Kolpack-Software-Consulting/LeafWeb
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add permissions for downloading LeafInput

Browse Source
This commit is contained in:
James Kolpack
2020-08-08 21:43:12 -04:00
parent 2716b9bfb4
commit 5dfc65a83a
9 changed files with 109 additions and 51 deletions
Download Patch File Download Diff File Expand all files Collapse all files
WebCms/Controllers/DownloadController.cs
+36 -10
View File
@@ -5,6 +5,7 @@ using LeafWeb.Core.Entities;
using LeafWeb.Core.Utility;
using LeafWeb.WebCms.Models;
using LeafWeb.WebCms.Utility;
using Microsoft.Ajax.Utilities;
using Umbraco.Web.Mvc;
namespace LeafWeb.WebCms.Controllers
@@ -29,13 +30,31 @@ namespace LeafWeb.WebCms.Controllers
[MemberAuthorize(AllowGroup = "Authenticated,Administrator")]
public ActionResult Input(int id)
{
return GetInputZip(id);
var leafInput = DataService.GetLeafInput(id);
// check leafinput email matches current user
if (!Permissions.IsCurrentUserAdministrator() &&
!leafInput.DoesBelongToUser(HttpContext.User.Identity.Name))
{
return View("PermissionDenied");
}
return GetInputZip(leafInput);
}
[MemberAuthorize(AllowGroup = "Authenticated,Administrator")]
public ActionResult OutputToUser(int id)
{
return GetOutputZip(id, LeafOutputFileType.ToUser);
var leafInput = DataService.GetLeafInput(id);
// check leafinput email matches current user
if (!Permissions.IsCurrentUserAdministrator() &&
!leafInput.DoesBelongToUser(HttpContext.User.Identity.Name))
{
return View("PermissionDenied");
}
return GetOutputZip(leafInput, LeafOutputFileType.ToUser);
}
[MemberAuthorize(AllowGroup = "Administrator")]
@@ -44,42 +63,49 @@ namespace LeafWeb.WebCms.Controllers
return GetOutputZip(id, LeafOutputFileType.NotToUser);
}
[MemberAuthorize(AllowGroup = "Authenticated,Administrator")]
[MemberAuthorize(AllowGroup = "Administrator")]
public ActionResult OutputCleanedInput(int id)
{
return GetOutputZip(id, LeafOutputFileType.CleanedInput);
}
[MemberAuthorize(AllowGroup = "Authenticated,Administrator")]
[MemberAuthorize(AllowGroup = "Administrator")]
public ActionResult ResultsInputZip(LeafDataQuery query)
{
return GetResults(query, LeafInput.GetInputFilesZip, $"LeafWeb_{DateTime.Now:yyyy-dd-MM--HH-mm-ss}_Input.zip");
}
[MemberAuthorize(AllowGroup = "Authenticated,Administrator")]
[MemberAuthorize(AllowGroup = "Administrator")]
public ActionResult ResultsOutputZip(LeafDataQuery query)
{
return GetResults(query, LeafInput.GetOutputFilesZip_ToUser, $"LeafWeb_{DateTime.Now:yyyy-dd-MM--HH-mm-ss}_Output.zip");
}
private ActionResult GetOutputZip(int id, LeafOutputFileType type)
{
var leafInput = DataService.GetLeafInput(id);
=> GetOutputZip(DataService.GetLeafInput(id), type);
private ActionResult GetOutputZip(LeafInput leafInput, LeafOutputFileType type)
{
if (leafInput == null)
return View("DownloadNotFound");
var zip = leafInput.GetOutputFileZip(type);
var filename = $"{leafInput.Identifier.FilterValidFilename()}_{type}.zip";
var suffix =
type == LeafOutputFileType.ToUser
? "_Output"
: $"_Output_{type}";
var filename = $"{leafInput.Identifier.FilterValidFilename()}{suffix}.zip";
return new FileContentResult(zip, "application/zip") { FileDownloadName = filename };
}
private ActionResult GetInputZip(int id)
{
