tsai
/
squidex
mirror of https://github.com/Squidex/squidex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Fix schema synchronizer.

pull/520/head
Sebastian 6 years ago
parent
2c4eb3f69e
commit
13304a9a4a
7 changed files with 58 additions and 30 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      backend/src/Squidex.Domain.Apps.Core.Operations/ConvertContent/ValueConverters.cs
  2. 2
      backend/src/Squidex.Domain.Apps.Core.Operations/EventSynchronization/SchemaSynchronizer.cs
  3. 13
      backend/src/Squidex.Domain.Apps.Entities/Context.cs
  4. 17
      backend/src/Squidex.Web/ContextExtensions.cs
  5. 28
      backend/src/Squidex.Web/Pipeline/AppResolver.cs
  6. 2
      backend/tests/Squidex.Domain.Apps.Core.Tests/Operations/EventSynchronization/SchemaSynchronizerTests.cs
  7. 16
      backend/tests/Squidex.Web.Tests/ApiPermissionAttributeTests.cs

10
backend/src/Squidex.Domain.Apps.Core.Operations/ConvertContent/ValueConverters.cs
View File

@ -106,11 +106,17 @@ namespace Squidex.Domain.Apps.Core.ConvertContent
if (parent != null)
{
return path.Length == 2 && path[0] == parent.Name && path[1] == field.Name;
if (path.Length == 2 && path[0] == parent.Name && path[1] == field.Name)
{
return true;
}
}
else
{
return path.Length == 1 && path[0] == field.Name;
if (path.Length == 1 && path[0] == field.Name)
{
return true;
}
}
}

2
backend/src/Squidex.Domain.Apps.Core.Operations/EventSynchronization/SchemaSynchronizer.cs
View File

@ -128,7 +128,7 @@ namespace Squidex.Domain.Apps.Core.EventSynchronization
if (canUpdate(sourceField, targetField))
{
if (!sourceField.RawProperties.Equals(targetField.RawProperties))
if (!sourceField.RawProperties.Equals(targetField.RawProperties as object))
{
yield return E(new FieldUpdated { FieldId = id, Properties = targetField.RawProperties });
}

13
backend/src/Squidex.Domain.Apps.Entities/Context.cs
View File

@ -25,7 +25,7 @@ namespace Squidex.Domain.Apps.Entities
public ClaimsPrincipal User { get; }
public ClaimsPermissions Permissions { get; private set; } = ClaimsPermissions.Empty;
public ClaimsPermissions Permissions { get; } = ClaimsPermissions.Empty;
public bool IsFrontendClient { get; private set; }
@ -35,7 +35,9 @@ namespace Squidex.Domain.Apps.Entities
User = user;
UpdatePermissions();
Permissions = User.Permissions();
IsFrontendClient = User.IsInClient(DefaultClients.Frontend);
}
public Context(ClaimsPrincipal user, IAppEntity app)
@ -49,13 +51,6 @@ namespace Squidex.Domain.Apps.Entities
return new Context(new ClaimsPrincipal(new ClaimsIdentity()));
}
public void UpdatePermissions()
{
Permissions = User.Permissions();
IsFrontendClient = User.IsInClient(DefaultClients.Frontend);
}
public Context Clone()
{
var clone = new Context(User, App);

17
backend/src/Squidex.Web/ContextExtensions.cs
View File

@ -5,29 +5,20 @@
// All rights reserved. Licensed under the MIT license.
// ==========================================================================
using System;
using Microsoft.AspNetCore.Http;
using Squidex.Domain.Apps.Entities;
using RequestContext = Squidex.Domain.Apps.Entities.Context;
namespace Squidex.Web
{
public static class ContextExtensions
{
public static Context Context(this HttpContext httpContext)
public static RequestContext Context(this HttpContext httpContext)
{
var context = httpContext.Features.Get<Context>();
var context = httpContext.Features.Get<RequestContext>();
if (context == null)
{
context = new Context(httpContext.User);
foreach (var (key, value) in httpContext.Request.Headers)
{
if (key.StartsWith("X-", StringComparison.OrdinalIgnoreCase))
{
context.Headers.Add(key, value.ToString());
}
}
context = RequestContext.Anonymous();
httpContext.Features.Set(context);
}

