paul/yavsc
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ui for fs acl by circle

Browse Source
This commit is contained in:
Paul Schneider
2019-08-05 06:18:38 +02:00
parent 40c9c9bba9
commit afb5554425
11 changed files with 323 additions and 21 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Yavsc.Server/Constants.cs
View File

@ -8,6 +8,7 @@ namespace Yavsc
public const string ApplicationName = "Yavsc", public const string ApplicationName = "Yavsc",
CompanyClaimType = "https://schemas.pschneider.fr/identity/claims/Company", CompanyClaimType = "https://schemas.pschneider.fr/identity/claims/Company",
UserNameRegExp = @"^[a-zA-Z][a-zA-Z0-9._-]*$", UserNameRegExp = @"^[a-zA-Z][a-zA-Z0-9._-]*$",
UserFileNamePatternRegExp = @"^([a-zA-Z0-9._-]*/)*[a-zA-Z0-9._-]+$",
AuthorizePath = "~/authorize", AuthorizePath = "~/authorize",
TokenPath = "~/token", TokenPath = "~/token",
LoginPath = "~/signin", LoginPath = "~/signin",

4
src/Yavsc.Server/Models/Access/CircleAuthorizationToFile.cs
View File

@ -2,12 +2,14 @@ using System.ComponentModel.DataAnnotations;
using System.ComponentModel.DataAnnotations.Schema; using System.ComponentModel.DataAnnotations.Schema;
using Newtonsoft.Json; using Newtonsoft.Json;
using Yavsc.Abstract.Identity.Security; using Yavsc.Abstract.Identity.Security;
using Yavsc.Attributes.Validation;
using Yavsc.Models.Relationship; using Yavsc.Models.Relationship;
namespace Yavsc.Server.Models.Access namespace Yavsc.Server.Models.Access
{ {
public class CircleAuthorizationToFile : ICircleAuthorization public class CircleAuthorizationToFile : ICircleAuthorization
{ {
[Required] [Required]
public long CircleId public long CircleId
{ {
@ -15,6 +17,8 @@ namespace Yavsc.Server.Models.Access
} }
[Required] [Required]
[YaStringLength(48)]
[YaRegularExpression(Constants.UserFileNamePatternRegExp)]
public string FullPath public string FullPath
{ {
get; set; get; set;

29
src/Yavsc/Controllers/Communicating/CircleController.cs
View File

@ -1,4 +1,5 @@
using System.Linq;
using System.Security.Claims; using System.Security.Claims;
using System.Threading.Tasks; using System.Threading.Tasks;
using Microsoft.AspNet.Mvc; using Microsoft.AspNet.Mvc;
@ -20,7 +21,7 @@ namespace Yavsc.Controllers
// GET: Circle // GET: Circle
public async Task<IActionResult> Index() public async Task<IActionResult> Index()
{ {
return View(await _context.Circle.ToListAsync()); return View(await _context.Circle.Where(c=>c.OwnerId==User.GetUserId()).ToListAsync());
} }
// GET: Circle/Details/5 // GET: Circle/Details/5
@ -36,14 +37,15 @@ namespace Yavsc.Controllers
{ {
return HttpNotFound(); return HttpNotFound();
} }
var uid = User.GetUserId();
if (uid != circle.OwnerId) return this.HttpUnauthorized();
return View(circle); return View(circle);
} }
// GET: Circle/Create // GET: Circle/Create
public IActionResult Create() public IActionResult Create()
{ {
return View(); return View(new Circle { OwnerId = User.GetUserId() } );
} }
// POST: Circle/Create // POST: Circle/Create
@ -51,10 +53,14 @@ namespace Yavsc.Controllers
[ValidateAntiForgeryToken] [ValidateAntiForgeryToken]
public async Task<IActionResult> Create(Circle circle) public async Task<IActionResult> Create(Circle circle)
{ {
var uid = User.GetUserId();
if (ModelState.IsValid) if (ModelState.IsValid)
{ {
if (uid != circle.OwnerId)
return this.HttpUnauthorized();
_context.Circle.Add(circle); _context.Circle.Add(circle);
await _context.SaveChangesAsync(User.GetUserId()); await _context.SaveChangesAsync(uid);
return RedirectToAction("Index"); return RedirectToAction("Index");
} }
return View(circle); return View(circle);
@ -69,10 +75,14 @@ namespace Yavsc.Controllers
} }
Circle circle = await _context.Circle.SingleAsync(m => m.Id == id); Circle circle = await _context.Circle.SingleAsync(m => m.Id == id);
if (circle == null) if (circle == null)
{ {
return HttpNotFound(); return HttpNotFound();
} }
var uid = User.GetUserId();
if (uid != circle.OwnerId)
return this.HttpUnauthorized();
return View(circle); return View(circle);
} }
@ -81,10 +91,13 @@ namespace Yavsc.Controllers
[ValidateAntiForgeryToken] [ValidateAntiForgeryToken]
public async Task<IActionResult> Edit(Circle circle) public async Task<IActionResult> Edit(Circle circle)
{ {
if (ModelState.IsValid) if (ModelState.IsValid)
{ {
var uid = User.GetUserId();
if (uid != circle.OwnerId) return this.HttpUnauthorized();
_context.Update(circle); _context.Update(circle);
await _context.SaveChangesAsync(User.GetUserId()); await _context.SaveChangesAsync(uid);
return RedirectToAction("Index"); return RedirectToAction("Index");
} }
return View(circle); return View(circle);
@ -104,6 +117,8 @@ namespace Yavsc.Controllers
{ {
return HttpNotFound(); return HttpNotFound();
} }
var uid = User.GetUserId();
if (uid != circle.OwnerId) return this.HttpUnauthorized();
return View(circle); return View(circle);
} }
@ -114,8 +129,10 @@ namespace Yavsc.Controllers
public async Task<IActionResult> DeleteConfirmed(long id) public async Task<IActionResult> DeleteConfirmed(long id)
{ {
Circle circle = await _context.Circle.SingleAsync(m => m.Id == id); Circle circle = await _context.Circle.SingleAsync(m => m.Id == id);
var uid = User.GetUserId();
if (uid != circle.OwnerId) return this.HttpUnauthorized();
_context.Circle.Remove(circle); _context.Circle.Remove(circle);
await _context.SaveChangesAsync(User.GetUserId()); await _context.SaveChangesAsync(uid);
return RedirectToAction("Index"); return RedirectToAction("Index");
} }
} }

