From 5857b6e840dd126d3bb1ffeab24d164ba2b30c2a Mon Sep 17 00:00:00 2001 From: Sebastian Date: Mon, 21 Dec 2020 16:12:07 +0100 Subject: [PATCH] Admin apps. --- backend/src/Squidex.Shared/Permissions.cs | 7 ++----- .../News/Service/FeaturesService.cs | 2 +- .../IdentityServer/Config/CreateAdminHost.cs | 19 +++++++++++++++++-- .../src/Squidex/Config/MyIdentityOptions.cs | 2 ++ backend/src/Squidex/appsettings.json | 5 +++++ 5 files changed, 27 insertions(+), 8 deletions(-) diff --git a/backend/src/Squidex.Shared/Permissions.cs b/backend/src/Squidex.Shared/Permissions.cs index 0d78e45e9..1865b56cf 100644 --- a/backend/src/Squidex.Shared/Permissions.cs +++ b/backend/src/Squidex.Shared/Permissions.cs @@ -51,17 +51,16 @@ namespace Squidex.Shared public const string App = "squidex.apps.{app}"; + public const string AppAdmin = "squidex.apps.{app}.*"; public const string AppDelete = "squidex.apps.{app}.delete"; public const string AppUpdate = "squidex.apps.{app}.update"; public const string AppUpdateImage = "squidex.apps.{app}.image"; public const string AppHistory = "squidex.apps.{app}.history"; - public const string AppPing = "squidex.apps.{app}.ping"; - public const string AppSearch = "squidex.apps.{app}.search"; - public const string AppTranslate = "squidex.apps.{app}.translate"; + public const string AppUsage = "squidex.apps.{app}.usage"; public const string AppComments = "squidex.apps.{app}.comments"; public const string AppCommentsRead = "squidex.apps.{app}.comments.read"; @@ -145,8 +144,6 @@ namespace Squidex.Shared public const string AppContentsVersionDelete = "squidex.apps.{app}.contents.{name}.version.delete"; public const string AppContentsDelete = "squidex.apps.{app}.contents.{name}.delete"; - public const string AppUsage = "squidex.apps.{app}.usage"; - static Permissions() { foreach (var field in typeof(Permissions).GetFields(BindingFlags.Public | BindingFlags.Static)) diff --git a/backend/src/Squidex/Areas/Api/Controllers/News/Service/FeaturesService.cs b/backend/src/Squidex/Areas/Api/Controllers/News/Service/FeaturesService.cs index 64609ed43..61835c8dd 100644 --- a/backend/src/Squidex/Areas/Api/Controllers/News/Service/FeaturesService.cs +++ b/backend/src/Squidex/Areas/Api/Controllers/News/Service/FeaturesService.cs @@ -16,7 +16,7 @@ namespace Squidex.Areas.Api.Controllers.News.Service { public sealed class FeaturesService { - private const int FeatureVersion = 13; + private const int FeatureVersion = 15; private readonly QueryContext flatten = QueryContext.Default.Flatten(); private readonly IContentsClient client; diff --git a/backend/src/Squidex/Areas/IdentityServer/Config/CreateAdminHost.cs b/backend/src/Squidex/Areas/IdentityServer/Config/CreateAdminHost.cs index a80b16807..228bbaf49 100644 --- a/backend/src/Squidex/Areas/IdentityServer/Config/CreateAdminHost.cs +++ b/backend/src/Squidex/Areas/IdentityServer/Config/CreateAdminHost.cs @@ -16,6 +16,7 @@ using Microsoft.IdentityModel.Logging; using Squidex.Config; using Squidex.Config.Startup; using Squidex.Domain.Users; +using Squidex.Infrastructure; using Squidex.Infrastructure.Security; using Squidex.Log; using Squidex.Shared; @@ -62,7 +63,7 @@ namespace Squidex.Areas.IdentityServer.Config { if (identityOptions.AdminRecreate) { - var permissions = user.Permissions().Add(Permissions.Admin); + var permissions = CreatePermissions(user.Permissions()); var values = new UserValues { @@ -75,11 +76,13 @@ namespace Squidex.Areas.IdentityServer.Config } else { + var permissions = CreatePermissions(PermissionSet.Empty); + var values = new UserValues { Email = adminEmail, Password = adminPass, - Permissions = new PermissionSet(Permissions.Admin), + Permissions = permissions, DisplayName = adminEmail }; @@ -97,6 +100,18 @@ namespace Squidex.Areas.IdentityServer.Config } } + private PermissionSet CreatePermissions(PermissionSet permissions) + { + permissions = permissions.Add(Permissions.Admin); + + foreach (var app in identityOptions.AdminApps.OrEmpty()) + { + permissions = permissions.Add(Permissions.ForApp(Permissions.AppAdmin, app)); + } + + return permissions; + } + private static bool IsEmpty(UserManager userManager) { return userManager.SupportsQueryableUsers && !userManager.Users.Any(); diff --git a/backend/src/Squidex/Config/MyIdentityOptions.cs b/backend/src/Squidex/Config/MyIdentityOptions.cs index a89555413..ba94ac6b3 100644 --- a/backend/src/Squidex/Config/MyIdentityOptions.cs +++ b/backend/src/Squidex/Config/MyIdentityOptions.cs @@ -19,6 +19,8 @@ namespace Squidex.Config public string AdminPassword { get; set; } + public string[] AdminApps { get; set; } + public string AdminClientId { get; set; } public string AdminClientSecret { get; set; } diff --git a/backend/src/Squidex/appsettings.json b/backend/src/Squidex/appsettings.json index df1358d62..2e2250099 100644 --- a/backend/src/Squidex/appsettings.json +++ b/backend/src/Squidex/appsettings.json @@ -616,6 +616,11 @@ "adminClientId": "", "adminClientSecret": "", + /* + * The apps which should be visible on the dashboard for the admin. + */ + "adminApps": [], + /* * Settings for Google auth (keep empty to disable). */