Protected assets. (#470)

* Protected assets.
6 years ago · 4455baf848
27 changed files with 140 additions and 15 deletions
--- a/backend/src/Squidex.Domain.Apps.Entities.MongoDb/Assets/MongoAssetEntity.cs
+++ b/backend/src/Squidex.Domain.Apps.Entities.MongoDb/Assets/MongoAssetEntity.cs
@ -89,6 +89,10 @@ namespace Squidex.Domain.Apps.Entities.MongoDb.Assets
        [BsonElement("td")]
        public HashSet<string> Tags { get; set; }
        [BsonIgnoreIfDefault]
        [BsonElement("pt")]
        public bool IsProtected { get; set; }
        [BsonRequired]
        [BsonElement("dl")]
        public bool IsDeleted { get; set; }
--- a/backend/src/Squidex.Domain.Apps.Entities/Assets/AssetEntity.cs
+++ b/backend/src/Squidex.Domain.Apps.Entities/Assets/AssetEntity.cs
@ -49,6 +49,8 @@ namespace Squidex.Domain.Apps.Entities.Assets
        public long FileVersion { get; set; }
        public bool IsProtected { get; set; }
        public bool IsDeleted { get; set; }
        public AssetMetadata Metadata { get; set; }
--- a/backend/src/Squidex.Domain.Apps.Entities/Assets/Commands/AnnotateAsset.cs
+++ b/backend/src/Squidex.Domain.Apps.Entities/Assets/Commands/AnnotateAsset.cs
@ -16,8 +16,10 @@ namespace Squidex.Domain.Apps.Entities.Assets.Commands
        public string? Slug { get; set; }
        public bool? IsProtected { get; set; }
        public HashSet<string> Tags { get; set; }
-        public AssetMetadata Metadata { get; set; }
+        public AssetMetadata? Metadata { get; set; }
    }
 }
--- a/backend/src/Squidex.Domain.Apps.Entities/Assets/Guards/GuardAsset.cs
+++ b/backend/src/Squidex.Domain.Apps.Entities/Assets/Guards/GuardAsset.cs
@ -19,18 +19,20 @@ namespace Squidex.Domain.Apps.Entities.Assets.Guards
        {
            Guard.NotNull(command);
-            Validate.It(() => "Cannot rename asset.", e =>
+            Validate.It(() => "Cannot annotate asset.", e =>
            {
                if (string.IsNullOrWhiteSpace(command.FileName) &&
                    string.IsNullOrWhiteSpace(command.Slug) &&
-                    command.Tags == null &&
+                    command.IsProtected == null &&
-                    command.Metadata == null)
+                    command.Metadata == null &&
                    command.Tags == null)
                {
-                   e("Either file name, slug, tags or metadata must be defined.",
+                   e("At least one property must be defined.",
                       nameof(command.FileName),
                       nameof(command.IsProtected),
                       nameof(command.Metadata),
                       nameof(command.Slug),
-                       nameof(command.Tags),
+                       nameof(command.Tags));
                       nameof(command.Metadata));
                }
            });
        }
--- a/backend/src/Squidex.Domain.Apps.Entities/Assets/IAssetEntity.cs
+++ b/backend/src/Squidex.Domain.Apps.Entities/Assets/IAssetEntity.cs
@ -25,6 +25,8 @@ namespace Squidex.Domain.Apps.Entities.Assets
        string MimeType { get; }
        bool IsProtected { get; }
        long FileVersion { get; }
    }
 }
--- a/backend/src/Squidex.Domain.Apps.Entities/Assets/State/AssetState.cs
+++ b/backend/src/Squidex.Domain.Apps.Entities/Assets/State/AssetState.cs
@ -48,6 +48,9 @@ namespace Squidex.Domain.Apps.Entities.Assets.State
        [DataMember]
        public long TotalSize { get; set; }
        [DataMember]
        public bool IsProtected { get; set; }
        [DataMember]
        public HashSet<string> Tags { get; set; }
@ -120,6 +123,13 @@ namespace Squidex.Domain.Apps.Entities.Assets.State
                            hasChanged = true;
                        }
                        if (Is.OptionalChange(IsProtected, e.IsProtected))
                        {
                            IsProtected = e.IsProtected.Value;
                            hasChanged = true;
                        }
                        if (Is.OptionalChange(Tags, e.Tags))
                        {
                            Tags = e.Tags;
--- a/backend/src/Squidex.Domain.Apps.Entities/Contents/GraphQL/Types/AssetGraphType.cs
+++ b/backend/src/Squidex.Domain.Apps.Entities/Contents/GraphQL/Types/AssetGraphType.cs
@ -140,6 +140,14 @@ namespace Squidex.Domain.Apps.Entities.Contents.GraphQL.Types
                Description = "The file name as slug."
