From 7ccb9cd1daa61b71dbbd60f9eb2fed8344f14029 Mon Sep 17 00:00:00 2001 From: Paul Schneider Date: Sun, 23 Feb 2025 20:23:23 +0000 Subject: [PATCH] permission handling --- .../Controllers/Blogspot/BlogApiController.cs | 5 +- .../Controllers/Business/BillingController.cs | 12 +-- src/Yavsc.Abstract/Blogspot/IBlog.cs | 11 ++- src/Yavsc.Server/Helpers/UserHelpers.cs | 5 +- src/Yavsc.Server/Models/Blog/BlogPost.cs | 16 ++-- .../ViewModels/Auth/DeletePermission.cs | 12 +++ .../ViewModels/Auth/EditPermission.cs | 12 +++ .../ViewModels/Auth/EditRequirement.cs | 26 ------ .../{ViewRequirement.cs => ReadPermission.cs} | 5 +- .../ViewModels/BlogSpot/BlogPostEdit.cs | 11 +++ .../{ => BlogSpot}/BlogPostInputViewModel.cs | 9 +- .../ViewModels/BlogSpot/NewPost.cs | 17 ---- .../Communicating/BlogspotController.cs | 84 ++++++++++++++----- .../Contracting/EstimateController.cs | 2 +- src/Yavsc/Extensions/HostingExtensions.cs | 5 +- src/Yavsc/Extensions/PermissionHandler.cs | 16 +++- src/Yavsc/Helpers/AsciiDocHelpers.cs | 44 +++++++--- src/Yavsc/Startup.cs | 1 - .../ViewComponents/BlogIndexViewComponent.cs | 63 -------------- src/Yavsc/Views/Blogspot/Create.cshtml | 6 -- src/Yavsc/Views/Blogspot/Delete.cshtml | 8 +- src/Yavsc/Views/Blogspot/Edit.cshtml | 13 +-- src/Yavsc/Views/Blogspot/Index.cshtml | 52 +++++++++++- src/Yavsc/Views/Blogspot/Title.cshtml | 21 +---- src/Yavsc/Views/Blogspot/userposts.cshtml | 8 +- .../Components/BlogIndex/Default.cshtml | 66 --------------- src/Yavsc/Views/_ViewImports.cshtml | 1 + 27 files changed, 243 insertions(+), 288 deletions(-) create mode 100644 src/Yavsc.Server/ViewModels/Auth/DeletePermission.cs create mode 100644 src/Yavsc.Server/ViewModels/Auth/EditPermission.cs delete mode 100644 src/Yavsc.Server/ViewModels/Auth/EditRequirement.cs rename src/Yavsc.Server/ViewModels/Auth/{ViewRequirement.cs => ReadPermission.cs} (53%) create mode 100644 src/Yavsc.Server/ViewModels/BlogSpot/BlogPostEdit.cs rename src/Yavsc.Server/ViewModels/{ => BlogSpot}/BlogPostInputViewModel.cs (70%) delete mode 100644 src/Yavsc.Server/ViewModels/BlogSpot/NewPost.cs delete mode 100644 src/Yavsc/ViewComponents/BlogIndexViewComponent.cs delete mode 100644 src/Yavsc/Views/Shared/Components/BlogIndex/Default.cshtml diff --git a/src/Api/Controllers/Blogspot/BlogApiController.cs b/src/Api/Controllers/Blogspot/BlogApiController.cs index 66389352..481e9994 100644 --- a/src/Api/Controllers/Blogspot/BlogApiController.cs +++ b/src/Api/Controllers/Blogspot/BlogApiController.cs @@ -25,9 +25,10 @@ namespace Yavsc.Controllers // GET: api/BlogApi [HttpGet] - public IEnumerable GetBlogspot() + public IEnumerable GetBlogspot(int start=0, int take=25) { - return _context.BlogSpot.Where(b => b.Visible).OrderByDescending(b => b.UserModified); + return _context.BlogSpot.OrderByDescending(b => b.UserModified) + .Skip(start).Take(take); } // GET: api/BlogApi/5 diff --git a/src/Api/Controllers/Business/BillingController.cs b/src/Api/Controllers/Business/BillingController.cs index 5ab4a332..8da3ef28 100644 --- a/src/Api/Controllers/Business/BillingController.cs +++ b/src/Api/Controllers/Business/BillingController.cs @@ -54,7 +54,7 @@ namespace Yavsc.ApiControllers { var bill = await billingService.GetBillAsync(billingCode, id); - if ( authorizationService.AuthorizeAsync(User, bill, new ViewRequirement()).IsFaulted) + if ( authorizationService.AuthorizeAsync(User, bill, new ReadPermission()).IsFaulted) { return new ChallengeResult(); } @@ -76,7 +76,7 @@ namespace Yavsc.ApiControllers } logger.LogTrace(JsonConvert.SerializeObject(bill)); - if (!(await authorizationService.AuthorizeAsync(User, bill, new ViewRequirement())).Succeeded) + if (!