From 643ceeb607e619d5cd3f10d063b17dfe48bbec58 Mon Sep 17 00:00:00 2001 From: Leon Hoppe Date: Sun, 21 Jul 2024 20:49:52 +0200 Subject: [PATCH] Finished user administration --- .../Services/IPermissionService.cs | 6 +- .../Implementation/PermissionService.cs | 24 +- HopFrame.Web/AdminPermissions.cs | 8 + .../Pages/Administration/AdminRoutes.razor | 16 -- .../Administration/Layout/AdminLayout.razor | 2 +- .../Administration/Layout/AdminMenu.razor | 11 +- .../Pages/Administration/UserEditPage.razor | 230 ++++++++++++++++-- .../Pages/Administration/UsersPage.razor | 36 ++- HopFrame.Web/Pages/Login.razor | 11 +- .../Services/Implementation/AuthService.cs | 30 ++- 10 files changed, 320 insertions(+), 54 deletions(-) create mode 100644 HopFrame.Web/AdminPermissions.cs diff --git a/HopFrame.Security/Services/IPermissionService.cs b/HopFrame.Security/Services/IPermissionService.cs index d9182b5..3f051b3 100644 --- a/HopFrame.Security/Services/IPermissionService.cs +++ b/HopFrame.Security/Services/IPermissionService.cs @@ -12,10 +12,14 @@ public interface IPermissionService { Task> GetUserPermissionGroups(User user); + Task RemoveGroupFromUser(User user, PermissionGroup group); + Task CreatePermissionGroup(string name, bool isDefault = false, string description = null); Task DeletePermissionGroup(PermissionGroup group); + Task GetPermission(string name, IPermissionOwner owner); + /// /// permission system:
/// - "*" -> all rights
@@ -28,7 +32,7 @@ public interface IPermissionService { /// Task AddPermission(IPermissionOwner owner, string permission); - Task DeletePermission(Permission permission); + Task RemovePermission(Permission permission); Task GetFullPermissions(string user); diff --git a/HopFrame.Security/Services/Implementation/PermissionService.cs b/HopFrame.Security/Services/Implementation/PermissionService.cs index fa7c297..bda9d8e 100644 --- a/HopFrame.Security/Services/Implementation/PermissionService.cs +++ b/HopFrame.Security/Services/Implementation/PermissionService.cs @@ -58,11 +58,22 @@ internal sealed class PermissionService(TDbContext context, ITokenCo var perms = await GetFullPermissions(user.Id.ToString()); return groups - .Where(group => PermissionValidator.IncludesPermission(group.Name, perms)) + .Where(group => perms.Contains(group.Name)) .Select(group => group.ToPermissionGroup(context)) .ToList(); } + public async Task RemoveGroupFromUser(User user, PermissionGroup group) { + var entry = await context.Permissions + .Where(perm => perm.PermissionText == group.Name && perm.UserId == user.Id.ToString()) + .SingleOrDefaultAsync(); + + if (entry is null) return; + + context.Permissions.Remove(entry); + await context.SaveChangesAsync(); + } + public async Task CreatePermissionGroup(string name, bool isDefault = false, string description = null) { var group = new GroupEntry { Name = name, @@ -81,6 +92,15 @@ internal sealed class PermissionService(TDbContext context, ITokenCo await context.SaveChangesAsync(); } + public async Task GetPermission(string name, IPermissionOwner owner) { + var ownerId = (owner is User user) ? user.Id.ToString() : ((PermissionGroup)owner).Name; + + return await context.Permissions + .Where(perm => perm.PermissionText == name && perm.UserId == ownerId) + .Select(perm => perm.ToPermissionModel()) + .SingleOrDefaultAsync(); + } + public async Task AddPermission(IPermissionOwner owner, string permission) { var userId = owner is User user ? user.Id.ToString() : (owner as PermissionGroup)?.Name; @@ -92,7 +112,7 @@ internal sealed class PermissionService(TDbContext context, ITokenCo await context.SaveChangesAsync(); } - public async Task DeletePermission(Permission permission) { + public async Task RemovePermission(Permission permission) { var entry = await context.Permissions.SingleOrDefaultAsync(entry => entry.RecordId == permission.Id); context.Permissions.Remove(entry); await context.SaveChangesAsync(); diff --git a/HopFrame.Web/AdminPermissions.cs b/HopFrame.Web/AdminPermissions.cs new file mode 100644 index 0000000..47221ed --- /dev/null +++ b/HopFrame.Web/AdminPermissions.cs @@ -0,0 +1,8 @@ +namespace HopFrame.Web; + +public static class AdminPermissions { + public const string IsAdmin = "hopframe.admin"; + public const string ViewUsers = "hopframe.admin.users.view"; + public const string EditUsers = "hopframe.admin.users.edit"; + public const string DeleteUsers = "hopframe.admin.users.delete"; +} \ No newline at end of file diff --git a/HopFrame.Web/Pages/Administration/AdminRoutes.razor b/HopFrame.Web/Pages/Administration/AdminRoutes.razor index bea6606..318c832 100644 --- a/HopFrame.Web/Pages/Administration/AdminRoutes.razor +++ b/HopFrame.Web/Pages/Administration/AdminRoutes.razor @@ -10,19 +10,3 @@ Navigator.NavigateTo("administration/users"); } } - -
-
- - - - - - - - -

No content found in nested layout

- - -
-
diff --git a/HopFrame.Web/Pages/Administration/Layout/AdminLayout.razor b/HopFrame.Web/Pages/Administration/Layout/AdminLayout.razor index 0fb7f41..4ea3d74 100644 --- a/HopFrame.Web/Pages/Administration/Layout/AdminLayout.razor +++ b/HopFrame.Web/Pages/Administration/Layout/AdminLayout.razor @@ -1,7 +1,7 @@ @using HopFrame.Web.Components @inherits LayoutComponentBase - +
diff --git a/HopFrame.Web/Pages/Administration/Layout/AdminMenu.razor b/HopFrame.Web/Pages/Administration/Layout/AdminMenu.razor index 8e826e8..0c92c55 100644 --- a/HopFrame.Web/Pages/Administration/Layout/AdminMenu.razor +++ b/HopFrame.Web/Pages/Administration/Layout/AdminMenu.razor @@ -8,7 +8,7 @@
-
\ No newline at end of file diff --git a/HopFrame.Web/Pages/Administration/UserEditPage.razor b/HopFrame.Web/Pages/Administration/UserEditPage.razor index 95755c2..dcf5558 100644 --- a/HopFrame.Web/Pages/Administration/UserEditPage.razor +++ b/HopFrame.Web/Pages/Administration/UserEditPage.razor @@ -1,22 +1,25 @@ @page "/administration/user/{UserId}" +@using CurrieTechnologies.Razor.SweetAlert2 @using HopFrame.Database.Models @using HopFrame.Security.Services @using HopFrame.Web.Pages.Administration.Layout @using Microsoft.AspNetCore.Components.Web @using static Microsoft.AspNetCore.Components.Web.RenderMode @using Microsoft.AspNetCore.Components.Forms +@using HopFrame.Web.Components @layout AdminLayout @rendermode InteractiveServer Edit @User.Username +

Edit @User.Username (@User.Id)

- + @**@ -
+
@@ -31,25 +34,103 @@
+ +
+ +
    +
  • +
      + @foreach (var group in _groups) { +
    • + + + @group.Name.Replace("group.", "") +
      • + } +
    +
    • +
  • +
    + + +
    +
    • +
+
+ +
+ +
    +
  • +
      + @foreach (var perm in User.Permissions.Where(perm => !perm.PermissionName.StartsWith("group."))) { +
    • + + + @perm.PermissionName +
      • + } +
    +
    • +
  • +
    + + +
    +
    • +
+
+ - +
@inject IUserService Users +@inject IPermissionService Permissions +@inject NavigationManager Navigator +@inject SweetAlertService Alerts @code { - [Parameter] - public string UserId { get; set; } + [Parameter] public string UserId { get; set; } private EditContext _context; private ValidationMessageStore _messages; - [SupplyParameterFromForm] - public User User { get; set; } + [SupplyParameterFromForm] public User User { get; set; } + + private IList _groups = new List(); + private IList _allGroups = new List(); + private string _selectedGroup; + private string _permissionToAdd; protected override async Task OnInitializedAsync() { - User = await Users.GetUser(Guid.Parse(UserId)); + if (Guid.TryParse(UserId, out var guid)) { + User = await Users.GetUser(guid); + } + + if (User is null) { + Navigator.NavigateTo("/administration/users"); + } + + _groups = await Permissions.GetUserPermissionGroups(User); + _allGroups = await Permissions.GetPermissionGroups(); _context = new EditContext(User); _context.OnValidationRequested += ValidateForm; @@ -58,20 +139,136 @@ private async Task OnEdit() { var hasConflict = false; - - if (await Users.GetUserByEmail(User.Email) is not null) { + + var userByEmail = await Users.GetUserByEmail(User.Email); + if (userByEmail is not null && userByEmail.Id != User.Id) { _messages.Add(() => User.Email, "Email