            });
            AddField(new FieldType
            {
                Name = "isProtected",
                ResolvedType = AllTypes.NonNullBoolean,
                Resolver = Resolve(x => x.IsProtected),
                Description = "True, when the asset is not public."
            });
            AddField(new FieldType
            {
                Name = "isImage",
--- a/backend/src/Squidex.Domain.Apps.Events/Assets/AssetAnnotated.cs
+++ b/backend/src/Squidex.Domain.Apps.Events/Assets/AssetAnnotated.cs
@ -14,9 +14,11 @@ namespace Squidex.Domain.Apps.Events.Assets
    [EventType(nameof(AssetAnnotated))]
    public sealed class AssetAnnotated : AssetEvent
    {
-        public string FileName { get; set; }
+        public string? FileName { get; set; }
-        public string Slug { get; set; }
+        public string? Slug { get; set; }
        public bool? IsProtected { get; set; }
        public AssetMetadata? Metadata { get; set; }
--- a/backend/src/Squidex.Infrastructure/Commands/Is.cs
+++ b/backend/src/Squidex.Infrastructure/Commands/Is.cs
@ -23,7 +23,12 @@ namespace Squidex.Infrastructure.Commands
            return !Equals(oldValue, newValue);
        }
-        public static bool OptionalChange(string oldValue, string? newValue)
+        public static bool OptionalChange(bool oldValue, [NotNullWhen(true)] bool? newValue)
        {
            return newValue.HasValue && oldValue != newValue.Value;
        }
        public static bool OptionalChange(string oldValue, [NotNullWhen(true)] string? newValue)
        {
            return !string.IsNullOrWhiteSpace(newValue) && !string.Equals(oldValue, newValue);
        }
--- a/backend/src/Squidex.Infrastructure/Json/Newtonsoft/JsonValueConverter.cs
+++ b/backend/src/Squidex.Infrastructure/Json/Newtonsoft/JsonValueConverter.cs
@ -142,7 +142,6 @@ namespace Squidex.Infrastructure.Json.Newtonsoft
                    writer.WriteValue(s.Value);
                    break;
                case JsonNumber s:
                    if (s.Value % 1 == 0)
                    {
                        writer.WriteValue((long)s.Value);
--- a/backend/src/Squidex.Infrastructure/Reflection/SimpleMapper.cs
+++ b/backend/src/Squidex.Infrastructure/Reflection/SimpleMapper.cs
@ -149,8 +149,10 @@ namespace Squidex.Infrastructure.Reflection
            public static TTarget MapClass(TSource source, TTarget destination, CultureInfo culture)
            {
-                foreach (var mapper in Mappers)
+                for (var i = 0; i < Mappers.Count; i++)
                {
                    var mapper = Mappers[i];
                    mapper.MapProperty(source, destination, culture);
                }
--- a/backend/src/Squidex/Areas/Api/Controllers/Assets/AssetContentController.cs
+++ b/backend/src/Squidex/Areas/Api/Controllers/Assets/AssetContentController.cs
@ -19,6 +19,7 @@ using Squidex.Infrastructure;
 using Squidex.Infrastructure.Assets;
 using Squidex.Infrastructure.Commands;
 using Squidex.Infrastructure.Log;
 using Squidex.Shared;
 using Squidex.Web;
 #pragma warning disable 1573
@ -64,6 +65,7 @@ namespace Squidex.Areas.Api.Controllers.Assets
        [HttpGet]
        [Route("assets/{app}/{idOrSlug}/{*more}")]
        [ProducesResponseType(typeof(FileResult), 200)]
        [ApiPermission]
        [ApiCosts(0.5)]
        [AllowAnonymous]
        public async Task<IActionResult> GetAssetContentBySlug(string app, string idOrSlug, string more, [FromQuery] AssetQuery query)
@ -94,7 +96,9 @@ namespace Squidex.Areas.Api.Controllers.Assets
        [HttpGet]
        [Route("assets/{id}/")]
        [ProducesResponseType(typeof(FileResult), 200)]
        [ApiPermission]
        [ApiCosts(0.5)]
        [AllowAnonymous]
        public async Task<IActionResult> GetAssetContent(Guid id, [FromQuery] AssetQuery query)
        {
            var asset = await assetRepository.FindAssetAsync(id);