121
src/Yavsc/Controllers/Communicating/MyFSRulesController.cs Normal file
View File

@ -0,0 +1,121 @@
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using Microsoft.AspNet.Mvc.Rendering;
using Microsoft.Data.Entity;
using Microsoft.Extensions.Logging;
using Yavsc.Models;
using Yavsc.Server.Models.Access;
namespace Yavsc.Controllers
{
[Authorize()]
public class MyFSRulesController : Controller
{
private ApplicationDbContext _context;
private ILogger _logger;
public MyFSRulesController(ApplicationDbContext context,
ILoggerFactory loggerFactory)
{
_context = context;
_logger = loggerFactory.CreateLogger<MyFSRulesController>();
}
// GET: MyFSRules
public async Task<IActionResult> Index()
{
var applicationDbContext = _context.CircleAuthorizationToFile.Include(c => c.Circle)
.Where (m=>m.Circle.OwnerId == User.GetUserId());
return View(await applicationDbContext.ToListAsync());
}
// GET: MyFSRules/Details/5
public async Task<IActionResult> Details(long circleId, string fullPath)
{
var uid = User.GetUserId();
_logger.LogInformation($"Searching fsa for {uid} :\n {circleId}/{fullPath}");
CircleAuthorizationToFile circleAuthorizationToFile =
await _context.CircleAuthorizationToFile
.Include(m=>m.Circle)
.SingleOrDefaultAsync(m => ((m.CircleId == circleId) && (m.FullPath == fullPath) &&
(m.Circle.OwnerId == uid)));
if (circleAuthorizationToFile == null)
{
return HttpNotFound();
}
return View(circleAuthorizationToFile);
}
// GET: MyFSRules/Create
public IActionResult Create()
{
var uid = User.GetUserId();
var userCircles = _context.Circle.Where(c=>c.OwnerId == uid);
ViewBag.CircleId = new SelectList(userCircles, "Id", "Name");
var uccount = userCircles.Count();
_logger.LogInformation($"User circle count : {uccount}");
return View();
}
// POST: MyFSRules/Create
[HttpPost]
[ValidateAntiForgeryToken]
public async Task<IActionResult> Create(CircleAuthorizationToFile circleAuthorizationToFile)
{
var uid = User.GetUserId();
if (ModelState.IsValid)
{
// refuse to allow files to other circle than user's ones.
var circle = await _context.Circle.SingleOrDefaultAsync(c=>c.Id==circleAuthorizationToFile.CircleId);
if (circle.OwnerId != uid) return this.HttpUnauthorized();
_context.CircleAuthorizationToFile.Add(circleAuthorizationToFile);
await _context.SaveChangesAsync();
return RedirectToAction("Index");
}
var userCircles = _context.Circle.Where(c=>c.OwnerId == uid);
ViewBag.CircleId = new SelectList(userCircles, "Id", "Name");
return View(circleAuthorizationToFile);
}
// GET: MyFSRules/Delete/5
[ActionName("Delete")]
public async Task<IActionResult> Delete(long circleId, string fullPath)
{
var uid = User.GetUserId();
CircleAuthorizationToFile circleAuthorizationToFile =
await _context.CircleAuthorizationToFile
.Include(a=>a.Circle).SingleOrDefaultAsync(m => m.CircleId == circleId && m.FullPath == fullPath);
if (circleAuthorizationToFile == null)
{
return HttpNotFound();
}
if (circleAuthorizationToFile.Circle.OwnerId != uid) return HttpUnauthorized();
return View(circleAuthorizationToFile);
}
// POST: MyFSRules/Delete/5
[HttpPost, ActionName("Delete")]
[ValidateAntiForgeryToken]
public async Task<IActionResult> DeleteConfirmed(long circleId, string fullPath)
{
var uid = User.GetUserId();
CircleAuthorizationToFile circleAuthorizationToFile =
await _context.CircleAuthorizationToFile
.Include(a=> a.Circle)
.SingleOrDefaultAsync(m => m.CircleId == circleId && m.FullPath == fullPath);
if (circleAuthorizationToFile == null)
{
return HttpNotFound();
}
if (circleAuthorizationToFile.Circle.OwnerId != uid) return HttpUnauthorized();
_context.CircleAuthorizationToFile.Remove(circleAuthorizationToFile);
await _context.SaveChangesAsync();
return RedirectToAction("Index");
}
}
}

