tsai
/
squidex
mirror of https://github.com/Squidex/squidex.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity
Browse Source

Permissions simplified.

pull/636/head
Sebastian 5 years ago
parent
dd6af0eb63
commit
67c8637bea
19 changed files with 35 additions and 53 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 4
      backend/src/Squidex.Domain.Apps.Entities/Apps/AppSettingsSearchSource.cs
  2. 4
      backend/src/Squidex.Domain.Apps.Entities/Assets/AssetsSearchSource.cs
  3. 4
      backend/src/Squidex.Domain.Apps.Entities/Contents/BulkUpdateCommandMiddleware.cs
  4. 4
      backend/src/Squidex.Domain.Apps.Entities/Contents/ContentsSearchSource.cs
  5. 4
      backend/src/Squidex.Domain.Apps.Entities/Contents/DomainObject/Guards/GuardContent.cs
  6. 6
      backend/src/Squidex.Domain.Apps.Entities/Contents/GraphQL/Types/Contents/ContentActions.cs
  7. 4
      backend/src/Squidex.Domain.Apps.Entities/Contents/Queries/ContentQueryService.cs
  8. 5
      backend/src/Squidex.Domain.Apps.Entities/Context.cs
  9. 4
      backend/src/Squidex.Domain.Apps.Entities/Schemas/SchemasSearchSource.cs
  10. 5
      backend/src/Squidex.Shared/Identity/SquidexClaimsExtensions.cs
  11. 12
      backend/src/Squidex.Shared/Permissions.cs
  12. 4
      backend/src/Squidex.Web/ApiPermissionAttribute.cs
  13. 6
      backend/src/Squidex.Web/Resources.cs
  14. 2
      backend/src/Squidex/Areas/Api/Controllers/Apps/AppsController.cs
  15. 7
      backend/src/Squidex/Areas/OrleansDashboard/Middlewares/OrleansDashboardAuthenticationMiddleware.cs
  16. 3
      backend/tests/Squidex.Domain.Apps.Entities.Tests/Contents/BulkUpdateCommandMiddlewareTests.cs
  17. 1
      backend/tests/Squidex.Domain.Apps.Entities.Tests/Contents/GraphQL/GraphQLMutationTests.cs
  18. 1
      backend/tests/Squidex.Domain.Apps.Entities.Tests/Contents/MongoDb/ContentsQueryFixture.cs
  19. 8
      backend/tests/Squidex.Domain.Apps.Entities.Tests/Schemas/Indexes/SchemasIndexTests.cs

4
backend/src/Squidex.Domain.Apps.Entities/Apps/AppSettingsSearchSource.cs
View File

@ -36,9 +36,7 @@ namespace Squidex.Domain.Apps.Entities.Apps
{
if (result.Count < MaxItems && term.Contains(query, StringComparison.OrdinalIgnoreCase))
{
var permission = Permissions.ForApp(permissionId, appId.Name);
if (context.Permissions.Allows(permission))
if (context.Allows(permissionId))
{
var url = generate(appId);

4
backend/src/Squidex.Domain.Apps.Entities/Assets/AssetsSearchSource.cs
View File

@ -34,9 +34,7 @@ namespace Squidex.Domain.Apps.Entities.Assets
{
var result = new SearchResults();
var permission = Permissions.ForApp(Permissions.AppAssetsRead, context.App.Name);
if (context.Permissions.Allows(permission))
if (context.Permissions.Allows(Permissions.AppAssetsRead, context.App.Name))
{
var filter = ClrFilter.Contains("fileName", query);

4
backend/src/Squidex.Domain.Apps.Entities/Contents/BulkUpdateCommandMiddleware.cs
View File

@ -262,9 +262,7 @@ namespace Squidex.Domain.Apps.Entities.Contents
command.SchemaId = schema.NamedId();
}
var permission = Permissions.ForApp(permissionId, command.AppId.Name, command.SchemaId.Name);
if (!task.Context.Permissions.Allows(permission))
if (!task.Context.Allows(permissionId, command.SchemaId.Name))
{
throw new DomainForbiddenException("Forbidden");
}