@ -111,6 +115,11 @@ namespace Squidex.Areas.Api.Controllers.Assets
                return NotFound();
            }
            if (asset.IsProtected && !this.HasPermission(Permissions.AppAssetsRead))
            {
                return StatusCode(403);
            }
            var fileVersion = query.Version;
            if (fileVersion <= EtagVersion.Any)
--- a/backend/src/Squidex/Areas/Api/Controllers/Assets/Models/AnnotateAssetDto.cs
+++ b/backend/src/Squidex/Areas/Api/Controllers/Assets/Models/AnnotateAssetDto.cs
@ -25,6 +25,11 @@ namespace Squidex.Areas.Api.Controllers.Assets.Models
        /// </summary>
        public string? Slug { get; set; }
        /// <summary>
        /// True, when the asset is not public.
        /// </summary>
        public bool? IsProtected { get; set; }
        /// <summary>
        /// The new asset tags.
        /// </summary>
--- a/backend/src/Squidex/Areas/Api/Controllers/Assets/Models/AssetDto.cs
+++ b/backend/src/Squidex/Areas/Api/Controllers/Assets/Models/AssetDto.cs
@ -42,6 +42,11 @@ namespace Squidex.Areas.Api.Controllers.Assets.Models
        /// </summary>
        public string? FileHash { get; set; }
        /// <summary>
        /// True, when the asset is not public.
        /// </summary>
        public bool IsProtected { get; set; }
        /// <summary>
        /// The slug.
        /// </summary>
--- a/backend/src/Squidex/Config/Authentication/IdentityServerServices.cs
+++ b/backend/src/Squidex/Config/Authentication/IdentityServerServices.cs
@ -5,6 +5,7 @@
 //  All rights reserved. Licensed under the MIT license.
 // ==========================================================================
 using IdentityModel.AspNetCore.OAuth2Introspection;
 using IdentityServer4.AccessTokenValidation;
 using Microsoft.AspNetCore.Authentication;
 using Microsoft.AspNetCore.Authentication.Cookies;
@ -44,6 +45,16 @@ namespace Squidex.Config.Authentication
                    options.ApiSecret = null;
                    options.RequireHttpsMetadata = identityOptions.RequiresHttps;
                    options.SupportedTokens = SupportedTokens.Jwt;
                    var fromHeader = TokenRetrieval.FromAuthorizationHeader();
                    var fromQuery = TokenRetrieval.FromQueryString();
                    options.TokenRetriever = request =>
                    {
                        var result = fromHeader(request) ?? fromQuery(request);
                        return result;
                    };
                });
                authBuilder.AddOpenIdConnect(options =>
--- a/backend/tests/Squidex.Domain.Apps.Entities.Tests/Assets/AssetGrainTests.cs
+++ b/backend/tests/Squidex.Domain.Apps.Entities.Tests/Assets/AssetGrainTests.cs
@ -162,6 +162,25 @@ namespace Squidex.Domain.Apps.Entities.Assets
                );
        }
        [Fact]
        public async Task AnnotateProtected_should_create_events_and_update_state()
        {
            var command = new AnnotateAsset { IsProtected = true };
            await ExecuteCreateAsync();
            var result = await PublishIdempotentAsync(command);
            result.ShouldBeEquivalent2(sut.Snapshot);
            Assert.Equal(command.IsProtected, sut.Snapshot.IsProtected);
            LastEvents
                .ShouldHaveSameEvents(
                    CreateAssetEvent(new AssetAnnotated { IsProtected = command.IsProtected })
                );
        }
        [Fact]
        public async Task AnnotateMetadata_should_create_events_and_update_state()
        {
--- a/backend/tests/Squidex.Domain.Apps.Entities.Tests/Assets/Guards/GuardAssetTests.cs
+++ b/backend/tests/Squidex.Domain.Apps.Entities.Tests/Assets/Guards/GuardAssetTests.cs
@ -96,7 +96,7 @@ namespace Squidex.Domain.Apps.Entities.Assets.Guards
            var command = new AnnotateAsset();
            ValidationAssert.Throws(() => GuardAsset.CanAnnotate(command),