28
backend/src/Squidex.Web/Pipeline/AppResolver.cs
View File

@ -5,10 +5,12 @@
// All rights reserved. Licensed under the MIT license.
// ==========================================================================
using System;
using System.Linq;
using System.Security.Claims;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Squidex.Domain.Apps.Entities;
@ -69,10 +71,7 @@ namespace Squidex.Web.Pipeline
}
}
var requestContext = context.HttpContext.Context();
requestContext.App = app;
requestContext.UpdatePermissions();
var requestContext = SetContext(context.HttpContext, app);
if (!AllowAnonymous(context) && !HasPermission(appName, requestContext))
{
@ -83,10 +82,31 @@ namespace Squidex.Web.Pipeline
context.HttpContext.Features.Set<IAppFeature>(new AppFeature(app.NamedId()));
context.HttpContext.Response.Headers.Add("X-AppId", app.Id.ToString());
}
else
{
SetContext(context.HttpContext, null!);
}
await next();
}
private Context SetContext(HttpContext httpContext, IAppEntity app)
{
var requestContext = new Context(httpContext.User, app);
foreach (var (key, value) in httpContext.Request.Headers)
{
if (key.StartsWith("X-", StringComparison.OrdinalIgnoreCase))
{
requestContext.Headers.Add(key, value.ToString());
}
}
httpContext.Features.Set(requestContext);
return requestContext;
}
private static bool HasPermission(string appName, Context requestContext)
{
return requestContext.Permissions.Includes(Permissions.ForApp(Permissions.App, appName));

2
backend/tests/Squidex.Domain.Apps.Core.Tests/Operations/EventSynchronization/SchemaSynchronizerTests.cs
View File

@ -235,7 +235,7 @@ namespace Squidex.Domain.Apps.Core.Operations.EventSynchronization
[Fact]
public void Should_create_events_if_field_updated()
{
var properties = new StringFieldProperties { IsRequired = true };
var properties = new StringFieldProperties { Pattern = "a-z" };
var sourceSchema =
new Schema("source")

16
backend/tests/Squidex.Web.Tests/ApiPermissionAttributeTests.cs
View File

@ -14,6 +14,7 @@ using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Abstractions;
using Microsoft.AspNetCore.Mvc.Filters;
using Microsoft.AspNetCore.Routing;
using Squidex.Domain.Apps.Entities;
using Squidex.Infrastructure;
using Squidex.Shared;
using Squidex.Shared.Identity;
@ -66,6 +67,8 @@ namespace Squidex.Web
user.AddClaim(new Claim(SquidexClaimTypes.Permissions, "squidex.apps.my-app"));
SetContext();
var sut = new ApiPermissionAttribute(Permissions.AppSchemasCreate);
await sut.OnActionExecutionAsync(actionExecutingContext, next);
@ -82,6 +85,8 @@ namespace Squidex.Web
user.AddClaim(new Claim(SquidexClaimTypes.Permissions, "squidex.apps.my-app.schemas.my-schema"));
SetContext();
var sut = new ApiPermissionAttribute(Permissions.AppSchemasUpdate);
await sut.OnActionExecutionAsync(actionExecutingContext, next);
@ -97,6 +102,8 @@ namespace Squidex.Web
user.AddClaim(new Claim(SquidexClaimTypes.Permissions, "squidex.apps.other-app"));
SetContext();
var sut = new ApiPermissionAttribute(Permissions.AppSchemasCreate);
await sut.OnActionExecutionAsync(actionExecutingContext, next);
@ -110,6 +117,8 @@ namespace Squidex.Web
{
user.AddClaim(new Claim(SquidexClaimTypes.Permissions, "squidex.apps.other-app"));
SetContext();
var sut = new ApiPermissionAttribute(Permissions.AppSchemasCreate);
await sut.OnActionExecutionAsync(actionExecutingContext, next);
@ -121,6 +130,8 @@ namespace Squidex.Web
[Fact]
public async Task Should_return_forbidden_when_user_has_no_permission()
{
SetContext();
var sut = new ApiPermissionAttribute(Permissions.AppSchemasCreate);
await sut.OnActionExecutionAsync(actionExecutingContext, next);
@ -128,5 +139,10 @@ namespace Squidex.Web
Assert.Equal(403, (actionExecutingContext.Result as StatusCodeResult)?.StatusCode);
Assert.False(isNextCalled);
}
private void SetContext()
{
actionExecutingContext.HttpContext.Features.Set(new Context(new ClaimsPrincipal(actionExecutingContext.HttpContext.User)));
}
}
}

Write Preview
Loading…
Cancel
Save