paul/yavsc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

no-more-circle-autorisation-to-file

Browse Source
This commit is contained in:
Paul Schneider
2021-06-03 18:21:31 +01:00
parent f3d3a7e575
commit 6ae7333dbb
17 changed files with 2892 additions and 795 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Yavsc/Controllers/Administration/MailingTemplateController.cs
View File

@ -12,6 +12,7 @@ using Microsoft.AspNet.Authorization;
using Yavsc.Templates;
using System.Linq;
using Microsoft.Extensions.Logging;
using Yavsc.Server.Settings;
namespace Yavsc.Controllers
{
@ -69,7 +70,7 @@ namespace Yavsc.Controllers
{
ViewBag.ManagerId = new SelectList(_context.ApplicationUser, "Id", "UserName");
ViewBag.ToSend = GetSelectFromEnum(typeof(Periodicity));
ViewBag.Id = TemplateConstants.Criterias.Select(
ViewBag.Id = UserPolicies.Criterias.Select(
c => new SelectListItem{ Text = c.Key, Value = c.Key }).ToList();
}

183
src/Yavsc/Controllers/Communicating/LiveFlowController.cs
View File

@ -1,183 +0,0 @@
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.Data.Entity;
using Yavsc.Models;
using Yavsc.Models.Streaming;
namespace Yavsc.Controllers
{
public class LiveFlowController : Controller
{
private readonly ApplicationDbContext _context;
public LiveFlowController(ApplicationDbContext context)
{
_context = context;
}
// GET: LiveFlow
public async Task<IActionResult> Index()
{
var uid = User.GetUserId();
var applicationDbContext = _context.LiveFlow.Where(f=>f.OwnerId == uid);
return View(await applicationDbContext.ToListAsync());
}
public async Task<IActionResult> AdminIndex()
{
var applicationDbContext = _context.LiveFlow.Include(l => l.Owner);
return View(await applicationDbContext.ToListAsync());
}
// GET: LiveFlow/Details/5
public async Task<IActionResult> Details(long? id)
{
if (id == null)
{
return HttpNotFound();
}
LiveFlow liveFlow = await _context.LiveFlow.SingleAsync(m => m.Id == id);
if (liveFlow == null)
{
return HttpNotFound();
}
return View(liveFlow);
}
// GET: LiveFlow/Create
public IActionResult Create()
{
ViewData["OwnerId"] = new SelectList(_context.ApplicationUser, "Id", "Owner");
return View();
}
// POST: LiveFlow/Create
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Create(LiveFlow liveFlow)
{
if (ModelState.IsValid)
{
_context.LiveFlow.Add(liveFlow);
await _context.SaveChangesAsync();
return RedirectToAction("Index");
}
ViewData["OwnerId"] = new SelectList(_context.ApplicationUser, "Id", "Owner", liveFlow.OwnerId);
return View(liveFlow);
}
// GET: LiveFlow/Edit/5
public async Task<IActionResult> Edit(long? id)
{
if (id == null)
{
return HttpNotFound();
}
LiveFlow liveFlow = await _context.LiveFlow.SingleAsync(m => m.Id == id);
if (liveFlow == null)
{
return HttpNotFound();
}
return View(liveFlow);
}
public async Task<IActionResult> AdminEdit(long? id)
{
if (id == null)
{
return HttpNotFound();
}
LiveFlow liveFlow = await _context.LiveFlow.SingleAsync(m => m.Id == id);
if (liveFlow == null)
{
return HttpNotFound();
}
ViewBag.OwnerId = _context.ApplicationUser.Select
(u=> new SelectListItem(){Text=u.UserName,Value=u.Id,Selected=liveFlow.OwnerId==u.Id});
return View("AdminEdit", liveFlow);
}
// POST: LiveFlow/Edit/5
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Edit(LiveFlow liveFlow)
{
if (User.GetUserId()!=liveFlow.OwnerId)
{
ModelState.AddModelError("OwnerId","denied");
}
else if (ModelState.IsValid)
{
_context.Update(liveFlow);
await _context.SaveChangesAsync();
return RedirectToAction("Index");
}
return View(liveFlow);
}
// POST: LiveFlow/Edit/5
[HttpPost]
[ValidateAntiForgeryToken]
[Authorize("AdministratorOnly")]
public async Task<IActionResult> AdminEdit(LiveFlow liveFlow)
{
if (ModelState.IsValid)
{
_context.Update(liveFlow);
await _context.SaveChangesAsync();
return RedirectToAction("Index");
}
ViewData["OwnerId"] = new SelectList(_context.ApplicationUser, "Id", "Owner", liveFlow.OwnerId);
return View(liveFlow);
}
// GET: LiveFlow/Delete/5
[ActionName("Delete")]
public async Task<IActionResult> Delete(long? id)
{
if (id == null)
{
return HttpNotFound();
}
LiveFlow liveFlow = await _context.LiveFlow.SingleAsync(m => m.Id == id);
if (liveFlow == null)
{
return HttpNotFound();
}
else if (User.GetUserId()!=liveFlow.OwnerId)
{
ModelState.AddModelError("OwnerId","denied");
}
return View(liveFlow);
}
// POST: LiveFlow/Delete/5
[HttpPost, ActionName("Delete")]
[ValidateAntiForgeryToken]
public async Task<IActionResult> DeleteConfirmed(long id)
{
LiveFlow liveFlow = await _context.LiveFlow.SingleAsync(m => m.Id == id);
if (User.GetUserId()!=liveFlow.OwnerId)
{
ModelState.AddModelError("OwnerId","denied");
} else
{
_context.LiveFlow.Remove(liveFlow);
await _context.SaveChangesAsync();
}
return RedirectToAction("Index");
}
}
}

