paul/yavsc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

permission handling

Browse Source
This commit is contained in:
Paul Schneider
2025-02-23 20:23:23 +00:00
parent 04bcecad9e
commit 7ccb9cd1da
27 changed files with 243 additions and 288 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/Api/Controllers/Blogspot/BlogApiController.cs
View File

@ -25,9 +25,10 @@ namespace Yavsc.Controllers
// GET: api/BlogApi
[HttpGet]
public IEnumerable<BlogPost> GetBlogspot()
public IEnumerable<BlogPost> GetBlogspot(int start=0, int take=25)
{
return _context.BlogSpot.Where(b => b.Visible).OrderByDescending(b => b.UserModified);
return _context.BlogSpot.OrderByDescending(b => b.UserModified)
.Skip(start).Take(take);
}
// GET: api/BlogApi/5

12
src/Api/Controllers/Business/BillingController.cs
View File

@ -54,7 +54,7 @@ namespace Yavsc.ApiControllers
{
var bill = await billingService.GetBillAsync(billingCode, id);
if ( authorizationService.AuthorizeAsync(User, bill, new ViewRequirement()).IsFaulted)
if ( authorizationService.AuthorizeAsync(User, bill, new ReadPermission()).IsFaulted)
{
return new ChallengeResult();
}
@ -76,7 +76,7 @@ namespace Yavsc.ApiControllers
}
logger.LogTrace(JsonConvert.SerializeObject(bill));
if (!(await authorizationService.AuthorizeAsync(User, bill, new ViewRequirement())).Succeeded)
if (!(await authorizationService.AuthorizeAsync(User, bill, new ReadPermission())).Succeeded)
{
return new ChallengeResult();
}
@ -107,7 +107,7 @@ namespace Yavsc.ApiControllers
.FirstOrDefault(e=>e.Id == id);
if (estimate == null)
return new BadRequestResult();
if (!(await authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement())).Succeeded)
if (!(await authorizationService.AuthorizeAsync(User, estimate, new ReadPermission())).Succeeded)
{
@ -135,7 +135,7 @@ namespace Yavsc.ApiControllers
{
// For authorization purpose
var estimate = dbContext.Estimates.FirstOrDefault(e=>e.Id == id);
if (!(await authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement())).Succeeded)
if (!(await authorizationService.AuthorizeAsync(User, estimate, new ReadPermission())).Succeeded)
{
return new ChallengeResult();
@ -154,7 +154,7 @@ namespace Yavsc.ApiControllers
var estimate = dbContext.Estimates.Include( e=>e.Query
).Include(e=>e.Owner).Include(e=>e.Owner.Performer).Include(e=>e.Client)
.FirstOrDefault( e=> e.Id == id && e.Query.ClientId == uid );
if (!(await authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement())).Succeeded)
if (!(await authorizationService.AuthorizeAsync(User, estimate, new ReadPermission())).Succeeded)
{
return new ChallengeResult();
}
@ -171,7 +171,7 @@ namespace Yavsc.ApiControllers
{
// For authorization purpose
var estimate = dbContext.Estimates.FirstOrDefault(e=>e.Id == id);
if (!(await authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement())).Succeeded)
if (!(await authorizationService.AuthorizeAsync(User, estimate, new ReadPermission())).Succeeded)
{
return new ChallengeResult();
}

11
src/Yavsc.Abstract/Blogspot/IBlog.cs
View File

@ -3,11 +3,14 @@
namespace Yavsc
{
public interface IBlogPost : ITrackedEntity, IIdentified<long>, ITitle
{
string AuthorId { get; set; }
public interface IBlogPostPayLoad
{
string Content { get; set; }
string Photo { get; set; }
bool Visible { get; set; }
}
public interface IBlogPost :IBlogPostPayLoad, ITrackedEntity, IIdentified<long>, ITitle
{
string AuthorId { get; set; }
}
}