(await authorizationService.AuthorizeAsync(User, bill, new ReadPermission())).Succeeded) { return new ChallengeResult(); } @@ -107,7 +107,7 @@ namespace Yavsc.ApiControllers .FirstOrDefault(e=>e.Id == id); if (estimate == null) return new BadRequestResult(); - if (!(await authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement())).Succeeded) + if (!(await authorizationService.AuthorizeAsync(User, estimate, new ReadPermission())).Succeeded) { @@ -135,7 +135,7 @@ namespace Yavsc.ApiControllers { // For authorization purpose var estimate = dbContext.Estimates.FirstOrDefault(e=>e.Id == id); - if (!(await authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement())).Succeeded) + if (!(await authorizationService.AuthorizeAsync(User, estimate, new ReadPermission())).Succeeded) { return new ChallengeResult(); @@ -154,7 +154,7 @@ namespace Yavsc.ApiControllers var estimate = dbContext.Estimates.Include( e=>e.Query ).Include(e=>e.Owner).Include(e=>e.Owner.Performer).Include(e=>e.Client) .FirstOrDefault( e=> e.Id == id && e.Query.ClientId == uid ); - if (!(await authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement())).Succeeded) + if (!(await authorizationService.AuthorizeAsync(User, estimate, new ReadPermission())).Succeeded) { return new ChallengeResult(); } @@ -171,7 +171,7 @@ namespace Yavsc.ApiControllers { // For authorization purpose var estimate = dbContext.Estimates.FirstOrDefault(e=>e.Id == id); - if (!(await authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement())).Succeeded) + if (!(await authorizationService.AuthorizeAsync(User, estimate, new ReadPermission())).Succeeded) { return new ChallengeResult(); } diff --git a/src/Yavsc.Abstract/Blogspot/IBlog.cs b/src/Yavsc.Abstract/Blogspot/IBlog.cs index 9cc121a1..c9d7666d 100644 --- a/src/Yavsc.Abstract/Blogspot/IBlog.cs +++ b/src/Yavsc.Abstract/Blogspot/IBlog.cs @@ -3,11 +3,14 @@ namespace Yavsc { - public interface IBlogPost : ITrackedEntity, IIdentified, ITitle - { - string AuthorId { get; set; } + public interface IBlogPostPayLoad + { string Content { get; set; } string Photo { get; set; } - bool Visible { get; set; } + + } + public interface IBlogPost :IBlogPostPayLoad, ITrackedEntity, IIdentified, ITitle + { + string AuthorId { get; set; } } } diff --git a/src/Yavsc.Server/Helpers/UserHelpers.cs b/src/Yavsc.Server/Helpers/UserHelpers.cs index e319239d..44b88fb2 100644 --- a/src/Yavsc.Server/Helpers/UserHelpers.cs +++ b/src/Yavsc.Server/Helpers/UserHelpers.cs @@ -30,7 +30,7 @@ namespace Yavsc.Helpers { var userPosts = dbContext.BlogSpot.Include( b => b.Author - ).Where(x => ((x.AuthorId == posterId) && (x.Visible))).ToArray(); + ).Where(x => ((x.AuthorId == posterId))).ToArray(); return userPosts; } else @@ -42,8 +42,7 @@ namespace Yavsc.Helpers return dbContext.BlogSpot.Include( b => b.Author ).Include(p => p.ACL).Where(x => x.Author.Id == posterId && - (x.Visible && - (x.ACL.Count == 0 || x.ACL.Any(a => readerCirclesMemberships.Contains(a.CircleId))))); + (x.ACL.Count == 0 || x.ACL.Any(a => readerCirclesMemberships.Contains(a.CircleId)))); } diff --git a/src/Yavsc.Server/Models/Blog/BlogPost.cs b/src/Yavsc.Server/Models/Blog/BlogPost.cs index 1725678f..c866c61a 100644 --- a/src/Yavsc.Server/Models/Blog/BlogPost.cs +++ b/src/Yavsc.Server/Models/Blog/BlogPost.cs @@ -18,14 +18,14 @@ namespace Yavsc.Models.Blog { [Key(), DatabaseGenerated(DatabaseGeneratedOption.Identity)] [Display(Name="Identifiant du post")] - public long Id { get; set; } + public long Id { get; set; } [Display(Name="Identifiant de l'auteur")] [ForeignKey("Author")] - public string AuthorId { get; set; } + public string