-                new ValidationError("Either file name, slug, tags or metadata must be defined.", "FileName", "Slug", "Tags", "Metadata"));
+                new ValidationError("At least one property must be defined.", "FileName", "IsProtected", "Metadata", "Slug", "Tags"));
        }
        [Fact]
--- a/backend/tests/Squidex.Domain.Apps.Entities.Tests/Contents/GraphQL/GraphQLQueriesTests.cs
+++ b/backend/tests/Squidex.Domain.Apps.Entities.Tests/Contents/GraphQL/GraphQLQueriesTests.cs
@ -146,6 +146,7 @@ namespace Squidex.Domain.Apps.Entities.Contents.GraphQL
                    fileSize
                    fileVersion
                    isImage
                    isProtected
                    pixelWidth
                    pixelHeight
                    type
@ -188,6 +189,7 @@ namespace Squidex.Domain.Apps.Entities.Contents.GraphQL
                            fileSize = 1024,
                            fileVersion = 123,
                            isImage = true,
                            isProtected = false,
                            pixelWidth = 800,
                            pixelHeight = 600,
                            type = "IMAGE",
@ -236,6 +238,7 @@ namespace Squidex.Domain.Apps.Entities.Contents.GraphQL
                      fileSize
                      fileVersion
                      isImage
                      isProtected
                      pixelWidth
                      pixelHeight
                      type
@ -282,6 +285,7 @@ namespace Squidex.Domain.Apps.Entities.Contents.GraphQL
                                fileSize = 1024,
                                fileVersion = 123,
                                isImage = true,
                                isProtected = false,
                                pixelWidth = 800,
                                pixelHeight = 600,
                                type = "IMAGE",
--- a/frontend/app/framework/angular/image-source.directive.ts
+++ b/frontend/app/framework/angular/image-source.directive.ts
@ -26,6 +26,9 @@ export class ImageSourceDirective extends ResourceOwner implements OnChanges, On
    @Input()
    public retryCount = 10;
    @Input()
    public accessToken: string;
    @Input()
    public layoutKey: string;
@ -129,6 +132,10 @@ export class ImageSourceDirective extends ResourceOwner implements OnChanges, On
                source += `&q=${this.loadQuery}`;
            }
            if (this.accessToken) {
                source += `&access_token=${this.accessToken}`;
            }
            this.renderer.setProperty(this.element.nativeElement, 'src', source);
        }
    }
--- a/frontend/app/shared/components/asset-dialog.component.html
+++ b/frontend/app/shared/components/asset-dialog.component.html
@ -68,6 +68,12 @@
                    </button>
                </div>
            </div>
            <div class="form-group form-check">
                <input type="checkbox" class="form-check-input" id="isProtected" formControlName="isProtected" />
                <label class="form-check-label" for="isProtected">Protected</label>
            </div>
        </ng-container>
        <ng-container footer>
--- a/frontend/app/shared/components/asset.component.html
+++ b/frontend/app/shared/components/asset.component.html
@ -11,7 +11,7 @@
                <ng-container *ngIf="asset.canPreview; else noPreview">
                    <div class="file-image">
-                        <img [sqxImageSource]="asset | sqxAssetPreviewUrl" class="bg" layoutKey="asset-large">
+                        <img [sqxImageSource]="asset | sqxAssetPreviewUrl" [accessToken]="authService.user?.accessKey" class="bg" layoutKey="asset-large">
                    </div>
                </ng-container>
                <ng-template #noPreview>
--- a/frontend/app/shared/components/asset.component.ts
+++ b/frontend/app/shared/components/asset.component.ts
@ -11,6 +11,7 @@ import {
    AssetDto,