5
src/Yavsc.Server/Helpers/UserHelpers.cs
View File

@ -30,7 +30,7 @@ namespace Yavsc.Helpers
{
var userPosts = dbContext.BlogSpot.Include(
b => b.Author
).Where(x => ((x.AuthorId == posterId) && (x.Visible))).ToArray();
).Where(x => ((x.AuthorId == posterId))).ToArray();
return userPosts;
}
else
@ -42,8 +42,7 @@ namespace Yavsc.Helpers
return dbContext.BlogSpot.Include(
b => b.Author
).Include(p => p.ACL).Where(x => x.Author.Id == posterId &&
(x.Visible &&
(x.ACL.Count == 0 || x.ACL.Any(a => readerCirclesMemberships.Contains(a.CircleId)))));
(x.ACL.Count == 0 || x.ACL.Any(a => readerCirclesMemberships.Contains(a.CircleId))));
}

16
src/Yavsc.Server/Models/Blog/BlogPost.cs
View File

@ -18,14 +18,14 @@ namespace Yavsc.Models.Blog
{
[Key(), DatabaseGenerated(DatabaseGeneratedOption.Identity)]
[Display(Name="Identifiant du post")]
public long Id { get; set; }
public long Id { get; set; }
[Display(Name="Identifiant de l'auteur")]
[ForeignKey("Author")]
public string AuthorId { get; set; }
public string AuthorId { get; set; }
[Display(Name="Auteur")]
public virtual ApplicationUser Author { set; get; }
public virtual ApplicationUser Author { set; get; }
[Display(Name="Date de création")]
@ -35,7 +35,7 @@ namespace Yavsc.Models.Blog
}
[Display(Name="Créateur")]
public string UserCreated
public string UserCreated
{
get; set;
}
@ -47,7 +47,7 @@ namespace Yavsc.Models.Blog
}
[Display(Name="Utilisateur ayant modifé le dernier")]
public string UserModified
public string UserModified
{
get; set;
}
@ -68,7 +68,7 @@ namespace Yavsc.Models.Blog
if (existent==null) Tags.Add(new BlogTag { PostId = Id, Tag = tag } );
}
public void Detag(Tag tag)
public void DeTag(Tag tag)
{
var existent = Tags.SingleOrDefault(t => (( t.TagId == tag.Id) && t.PostId == Id));
if (existent!=null) Tags.Remove(existent);
@ -80,10 +80,10 @@ namespace Yavsc.Models.Blog
}
[InverseProperty("Post")]
public virtual List<BlogTag> Tags { get; set; }
public virtual List<BlogTag> Tags { get; set; }
[InverseProperty("Post")]
public virtual List<Comment> Comments { get; set; }
public virtual List<Comment> Comments { get; set; }
[NotMapped]
public string OwnerId => AuthorId;

12
src/Yavsc.Server/ViewModels/Auth/DeletePermission.cs Normal file
View File

@ -0,0 +1,12 @@
using Microsoft.AspNetCore.Authorization;
namespace Yavsc.ViewModels.Auth
{
public class DeletePermission: IAuthorizationRequirement
{
public DeletePermission()
{
}
}
}

12
src/Yavsc.Server/ViewModels/Auth/EditPermission.cs Normal file
View File

@ -0,0 +1,12 @@
using Microsoft.AspNetCore.Authorization;
namespace Yavsc.ViewModels.Auth
{
public class EditPermission : IAuthorizationRequirement
{
public EditPermission()
{
}
}
}

26
src/Yavsc.Server/ViewModels/Auth/EditRequirement.cs
View File

@ -1,26 +0,0 @@
using Microsoft.AspNetCore.Authorization;
namespace Yavsc.ViewModels.Auth
{
public class EditPermission : IAuthorizationRequirement
{
public EditPermission()
{
}
}
public class ReadPermission: IAuthorizationRequirement
{
public ReadPermission()
{
}
}
public class DeletePermission: IAuthorizationRequirement
{
public DeletePermission()
{
}
}
}

5
src/Yavsc.Server/ViewModels/Auth/ViewRequirement.cs → src/Yavsc.Server/ViewModels/Auth/ReadPermission.cs
View File