AuthorId { get; set; } [Display(Name="Auteur")] - public virtual ApplicationUser Author { set; get; } + public virtual ApplicationUser Author { set; get; } [Display(Name="Date de création")] @@ -35,7 +35,7 @@ namespace Yavsc.Models.Blog } [Display(Name="Créateur")] - public string UserCreated + public string UserCreated { get; set; } @@ -47,7 +47,7 @@ namespace Yavsc.Models.Blog } [Display(Name="Utilisateur ayant modifé le dernier")] - public string UserModified + public string UserModified { get; set; } @@ -68,7 +68,7 @@ namespace Yavsc.Models.Blog if (existent==null) Tags.Add(new BlogTag { PostId = Id, Tag = tag } ); } - public void Detag(Tag tag) + public void DeTag(Tag tag) { var existent = Tags.SingleOrDefault(t => (( t.TagId == tag.Id) && t.PostId == Id)); if (existent!=null) Tags.Remove(existent); @@ -80,10 +80,10 @@ namespace Yavsc.Models.Blog } [InverseProperty("Post")] - public virtual List Tags { get; set; } + public virtual List Tags { get; set; } [InverseProperty("Post")] - public virtual List Comments { get; set; } + public virtual List Comments { get; set; } [NotMapped] public string OwnerId => AuthorId; diff --git a/src/Yavsc.Server/ViewModels/Auth/DeletePermission.cs b/src/Yavsc.Server/ViewModels/Auth/DeletePermission.cs new file mode 100644 index 00000000..b518ab82 --- /dev/null +++ b/src/Yavsc.Server/ViewModels/Auth/DeletePermission.cs @@ -0,0 +1,12 @@ +using Microsoft.AspNetCore.Authorization; + +namespace Yavsc.ViewModels.Auth +{ + public class DeletePermission: IAuthorizationRequirement + { + public DeletePermission() + { + } + } + +} diff --git a/src/Yavsc.Server/ViewModels/Auth/EditPermission.cs b/src/Yavsc.Server/ViewModels/Auth/EditPermission.cs new file mode 100644 index 00000000..90e17500 --- /dev/null +++ b/src/Yavsc.Server/ViewModels/Auth/EditPermission.cs @@ -0,0 +1,12 @@ +using Microsoft.AspNetCore.Authorization; + +namespace Yavsc.ViewModels.Auth +{ + public class EditPermission : IAuthorizationRequirement + { + public EditPermission() + { + } + } + +} diff --git a/src/Yavsc.Server/ViewModels/Auth/EditRequirement.cs b/src/Yavsc.Server/ViewModels/Auth/EditRequirement.cs deleted file mode 100644 index 5c3a4365..00000000 --- a/src/Yavsc.Server/ViewModels/Auth/EditRequirement.cs +++ /dev/null @@ -1,26 +0,0 @@ -using Microsoft.AspNetCore.Authorization; - -namespace Yavsc.ViewModels.Auth -{ - public class EditPermission : IAuthorizationRequirement - { - public EditPermission() - { - } - } - - public class ReadPermission: IAuthorizationRequirement - { - public ReadPermission() - { - } - } - - public class DeletePermission: IAuthorizationRequirement - { - public DeletePermission() - { - } - } - -} diff --git a/src/Yavsc.Server/ViewModels/Auth/ViewRequirement.cs b/src/Yavsc.Server/ViewModels/Auth/ReadPermission.cs similarity index 53% rename from src/Yavsc.Server/ViewModels/Auth/ViewRequirement.cs rename to src/Yavsc.Server/ViewModels/Auth/ReadPermission.cs index da11800e..bf08f9b7 100644 --- a/src/Yavsc.Server/ViewModels/Auth/ViewRequirement.cs +++ b/src/Yavsc.Server/ViewModels/Auth/ReadPermission.cs @@ -2,10 +2,11 @@ using Microsoft.AspNetCore.Authorization; namespace Yavsc.ViewModels.Auth { - public class ViewRequirement : IAuthorizationRequirement + public class ReadPermission: IAuthorizationRequirement { - public ViewRequirement() + public ReadPermission() { } } + } diff --git a/src/Yavsc.Server/ViewModels/BlogSpot/BlogPostEdit.cs b/src/Yavsc.Server/ViewModels/BlogSpot/BlogPostEdit.cs new file mode 100644 index 00000000..26b3ba2b --- /dev/null +++ b/src/Yavsc.Server/ViewModels/BlogSpot/BlogPostEdit.cs @@ -0,0 +1,11 @@ +using System.ComponentModel.DataAnnotations; + +namespace