121
src/Yavsc/Controllers/Communicating/MyFSRulesController.cs
View File

@ -1,121 +0,0 @@
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.Data.Entity;
using Microsoft.Extensions.Logging;
using Yavsc.Models;
using Yavsc.Server.Models.Access;
namespace Yavsc.Controllers
{
[Authorize()]
public class MyFSRulesController : Controller
{
private readonly ApplicationDbContext _context;
private readonly ILogger _logger;
public MyFSRulesController(ApplicationDbContext context,
ILoggerFactory loggerFactory)
{
_context = context;
_logger = loggerFactory.CreateLogger<MyFSRulesController>();
}
// GET: MyFSRules
public async Task<IActionResult> Index()
{
var applicationDbContext = _context.CircleAuthorizationToFile.Include(c => c.Circle)
.Where (m=>m.Circle.OwnerId == User.GetUserId());
return View(await applicationDbContext.ToListAsync());
}
// GET: MyFSRules/Details/5
public async Task<IActionResult> Details(long circleId, string fullPath)
{
var uid = User.GetUserId();
_logger.LogInformation($"Searching fsa for {uid} :\n {circleId}/{fullPath}");
CircleAuthorizationToFile circleAuthorizationToFile =
await _context.CircleAuthorizationToFile
.Include(m=>m.Circle)
.SingleOrDefaultAsync(m => ((m.CircleId == circleId) && (m.FullPath == fullPath) &&
(m.Circle.OwnerId == uid)));
if (circleAuthorizationToFile == null)
{
return HttpNotFound();
}
return View(circleAuthorizationToFile);
}
// GET: MyFSRules/Create
public IActionResult Create()
{
var uid = User.GetUserId();
var userCircles = _context.Circle.Where(c=>c.OwnerId == uid);
ViewBag.CircleId = new SelectList(userCircles, "Id", "Name");
var uccount = userCircles.Count();
_logger.LogInformation($"User circle count : {uccount}");
return View();
}
// POST: MyFSRules/Create
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Create(CircleAuthorizationToFile circleAuthorizationToFile)
{
var uid = User.GetUserId();
if (ModelState.IsValid)
{
// refuse to allow files to other circle than user's ones.
var circle = await _context.Circle.SingleOrDefaultAsync(c=>c.Id==circleAuthorizationToFile.CircleId);
if (circle.OwnerId != uid) return this.HttpUnauthorized();
_context.CircleAuthorizationToFile.Add(circleAuthorizationToFile);
await _context.SaveChangesAsync();
return RedirectToAction("Index");
}
var userCircles = _context.Circle.Where(c=>c.OwnerId == uid);
ViewBag.CircleId = new SelectList(userCircles, "Id", "Name");
return View(circleAuthorizationToFile);
}
// GET: MyFSRules/Delete/5
[ActionName("Delete")]
public async Task<IActionResult> Delete(long circleId, string fullPath)
{
var uid = User.GetUserId();
CircleAuthorizationToFile circleAuthorizationToFile =
await _context.CircleAuthorizationToFile
.Include(a=>a.Circle).SingleOrDefaultAsync(m => m.CircleId == circleId && m.FullPath == fullPath);
if (circleAuthorizationToFile == null)
{
return HttpNotFound();
}
if (circleAuthorizationToFile.Circle.OwnerId != uid) return HttpUnauthorized();
return View(circleAuthorizationToFile);
}
// POST: MyFSRules/Delete/5
[HttpPost, ActionName("Delete")]
[ValidateAntiForgeryToken]
public async Task<IActionResult> DeleteConfirmed(long circleId, string fullPath)
{
var uid = User.GetUserId();
CircleAuthorizationToFile circleAuthorizationToFile =
await _context.CircleAuthorizationToFile
.Include(a=> a.Circle)
.SingleOrDefaultAsync(m => m.CircleId == circleId && m.FullPath == fullPath);
if (circleAuthorizationToFile == null)
{
return HttpNotFound();
}
if (circleAuthorizationToFile.Circle.OwnerId != uid) return HttpUnauthorized();
_context.CircleAuthorizationToFile.Remove(circleAuthorizationToFile);
await _context.SaveChangesAsync();
return RedirectToAction("Index");
}
}
}