Added documentation and improved permission validation
This commit is contained in:
@@ -1,15 +1,16 @@
|
||||
namespace HopFrame.Web;
|
||||
|
||||
[Obsolete("Use HopFrame.Security.AdminPermissions instead")]
|
||||
public static class AdminPermissions {
|
||||
public const string IsAdmin = "hopframe.admin";
|
||||
public const string IsAdmin = Security.AdminPermissions.IsAdmin;
|
||||
|
||||
public const string ViewUsers = "hopframe.admin.users.view";
|
||||
public const string EditUser = "hopframe.admin.users.edit";
|
||||
public const string DeleteUser = "hopframe.admin.users.delete";
|
||||
public const string AddUser = "hopframe.admin.users.add";
|
||||
public const string ViewUsers = Security.AdminPermissions.ViewUsers;
|
||||
public const string EditUser = Security.AdminPermissions.EditUser;
|
||||
public const string DeleteUser = Security.AdminPermissions.DeleteUser;
|
||||
public const string AddUser = Security.AdminPermissions.AddUser;
|
||||
|
||||
public const string ViewGroups = "hopframe.admin.groups.view";
|
||||
public const string EditGroup = "hopframe.admin.groups.edit";
|
||||
public const string DeleteGroup = "hopframe.admin.groups.delete";
|
||||
public const string AddGroup = "hopframe.admin.groups.add";
|
||||
public const string ViewGroups = Security.AdminPermissions.ViewGroups;
|
||||
public const string EditGroup = Security.AdminPermissions.EditGroup;
|
||||
public const string DeleteGroup = Security.AdminPermissions.DeleteGroup;
|
||||
public const string AddGroup = Security.AdminPermissions.AddGroup;
|
||||
}
|
||||
@@ -167,7 +167,7 @@
|
||||
}
|
||||
|
||||
if (_isEdit) {
|
||||
if (!(await Permissions.HasPermission(AdminPermissions.EditGroup, Context.User.Id))) {
|
||||
if (!(await Permissions.HasPermission(Security.AdminPermissions.EditGroup, Context.User.Id))) {
|
||||
await NoEditPermissions();
|
||||
return;
|
||||
}
|
||||
@@ -202,7 +202,7 @@
|
||||
}
|
||||
|
||||
if (_isEdit) {
|
||||
if (!(await Permissions.HasPermission(AdminPermissions.EditGroup, Context.User.Id))) {
|
||||
if (!(await Permissions.HasPermission(Security.AdminPermissions.EditGroup, Context.User.Id))) {
|
||||
await NoEditPermissions();
|
||||
return;
|
||||
}
|
||||
@@ -219,7 +219,7 @@
|
||||
|
||||
private async Task AddGroup() {
|
||||
if (_isEdit) {
|
||||
if (!(await Permissions.HasPermission(AdminPermissions.EditGroup, Context.User.Id))) {
|
||||
if (!(await Permissions.HasPermission(Security.AdminPermissions.EditGroup, Context.User.Id))) {
|
||||
await NoEditPermissions();
|
||||
return;
|
||||
}
|
||||
@@ -239,7 +239,7 @@
|
||||
return;
|
||||
}
|
||||
|
||||
if (!(await Permissions.HasPermission(AdminPermissions.AddGroup, Context.User.Id))) {
|
||||
if (!(await Permissions.HasPermission(Security.AdminPermissions.AddGroup, Context.User.Id))) {
|
||||
await NoAddPermissions();
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -69,7 +69,7 @@
|
||||
}
|
||||
|
||||
private async Task AddUser() {
|
||||
if (!(await Permissions.HasPermission(AdminPermissions.AddUser, Auth.User.Id))) {
|
||||
if (!(await Permissions.HasPermission(Security.AdminPermissions.AddUser, Auth.User.Id))) {
|
||||
await NoAddPermissions();
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -118,7 +118,7 @@
|
||||
private string _permissionToAdd;
|
||||
|
||||
public async Task ShowAsync(User user) {
|
||||
if (!(await Permissions.HasPermission(AdminPermissions.EditUser, Auth.User.Id))) {
|
||||
if (!(await Permissions.HasPermission(Security.AdminPermissions.EditUser, Auth.User.Id))) {
|
||||
await NoEditPermissions();
|
||||
return;
|
||||
}
|
||||
@@ -130,7 +130,7 @@
|
||||
}
|
||||
|
||||
private async Task AddGroup() {
|
||||
if (!(await Permissions.HasPermission(AdminPermissions.EditUser, Auth.User.Id))) {
|
||||
if (!(await Permissions.HasPermission(Security.AdminPermissions.EditUser, Auth.User.Id))) {
|
||||
await NoEditPermissions();
|
||||
return;
|
||||
}
|
||||
