maxLen);

2
src/Yavsc/Views/Blogspot/Index.cshtml
View File

@ -45,5 +45,5 @@
}
<div class="container">
@await Component.InvokeAsync("BlogIndex",new{ viewerId = User.GetUserId() ?? "_anonymous_" })
@await Component.InvokeAsync("BlogIndex")
</div>