@ -2,10 +2,11 @@ using Microsoft.AspNetCore.Authorization;
namespace Yavsc.ViewModels.Auth
{
public class ViewRequirement : IAuthorizationRequirement
public class ReadPermission: IAuthorizationRequirement
{
public ViewRequirement()
public ReadPermission()
{
}
}
}

11
src/Yavsc.Server/ViewModels/BlogSpot/BlogPostEdit.cs Normal file
View File

@ -0,0 +1,11 @@
using System.ComponentModel.DataAnnotations;
namespace Yavsc.ViewModels.Blog;
public class BlogPostEditViewModel : BlogPostInputViewModel
{
[Required]
public required long Id { get; set; }
}

9
src/Yavsc.Server/ViewModels/BlogPostInputViewModel.cs → src/Yavsc.Server/ViewModels/BlogSpot/BlogPostInputViewModel.cs
View File

@ -8,19 +8,18 @@ namespace Yavsc.ViewModels.Blog
public class BlogPostInputViewModel
{
[StringLength(1024)]
public string? Photo { get; set; }
public string? Photo { get; set; }
[StringLength(1024)]
public required string Title { get; set; }
public string Title { get; set; }
[StringLength(56224)]
public required string Content { get; set; }
public bool Visible { get; set; }
public string Content { get; set; }
[InverseProperty("Target")]
[Display(Name="Liste de contrôle d'accès")]
public virtual List<CircleAuthorizationToBlogPost>? ACL { get; set; }
}
}

17
src/Yavsc.Server/ViewModels/BlogSpot/NewPost.cs
View File

@ -1,17 +0,0 @@
using System;
using System.Collections.Generic;
using System.ComponentModel.DataAnnotations;
using System.Linq;
using System.Threading.Tasks;
namespace Yavsc.ViewModels.BlogSpot
{
public class NewPost
{
[Required]
public string Title{ get; set; }
[Required]
public string Content { get; set; }
}
}

