Admin apps.

5 years ago · 5857b6e840
5 changed files with 27 additions and 8 deletions
--- a/backend/src/Squidex.Shared/Permissions.cs
+++ b/backend/src/Squidex.Shared/Permissions.cs
@ -51,17 +51,16 @@ namespace Squidex.Shared

        public const string App = "squidex.apps.{app}";

+        public const string AppAdmin = "squidex.apps.{app}.*";
        public const string AppDelete = "squidex.apps.{app}.delete";
        public const string AppUpdate = "squidex.apps.{app}.update";
        public const string AppUpdateImage = "squidex.apps.{app}.image";

        public const string AppHistory = "squidex.apps.{app}.history";
-
        public const string AppPing = "squidex.apps.{app}.ping";
-
        public const string AppSearch = "squidex.apps.{app}.search";
-
        public const string AppTranslate = "squidex.apps.{app}.translate";
+        public const string AppUsage = "squidex.apps.{app}.usage";

        public const string AppComments = "squidex.apps.{app}.comments";
        public const string AppCommentsRead = "squidex.apps.{app}.comments.read";
@ -145,8 +144,6 @@ namespace Squidex.Shared
        public const string AppContentsVersionDelete = "squidex.apps.{app}.contents.{name}.version.delete";
        public const string AppContentsDelete = "squidex.apps.{app}.contents.{name}.delete";

-        public const string AppUsage = "squidex.apps.{app}.usage";
-
        static Permissions()
        {
            foreach (var field in typeof(Permissions).GetFields(BindingFlags.Public | BindingFlags.Static))
--- a/backend/src/Squidex/Areas/Api/Controllers/News/Service/FeaturesService.cs
+++ b/backend/src/Squidex/Areas/Api/Controllers/News/Service/FeaturesService.cs
@ -16,7 +16,7 @@ namespace Squidex.Areas.Api.Controllers.News.Service
 {
    public sealed class FeaturesService
    {
-        private const int FeatureVersion = 13;
+        private const int FeatureVersion = 15;
        private readonly QueryContext flatten = QueryContext.Default.Flatten();
        private readonly IContentsClient<NewsEntity, FeatureDto> client;

--- a/backend/src/Squidex/Areas/IdentityServer/Config/CreateAdminHost.cs
+++ b/backend/src/Squidex/Areas/IdentityServer/Config/CreateAdminHost.cs
@ -16,6 +16,7 @@ using Microsoft.IdentityModel.Logging;
 using Squidex.Config;
 using Squidex.Config.Startup;
 using Squidex.Domain.Users;
+using Squidex.Infrastructure;
 using Squidex.Infrastructure.Security;
 using Squidex.Log;
 using Squidex.Shared;
@ -62,7 +63,7 @@ namespace Squidex.Areas.IdentityServer.Config
                            {
                                if (identityOptions.AdminRecreate)
                                {
-                                    var permissions = user.Permissions().Add(Permissions.Admin);
+                                    var permissions = CreatePermissions(user.Permissions());

                                    var values = new UserValues
                                    {
@ -75,11 +76,13 @@ namespace Squidex.Areas.IdentityServer.Config
                            }
                            else
                            {
+                                var permissions = CreatePermissions(PermissionSet.Empty);
+
                                var values = new UserValues
                                {
                                    Email = adminEmail,
                                    Password = adminPass,
-                                    Permissions = new PermissionSet(Permissions.Admin),
+                                    Permissions = permissions,
                                    DisplayName = adminEmail
                                };

@ -97,6 +100,18 @@ namespace Squidex.Areas.IdentityServer.Config
            }
        }

+        private PermissionSet CreatePermissions(PermissionSet permissions)
+        {
+            permissions = permissions.Add(Permissions.Admin);
+
+            foreach (var app in identityOptions.AdminApps.OrEmpty())
+            {
+                permissions = permissions.Add(Permissions.ForApp(Permissions.AppAdmin, app));
+            }
+
+            return permissions;
+        }
+
        private static bool IsEmpty(UserManager<IdentityUser> userManager)
        {
            return userManager.SupportsQueryableUsers && !userManager.Users.Any();
--- a/backend/src/Squidex/Config/MyIdentityOptions.cs
+++ b/backend/src/Squidex/Config/MyIdentityOptions.cs
@ -19,6 +19,8 @@ namespace Squidex.Config

        public string AdminPassword { get; set; }

+        public string[] AdminApps { get; set; }
+
        public string AdminClientId { get; set; }

        public string AdminClientSecret { get; set; }
--- a/backend/src/Squidex/appsettings.json
+++ b/backend/src/Squidex/appsettings.json
@ -616,6 +616,11 @@
    "adminClientId": "",
    "adminClientSecret": "",

+    /*
+     * The apps which should be visible on the dashboard for the admin.
+     */
+    "adminApps": [],
+
    /*
     * Settings for Google auth (keep empty to disable).
     */