var leafInput = DataService.GetLeafInput(id);
=> GetInputZip(DataService.GetLeafInput(id));
private ActionResult GetInputZip(LeafInput leafInput)
{
if (leafInput == null)
return View("DownloadNotFound");
WebCms/Controllers/ResultsController.cs
-1
View File
@@ -59,7 +59,6 @@ namespace LeafWeb.WebCms.Controllers
return View(viewModel);
}
public ActionResult Recent()
{
var dateThreshold = DateTime.Today.Subtract(TimeSpan.FromDays(90));
WebCms/Utility/Permissions.cs
+20
View File
@@ -0,0 +1,20 @@
using System;
using LeafWeb.Core.Entities;
using Umbraco.Web.Security;
namespace LeafWeb.WebCms.Utility
{
public static class Permissions
{
public static bool IsCurrentUserAdministrator()
{
var memberShipHelper = new MembershipHelper(Umbraco.Web.UmbracoContext.Current);
return memberShipHelper.IsMemberAuthorized(allowGroups: new[] {"Administrator"});
}
public static bool DoesBelongToUser(this LeafInput leafInput, string username)
{
return string.Equals(leafInput.Email, username, StringComparison.OrdinalIgnoreCase);
}
}
}
WebCms/Views/MacroPartials/Membership/Register.cshtml
+1 -1
View File
@@ -40,7 +40,7 @@ else
null,
new {id="register-member"}))
{
@Html.ValidationSummary(true)
@Html.ValidationSummary(false)
<ul class="d-none">
@foreach (var ms in ViewData.ModelState)
{
WebCms/Views/Results/Details.cshtml
+7 -13
View File
@@ -1,5 +1,8 @@
@using LeafWeb.WebCms.Utility
@model LeafInputDetails
@{
var username = HttpContext.Current.User.Identity.Name;
}
<div class="row pb-3">
@@ -10,6 +13,8 @@
data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
<span class="fa fa-download"></span> Download
</button>
@if (string.Equals(Model.Email, username, StringComparison.OrdinalIgnoreCase))
{
<div class="dropdown-menu" aria-labelledby="downloadButton">
<a href="@Url.Action("Input", "Download", new {id = Model.LeafInputId})"
class="dropdown-item">
@@ -17,9 +22,10 @@
</a>
<a href="@Url.Action("OutputToUser", "Download", new {id = Model.LeafInputId})"
class="dropdown-item @if (!Model.HasOutputFiles) {<text> disabled</text>}">
ToUser
Output
</a>
</div>
}
</div>
</div>
@@ -40,15 +46,3 @@
}
@Html.Partial("DisplayTemplates/_ChartLink", (int)item.LeafInputId, cssClass)
}
@helper CancelLink(LeafInputDetails_Admin item)
{
var cssClass
= CssClassUtil.CreateCssClassDataDictionary("btn", "btn-outline-secondary");
if (!item.IsCancellable)
{
cssClass.SetCssDisabled();
}
@Html.Partial("DisplayTemplates/_CancelForm", Tuple.Create(item.LeafInputId, item.Identifier), cssClass)
}
WebCms/Views/Results/Index.cshtml
+2 -2
View File
@@ -35,10 +35,10 @@
</div>
<div class="row justify-content-end">
<div class="col-sm">@grid.PagerList()</div>
<div class="col-sm col-lg-5 pl-4 pt-3 pt-sm-0">
@*<div class="col-sm col-lg-5 pl-4 pt-3 pt-sm-0">
<span class="pr-2">Download Results</span>
@DownloadResults()
</div>
</div>*@
</div>
}
else
WebCms/Views/Shared/PermissionDenied.cshtml
+10
View File
@@ -0,0 +1,10 @@
@{
ViewBag.Title = "Permission Denied";
}
<h1>
@ViewBag.Title
</h1>
<p>Permission denied for requested resource. If you believe this to be in error please contact administrator, referencing the following url:</p>
<code>@Html.Raw(Request.Url)</code>
WebCms/Views/Shared/_LeafInputActions.cshtml
+31 -24
View File
@@ -1,8 +1,10 @@
@using LeafWeb.Core.Entities