is already in use"); hasConflict = true; } - - if (await Users.GetUserByUsername(User.Username) is not null) { + + var userByUsername = await Users.GetUserByUsername(User.Username); + if (userByUsername is not null && userByUsername.Id != User.Id) { _messages.Add(() => User.Username, "Username is already in use"); hasConflict = true; } - + if (hasConflict) return; - + var result = await Alerts.FireAsync(new SweetAlertOptions { + Title = "Are you sure?", + Icon = SweetAlertIcon.Warning, + ConfirmButtonText = "Yes", + ShowCancelButton = true, + ShowConfirmButton = true + }); + + if (result.IsConfirmed) { + await Users.UpdateUser(User); + + await Alerts.FireAsync(new SweetAlertOptions { + Title = "User edited!", + Icon = SweetAlertIcon.Success, + Timer = 1500, + ShowConfirmButton = false + }); + + Back(); + } + } + + private void Back() { + Navigator.NavigateTo("/administration/users"); + } + + private async Task RemoveGroup(PermissionGroup group) { + var result = await Alerts.FireAsync(new SweetAlertOptions { + Title = "Are you sure?", + Icon = SweetAlertIcon.Warning, + ConfirmButtonText = "Yes", + ShowCancelButton = true, + ShowConfirmButton = true + }); + + if (result.IsConfirmed) { + await Permissions.RemoveGroupFromUser(User, group); + _groups.Remove(group); + StateHasChanged(); + + await Alerts.FireAsync(new SweetAlertOptions { + Title = "Group removed!", + Icon = SweetAlertIcon.Success, + Timer = 1500, + ShowConfirmButton = false + }); + } + } + + private async Task RemovePermission(Permission perm) { + var result = await Alerts.FireAsync(new SweetAlertOptions { + Title = "Are you sure?", + Icon = SweetAlertIcon.Warning, + ConfirmButtonText = "Yes", + ShowCancelButton = true, + ShowConfirmButton = true + }); + + if (result.IsConfirmed) { + await Permissions.RemovePermission(perm); + User.Permissions.Remove(perm); + StateHasChanged(); + + await Alerts.FireAsync(new SweetAlertOptions { + Title = "Permission removed!", + Icon = SweetAlertIcon.Success, + Timer = 1500, + ShowConfirmButton = false + }); + } + } + + private async Task AddGroup() { + if (string.IsNullOrWhiteSpace(_selectedGroup)) { + await Alerts.FireAsync(new SweetAlertOptions { + Title = "Select a group!", + Icon = SweetAlertIcon.Error, + ShowConfirmButton = true + }); + return; + } + + var group = _allGroups.SingleOrDefault(group => group.Name == _selectedGroup); + + await Permissions.AddPermission(User, group?.Name); + _groups.Add(group); + + await Alerts.FireAsync(new SweetAlertOptions { + Title = "Group added!", + Icon = SweetAlertIcon.Success, + Timer = 1500, + ShowConfirmButton = false + }); + } + + private async Task AddPermission() { + if (string.IsNullOrWhiteSpace(_permissionToAdd)) { + await Alerts.FireAsync(new SweetAlertOptions { + Title = "Enter a permission name!", + Icon = SweetAlertIcon.Error, + ShowConfirmButton = true + }); + return; + } + + await Permissions.AddPermission(User, _permissionToAdd); + User.Permissions.Add(await Permissions.GetPermission(_permissionToAdd, User)); + _permissionToAdd = ""; + + await Alerts.FireAsync(new SweetAlertOptions { + Title = "Permission added!", + Icon = SweetAlertIcon.Success, + Timer = 1500, + ShowConfirmButton = false + }); } private void ValidateForm(object sender, ValidationRequestedEventArgs e) { @@ -81,4 +278,9 @@ _messages.Add(() => User.Email, "Please enter a valid email address"); } } + + private string ConstructRedirectUrl() { + return "login?redirect=" + Navigator.Uri; + } + } \ No newline at end of file diff --git a/HopFrame.Web/Pages/Administration/UsersPage.razor b/HopFrame.Web/Pages/Administration/UsersPage.razor index 4e2cfdf..13e7c20 100644 --- a/HopFrame.Web/Pages/Administration/UsersPage.razor +++ b/HopFrame.Web/Pages/Administration/UsersPage.razor @@ -5,6 +5,7 @@ @using System.Globalization @using CurrieTechnologies.Razor.SweetAlert2 @using HopFrame.Database.Models +@using HopFrame.Security.Claims @using HopFrame.Security.Services @using HopFrame.Web.Pages.Administration.Layout @using static Microsoft.AspNetCore.Components.Web.RenderMode @@ -12,7 +13,7 @@ @using HopFrame.Web.Components Users - +

