notazof
/
yavsc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixe l'accès en lecture anonyme des blogs

main
Paul Schneider 9 years ago
parent 1a1f9a235f
commit c1eec94680
6 changed files with 34 additions and 31 deletions
Show Stats Download Patch File Download Diff File

20
Yavsc/ApiControllers/PdfEstimateController.cs
Unescape Escape View File

@ -2,23 +2,23 @@ using System.IO;
using Microsoft.AspNet.Authorization; using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc; using Microsoft.AspNet.Mvc;
using System.Web.Routing; using System.Web.Routing;
namespace Yavsc.ApiControllers
{
using Models;
using Helpers;
using System.Linq; using System.Linq;
using Microsoft.Data.Entity; using Microsoft.Data.Entity;
using System.Threading.Tasks; using System.Threading.Tasks;
using Microsoft.Extensions.Logging; using Microsoft.Extensions.Logging;
using System;
using System.Security.Claims;
using Microsoft.Extensions.Localization; using Microsoft.Extensions.Localization;
using Yavsc.Services;
using Yavsc.Models.Messaging;
using Yavsc.ViewModels;
using Microsoft.Extensions.OptionsModel; using Microsoft.Extensions.OptionsModel;
using System;
using System.Security.Claims;
namespace Yavsc.ApiControllers
{
using Models;
using Helpers;
using Services;
using Models.Messaging;
using ViewModels.Auth;
[Route("api/pdfestimate"), Authorize] [Route("api/pdfestimate"), Authorize]
public class PdfEstimateController : Controller public class PdfEstimateController : Controller
{ {

1
Yavsc/Controllers/BlogspotController.cs
Unescape Escape View File

@ -11,7 +11,6 @@ using Microsoft.Extensions.OptionsModel;
using Yavsc.Models; using Yavsc.Models;
using Yavsc.ViewModels.Auth; using Yavsc.ViewModels.Auth;
using Microsoft.AspNet.Mvc.Rendering; using Microsoft.AspNet.Mvc.Rendering;
using Yavsc.ViewModels;
// For more information on enabling Web API for empty projects, visit http://go.microsoft.com/fwlink/?LinkID=397860 // For more information on enabling Web API for empty projects, visit http://go.microsoft.com/fwlink/?LinkID=397860

2
Yavsc/Controllers/EstimateController.cs
Unescape Escape View File

@ -16,7 +16,7 @@ namespace Yavsc.Controllers
using Models; using Models;
using Models.Billing; using Models.Billing;
using Models.Workflow; using Models.Workflow;
using ViewModels; using ViewModels.Auth;
[Authorize] [Authorize]
public class EstimateController : Controller public class EstimateController : Controller
{ {

35
Yavsc/ViewModels/Auth/Handlers/BlogViewHandler.cs
Unescape Escape View File

@ -9,25 +9,26 @@ namespace Yavsc.ViewModels.Auth.Handlers
{ {
protected override void Handle(AuthorizationContext context, ViewRequirement requirement, Blog resource) protected override void Handle(AuthorizationContext context, ViewRequirement requirement, Blog resource)
{ {
if (context.User.IsInRole(Constants.BlogModeratorGroupName) bool ok=false;
|| context.User.IsInRole(Constants.AdminGroupName)) if (resource.Visible) {
context.Succeed(requirement);
else if (context.User.Identity.IsAuthenticated)
if (resource.AuthorId == context.User.GetUserId())
context.Succeed(requirement);
else if (resource.Visible) {
if (resource.ACL==null) if (resource.ACL==null)
context.Succeed(requirement); ok=true;
else if (resource.ACL.Count>0) else if (resource.ACL.Count==0) ok=true;
{ else {
var uid = context.User.GetUserId(); if (context.User.IsSignedIn()) {
if (resource.ACL.Any(a=>a.Allowed!=null && a.Allowed.Members.Any(m=>m.MemberId == uid ))) var uid = context.User.GetUserId();
context.Succeed(requirement); if (resource.ACL.Any(a=>a.Allowed!=null && a.Allowed.Members.Any(m=>m.MemberId == uid )))
else context.Fail(); ok=true;
}
} }
else context.Succeed(requirement); }
} if (ok) context.Succeed(requirement);
else context.Fail(); else {
if (context.User.IsInRole(Constants.AdminGroupName) ||
context.User.IsInRole(Constants.BlogModeratorGroupName))
context.Succeed(requirement);
else context.Fail();
}
} }
} }
} }

2
Yavsc/ViewModels/ViewRequirement.cs → Yavsc/ViewModels/Auth/ViewRequirement.cs
Unescape Escape View File

@ -1,6 +1,6 @@
using Microsoft.AspNet.Authorization; using Microsoft.AspNet.Authorization;
namespace Yavsc.ViewModels namespace Yavsc.ViewModels.Auth
{ {
public class ViewRequirement : IAuthorizationRequirement public class ViewRequirement : IAuthorizationRequirement
{ {

5
Yavsc/Views/Blogspot/Index.cshtml
Unescape Escape View File

@ -50,8 +50,11 @@
</td> </td>
<td> <td>
<ul class="actiongroup"> <ul class="actiongroup">
<li><a asp-action="Details" asp-route-id="@item.Id">Details</a> @if (await AuthorizationService.AuthorizeAsync(User, item, new ViewRequirement())) {
<li>
<a asp-action="Details" asp-route-id="@item.Id">Details</a>
</li> </li>
}
@if (await AuthorizationService.AuthorizeAsync(User, item, new EditRequirement())) { @if (await AuthorizationService.AuthorizeAsync(User, item, new EditRequirement())) {
<li><a asp-action="Edit" asp-route-id="@item.Id">@SR["Edit"]</a> <li><a asp-action="Edit" asp-route-id="@item.Id">@SR["Edit"]</a>
</li> </li>

Write Preview
Loading…