4
backend/src/Squidex.Domain.Apps.Entities/Contents/ContentsSearchSource.cs
View File

@ -105,9 +105,7 @@ namespace Squidex.Domain.Apps.Entities.Contents
private static bool HasPermission(Context context, string schemaName)
{
var permission = Permissions.ForApp(Permissions.AppContentsReadOwn, context.App.Name, schemaName);
return context.Permissions.Allows(permission);
return context.Permissions.Allows(Permissions.AppContentsReadOwn, context.App.Name, schemaName);
}
private static string FormatName(IEnrichedContentEntity content, string masterLanguage)

4
backend/src/Squidex.Domain.Apps.Entities/Contents/DomainObject/Guards/GuardContent.cs
View File

@ -203,9 +203,7 @@ namespace Squidex.Domain.Apps.Entities.Contents.DomainObject.Guards
return;
}
var requiredPermission = Permissions.ForApp(permission, content.AppId.Name, content.SchemaId.Name);
if (!command.User.Claims.Permissions().Allows(requiredPermission))
if (!command.User.Allows(permission, content.AppId.Name, content.SchemaId.Name))
{
throw new DomainForbiddenException(T.Get("common.errorNoPermission"));
}

6
backend/src/Squidex.Domain.Apps.Entities/Contents/GraphQL/Types/Contents/ContentActions.cs
View File

@ -17,7 +17,6 @@ using Squidex.Domain.Apps.Entities.Contents.GraphQL.Types.Primitives;
using Squidex.Infrastructure;
using Squidex.Infrastructure.Json.Objects;
using Squidex.Infrastructure.Translations;
using Squidex.Infrastructure.Validation;
using Squidex.Shared;
namespace Squidex.Domain.Apps.Entities.Contents.GraphQL.Types.Contents
@ -430,10 +429,7 @@ namespace Squidex.Domain.Apps.Entities.Contents.GraphQL.Types.Contents
private static void CheckPermission(string permissionId, GraphQLExecutionContext context, NamedId<DomainId> schemaId)
{
var requestContext = context.Context;
var requestPermission = Permissions.ForApp(permissionId, requestContext.App.Name, schemaId.Name);
if (!requestContext.Permissions.Allows(requestPermission))
if (!context.Context.Allows(permissionId, schemaId.Name))
{
throw new DomainForbiddenException(T.Get("common.errorNoPermission"));
}

4
backend/src/Squidex.Domain.Apps.Entities/Contents/Queries/ContentQueryService.cs
View File

@ -216,9 +216,7 @@ namespace Squidex.Domain.Apps.Entities.Contents.Queries
private static bool HasPermission(Context context, ISchemaEntity schema, string permissionId)
{
var permission = Permissions.ForApp(permissionId, context.App.Name, schema.SchemaDef.Name);
return context.Permissions.Allows(permission);
return context.Permissions.Allows(permissionId, context.App.Name, schema.SchemaDef.Name);
}
private Task<IContentEntity?> FindCoreAsync(Context context, DomainId id, ISchemaEntity schema)

5
backend/src/Squidex.Domain.Apps.Entities/Context.cs
View File

@ -65,6 +65,11 @@ namespace Squidex.Domain.Apps.Entities
return new Context(claimsPrincipal);
}
public bool Allows(string permissionId, string schema = Permission.Any)
{
return Permissions.Allows(permissionId, App.Name, schema);
}
public Context Clone()
{
var clone = new Context(User, App);

4
backend/src/Squidex.Domain.Apps.Entities/Schemas/SchemasSearchSource.cs
View File

@ -87,9 +87,7 @@ namespace Squidex.Domain.Apps.Entities.Schemas
private static bool HasPermission(Context context, NamedId<DomainId> schemaId)
{
var permission = Permissions.ForApp(Permissions.AppContentsReadOwn, context.App.Name, schemaId.Name);
return context.Permissions.Allows(permission);
return context.Allows(Permissions.AppContentsReadOwn, schemaId.Name);
}
}
}

