Blog posts Permission handling
This commit is contained in:
Paul Schneider
@ -1,11 +1,20 @@
|
|||||||
using System.Security.Claims;
|
using System.Security.Claims;
|
||||||
using Microsoft.AspNetCore.Authorization;
|
using Microsoft.AspNetCore.Authorization;
|
||||||
|
using Microsoft.EntityFrameworkCore;
|
||||||
|
using Yavsc.Helpers;
|
||||||
|
using Yavsc.Models;
|
||||||
|
using Yavsc.Models.Blog;
|
||||||
using Yavsc.ViewModels.Auth;
|
using Yavsc.ViewModels.Auth;
|
||||||
|
|
||||||
namespace Yavsc.Extensions;
|
namespace Yavsc.Extensions;
|
||||||
|
|
||||||
public class PermissionHandler : IAuthorizationHandler
|
public class PermissionHandler : IAuthorizationHandler
|
||||||
{
|
{
|
||||||
|
ApplicationDbContext applicationDbContext;
|
||||||
|
public PermissionHandler(ApplicationDbContext applicationDbContext)
|
||||||
|
{
|
||||||
|
this.applicationDbContext = applicationDbContext;
|
||||||
|
}
|
||||||
public Task HandleAsync(AuthorizationHandlerContext context)
|
public Task HandleAsync(AuthorizationHandlerContext context)
|
||||||
{
|
{
|
||||||
var pendingRequirements = context.PendingRequirements.ToList();
|
var pendingRequirements = context.PendingRequirements.ToList();
|
||||||
@ -34,13 +43,22 @@ public class PermissionHandler : IAuthorizationHandler
|
|||||||
|
|
||||||
private static bool IsOwner(ClaimsPrincipal user, object? resource)
|
private static bool IsOwner(ClaimsPrincipal user, object? resource)
|
||||||
{
|
{
|
||||||
// Code omitted for brevity
|
if (resource is BlogPost blogPost)
|
||||||
return true;
|
{
|
||||||
|
return blogPost.AuthorId == user.GetUserId();
|
||||||
|
}
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
private static bool IsSponsor(ClaimsPrincipal user, object? resource)
|
private bool IsSponsor(ClaimsPrincipal user, object? resource)
|
||||||
{
|
{
|
||||||
// Code omitted for brevity
|
if (resource is BlogPost blogPost)
|
||||||
|
{
|
||||||
|
return applicationDbContext.CircleMembers
|
||||||
|
.Include(c => c.Circle)
|
||||||
|
.Where(m=>m.MemberId==user.GetUserId() && m.Circle.OwnerId == blogPost.OwnerId)
|
||||||
|
.Any();
|
||||||
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -3,6 +3,9 @@ using Microsoft.AspNetCore.Mvc;
|
|||||||
using Microsoft.EntityFrameworkCore;
|
using Microsoft.EntityFrameworkCore;
|
||||||
using Yavsc.Models;
|
using Yavsc.Models;
|
||||||
using Yavsc.Models.Blog;
|
using Yavsc.Models.Blog;
|
||||||
|
using Yavsc.Helpers;
|
||||||
|
using System.Security.Claims;
|
||||||
|
using IdentityServer8.Extensions;
|
||||||
|
|
||||||
namespace Yavsc.ViewComponents
|
namespace Yavsc.ViewComponents
|
||||||
{
|
{
|
||||||
@ -18,23 +21,39 @@ namespace Yavsc.ViewComponents
|
|||||||
|
|
||||||
// Renders blog index ofr the specified user by name,
|
// Renders blog index ofr the specified user by name,
|
||||||
// grouped by title
|
// grouped by title
|
||||||
public async Task<IViewComponentResult> InvokeAsync(string viewerId, int skip=0, int maxLen=25)
|
public async Task<IViewComponentResult> InvokeAsync(int skip=0, int maxLen=25)
|
||||||
{
|
{
|
||||||
long[] usercircles = await _context.Circle.Include(c=>c.Members).
|
IEnumerable<BlogPost> posts;
|
||||||
Where(c=>c.Members.Any(m=>m.MemberId == viewerId))
|
|
||||||
.Select(c=>c.Id).ToArrayAsync();
|
|
||||||
|
|
||||||
var allposts = _context.BlogSpot
|
if (User.IsAuthenticated())
|
||||||
|
{
|
||||||
|
string viewerId = UserClaimsPrincipal.GetUserId();
|
||||||
|
long[] usercircles = await _context.Circle.Include(c=>c.Members).
|
||||||
|
Where(c=>c.Members.Any(m=>m.MemberId == viewerId))
|
||||||
|
.Select(c=>c.Id).ToArrayAsync();
|
||||||
|
|
||||||
|
IQueryable<BlogPost> allposts = _context.BlogSpot
|
||||||
|
.Include(b => b.Author)
|
||||||
|
.Include(p=>p.ACL)
|
||||||
|
.Include(p=>p.Tags)
|
||||||
|
.Include(p=>p.Comments)
|
||||||
|
.Where(p => p.AuthorId == viewerId || p.Visible);
|
||||||
|
|
||||||
|
posts = (usercircles != null) ?
|
||||||
|
allposts.Where(p=> p.ACL.Count==0 || p.ACL.Any(a => usercircles.Contains(a.CircleId)))
|
||||||
|
: allposts.Where(p => p.ACL.Count == 0);
|
||||||
|
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
posts = _context.BlogSpot
|
||||||
.Include(b => b.Author)
|
.Include(b => b.Author)
|
||||||
.Include(p=>p.ACL)
|
.Include(p=>p.ACL)
|
||||||
.Include(p=>p.Tags)
|
.Include(p=>p.Tags)
|
||||||
.Include(p=>p.Comments)
|
.Include(p=>p.Comments)
|
||||||
.Where(p => p.AuthorId == viewerId || p.Visible).ToArray();
|
.Where(p => p.Visible && p.ACL.Count == 0 ).ToArray();
|
||||||
|
}
|
||||||
IEnumerable<BlogPost> posts = (usercircles != null) ?
|
|
||||||
allposts.Where(p=> p.ACL.Count==0 || p.ACL.Any(a => usercircles.Contains(a.CircleId)))
|
|
||||||
: allposts.Where(p => p.ACL.Count == 0);
|
|
||||||
|
|
||||||
var data = posts.OrderByDescending( p=> p.DateCreated);
|
var data = posts.OrderByDescending( p=> p.DateCreated);
|
||||||
var grouped = data.GroupBy(p=> p.Title).Skip(skip).Take(maxLen);
|
var grouped = data.GroupBy(p=> p.Title).Skip(skip).Take(maxLen);
|
||||||
|
|
||||||
|
|||||||
@ -45,5 +45,5 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
<div class="container">
|
<div class="container">
|
||||||
@await Component.InvokeAsync("BlogIndex",new{ viewerId = User.GetUserId() ?? "_anonymous_" })
|
@await Component.InvokeAsync("BlogIndex")
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
Reference in New Issue
Block a user