    AssetsState,
    AssetUploaderState,
    AuthService,
    DialogModel,
    DialogService,
    Types,
@ -74,6 +75,7 @@ export class AssetComponent implements OnInit {
    public editDialog = new DialogModel();
    constructor(
        public readonly authService: AuthService,
        private readonly assetUploader: AssetUploaderState,
        private readonly changeDetector: ChangeDetectorRef,
        private readonly dialogs: DialogService
--- a/frontend/app/shared/services/assets.service.spec.ts
+++ b/frontend/app/shared/services/assets.service.spec.ts
@ -416,6 +416,7 @@ describe('AssetsService', () => {
            fileType: 'png',
            fileSize: id * 2,
            fileVersion: id * 4,
            isProtected: true,
            parentId,
            mimeType: 'image/png',
            type: `my-type${id}${suffix}`,
@ -472,6 +473,7 @@ export function createAsset(id: number, tags?: ReadonlyArray<string>, suffix = '
        'png',
        id * 2,
        id * 4,
        true,
        parentId,
        'image/png',
        `my-type${id}${suffix}`,
--- a/frontend/app/shared/services/assets.service.ts
+++ b/frontend/app/shared/services/assets.service.ts
@ -67,6 +67,7 @@ export class AssetDto {
        public readonly fileType: string,
        public readonly fileSize: number,
        public readonly fileVersion: number,
        public readonly isProtected: boolean,
        public readonly parentId: string,
        public readonly mimeType: string,
        public readonly type: string,
@ -122,6 +123,7 @@ export class AssetFolderDto {
 export interface AnnotateAssetDto {
    readonly fileName?: string;
    readonly isProtected?: boolean;
    readonly slug?: string;
    readonly tags?: ReadonlyArray<string>;
    readonly metadata?: { [key: string]: any };
@ -377,6 +379,7 @@ function parseAsset(response: any) {
        response.fileType,
        response.fileSize,
        response.fileVersion,
        response.isProtected,
        response.parentId,
        response.mimeType,
        response.type,
--- a/frontend/app/shared/services/auth.service.ts
+++ b/frontend/app/shared/services/auth.service.ts
@ -39,6 +39,10 @@ export class Profile {
        return this.user.expired || false;
    }
    public get accessKey(): string {
        return this.user.access_token;
    }
    public get authToken(): string {
        return `${this.user!.token_type} ${this.user.access_token}`;
    }
--- a/frontend/app/shared/state/assets.forms.spec.ts
+++ b/frontend/app/shared/state/assets.forms.spec.ts
@ -18,6 +18,7 @@ describe('AnnotateAssetForm', () => {
            'Tag1',
            'Tag2'
        ],
        isProtected: false,
        metadata: {
            key1: null,
            key2: 'String',
--- a/frontend/app/shared/state/assets.forms.ts
+++ b/frontend/app/shared/state/assets.forms.ts
@ -31,6 +31,7 @@ export class AnnotateAssetForm extends Form<FormGroup, AnnotateAssetDto, AssetDt
        private readonly formBuilder: FormBuilder
    ) {
        super(formBuilder.group({
            isProtected: false,
            fileName: ['',
                [
                    Validators.required
@ -41,7 +42,11 @@ export class AnnotateAssetForm extends Form<FormGroup, AnnotateAssetDto, AssetDt
                    Validators.required
                ]
            ],
-            tags: [[]],
+            tags: [[],
                [
                    Validators.required
                ]
            ],
            metadata: formBuilder.array([])
        }));
    }
@ -106,6 +111,10 @@ export class AnnotateAssetForm extends Form<FormGroup, AnnotateAssetDto, AssetDt
                delete result.slug;
            }
            if (result.isProtected === asset.isProtected) {
                delete result.isProtected;
            }
            if (Types.jsJsonEquals(result.metadata, asset.metadata)) {
                delete result.metadata;
            }