9
src/Yavsc/Views/Circle/Create.cshtml
View File

@ -11,6 +11,8 @@
<h4>Circle</h4> <h4>Circle</h4>
<hr /> <hr />
<div asp-validation-summary="ValidationSummary.ModelOnly" class="text-danger"></div> <div asp-validation-summary="ValidationSummary.ModelOnly" class="text-danger"></div>
<span asp-validation-for="OwnerId" class="text-danger" ></span>
<input asp-for="OwnerId" type="hidden" />
<div class="form-group"> <div class="form-group">
<label asp-for="Name" class="col-md-2 control-label"></label> <label asp-for="Name" class="col-md-2 control-label"></label>
<div class="col-md-10"> <div class="col-md-10">
@ -18,13 +20,6 @@
<span asp-validation-for="Name" class="text-danger" ></span> <span asp-validation-for="Name" class="text-danger" ></span>
</div> </div>
</div> </div>
<div class="form-group">
<label asp-for="OwnerId" class="col-md-2 control-label"></label>
<div class="col-md-10">
<input asp-for="OwnerId" class="form-control" />
<span asp-validation-for="OwnerId" class="text-danger" ></span>
</div>
</div>
<div class="form-group"> <div class="form-group">
<div class="col-md-offset-2 col-md-10"> <div class="col-md-offset-2 col-md-10">
<input type="submit" value="Create" class="btn btn-default" /> <input type="submit" value="Create" class="btn btn-default" />

6
src/Yavsc/Views/Circle/Index.cshtml
View File

@ -14,9 +14,6 @@
<th> <th>
@Html.DisplayNameFor(model => model.Name) @Html.DisplayNameFor(model => model.Name)
</th> </th>
<th>
@Html.DisplayNameFor(model => model.OwnerId)
</th>
<th></th> <th></th>
</tr> </tr>
@ -25,9 +22,6 @@
<td> <td>
@Html.DisplayFor(modelItem => item.Name) @Html.DisplayFor(modelItem => item.Name)
</td> </td>
<td>
@Html.DisplayFor(modelItem => item.OwnerId)
</td>
<td> <td>
<a asp-action="Edit" asp-route-id="@item.Id">Edit</a> | <a asp-action="Edit" asp-route-id="@item.Id">Edit</a> |
<a asp-action="Details" asp-route-id="@item.Id">Details</a> | <a asp-action="Details" asp-route-id="@item.Id">Details</a> |

43
src/Yavsc/Views/MyFSRules/Create.cshtml Normal file
View File

@ -0,0 +1,43 @@
@model Yavsc.Server.Models.Access.CircleAuthorizationToFile
@{
ViewData["Title"] = "Create";
}
<h2>Create</h2>
<form asp-action="Create">
<div class="form-horizontal">
<h4>CircleAuthorizationToFile</h4>
<hr />
<div asp-validation-summary="ValidationSummary.ModelOnly" class="text-danger"></div>
<div class="form-group">
<label asp-for="FullPath" class="col-md-2 control-label"></label>
<div class="col-md-10">
<input asp-for="FullPath" class="form-control" />
<span asp-validation-for="FullPath" class="text-danger" ></span>
</div>
</div>
<div class="form-group">
<label asp-for="CircleId" class="col-md-2 control-label"></label>
<div class="col-md-10">
<select asp-for="CircleId"
class="form-control" asp-items="@ViewBag.CircleId" >
</select>
<span asp-validation-for="CircleId" class="text-danger" ></span>
</div>
</div>
<div class="form-group">
<div class="col-md-offset-2 col-md-10">
<input type="submit" value="Create" class="btn btn-default" />
</div>
</div>
</div>
</form>
<div>
<a asp-action="Index">Back to List</a>
</div>