84
src/Yavsc/Controllers/Communicating/BlogspotController.cs
View File

@ -43,12 +43,44 @@ namespace Yavsc.Controllers
// GET: Blog
[AllowAnonymous]
public async Task<IActionResult> Index(string id)
public async Task<IActionResult> Index(string id, int skip=0, int take=25)
{
if (!string.IsNullOrEmpty(id)) {
return View("UserPosts", await UserPosts(id));
}
return View();
IEnumerable<BlogPost> posts;
if (User.Identity.IsAuthenticated)
{
string viewerId = User.GetUserId();
long[] usercircles = await _context.Circle.Include(c=>c.Members).
Where(c=>c.Members.Any(m=>m.MemberId == viewerId))
.Select(c=>c.Id).ToArrayAsync();
posts = _context.BlogSpot
.Include(b => b.Author)
.Include(p=>p.ACL)
.Include(p=>p.Tags)
.Include(p=>p.Comments)
.Where(p =>(p.ACL.Count == 0)
|| (p.AuthorId == viewerId)
|| (usercircles != null && p.ACL.Any(a => usercircles.Contains(a.CircleId)))
);
}
else
{
posts = _context.BlogSpot
.Include(b => b.Author)
.Include(p=>p.ACL)
.Include(p=>p.Tags)
.Include(p=>p.Comments)
.Where(p => p.ACL.Count == 0 ).ToArray();
}
var data = posts.OrderByDescending( p=> p.DateCreated);
var grouped = data.GroupBy(p=> p.Title).Skip(skip).Take(take);
return View(grouped);
}
[Route("~/Title/{id?}")]
@ -59,7 +91,7 @@ namespace Yavsc.Controllers
ViewData["Title"] = id;
return View("Title", _context.BlogSpot.Include(
b => b.Author
).Where(x => x.Title == id && (x.Visible || x.AuthorId == uid )).OrderByDescending(
).Where(x => x.Title == id && (x.AuthorId == uid )).OrderByDescending(
x => x.DateCreated
).ToList());
}
@ -88,7 +120,7 @@ namespace Yavsc.Controllers
{
return NotFound();
}
if ( _authorizationService.AuthorizeAsync(User, blog, new ViewRequirement()).IsFaulted)
if ( _authorizationService.AuthorizeAsync(User, blog, new ReadPermission()).IsFaulted)
{
return new ChallengeResult();
}
@ -111,7 +143,8 @@ namespace Yavsc.Controllers
[Authorize()]
public IActionResult Create(string title)
{
var result = new BlogPostInputViewModel{Title=title,Content=""};
var result = new BlogPostInputViewModel{Title=title
};
ViewData["PostTarget"]="Create";
SetLangItems();
return View(result);
@ -168,7 +201,14 @@ namespace Yavsc.Controllers
} 
);
SetLangItems();
return View(blog);
return View(new BlogPostEditViewModel
{
Id = blog.Id,
Title = blog.Title,
Content = blog.Content,
ACL = blog.ACL,
Photo = blog.Photo
});
}
else
{
@ -179,27 +219,31 @@ namespace Yavsc.Controllers
// POST: Blog/Edit/5
[HttpPost]
[ValidateAntiForgeryToken,Authorize()]
public IActionResult Edit(BlogPost blog)
public async Task<IActionResult> Edit(BlogPostEditViewModel blogEdit)
{
if (ModelState.IsValid)
{
var auth = _authorizationService.AuthorizeAsync(User, blog, new EditPermission());
if (!auth.IsFaulted)
{
// saves the change
_context.Update(blog);
_context.SaveChanges(User.GetUserId());
ViewData["StatusMessage"] = "Post modified";
return RedirectToAction("Index");
var blog = _context.BlogSpot.SingleOrDefault(b=>b.Id == blogEdit.Id);
if (blog == null) {
ModelState.AddModelError("Id", "not found");
return View();
}
else
{
if (!(await _authorizationService.AuthorizeAsync(User, blog, new EditPermission())).Succeeded) {
ViewData["StatusMessage"] = "Accès restreint";
return new ChallengeResult();
}
blog.Content=blogEdit.Content;
blog.Title = blogEdit.Title;
blog.Photo = blogEdit.Photo;
blog.ACL = blogEdit.ACL;
// saves the change
_context.Update(blog);
_context.SaveChanges(User.GetUserId());
ViewData["StatusMessage"] = "Post modified";
return RedirectToAction("Index");
}
ViewData["PostTarget"]="Edit";
return View(blog);
return View(blogEdit);
}
// GET: Blog/Delete/5
@ -223,12 +267,12 @@ namespace Yavsc.Controllers
}
// POST: Blog/Delete/5
[HttpPost, ActionName("Delete"), Authorize()]
[HttpPost, ActionName("Delete"), Authorize("IsTheAuthor")]
[ValidateAntiForgeryToken]
public IActionResult DeleteConfirmed(long id)
{
var uid = User.GetUserId();
BlogPost blog = _context.BlogSpot.Single(m => m.Id == id && m.AuthorId == uid );
BlogPost blog = _context.BlogSpot.Single(m => m.Id == id);
_context.BlogSpot.Remove(blog);
_context.SaveChanges(User.GetUserId());

2
src/Yavsc/Controllers/Contracting/EstimateController.cs
View File

@ -64,7 +64,7 @@ namespace Yavsc.Controllers
{
return NotFound();
}
if (authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement()).IsFaulted)
if (authorizationService.AuthorizeAsync(User, estimate, new ReadPermission()).IsFaulted)
{
return new ChallengeResult();
}

5
src/Yavsc/Extensions/HostingExtensions.cs
View File

@ -206,7 +206,7 @@ public static class HostingExtensions
services.AddDataProtection().PersistKeysToFileSystem(dataDir);
AddYavscPolicies(services);
services.AddSingleton<IAuthorizationHandler, PermissionHandler>();
services.AddScoped<IAuthorizationHandler, PermissionHandler>();
AddAuthentication(builder);
@ -417,9 +417,8 @@ public static class HostingExtensions
var smtpSettings = services.GetRequiredService<IOptions<SmtpSettings>>();
var payPalSettings = services.GetRequiredService<IOptions<PayPalSettings>>();
var googleAuthSettings = services.GetRequiredService<IOptions<GoogleAuthSettings>>();
var authorizationService = services.GetRequiredService<IAuthorizationService>();
var localization = services.GetRequiredService<IStringLocalizer<YavscLocalization>>();
Startup.Configure(app, siteSettings, smtpSettings, authorizationService,
Startup.Configure(app, siteSettings, smtpSettings,
payPalSettings, googleAuthSettings, localization, loggerFactory,
app.Environment.EnvironmentName);
app.ConfigureFileServerApp();