5
backend/src/Squidex.Shared/Identity/SquidexClaimsExtensions.cs
View File

@ -22,6 +22,11 @@ namespace Squidex.Shared.Identity
return new PermissionSet(user.GetClaims(SquidexClaimTypes.Permissions).Select(x => new Permission(x.Value)));
}
public static bool Allows(this ClaimsPrincipal user, string id, string app = Permission.Any, string schema = Permission.Any)
{
return user.Claims.Permissions().Allows(id, app, schema);
}
public static bool IsHidden(this IEnumerable<Claim> user)
{
return user.HasClaimValue(SquidexClaimTypes.Hidden, "true");

12
backend/src/Squidex.Shared/Permissions.cs
View File

@ -174,18 +174,18 @@ namespace Squidex.Shared
}
}
public static Permission ForApp(string id, string app = Permission.Any, string schema = Permission.Any)
public static bool Allows(this PermissionSet permissions, string id, string app = Permission.Any, string schema = Permission.Any)
{
Guard.NotNull(id, nameof(id));
var permission = ForApp(id, app, schema);
return new Permission(id.Replace("{app}", app ?? Permission.Any).Replace("{name}", schema ?? Permission.Any));
return permissions.Allows(permission);
}
public static PermissionSet ToAppPermissions(this PermissionSet permissions, string app)
public static Permission ForApp(string id, string app = Permission.Any, string schema = Permission.Any)
{
var matching = permissions.Where(x => x.StartsWith($"squidex.apps.{app}"));
Guard.NotNull(id, nameof(id));
return new PermissionSet(matching);
return new Permission(id.Replace("{app}", app ?? Permission.Any).Replace("{name}", schema ?? Permission.Any));
}
public static string[] ToAppNames(this PermissionSet permissions)

4
backend/src/Squidex.Web/ApiPermissionAttribute.cs
View File

@ -57,9 +57,7 @@ namespace Squidex.Web
schema = Permission.Any;
}
var permission = Permissions.ForApp(id, app, schema);
if (permissions.Allows(permission))
if (permissions.Allows(id, app, schema))
{
hasPermission = true;
break;

6
backend/src/Squidex.Web/Resources.cs
View File

@ -175,8 +175,6 @@ namespace Squidex.Web
public ApiController Controller { get; }
public PermissionSet Permissions => Context.Permissions;
public Context Context { get; set; }
public Resources(ApiController controller)
@ -200,7 +198,7 @@ namespace Squidex.Web
public bool Includes(Permission permission, PermissionSet? additional = null)
{
return Permissions.Includes(permission) || additional?.Includes(permission) == true;
return Context.Permissions.Includes(permission) || additional?.Includes(permission) == true;
}
public bool IsAllowedForSchema(string id, string schema)
@ -232,7 +230,7 @@ namespace Squidex.Web
var permission = P.ForApp(id, app, schema);
return Permissions.Allows(permission) || additional?.Allows(permission) == true;
return Context.Permissions.Allows(permission) || additional?.Allows(permission) == true;
}
private string? GetAppName()

2
backend/src/Squidex/Areas/Api/Controllers/Apps/AppsController.cs
View File

@ -76,7 +76,7 @@ namespace Squidex.Areas.Api.Controllers.Apps
public async Task<IActionResult> GetApps()
{
var userOrClientId = HttpContext.User.UserOrClientId()!;
var userPermissions = Resources.Permissions;
var userPermissions = Resources.Context.Permissions;
var apps = await appProvider.GetUserAppsAsync(userOrClientId, userPermissions);

7
backend/src/Squidex/Areas/OrleansDashboard/Middlewares/OrleansDashboardAuthenticationMiddleware.cs
View File

