-
Notifications
You must be signed in to change notification settings - Fork 2.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add UsersFolder for media assets (#9357)
- Loading branch information
Showing
10 changed files
with
200 additions
and
105 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
85 changes: 0 additions & 85 deletions
85
...dCore.Modules/OrchardCore.Media/Services/AttachedMediaFieldsFolderAuthorizationHandler.cs
This file was deleted.
Oops, something went wrong.
17 changes: 17 additions & 0 deletions
17
src/OrchardCore.Modules/OrchardCore.Media/Services/DefaultUserAssetFolderNameProvider.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
using System; | ||
using System.Collections.Generic; | ||
using System.Linq; | ||
using System.Security.Claims; | ||
using System.Text; | ||
using System.Threading.Tasks; | ||
|
||
namespace OrchardCore.Media.Services | ||
{ | ||
public class DefaultUserAssetFolderNameProvider: IUserAssetFolderNameProvider | ||
{ | ||
public string GetUserAssetFolderName(ClaimsPrincipal claimsPrincipal) | ||
{ | ||
return claimsPrincipal.FindFirstValue(ClaimTypes.NameIdentifier); | ||
} | ||
} | ||
} |
117 changes: 117 additions & 0 deletions
117
src/OrchardCore.Modules/OrchardCore.Media/Services/ManageMediaFolderAuthorizationHandler.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,117 @@ | ||
using System; | ||
using System.Collections.Generic; | ||
using System.Security.Claims; | ||
using System.Threading.Tasks; | ||
using Microsoft.AspNetCore.Authorization; | ||
using Microsoft.Extensions.DependencyInjection; | ||
using Microsoft.Extensions.Options; | ||
using OrchardCore.FileStorage; | ||
using OrchardCore.Security; | ||
using OrchardCore.Security.Permissions; | ||
|
||
namespace OrchardCore.Media.Services | ||
{ | ||
/// <summary> | ||
/// Checks if the user has related permission to manage the path resource which is passed from AuthorizationHandler | ||
/// </summary> | ||
public class ManageMediaFolderAuthorizationHandler : AuthorizationHandler<PermissionRequirement> | ||
{ | ||
private readonly IServiceProvider _serviceProvider; | ||
private readonly AttachedMediaFieldFileService _attachedMediaFieldFileService; | ||
private readonly IMediaFileStore _fileStore; | ||
private char _pathSeparator; | ||
private string _mediaFieldsFolder; | ||
private string _usersFolder; | ||
private readonly MediaOptions _mediaOptions; | ||
private Dictionary<string, Permission> folderPermissios = new Dictionary<string, Permission>(); | ||
private readonly IUserAssetFolderNameProvider _userAssetFolderNameProvider; | ||
|
||
public ManageMediaFolderAuthorizationHandler(IServiceProvider serviceProvider, | ||
AttachedMediaFieldFileService attachedMediaFieldFileService, | ||
IMediaFileStore fileStore, | ||
IOptions<MediaOptions> options, | ||
IUserAssetFolderNameProvider userAssetFolderNameProvider) | ||
{ | ||
_serviceProvider = serviceProvider; | ||
_attachedMediaFieldFileService = attachedMediaFieldFileService; | ||
_fileStore = fileStore; | ||
_mediaOptions = options.Value; | ||
_userAssetFolderNameProvider = userAssetFolderNameProvider; | ||
} | ||
|
||
protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, PermissionRequirement requirement) | ||
{ | ||
if (context.HasSucceeded) | ||
{ | ||
// This handler is not revoking any pre-existing grants. | ||
return; | ||
} | ||
|
||
if (requirement.Permission.Name != Permissions.ManageMediaFolder.Name) | ||
{ | ||
return; | ||
} | ||
|
||
if (context.Resource == null) | ||
{ | ||
return; | ||
} | ||
|
||
_pathSeparator = _fileStore.Combine("a", "b").Contains('/') ? '/' : '\\'; | ||
|
||
// ensure end trailing slash | ||
_mediaFieldsFolder = _fileStore.NormalizePath(_attachedMediaFieldFileService.MediaFieldsFolder) | ||
.TrimEnd(_pathSeparator) + _pathSeparator; | ||
|
||
_usersFolder = _fileStore.NormalizePath(_mediaOptions.AssetsUsersFolder) | ||
.TrimEnd(_pathSeparator) + _pathSeparator; | ||
|
||
var path = context.Resource as string; | ||
|
||
string userOwnFolder = _fileStore.NormalizePath( | ||
_fileStore.Combine(_usersFolder, _userAssetFolderNameProvider.GetUserAssetFolderName(context.User))) | ||
.TrimEnd(_pathSeparator) + _pathSeparator; | ||
|
||
Permission permission = Permissions.ManageMedia; | ||
|
||
// handle attached media field folder | ||
if (IsAuthorizedFolder(_mediaFieldsFolder, path) || IsDescendantOfauthorizedFolder(_mediaFieldsFolder, path)) | ||
{ | ||
permission = Permissions.ManageAttachedMediaFieldsFolder; | ||
} | ||
|
||
if (IsAuthorizedFolder(_usersFolder, path) || IsAuthorizedFolder(userOwnFolder, path) || IsDescendantOfauthorizedFolder(userOwnFolder, path)) | ||
{ | ||
permission = Permissions.ManageOwnMedia; | ||
} | ||
|
||
if (IsDescendantOfauthorizedFolder(_usersFolder, path) && !IsAuthorizedFolder(userOwnFolder, path) && !IsDescendantOfauthorizedFolder(userOwnFolder, path)) | ||
{ | ||
permission = Permissions.ManageOthersMedia; | ||
} | ||
|
||
// Lazy load to prevent circular dependencies | ||
var authorizationService = _serviceProvider.GetService<IAuthorizationService>(); | ||
|
||
if (await authorizationService.AuthorizeAsync(context.User, permission)) | ||
{ | ||
context.Succeed(requirement); | ||
} | ||
} | ||
|
||
private bool IsAuthorizedFolder(string authorizedFolder, string childPath) | ||
{ | ||
// ensure end trailing slash | ||
childPath = _fileStore.NormalizePath(childPath) | ||
.TrimEnd(_pathSeparator) + _pathSeparator; | ||
|
||
return childPath.Equals(authorizedFolder); | ||
} | ||
|
||
private bool IsDescendantOfauthorizedFolder(string authorizedFolder, string childPath) | ||
{ | ||
childPath = _fileStore.NormalizePath(childPath); | ||
return childPath.StartsWith(authorizedFolder, StringComparison.Ordinal); | ||
} | ||
} | ||
} |
Oops, something went wrong.