30
src/Yavsc/Views/MyFSRules/Delete.cshtml Normal file
View File

@ -0,0 +1,30 @@
@model Yavsc.Server.Models.Access.CircleAuthorizationToFile
@{
ViewData["Title"] = "Delete";
}
<h2>Delete</h2>
<h3>Are you sure you want to delete this?</h3>
<div>
<h4>CircleAuthorizationToFile</h4>
<hr />
<dl class="dl-horizontal">
</dl>
<form asp-action="Delete">
<div class="form-actions no-color">
<dl class="dl-horizontal">
<dt><label >@SR["Circle"]</label></dt>
<dd>@Model.Circle.Name</dd>
<dt><label asp-for="FullPath" ></label></dt>
<dd>@Model.FullPath</dd>
</dl>
<input type="hidden" asp-for="FullPath" />
<input type="hidden" asp-for="CircleId" />
<input type="submit" value="Delete" class="btn btn-default" /> |
<a asp-action="Index">Back to List</a>
</div>
</form>
</div>

24
src/Yavsc/Views/MyFSRules/Details.cshtml Normal file
View File

@ -0,0 +1,24 @@
@model Yavsc.Server.Models.Access.CircleAuthorizationToFile
@{
ViewData["Title"] = "Details";
}
<h2>@SR["Details"]</h2>
<div>
<h4>@SR["CircleAuthorizationToFile"]</h4>
<hr />
<dl class="dl-horizontal">
<dt><label >@SR["Circle"]</label></dt>
<dd>@Model.Circle.Name</dd>
<dt><label asp-for="FullPath" ></label></dt>
<dd>@Model.FullPath</dd>
</dl>
</dl>
</div>
<p>
@Html.ActionLink("Edit", "Edit", new { circleId=Model.CircleId, fullPath=Model.FullPath }) |
<a asp-action="Index">@SR["Back to List"]</a>
</p>

44
src/Yavsc/Views/MyFSRules/Edit.cshtml Normal file
View File

@ -0,0 +1,44 @@
@model Yavsc.Server.Models.Access.CircleAuthorizationToFile
@{
ViewData["Title"] = "Edit";
}
<h2>Edit</h2>
<form asp-action="Edit">
<div class="form-horizontal">
<h4>@SR["Autorisation au fichier"]</h4>
<hr />
<div asp-validation-summary="ValidationSummary.ModelOnly" class="text-danger"></div>
<input type="hidden" asp-for="FullPath" />
<input type="hidden" name="oldcid" value="@Model.CircleId" />
<div class="form-group">
<label asp-for="FullPath" class="col-md-2 control-label"></label>
<div class="col-md-10">
@Html.DisplayFor(m=>m.FullPath)
<span asp-validation-for="FullPath" class="text-danger" ></span>
</div>
</div>
<div class="form-group">
<label asp-for="CircleId" class="col-md-2 control-label"></label>
<div class="col-md-10">
<select asp-for="CircleId"
class="form-control" asp-items="@ViewBag.CircleId" >
</select>
<span asp-validation-for="CircleId" class="text-danger" ></span>
</div>
</div>
<div class="form-group">
<div class="col-md-offset-2 col-md-10">
<input type="submit" value="Save" class="btn btn-default" />
</div>
</div>
</div>
</form>
<div>
<a asp-action="Index">Back to List</a>
</div>

29
src/Yavsc/Views/MyFSRules/Index.cshtml Normal file
View File

@ -0,0 +1,29 @@
@model IEnumerable<Yavsc.Server.Models.Access.CircleAuthorizationToFile>
@{
ViewData["Title"] = "Index";
}
<h2>Index</h2>
<p>
<a asp-action="Create">Create New</a>
</p>
<table class="table">
<tr>
<th>@SR["Circle"]</th>
<th>@SR["Path"]</th>
<th></th>
</tr>
@foreach (var item in Model) {
<tr>
<td>@item.Circle.Name</td>
<td>@item.FullPath</td>
<td>
@Html.ActionLink("Details", "Details", new { circleId=item.CircleId, fullPath=item.FullPath }) |
@Html.ActionLink("Delete", "Delete", new { circleId=item.CircleId, fullPath=item.FullPath })
</td>
</tr>
}
</table>