@@ -158,7 +158,7 @@
|
||||
}
|
||||
|
||||
private async Task RemoveGroup(PermissionGroup group) {
|
||||
if (!(await Permissions.HasPermission(AdminPermissions.EditUser, Auth.User.Id))) {
|
||||
if (!(await Permissions.HasPermission(Security.AdminPermissions.EditUser, Auth.User.Id))) {
|
||||
await NoEditPermissions();
|
||||
return;
|
||||
}
|
||||
@@ -186,7 +186,7 @@
|
||||
}
|
||||
|
||||
private async Task AddPermission() {
|
||||
if (!(await Permissions.HasPermission(AdminPermissions.EditUser, Auth.User.Id))) {
|
||||
if (!(await Permissions.HasPermission(Security.AdminPermissions.EditUser, Auth.User.Id))) {
|
||||
await NoEditPermissions();
|
||||
return;
|
||||
}
|
||||
@@ -213,7 +213,7 @@
|
||||
}
|
||||
|
||||
private async Task RemovePermission(Permission perm) {
|
||||
if (!(await Permissions.HasPermission(AdminPermissions.EditUser, Auth.User.Id))) {
|
||||
if (!(await Permissions.HasPermission(Security.AdminPermissions.EditUser, Auth.User.Id))) {
|
||||
await NoEditPermissions();
|
||||
return;
|
||||
}
|
||||
@@ -241,7 +241,7 @@
|
||||
}
|
||||
|
||||
private async void EditUser() {
|
||||
if (!(await Permissions.HasPermission(AdminPermissions.EditUser, Auth.User.Id))) {
|
||||
if (!(await Permissions.HasPermission(Security.AdminPermissions.EditUser, Auth.User.Id))) {
|
||||
await NoEditPermissions();
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
@using HopFrame.Web.Pages.Administration.Layout
|
||||
|
||||
<PageTitle>Groups</PageTitle>
|
||||
<AuthorizedView Permission="@AdminPermissions.ViewGroups" RedirectIfUnauthorized="administration/login?redirect=/administration/groups"/>
|
||||
<AuthorizedView Permission="@Security.AdminPermissions.ViewGroups" RedirectIfUnauthorized="administration/login?redirect=/administration/groups"/>
|
||||
|
||||
<GroupAddModal ReloadPage="Reload" @ref="_groupAddModal"/>
|
||||
|
||||
@@ -32,7 +32,7 @@
|
||||
<input class="form-control me-2 input-dark" type="search" placeholder="Search" aria-label="Search" @bind="_searchText">
|
||||
<BSButton Color="BSColor.Success" IsOutlined="true" type="submit">Search</BSButton>
|
||||
</form>
|
||||
<AuthorizedView Permission="@AdminPermissions.AddGroup">
|
||||
<AuthorizedView Permission="@Security.AdminPermissions.AddGroup">
|
||||
<BSButton IsSubmit="false" Color="BSColor.Success" Target="add-user" OnClick="() => _groupAddModal.ShowAsync()">Add Group</BSButton>
|
||||
</AuthorizedView>
|
||||
</div>
|
||||
@@ -112,8 +112,8 @@
|
||||
protected override async Task OnInitializedAsync() {
|
||||
_groups = await Permissions.GetPermissionGroups();
|
||||
|
||||
_hasEditPrivileges = await Permissions.HasPermission(AdminPermissions.EditGroup, Auth.User.Id);
|
||||
_hasDeletePrivileges = await Permissions.HasPermission(AdminPermissions.DeleteGroup, Auth.User.Id);
|
||||
_hasEditPrivileges = await Permissions.HasPermission(Security.AdminPermissions.EditGroup, Auth.User.Id);
|
||||
_hasDeletePrivileges = await Permissions.HasPermission(Security.AdminPermissions.DeleteGroup, Auth.User.Id);
|
||||
}
|
||||
|
||||
private async Task Reload() {
|
||||
|
||||
@@ -2,7 +2,7 @@
|
||||
@using BlazorStrap.V5
|
||||
@inherits LayoutComponentBase
|
||||
|
||||
<AuthorizedView Permission="@AdminPermissions.IsAdmin" RedirectIfUnauthorized="administration/login" />
|
||||
<AuthorizedView Permission="@Security.AdminPermissions.IsAdmin" RedirectIfUnauthorized="administration/login" />
|
||||
|
||||
<link href="https://cdn.jsdelivr.net/npm/bootstrap@5.3.3/dist/css/bootstrap.min.css" rel="stylesheet" integrity="sha384-QWTKZyjpPEjISv5WaRU9OFeRpok6YctnYmDr5pNlyT2bRjXh0JMhjY6hW+ALEwIH" crossorigin="anonymous">
|
||||
|
||||
|
||||
@@ -53,13 +53,13 @@
|
||||
Name = "Users",
|
||||
Url = "administration/users",
|
||||
Description = "On this page you can manage all user accounts.",
|
||||
Permission = AdminPermissions.ViewUsers
|
||||
Permission = Security.AdminPermissions.ViewUsers
|
||||
},
|
||||
new () {
|
||||