@@ -82,7 +83,10 @@ } Primary Group - Actions + + @if (_hasEditPrivileges || _hasDeletePrivileges) { + Actions + } @@ -93,12 +97,20 @@ @user.Username @user.CreatedAt @GetFriendlyGroupName(user) - -
- - -
- + + @if (_hasEditPrivileges || _hasDeletePrivileges) { + +
+ @if (_hasEditPrivileges) { + + } + + @if (_hasDeletePrivileges) { + + } +
+ + } } @@ -108,6 +120,7 @@ @inject IPermissionService PermissionsService @inject NavigationManager Navigator @inject SweetAlertService Alerts +@inject ITokenContext Auth @code { private IList _users = new List(); @@ -118,6 +131,9 @@ private string _searchText; + private bool _hasEditPrivileges = false; + private bool _hasDeletePrivileges = false; + protected override async Task OnInitializedAsync() { _users = await UserService.GetUsers(); @@ -125,6 +141,9 @@ var groups = await PermissionsService.GetUserPermissionGroups(user); _userGroups.Add(user.Id, groups.FirstOrDefault()); } + + _hasEditPrivileges = await PermissionsService.HasPermission(AdminPermissions.EditUsers, Auth.User.Id); + _hasDeletePrivileges = await PermissionsService.HasPermission(AdminPermissions.DeleteUsers, Auth.User.Id); } private void Reload() { @@ -177,6 +196,7 @@ Title = "Are you sure?", Text = "You won't be able to revert this!", Icon = SweetAlertIcon.Warning, + ConfirmButtonText = "Yes", ShowCancelButton = true, ShowConfirmButton = true }); diff --git a/HopFrame.Web/Pages/Login.razor b/HopFrame.Web/Pages/Login.razor index 45dc1a0..491c163 100644 --- a/HopFrame.Web/Pages/Login.razor +++ b/HopFrame.Web/Pages/Login.razor @@ -42,11 +42,18 @@ @code { [SupplyParameterFromForm] private UserLogin LoginData { get; set; } + + [SupplyParameterFromQuery(Name = "redirect")] + private string RedirectAfter { get; set; } private bool _loginError; - protected override void OnInitialized() { + protected override async Task OnInitializedAsync() { LoginData ??= new(); + + if (await Auth.IsLoggedIn()) { + await Auth.Logout(); + } } private async Task OnLogin() { @@ -57,6 +64,6 @@ return; } - Navigator.NavigateTo(Register.RedirectAfterRegister, true); + Navigator.NavigateTo(string.IsNullOrEmpty(RedirectAfter) ? Register.RedirectAfterRegister : RedirectAfter, true); } } \ No newline at end of file diff --git a/HopFrame.Web/Services/Implementation/AuthService.cs b/HopFrame.Web/Services/Implementation/AuthService.cs index bebb28e..3e5dea7 100644 --- a/HopFrame.Web/Services/Implementation/AuthService.cs +++ b/HopFrame.Web/Services/Implementation/AuthService.cs @@ -101,15 +101,6 @@ public class AuthService( } public async Task RefreshLogin() { - if (await IsLoggedIn()) { - var oldToken = httpAccessor.HttpContext?.Request.Cookies[ITokenContext.AccessTokenType]; - var entry = await context.Tokens.SingleOrDefaultAsync(token => token.Token == oldToken); - - if (entry is not null) { - context.Tokens.Remove(entry); - } - } - var refreshToken = httpAccessor.HttpContext?.Request.Cookies[ITokenContext.RefreshTokenType]; if (string.IsNullOrWhiteSpace(refreshToken)) return null; @@ -117,6 +108,27 @@ public class AuthService( var token = await context.Tokens.SingleOrDefaultAsync(token => token.Token == refreshToken && token.Type == TokenEntry.RefreshTokenType); if (token is null) return null; + + var oldAccessTokens = context.Tokens + .AsEnumerable() + .Where(old => + old.Type == TokenEntry.AccessTokenType && + old.UserId == token.UserId && + old.CreatedAt + HopFrameAuthentication.AccessTokenTime < DateTime.Now) + .ToList(); + context.Tokens.RemoveRange(oldAccessTokens); + + var oldRefreshTokens = context.Tokens + .AsEnumerable() + .Where(old => + old.Type == TokenEntry.RefreshTokenType && + old.UserId == token.UserId && + old.CreatedAt + HopFrameAuthentication.RefreshTokenTime < DateTime.Now) + .ToList(); + context.Tokens.RemoveRange(oldRefreshTokens); + + await context.SaveChangesAsync(); + if (token.CreatedAt + HopFrameAuthentication.RefreshTokenTime < DateTime.Now) return null; var accessToken = new TokenEntry {