16
src/Yavsc/Extensions/PermissionHandler.cs
View File

@ -23,7 +23,11 @@ public class PermissionHandler : IAuthorizationHandler
{
if (requirement is ReadPermission)
{
if (IsOwner(context.User, context.Resource)
if (IsPublic(context.Resource))
{
context.Succeed(requirement);
}
else if (IsOwner(context.User, context.Resource)
|| IsSponsor(context.User, context.Resource))
{
context.Succeed(requirement);
@ -41,6 +45,16 @@ public class PermissionHandler : IAuthorizationHandler
return Task.CompletedTask;
}
private bool IsPublic(object? resource)
{
if (resource is BlogPost blogPost)
{
if (blogPost.ACL.Count==0)
return true;
}
return false;
}
private static bool IsOwner(ClaimsPrincipal user, object? resource)
{
if (resource is BlogPost blogPost)

44
src/Yavsc/Helpers/AsciiDocHelpers.cs
View File

@ -82,19 +82,14 @@ namespace Yavsc.Helpers
{
if (string.IsNullOrEmpty(link.Text))
{
link.Text = $"{uri.Host}({uri.LocalPath})";
link.Text = $"{uri.Host}({uri.LocalPath})";
}
}
sb.AppendFormat("<a href=\"{0}\">{1}</a> ", link.GetValidHRef(), link.Text);
break;
case "AsciiDocNet.TextLiteral":
var tl = elt as TextLiteral;
if (tl?.Attributes.Anchor!=null)
{
sb.AppendFormat("<a name=\"{0}\">{1}</a> ", tl.Attributes.Anchor.Id, tl.Attributes.Anchor.XRefLabel);
}
if (tl!=null) sb.Append(tl.Text);
RenderLitteral(elt, sb);
break;
case "AsciiDocNet.Emphasis":
@ -114,27 +109,52 @@ namespace Yavsc.Helpers
sb.AppendHtml("</b>");
break;
case "AsciiDocNet.InternalAnchor":
InternalAnchor a = (InternalAnchor) elt;
InternalAnchor a = (InternalAnchor)elt;
sb.AppendFormat("<a name=\"{0}\">{1}</a> ", a.Id, a.XRefLabel);
break;
case "AsciiDocNet.Subscript":
sb.AppendHtml("<sup>");
sb.AppendHtml("<sup>");
Subscript sub = (Subscript)elt;
sub.ToHtml(sb);
RenderLitteral(sub, sb);
sb.AppendHtml("</sup>");
break;
case "AsciiDocNet.Superscript":
sb.AppendHtml("<sup>");
sb.AppendHtml("<sup>");
Superscript sup = (Superscript)elt;
sup.ToHtml(sb);
RenderLitteral(sup, sb);
sb.AppendHtml("</sup>");
break;
case "AsciiDocNet.Mark":
sb.AppendHtml("<em>");
Mark mark = (Mark)elt;
if (mark.DoubleDelimited)
{
sb.AppendHtml("<b>");
RenderLitteral(mark, sb);
sb.AppendHtml("</b>");
}
else
RenderLitteral(mark, sb);
sb.AppendHtml("</em>");
break;
default:
string unsupportedType = elt.GetType().FullName;
throw new InvalidProgramException(unsupportedType);
}
}
private static void RenderLitteral(IInlineElement elt, IHtmlContentBuilder sb)
{
var tl = elt as TextLiteral;
if (tl?.Attributes.Anchor != null)
{
sb.AppendFormat("<a name=\"{0}\">{1}</a> ", tl.Attributes.Anchor.Id, tl.Attributes.Anchor.XRefLabel);
}
if (tl != null) sb.Append(tl.Text);
}
public static IHtmlContent ToHtml(this Document doc, int doclevel = 4)
{
var contentbuilder = new HtmlContentBuilder();