Name = "Groups",
|
||||
Url = "administration/groups",
|
||||
Description = "On this page you can view, create, edit and delete permission groups.",
|
||||
Permission = AdminPermissions.ViewGroups
|
||||
Permission = Security.AdminPermissions.ViewGroups
|
||||
}
|
||||
};
|
||||
|
||||
|
||||
@@ -16,7 +16,7 @@
|
||||
@using HopFrame.Web.Components.Administration
|
||||
|
||||
<PageTitle>Users</PageTitle>
|
||||
<AuthorizedView Permission="@AdminPermissions.ViewUsers" RedirectIfUnauthorized="administration/login?redirect=/administration/users"/>
|
||||
<AuthorizedView Permission="@Security.AdminPermissions.ViewUsers" RedirectIfUnauthorized="administration/login?redirect=/administration/users"/>
|
||||
|
||||
<UserAddModal @ref="_userAddModal" ReloadPage="Reload"/>
|
||||
<UserEditModal @ref="_userEditModal" ReloadPage="Reload"/>
|
||||
@@ -33,7 +33,7 @@
|
||||
<input class="form-control me-2 input-dark" type="search" placeholder="Search" aria-label="Search" @bind="_searchText">
|
||||
<BSButton Color="BSColor.Success" IsOutlined="true" type="submit">Search</BSButton>
|
||||
</form>
|
||||
<AuthorizedView Permission="@AdminPermissions.AddUser">
|
||||
<AuthorizedView Permission="@Security.AdminPermissions.AddUser">
|
||||
<BSButton IsSubmit="false" Color="BSColor.Success" Target="add-user" OnClick="() => _userAddModal.ShowAsync()">Add User</BSButton>
|
||||
</AuthorizedView>
|
||||
</div>
|
||||
@@ -123,8 +123,8 @@
|
||||
_userGroups.Add(user.Id, groups.LastOrDefault());
|
||||
}
|
||||
|
||||
_hasEditPrivileges = await PermissionsService.HasPermission(AdminPermissions.EditUser, Auth.User.Id);
|
||||
_hasDeletePrivileges = await PermissionsService.HasPermission(AdminPermissions.DeleteUser, Auth.User.Id);
|
||||
_hasEditPrivileges = await PermissionsService.HasPermission(Security.AdminPermissions.EditUser, Auth.User.Id);
|
||||
_hasDeletePrivileges = await PermissionsService.HasPermission(Security.AdminPermissions.DeleteUser, Auth.User.Id);
|
||||
}
|
||||
|
||||
private async Task Reload() {
|
||||
|
||||
@@ -1,2 +1,43 @@
|
||||
# HopFrame Web module
|
||||
This module contains useful helpers for Blazor Apps and an Admin Dashboard.
|
||||
|
||||
## How to use the Blazor API
|
||||
|
||||
1. Add the HopFrame.Web library to your project
|
||||
|
||||
```
|
||||
dotnet add package HopFrame.Web
|
||||
```
|
||||
|
||||
2. Create a DbContext that inherits the ``HopDbContext`` and add a data source
|
||||
|
||||
```csharp
|
||||
public class DatabaseContext : HopDbContextBase {
|
||||
protected override void OnConfiguring(DbContextOptionsBuilder optionsBuilder) {
|
||||
base.OnConfiguring(optionsBuilder);
|
||||
|
||||
optionsBuilder.UseSqlite("...");
|
||||
}
|
||||
}
|
||||
```
|
||||
|
||||
3. Add the DbContext and HopFrame to your services
|
||||
|
||||
```csharp
|
||||
builder.Services.AddDbContext<DatabaseContext>();
|
||||
builder.Services.AddHopFrame<DatabaseContext>();
|
||||
```
|
||||
|
||||
4. Add the authentication middleware to your app
|
||||
|
||||
```csharp
|
||||
app.UseMiddleware<AuthMiddleware>();
|
||||
```
|
||||
|
||||
5. Add the HopFrame pages to your Razor components
|
||||
|
||||
```csharp
|
||||
app.MapRazorComponents<App>()
|
||||
.AddHopFrameAdminPages()
|
||||
.AddInteractiveServerRenderMode();
|
||||
```
|
||||
|
||||
@@ -10,7 +10,7 @@ using Microsoft.Extensions.DependencyInjection;
|
||||
namespace HopFrame.Web;
|
||||
|
||||
public static class ServiceCollectionExtensions {
|
||||
public static IServiceCollection AddHopFrameServices<TDbContext>(this IServiceCollection services) where TDbContext : HopDbContextBase {
|
||||
public static IServiceCollection AddHopFrame<TDbContext>(this IServiceCollection services) where TDbContext : HopDbContextBase {
|
||||
services.AddHttpClient();
|
||||
services.AddScoped<IAuthService, AuthService<TDbContext>>();
|
||||
services.AddTransient<AuthMiddleware>();
|
||||
|
||||
Reference in New Issue
Block a user