Yavsc.ViewModels.Blog; + +public class BlogPostEditViewModel : BlogPostInputViewModel +{ + + [Required] + + public required long Id { get; set; } +} diff --git a/src/Yavsc.Server/ViewModels/BlogPostInputViewModel.cs b/src/Yavsc.Server/ViewModels/BlogSpot/BlogPostInputViewModel.cs similarity index 70% rename from src/Yavsc.Server/ViewModels/BlogPostInputViewModel.cs rename to src/Yavsc.Server/ViewModels/BlogSpot/BlogPostInputViewModel.cs index 20a25573..4f8a10da 100644 --- a/src/Yavsc.Server/ViewModels/BlogPostInputViewModel.cs +++ b/src/Yavsc.Server/ViewModels/BlogSpot/BlogPostInputViewModel.cs @@ -8,19 +8,18 @@ namespace Yavsc.ViewModels.Blog public class BlogPostInputViewModel { [StringLength(1024)] - public string? Photo { get; set; } + public string? Photo { get; set; } [StringLength(1024)] - public required string Title { get; set; } + public string Title { get; set; } [StringLength(56224)] - public required string Content { get; set; } - - public bool Visible { get; set; } + public string Content { get; set; } [InverseProperty("Target")] [Display(Name="Liste de contrôle d'accès")] public virtual List? ACL { get; set; } + } } diff --git a/src/Yavsc.Server/ViewModels/BlogSpot/NewPost.cs b/src/Yavsc.Server/ViewModels/BlogSpot/NewPost.cs deleted file mode 100644 index dc0d7842..00000000 --- a/src/Yavsc.Server/ViewModels/BlogSpot/NewPost.cs +++ /dev/null @@ -1,17 +0,0 @@ -using System; -using System.Collections.Generic; -using System.ComponentModel.DataAnnotations; -using System.Linq; -using System.Threading.Tasks; - -namespace Yavsc.ViewModels.BlogSpot -{ - public class NewPost - { - [Required] - public string Title{ get; set; } - - [Required] - public string Content { get; set; } - } -} diff --git a/src/Yavsc/Controllers/Communicating/BlogspotController.cs b/src/Yavsc/Controllers/Communicating/BlogspotController.cs index a3eb627e..da4259c3 100644 --- a/src/Yavsc/Controllers/Communicating/BlogspotController.cs +++ b/src/Yavsc/Controllers/Communicating/BlogspotController.cs @@ -43,12 +43,44 @@ namespace Yavsc.Controllers // GET: Blog [AllowAnonymous] - public async Task Index(string id) + public async Task Index(string id, int skip=0, int take=25) { if (!string.IsNullOrEmpty(id)) { return View("UserPosts", await UserPosts(id)); } - return View(); + IEnumerable posts; + + if (User.Identity.IsAuthenticated) + { + string viewerId = User.GetUserId(); + long[] usercircles = await _context.Circle.Include(c=>c.Members). + Where(c=>c.Members.Any(m=>m.MemberId == viewerId)) + .Select(c=>c.Id).ToArrayAsync(); + + posts = _context.BlogSpot + .Include(b => b.Author) + .Include(p=>p.ACL) + .Include(p=>p.Tags) + .Include(p=>p.Comments) + .Where(p =>(p.ACL.Count == 0) + || (p.AuthorId == viewerId) + || (usercircles != null && p.ACL.Any(a => usercircles.Contains(a.CircleId))) + ); + } + else + { + posts = _context.BlogSpot + .Include(b => b.Author) + .Include(p=>p.ACL) + .Include(p=>p.Tags) + .Include(p=>p.Comments) + .Where(p => p.ACL.Count == 0 ).ToArray(); + } + + var data = posts.OrderByDescending( p=> p.DateCreated); + var grouped = data.GroupBy(p=> p.Title).Skip(skip).Take(take); + + return View(grouped); } [Route("~/Title/{id?