1
src/Yavsc/Startup.cs
View File

@ -13,7 +13,6 @@ public class Startup
IApplicationBuilder app,
IOptions<SiteSettings> siteSettings,
IOptions<SmtpSettings> smtpSettings,
IAuthorizationService authorizationService,
IOptions<PayPalSettings> payPalSettings,
IOptions<GoogleAuthSettings> googleSettings,
IStringLocalizer<YavscLocalization> localizer,

63
src/Yavsc/ViewComponents/BlogIndexViewComponent.cs
View File

@ -1,63 +0,0 @@
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Yavsc.Models;
using Yavsc.Models.Blog;
using Yavsc.Helpers;
using System.Security.Claims;
using IdentityServer8.Extensions;
namespace Yavsc.ViewComponents
{
public class BlogIndexViewComponent: ViewComponent
{
private readonly ApplicationDbContext _context;
public BlogIndexViewComponent(
ApplicationDbContext context)
{
_context = context;
}
// Renders blog index ofr the specified user by name,
// grouped by title
public async Task<IViewComponentResult> InvokeAsync(int skip=0, int maxLen=25)
{
IEnumerable<BlogPost> posts;
if (User.IsAuthenticated())
{
string viewerId = UserClaimsPrincipal.GetUserId();
long[] usercircles = await _context.Circle.Include(c=>c.Members).
Where(c=>c.Members.Any(m=>m.MemberId == viewerId))
.Select(c=>c.Id).ToArrayAsync();
IQueryable<BlogPost> allposts = _context.BlogSpot
.Include(b => b.Author)
.Include(p=>p.ACL)
.Include(p=>p.Tags)
.Include(p=>p.Comments)
.Where(p => p.AuthorId == viewerId || p.Visible);
posts = (usercircles != null) ?
allposts.Where(p=> p.ACL.Count==0 || p.ACL.Any(a => usercircles.Contains(a.CircleId)))
: allposts.Where(p => p.ACL.Count == 0);
}
else
{
posts = _context.BlogSpot
.Include(b => b.Author)
.Include(p=>p.ACL)
.Include(p=>p.Tags)
.Include(p=>p.Comments)
.Where(p => p.Visible && p.ACL.Count == 0 ).ToArray();
}
var data = posts.OrderByDescending( p=> p.DateCreated);
var grouped = data.GroupBy(p=> p.Title).Skip(skip).Take(maxLen);
return View("Default", grouped);
}
}
}

6
src/Yavsc/Views/Blogspot/Create.cshtml
View File

@ -56,12 +56,6 @@
</span>
</div>
</div>
<div class="form-group">
<label asp-for="Visible" class="col-md-2 control-label"></label>
<div class="col-md-10">
<input asp-for="Visible" class="form-control"/>
</div>
</div>
<div class="form-group">
<label asp-for="ACL" class="col-md-2 control-label"></label>
<div class="col-md-10">

8
src/Yavsc/Views/Blogspot/Delete.cshtml
View File

@ -12,7 +12,7 @@
<hr />
<dl class="dl-horizontal">
<dt>
Author"]
Author
</dt>
<dd>
@Model.Author
@ -47,12 +47,6 @@
<dd>
@Html.DisplayFor(model => model.Title)
</dd>
<dt>
@Html.DisplayNameFor(model => model.Visible)
</dt>
<dd>
@Html.DisplayFor(model => model.Visible)
</dd>
</dl>
<form asp-action="Delete">

