notazof
/
yavsc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixe l'accès en lecture anonyme des blogs

main
Paul Schneider 9 years ago
parent 1a1f9a235f
commit c1eec94680
6 changed files with 34 additions and 31 deletions
Show Stats Download Patch File Download Diff File

20
Yavsc/ApiControllers/PdfEstimateController.cs
Unescape Escape View File

@ -2,23 +2,23 @@ using System.IO;
using Microsoft.AspNet.Authorization;
using Microsoft.AspNet.Mvc;
using System.Web.Routing;
namespace Yavsc.ApiControllers
{
using Models;
using Helpers;
using System.Linq;
using Microsoft.Data.Entity;
using System.Threading.Tasks;
using Microsoft.Extensions.Logging;
using System;
using System.Security.Claims;
using Microsoft.Extensions.Localization;
using Yavsc.Services;
using Yavsc.Models.Messaging;
using Yavsc.ViewModels;
using Microsoft.Extensions.OptionsModel;
using System;
using System.Security.Claims;
namespace Yavsc.ApiControllers
{
using Models;
using Helpers;
using Services;
using Models.Messaging;
using ViewModels.Auth;
[Route("api/pdfestimate"), Authorize]
public class PdfEstimateController : Controller
{

1
Yavsc/Controllers/BlogspotController.cs
Unescape Escape View File

@ -11,7 +11,6 @@ using Microsoft.Extensions.OptionsModel;
using Yavsc.Models;
using Yavsc.ViewModels.Auth;
using Microsoft.AspNet.Mvc.Rendering;
using Yavsc.ViewModels;
// For more information on enabling Web API for empty projects, visit http://go.microsoft.com/fwlink/?LinkID=397860

2
Yavsc/Controllers/EstimateController.cs
Unescape Escape View File

@ -16,7 +16,7 @@ namespace Yavsc.Controllers
using Models;
using Models.Billing;
using Models.Workflow;
using ViewModels;
using ViewModels.Auth;
[Authorize]
public class EstimateController : Controller
{

33
Yavsc/ViewModels/Auth/Handlers/BlogViewHandler.cs
Unescape Escape View File

@ -9,25 +9,26 @@ namespace Yavsc.ViewModels.Auth.Handlers
{
protected override void Handle(AuthorizationContext context, ViewRequirement requirement, Blog resource)
{
if (context.User.IsInRole(Constants.BlogModeratorGroupName)
|| context.User.IsInRole(Constants.AdminGroupName))
context.Succeed(requirement);
else if (context.User.Identity.IsAuthenticated)
if (resource.AuthorId == context.User.GetUserId())
context.Succeed(requirement);
else if (resource.Visible) {
bool ok=false;
if (resource.Visible) {
if (resource.ACL==null)
context.Succeed(requirement);
else if (resource.ACL.Count>0)
{
var uid = context.User.GetUserId();
if (resource.ACL.Any(a=>a.Allowed!=null && a.Allowed.Members.Any(m=>m.MemberId == uid )))
context.Succeed(requirement);
else context.Fail();
ok=true;
else if (resource.ACL.Count==0) ok=true;
else {
if (context.User.IsSignedIn()) {
var uid = context.User.GetUserId();
if (resource.ACL.Any(a=>a.Allowed!=null && a.Allowed.Members.Any(m=>m.MemberId == uid )))
ok=true;
}
}
else context.Succeed(requirement);
}
else context.Fail();
if (ok) context.Succeed(requirement);
else {
if (context.User.IsInRole(Constants.AdminGroupName) ||
context.User.IsInRole(Constants.BlogModeratorGroupName))
context.Succeed(requirement);
else context.Fail();
}
}
}
}

2
Yavsc/ViewModels/ViewRequirement.cs → Yavsc/ViewModels/Auth/ViewRequirement.cs
Unescape Escape View File

@ -1,6 +1,6 @@
using Microsoft.AspNet.Authorization;
namespace Yavsc.ViewModels
namespace Yavsc.ViewModels.Auth
{
public class ViewRequirement : IAuthorizationRequirement
{

5
Yavsc/Views/Blogspot/Index.cshtml
Unescape Escape View File

@ -50,8 +50,11 @@
</td>
<td>
<ul class="actiongroup">
<li><a asp-action="Details" asp-route-id="@item.Id">Details</a>
@if (await AuthorizationService.AuthorizeAsync(User, item, new ViewRequirement())) {
<li>
<a asp-action="Details" asp-route-id="@item.Id">Details</a>
</li>
}
@if (await AuthorizationService.AuthorizeAsync(User, item, new EditRequirement())) {
<li><a asp-action="Edit" asp-route-id="@item.Id">@SR["Edit"]</a>
</li>

Write Preview
Loading…