}")] @@ -59,7 +91,7 @@ namespace Yavsc.Controllers ViewData["Title"] = id; return View("Title", _context.BlogSpot.Include( b => b.Author - ).Where(x => x.Title == id && (x.Visible || x.AuthorId == uid )).OrderByDescending( + ).Where(x => x.Title == id && (x.AuthorId == uid )).OrderByDescending( x => x.DateCreated ).ToList()); } @@ -88,7 +120,7 @@ namespace Yavsc.Controllers { return NotFound(); } - if ( _authorizationService.AuthorizeAsync(User, blog, new ViewRequirement()).IsFaulted) + if ( _authorizationService.AuthorizeAsync(User, blog, new ReadPermission()).IsFaulted) { return new ChallengeResult(); } @@ -111,7 +143,8 @@ namespace Yavsc.Controllers [Authorize()] public IActionResult Create(string title) { - var result = new BlogPostInputViewModel{Title=title,Content=""}; + var result = new BlogPostInputViewModel{Title=title + }; ViewData["PostTarget"]="Create"; SetLangItems(); return View(result); @@ -168,7 +201,14 @@ namespace Yavsc.Controllers }  ); SetLangItems(); - return View(blog); + return View(new BlogPostEditViewModel + { + Id = blog.Id, + Title = blog.Title, + Content = blog.Content, + ACL = blog.ACL, + Photo = blog.Photo + }); } else { @@ -179,27 +219,31 @@ namespace Yavsc.Controllers // POST: Blog/Edit/5 [HttpPost] [ValidateAntiForgeryToken,Authorize()] - public IActionResult Edit(BlogPost blog) + public async Task Edit(BlogPostEditViewModel blogEdit) { if (ModelState.IsValid) { - var auth = _authorizationService.AuthorizeAsync(User, blog, new EditPermission()); - if (!auth.IsFaulted) - { - // saves the change - _context.Update(blog); - _context.SaveChanges(User.GetUserId()); - ViewData["StatusMessage"] = "Post modified"; - return RedirectToAction("Index"); + var blog = _context.BlogSpot.SingleOrDefault(b=>b.Id == blogEdit.Id); + if (blog == null) { + ModelState.AddModelError("Id", "not found"); + return View(); } - else - { + if (!(await _authorizationService.AuthorizeAsync(User, blog, new EditPermission())).Succeeded) { ViewData["StatusMessage"] = "Accès restreint"; return new ChallengeResult(); } + blog.Content=blogEdit.Content; + blog.Title = blogEdit.Title; + blog.Photo = blogEdit.Photo; + blog.ACL = blogEdit.ACL; + // saves the change + _context.Update(blog); + _context.SaveChanges(User.GetUserId()); + ViewData["StatusMessage"] = "Post modified"; + return RedirectToAction("Index"); } ViewData["PostTarget"]="Edit"; - return View(blog); + return View(blogEdit); } // GET: Blog/Delete/5 @@ -223,12 +267,12 @@ namespace Yavsc.Controllers } // POST: Blog/Delete/5 - [HttpPost, ActionName("Delete"), Authorize()] + [HttpPost, ActionName("Delete"), Authorize("IsTheAuthor")] [ValidateAntiForgeryToken] public IActionResult DeleteConfirmed(long id) { var uid = User.GetUserId(); - BlogPost blog = _context.BlogSpot.Single(m => m.Id == id && m.AuthorId == uid ); + BlogPost blog = _context.BlogSpot.Single(m => m.Id == id); _context.BlogSpot.Remove(blog); _context.SaveChanges(User.GetUserId()); diff --git a/src/Yavsc/Controllers/Contracting/EstimateController.cs b/src/Yavsc/Controllers/Contracting/EstimateController.cs index b81af756..bbcc89fc 100644 --- a/src/Yavsc/Controllers/Contracting/EstimateController.cs +++ b/src/Yavsc/Controllers/Contracting/EstimateController.cs @@ -64,7 +64,7 @@ namespace Yavsc.Controllers { return NotFound(); } - if (authorizationService.AuthorizeAsync(User, estimate, new ViewRequirement()).IsFaulted) + if (authorizationService.AuthorizeAsync(User, estimate, new ReadPermission()).IsFaulted) { return new ChallengeResult(); } diff --git a/src/Yavsc/Extensions/HostingExtensions.cs b/src/Yavsc/Extensions/HostingExtensions.cs index d86f8259..49553679 100644 --- a/src/Yavsc/Extensions/HostingExtensions.cs +++ b/src/Yavsc/Extensions/HostingExtensions.cs @@ -206,7 +206,7 @@ public static class HostingExtensions services.AddDataProtection().PersistKeysToFileSystem(dataDir); AddYavscPolicies(services); - services.AddSingleton(); + services.AddScoped(); AddAuthentication(builder); @@ -417,9 +417,8 @@ public static class HostingExtensions var smtpSettings = services.GetRequiredService>(); var payPalSettings = services.GetRequiredService>(); var