13
src/Yavsc/Views/Blogspot/Edit.cshtml
View File

@ -1,4 +1,4 @@
@model Yavsc.ViewModels.Blog.BlogPostInputViewModel
@model BlogPostEditViewModel
@{
ViewData["Title"] = "Blog post edition";
@ -58,11 +58,11 @@
<div title="Contenu du post" id="contentview">@Model.Content</div>
<hr>
<form>
<form asp-action="Edit">
<div class="form-horizontal">
<div asp-validation-summary="ModelOnly" class="text-danger"></div>
@Html.HiddenFor(m=>m.Id)
<div class="form-group mdcoding">
<label asp-for="Title" class="col-md-2 control-label"></label>
@ -90,12 +90,6 @@
</span>
</div>
</div>
<div class="form-group">
<label asp-for="Visible" class="col-md-2 control-label"></label>
<div class="col-md-10">
<input asp-for="Visible" class="form-control"/>
</div>
</div>
<div class="form-group">
<label asp-for="ACL" class="col-md-2 control-label"></label>
<div class="col-md-10">
@ -118,3 +112,4 @@
<a asp-action="Index">Back to List</a>
</div>
using Yavsc.Migrations;

52
src/Yavsc/Views/Blogspot/Index.cshtml
View File

@ -45,5 +45,55 @@
}
<div class="container">
@await Component.InvokeAsync("BlogIndex")
<table class="table">
@foreach (var group in Model) {
var title = group.Key ?? "@";
string secondclass="";
var first = group.First();
<tr><td colspan="3">
<a asp-action="Title" asp-route-id="@group.Key" >@title</a></td></tr>
@foreach (var item in group) {
var trunked = item.Content?.Length > 256;
<tr>
<td><a asp-action="Details" asp-route-id="@item.Id" class="bloglink">
<img src="@item.Photo" class="blogphoto"></a>
</td>
<td>
<asciidoc summary="256">@item.Content</asciidoc>
@if (trunked) { <a asp-action="Details" asp-route-id="@item.Id" class="bloglink">...</a> }
<span style="font-size:x-small;">@Html.DisplayFor(m => item.Author)</span>
<span style="font-size:xx-small;">
posté le @item.DateCreated.ToString("dddd d MMM yyyy à H:mm")
@if ((item.DateModified - item.DateCreated).Minutes > 0){ 
@:- Modifié le @item.DateModified.ToString("dddd d MMM yyyy à H:mm")
})
</span>
</td>
<td>
<ul class="actiongroup">
@if ((await AuthorizationService.AuthorizeAsync(User, item, new ReadPermission())).Succeeded) {
<li>
<a asp-action="Details" asp-route-id="@item.Id" class="btn btn-lg">Details</a>
</li>
}
else {
<a asp-action="Details" asp-route-id="@item.Id" class="btn btn-lg">Details DEBUG</a>
}
@if ((await AuthorizationService.AuthorizeAsync(User, item, new EditPermission())).Succeeded) {
<li><a asp-action="Edit" asp-route-id="@item.Id" class="btn btn-default">Edit</a>
</li>
<li><a asp-action="Delete" asp-route-id="@item.Id" class="btn btn-danger">Delete</a>
</li>
}
</ul>
</td>
</tr>
}
}
</table>
</div>

21
src/Yavsc/Views/Blogspot/Title.cshtml
View File

@ -2,30 +2,15 @@
<h2 markdown="@ViewData["Title"]"></h2>
<p class="text-success">@ViewData["StatusMessage"]</p>
@if (User.IsSignedIn()) {
<label>
<input type="checkbox" id="cbv" checked/>Invisibles, posts privés</label>
<script>
$("#cbv").change(function() {
if (this.checked) {
$("tr.hiddenpost").removeClass("hidden");
} else {
$("tr.hiddenpost").addClass("hidden");
}
});
</script>
}
<p>
<a asp-action="Create" asp-route-title="@ViewData["Title"]">Poster au même titre"]</a>
<a asp-action="Create" asp-route-title="@ViewData["Title"]">Poster au même titre</a>
</p>
<table class="table">
@foreach (var item in Model) {
var trclass = (item.Visible)?"visiblepost":"hiddenpost";
<tr class="@trclass">
<tr>
<td><a asp-action="Details" asp-route-id="@item.Id" class="bloglink">
<img src="@item.Photo" class="blogphoto"></a>
</td>
@ -41,7 +26,7 @@
</td>
<td>
<ul class="actiongroup">
@if ((await AuthorizationService.AuthorizeAsync(User, item, new ViewRequirement())).Succeeded) {
@if ((await AuthorizationService.AuthorizeAsync(User, item, new ReadPermission())).Succeeded) {
<li>
<a asp-action="Details" asp-route-id="@item.Id" class="btn btn-lg">Details</a>
</li>