@using LeafWeb.WebCms.Utility
@model LeafInput
@{
var admin = ViewData.ContainsKey("admin");
var username = HttpContext.Current.User.Identity.Name;
}
<div class="btn-group text-nowrap" role="group">
@@ -15,33 +17,38 @@
@if (admin)
{
@Details_AdminLink(Model)
@ChartLink(Model)
if (Model.IsPending)
{
<div class="dropdown-divider"></div>
<h6 class="dropdown-header">Priority</h6>
<button class="dropdown-item @DisableItem(Model.PendingPriority == Priority.High)">@PriorityForm(Model, Priority.High)</button>
<button class="dropdown-item @DisableItem(Model.PendingPriority == Priority.Normal)">@PriorityForm(Model, Priority.Normal)</button>
<button class="dropdown-item @DisableItem(Model.PendingPriority == Priority.Low)">@PriorityForm(Model, Priority.Low)</button>
}
if (Model.IsCancellable)
{
<div class="dropdown-divider"></div>
@CancelLink(Model)
}
<div class="dropdown-divider"></div>
<h6 class="dropdown-header">Download</h6>
@DownloadInput(Model)
@DownloadOutputToUser(Model)
<div class="dropdown-divider"></div>
@DeleteLink(Model)
}
else
{
@Details_ResultsLink(Model)
}
@ChartLink(Model)
@if (admin && Model.IsPending)
{
<div class="dropdown-divider"></div>
<h6 class="dropdown-header">Priority</h6>
<button class="dropdown-item @DisableItem(Model.PendingPriority == Priority.High)">@PriorityForm(Model, Priority.High)</button>
<button class="dropdown-item @DisableItem(Model.PendingPriority == Priority.Normal)">@PriorityForm(Model, Priority.Normal)</button>
<button class="dropdown-item @DisableItem(Model.PendingPriority == Priority.Low)">@PriorityForm(Model, Priority.Low)</button>
}
@if (admin && Model.IsCancellable)
{
<div class="dropdown-divider"></div>
@CancelLink(Model)
}
<div class="dropdown-divider"></div>
<h6 class="dropdown-header">Download</h6>
@DownloadInput(Model)
@DownloadOutputToUser(Model)
@if (admin)
{
<div class="dropdown-divider"></div>
@DeleteLink(Model)
@ChartLink(Model)
if (string.Equals(Model.Email, username, StringComparison.OrdinalIgnoreCase))
{
<div class="dropdown-divider"></div>
<h6 class="dropdown-header">Download</h6>
@DownloadInput(Model)
@DownloadOutputToUser(Model)
}
}
</div>
</div>
@@ -81,7 +88,7 @@
@helper DownloadOutputToUser(dynamic item)
{
<a href="@Url.Action("OutputToUser", "Download", new {id = item.Id})" class="dropdown-item @DisableItem(!item.HasOutputFiles)">
<span class="fa fa-download"></span> ToUser
<span class="fa fa-download"></span> Output
</a>
}
@helper DeleteLink(LeafInput item)
WebCms/WebCms.csproj
+2
View File
@@ -1077,6 +1077,7 @@
<Content Include="Views\MacroPartials\ResultsDetails.cshtml" />
<Content Include="Views\Shared\Boolean.cshtml" />
<Content Include="Views\Shared\EditorTemplates\Checkbox.cshtml" />
<Content Include="Views\Shared\PermissionDenied.cshtml" />
<None Include="Web.Debug.config">
<DependentUpon>Web.config</DependentUpon>
</None>
@@ -1143,6 +1144,7 @@
<Compile Include="Services\PiscalQueue\PiscalService.cs" />
<Compile Include="Services\PiscalQueue\StartPending.cs" />
<Compile Include="Utility\NameValueCollectionUtil.cs" />
<Compile Include="Utility\Permissions.cs" />
<Compile Include="Utility\QueryFilter.cs" />
<Compile Include="Utility\RequireRequestValueAttribute.cs" />
<Compile Include="Utility\Validation.cs" />