googleAuthSettings = services.GetRequiredService>(); - var authorizationService = services.GetRequiredService(); var localization = services.GetRequiredService>(); - Startup.Configure(app, siteSettings, smtpSettings, authorizationService, + Startup.Configure(app, siteSettings, smtpSettings, payPalSettings, googleAuthSettings, localization, loggerFactory, app.Environment.EnvironmentName); app.ConfigureFileServerApp(); diff --git a/src/Yavsc/Extensions/PermissionHandler.cs b/src/Yavsc/Extensions/PermissionHandler.cs index f0d5615c..8ecebae2 100644 --- a/src/Yavsc/Extensions/PermissionHandler.cs +++ b/src/Yavsc/Extensions/PermissionHandler.cs @@ -23,7 +23,11 @@ public class PermissionHandler : IAuthorizationHandler { if (requirement is ReadPermission) { - if (IsOwner(context.User, context.Resource) + if (IsPublic(context.Resource)) + { + context.Succeed(requirement); + } + else if (IsOwner(context.User, context.Resource) || IsSponsor(context.User, context.Resource)) { context.Succeed(requirement); @@ -41,6 +45,16 @@ public class PermissionHandler : IAuthorizationHandler return Task.CompletedTask; } + private bool IsPublic(object? resource) + { + if (resource is BlogPost blogPost) + { + if (blogPost.ACL.Count==0) + return true; + } + return false; + } + private static bool IsOwner(ClaimsPrincipal user, object? resource) { if (resource is BlogPost blogPost) diff --git a/src/Yavsc/Helpers/AsciiDocHelpers.cs b/src/Yavsc/Helpers/AsciiDocHelpers.cs index a641960e..afdf3c68 100644 --- a/src/Yavsc/Helpers/AsciiDocHelpers.cs +++ b/src/Yavsc/Helpers/AsciiDocHelpers.cs @@ -82,19 +82,14 @@ namespace Yavsc.Helpers { if (string.IsNullOrEmpty(link.Text)) { - link.Text = $"{uri.Host}({uri.LocalPath})"; + link.Text = $"{uri.Host}({uri.LocalPath})"; } } sb.AppendFormat("{1} ", link.GetValidHRef(), link.Text); break; case "AsciiDocNet.TextLiteral": - var tl = elt as TextLiteral; - if (tl?.Attributes.Anchor!=null) - { - sb.AppendFormat("{1} ", tl.Attributes.Anchor.Id, tl.Attributes.Anchor.XRefLabel); - } - if (tl!=null) sb.Append(tl.Text); + RenderLitteral(elt, sb); break; case "AsciiDocNet.Emphasis": @@ -114,27 +109,52 @@ namespace Yavsc.Helpers sb.AppendHtml(""); break; case "AsciiDocNet.InternalAnchor": - InternalAnchor a = (InternalAnchor) elt; + InternalAnchor a = (InternalAnchor)elt; sb.AppendFormat("{1} ", a.Id, a.XRefLabel); break; case "AsciiDocNet.Subscript": - sb.AppendHtml(""); + sb.AppendHtml(""); Subscript sub = (Subscript)elt; - sub.ToHtml(sb); + RenderLitteral(sub, sb); sb.AppendHtml(""); break; case "AsciiDocNet.Superscript": - sb.AppendHtml(""); + sb.AppendHtml(""); Superscript sup = (Superscript)elt; - sup.ToHtml(sb); + RenderLitteral(sup, sb); sb.AppendHtml(""); break; + case "AsciiDocNet.Mark": + sb.AppendHtml(""); + + Mark mark = (Mark)elt; + if (mark.DoubleDelimited) + { + sb.AppendHtml(""); + RenderLitteral(mark, sb); + sb.AppendHtml(""); + } + else + RenderLitteral(mark, sb); + sb.AppendHtml(""); + break; + default: string unsupportedType = elt.GetType().FullName; throw new InvalidProgramException(unsupportedType); } } + private static void RenderLitteral(IInlineElement elt, IHtmlContentBuilder sb) + { + var tl = elt as TextLiteral; + if (tl?.Attributes.Anchor != null) + { + sb.AppendFormat("{1} ", tl.Attributes.Anchor.Id, tl.Attributes.Anchor.XRefLabel); + } + if (tl != null) sb.Append(tl.Text); + } + public static IHtmlContent ToHtml(this Document doc, int doclevel = 4) { var contentbuilder = new HtmlContentBuilder(); diff --git a/src/Yavsc/Startup.cs b/src/Yavsc/Startup.cs index 93cf5dcf..d3703ea3 100644 --- a/src/Yavsc/Startup.cs +++ b/src/Yavsc/Startup.cs @@ -13,7 +13,6 @@ public class Startup IApplicationBuilder app, IOptions siteSettings, IOptions smtpSettings, - IAuthorizationService authorizationService, IOptions payPalSettings, IOptions googleSettings, IStringLocalizer localizer, diff --git a/src/Yavsc/ViewComponents/BlogIndexViewComponent.cs b/src/Yavsc/ViewComponents/BlogIndexViewComponent.cs deleted file mode 100644 index ff66e4eb..00000000 --- a/src/Yavsc/ViewComponents/BlogIndexViewComponent.cs +++ /dev/null @@ -1,63 +0,0 @@ - -using Microsoft.AspNetCore.Mvc; -using Microsoft.EntityFrameworkCore; -using Yavsc.Models; -using Yavsc.Models.Blog; -using Yavsc.Helpers; -using System.Security.Claims; -using IdentityServer8.Extensions; - -namespace Yavsc.ViewComponents -{ - public class BlogIndexViewComponent: ViewComponent - { - private readonly ApplicationDbContext _context; - - public BlogIndexViewComponent( - ApplicationDbContext context) - { - _context = context; - } - - // Renders blog index ofr the specified user by name, - // grouped by title - public async Task InvokeAsync(int skip=0, int maxLen=25) - { - IEnumerable posts; - - if (User.IsAuthenticated()) - { - string viewerId = UserClaimsPrincipal.GetUserId(); - long[] usercircles = await _context.Circle.Include(c=>c.Members). - Where(c=>c.Members.Any(m=>m.MemberId == viewerId)) - .Select(c=>c.Id).ToArrayAsync(); - - IQueryable allposts = _context.BlogSpot - .Include(b => b.Author) - .Include(p=>p.ACL) - .Include(p=>p.Tags) - .Include(p=>p.Comments) - .Where(p => p.AuthorId == viewerId || p.Visible); - - posts = (usercircles != null) ? - allposts.Where(p=> p.ACL.Count==0 || p.ACL.Any(a => usercircles.Contains(a.CircleId))) - : allposts.Where(p => p.ACL.Count == 0); - - } - else - { - posts = _context.BlogSpot - .Include(b => b.Author) - .Include(p=>p.ACL) - .Include(p=>p.Tags) - .Include(p=>p.Comments) - .Where(p => p.Visible && p.ACL.Count == 0 ).ToArray(); - } - - var data = posts.OrderByDescending( p=> p.DateCreated); - var grouped = data.GroupBy(p=> p.Title).Skip(skip).Take(maxLen); - - return View("Default", grouped); - } - } -} diff --git a/src/Yavsc/Views/Blogspot/Create.cshtml b/src/Yavsc/Views/Blogspot/Create.cshtml index 8b3c265d..4739ea9c 100644 --- a/src/Yavsc/Views/Blogspot/Create.cshtml +++ b/src/Yavsc/Views/Blogspot/Create.cshtml @@ -56,12 +56,6 @@ -
- -
- -
-
diff --git a/src/Yavsc/Views/Blogspot/Delete.cshtml b/src/Yavsc/Views/Blogspot/Delete.cshtml index dfbdc335..bf198b8d 100644 --- a/src/Yavsc/Views/Blogspot/Delete.cshtml +++ b/src/Yavsc/Views/Blogspot/Delete.cshtml @@ -12,7 +12,7 @@
- Author"] + Author
@Model.Author @@ -47,12 +47,6 @@
@Html.DisplayFor(model => model.Title)
-
- @Html.DisplayNameFor(model => model.Visible) -
-
- @Html.DisplayFor(model => model.Visible) -
diff --git a/src/Yavsc/Views/Blogspot/Edit.cshtml b/src/Yavsc/Views/Blogspot/Edit.cshtml index 0624a5ca..1e24a005 100644 --- a/src/Yavsc/Views/Blogspot/Edit.cshtml +++ b/src/Yavsc/Views/Blogspot/Edit.cshtml @@ -1,4 +1,4 @@ -@model Yavsc.ViewModels.Blog.BlogPostInputViewModel +@model BlogPostEditViewModel @{ ViewData["Title"] = "Blog post edition"; @@ -58,11 +58,11 @@
@Model.Content
- +
- + @Html.HiddenFor(m=>m.Id)
@@ -90,12 +90,6 @@
-
- -
- -
-
@@ -118,3 +112,4 @@ Back to List
+ using Yavsc.Migrations; diff --git a/src/Yavsc/Views/Blogspot/Index.cshtml b/src/Yavsc/Views/Blogspot/Index.cshtml index cebdea12..e66ff0d7 100644 --- a/src/Yavsc/Views/Blogspot/Index.cshtml +++ b/src/Yavsc/Views/Blogspot/Index.cshtml @@ -45,5 +45,55 @@ }
- @await Component.InvokeAsync("BlogIndex") + + +@foreach (var group in Model) { + var title = group.Key ?? "@"; + string secondclass=""; + var first = group.First(); + + + @foreach (var item in group) { + var trunked = item.Content?.Length > 256; + + + + + + } +} +