8
src/Yavsc/Views/Blogspot/userposts.cshtml
View File

@ -11,7 +11,7 @@
<table class="table">
<tr>
<th>
Author"]
Author
</th>
<th>
@Html.DisplayNameFor(model => model.Content)
@ -28,9 +28,6 @@
<th>
@Html.DisplayNameFor(model => model.Title)
</th>
<th>
@Html.DisplayNameFor(model => model.Visible)
</th>
<th></th>
</tr>
@ -56,9 +53,6 @@
</td>
<td>
@Html.DisplayFor(modelItem => item.Title)
</td>
<td>
@Html.DisplayFor(modelItem => item.Visible)
</td>
</tr>
</table>

66
src/Yavsc/Views/Shared/Components/BlogIndex/Default.cshtml
View File

@ -1,66 +0,0 @@
@model IEnumerable<IGrouping<string,BlogPost>>
@if (User.IsSignedIn()) {
<label>
<input type="checkbox" id="_cbv" checked/>Invisibles, posts privés</label>
<script type="text/javascript">
$('#_cbv').change(function()
{
if (this.checked) {
$('tr.hiddenpost').removeClass("hidden");
} else {
$('tr.hiddenpost').addClass("hidden");
}
});
</script>
}
<table class="table">
@foreach (var group in Model) {
var title = group.Key ?? "@";
string secondclass="";
var first = group.First();
string ftrclass = (first.Visible) ? "visiblepost" : "hiddenpost";
<tr><td colspan="3">
<a asp-action="Title" asp-route-id="@group.Key" >@title</a></td></tr>
@foreach (var item in group) {
var trclass = (item.Visible)?"visiblepost":"hiddenpost";
var trunked = item.Content?.Length > 256;
<tr class="@trclass">
<td><a asp-action="Details" asp-route-id="@item.Id" class="bloglink">
<img src="@item.Photo" class="blogphoto"></a>
</td>
<td>
<asciidoc summary="256">@item.Content</asciidoc>
@if (trunked) { <a asp-action="Details" asp-route-id="@item.Id" class="bloglink">...</a> }
<span style="font-size:x-small;">@Html.DisplayFor(m => item.Author)</span>
<span style="font-size:xx-small;">
posté le @item.DateCreated.ToString("dddd d MMM yyyy à H:mm")
@if ((item.DateModified - item.DateCreated).Minutes > 0){ 
@:- Modifié le @item.DateModified.ToString("dddd d MMM yyyy à H:mm")
})
</span>
</td>
<td>
<ul class="actiongroup">
@if ((await AuthorizationService.AuthorizeAsync(User, item, new ViewRequirement())).Succeeded) {
<li>
<a asp-action="Details" asp-route-id="@item.Id" class="btn btn-lg">Details</a>
</li>
}
@if ((await AuthorizationService.AuthorizeAsync(User, item, new EditPermission())).Succeeded) {
<li><a asp-action="Edit" asp-route-id="@item.Id" class="btn btn-default">Edit</a>
</li>
<li><a asp-action="Delete" asp-route-id="@item.Id" class="btn btn-danger">Delete</a>
</li>
}
</ul>
</td>
</tr>
}
}
</table>

1
src/Yavsc/Views/_ViewImports.cshtml
View File

@ -13,6 +13,7 @@
@using Yavsc.Models.Access;
@using Yavsc.Billing;
@using Yavsc.Server.Models.Calendar;
@using Yavsc.ViewModels.Blog;
@using Yavsc.ViewModels.Haircut;
@using Yavsc.ViewModels.Administration;
@using Yavsc.ViewModels.Account;