@ -10,7 +10,6 @@ using Microsoft.AspNetCore.Authentication;
using Microsoft.AspNetCore.Authentication.Cookies;
using Microsoft.AspNetCore.Authentication.OpenIdConnect;
using Microsoft.AspNetCore.Http;
using Squidex.Infrastructure.Security;
using Squidex.Shared;
using Squidex.Shared.Identity;
@ -18,8 +17,6 @@ namespace Squidex.Areas.OrleansDashboard.Middlewares
{
public sealed class OrleansDashboardAuthenticationMiddleware
{
private static readonly Permission OrleansPermissions = new Permission(Permissions.AdminOrleans);
private readonly RequestDelegate next;
public OrleansDashboardAuthenticationMiddleware(RequestDelegate next)
@ -33,9 +30,7 @@ namespace Squidex.Areas.OrleansDashboard.Middlewares
if (authentication.Succeeded)
{
var permisisons = authentication.Principal?.Claims.Permissions();
if (permisisons?.Allows(OrleansPermissions) == true)
if (authentication.Principal?.Allows(Permissions.AdminOrleans) == true)
{
await next(context);
}

3
backend/tests/Squidex.Domain.Apps.Entities.Tests/Contents/BulkUpdateCommandMiddlewareTests.cs
View File

@ -12,6 +12,7 @@ using FakeItEasy;
using NodaTime;
using Squidex.Domain.Apps.Core.Contents;
using Squidex.Domain.Apps.Entities.Contents.Commands;
using Squidex.Domain.Apps.Entities.TestHelpers;
using Squidex.Infrastructure;
using Squidex.Infrastructure.Commands;
using Squidex.Infrastructure.Json.Objects;
@ -486,7 +487,7 @@ namespace Squidex.Domain.Apps.Entities.Contents
claimsIdentity.AddClaim(new Claim(SquidexClaimTypes.Permissions, permission));
var requestContext = new Context(claimsPrincipal);
var requestContext = new Context(claimsPrincipal, Mocks.App(appId));
A.CallTo(() => contextProvider.Context)
.Returns(requestContext);

1
backend/tests/Squidex.Domain.Apps.Entities.Tests/Contents/GraphQL/GraphQLMutationTests.cs
View File

@ -10,7 +10,6 @@ using System.Threading.Tasks;
using FakeItEasy;
using GraphQL;
using GraphQL.NewtonsoftJson;
using GraphQL.Types;
using Newtonsoft.Json;
using Newtonsoft.Json.Linq;
using NodaTime;

1
backend/tests/Squidex.Domain.Apps.Entities.Tests/Contents/MongoDb/ContentsQueryFixture.cs
View File

@ -18,7 +18,6 @@ using Squidex.Domain.Apps.Core.Contents;
using Squidex.Domain.Apps.Core.Schemas;
using Squidex.Domain.Apps.Core.TestHelpers;
using Squidex.Domain.Apps.Entities.Apps;
using Squidex.Domain.Apps.Entities.Contents.Repositories;
using Squidex.Domain.Apps.Entities.MongoDb.Contents;
using Squidex.Domain.Apps.Entities.Schemas;
using Squidex.Domain.Apps.Entities.TestHelpers;

8
backend/tests/Squidex.Domain.Apps.Entities.Tests/Schemas/Indexes/SchemasIndexTests.cs
View File

@ -247,7 +247,7 @@ namespace Squidex.Domain.Apps.Entities.Schemas.Indexes
{
var (_, schemaGrain) = SetupSchema();
var command = new UpdateSchema { SchemaId = schemaId };
var command = new UpdateSchema { SchemaId = schemaId, AppId = appId };
var context =
new CommandContext(command, commandBus)
@ -262,13 +262,13 @@ namespace Squidex.Domain.Apps.Entities.Schemas.Indexes
[Fact]
public async Task Should_update_index_with_result_when_schema_is_updated()
{
var (_, schemaGrain) = SetupSchema();
var (schema, schemaGrain) = SetupSchema();
var command = new UpdateSchema { SchemaId = schemaId };
var command = new UpdateSchema { SchemaId = schemaId, AppId = appId };
var context =
new CommandContext(command, commandBus)
.Complete(schemaGrain);
.Complete(schema);
await sut.HandleAsync(context);

Write Preview
Loading…
Cancel
Save