+@title
+ + + @item.Content + @if (trunked) { ... } + @Html.DisplayFor(m => item.Author) + + posté le @item.DateCreated.ToString("dddd d MMM yyyy à H:mm") + @if ((item.DateModified - item.DateCreated).Minutes > 0){  + @:- Modifié le @item.DateModified.ToString("dddd d MMM yyyy à H:mm") + }) + + +
    + @if ((await AuthorizationService.AuthorizeAsync(User, item, new ReadPermission())).Succeeded) { +
  • + Details +
    • + } + else { + Details DEBUG + } + @if ((await AuthorizationService.AuthorizeAsync(User, item, new EditPermission())).Succeeded) { +
  • Edit +
    • +
  • Delete +
    • + } +
+
+ + +
diff --git a/src/Yavsc/Views/Blogspot/Title.cshtml b/src/Yavsc/Views/Blogspot/Title.cshtml index 1f02b3e5..811105ce 100644 --- a/src/Yavsc/Views/Blogspot/Title.cshtml +++ b/src/Yavsc/Views/Blogspot/Title.cshtml @@ -2,30 +2,15 @@

@ViewData["StatusMessage"]

-@if (User.IsSignedIn()) { - - -}

- Poster au même titre"] + Poster au même titre

@foreach (var item in Model) { - var trclass = (item.Visible)?"visiblepost":"hiddenpost"; - - + @@ -41,7 +26,7 @@
    - @if ((await AuthorizationService.AuthorizeAsync(User, item, new ViewRequirement())).Succeeded) { + @if ((await AuthorizationService.AuthorizeAsync(User, item, new ReadPermission())).Succeeded) {
  • Details
    • diff --git a/src/Yavsc/Views/Blogspot/userposts.cshtml b/src/Yavsc/Views/Blogspot/userposts.cshtml index 234b1652..98a94c10 100644 --- a/src/Yavsc/Views/Blogspot/userposts.cshtml +++ b/src/Yavsc/Views/Blogspot/userposts.cshtml @@ -11,7 +11,7 @@ - @@ -56,9 +53,6 @@ -
    - Author"] + Author @Html.DisplayNameFor(model => model.Content) @@ -28,9 +28,6 @@ @Html.DisplayNameFor(model => model.Title) - @Html.DisplayNameFor(model => model.Visible) -
    @Html.DisplayFor(modelItem => item.Title) - - @Html.DisplayFor(modelItem => item.Visible)
    diff --git a/src/Yavsc/Views/Shared/Components/BlogIndex/Default.cshtml b/src/Yavsc/Views/Shared/Components/BlogIndex/Default.cshtml deleted file mode 100644 index 17f8d2ac..00000000 --- a/src/Yavsc/Views/Shared/Components/BlogIndex/Default.cshtml +++ /dev/null @@ -1,66 +0,0 @@ -@model IEnumerable> - -@if (User.IsSignedIn()) { - - -} - - -@foreach (var group in Model) { - var title = group.Key ?? "@"; - string secondclass=""; - var first = group.First(); - string ftrclass = (first.Visible) ? "visiblepost" : "hiddenpost"; - - - @foreach (var item in group) { - var trclass = (item.Visible)?"visiblepost":"hiddenpost"; - var trunked = item.Content?.Length > 256; - - - - - - } -} -
    -@title
    - - - @item.Content - @if (trunked) { ... } - @Html.DisplayFor(m => item.Author) - - posté le @item.DateCreated.ToString("dddd d MMM yyyy à H:mm") - @if ((item.DateModified - item.DateCreated).Minutes > 0){  - @:- Modifié le @item.DateModified.ToString("dddd d MMM yyyy à H:mm") - }) - - -
      - @if ((await AuthorizationService.AuthorizeAsync(User, item, new ViewRequirement())).Succeeded) { -
    • - Details -
      • - } - @if ((await AuthorizationService.AuthorizeAsync(User, item, new EditPermission())).Succeeded) { -
    • Edit -
      • -
    • Delete -
      • - } -
    -
    - - diff --git a/src/Yavsc/Views/_ViewImports.cshtml b/src/Yavsc/Views/_ViewImports.cshtml index 170f5786..8b046214 100755 --- a/src/Yavsc/Views/_ViewImports.cshtml +++ b/src/Yavsc/Views/_ViewImports.cshtml @@ -13,6 +13,7 @@ @using Yavsc.Models.Access; @using Yavsc.Billing; @using Yavsc.Server.Models.Calendar; +@using Yavsc.ViewModels.Blog; @using Yavsc.ViewModels.Haircut; @using Yavsc.ViewModels.Administration; @using Yavsc.ViewModels.Account;