mirror of
https://github.com/LD-Reborn/Berufsschule_HAM.git
synced 2025-12-20 06:51:55 +00:00
Added CanManageSettings claim, Implemented authorization for admin settings
This commit is contained in:
@@ -29,7 +29,7 @@
|
|||||||
- gidNumber = group id number (e.g. 1)
|
- gidNumber = group id number (e.g. 1)
|
||||||
- displayName = display name (e.g. "Administrator")
|
- displayName = display name (e.g. "Administrator")
|
||||||
- description = json string containing data as JSON. E.g.:
|
- description = json string containing data as JSON. E.g.:
|
||||||
- `{"Permissions": ["CanInventorize", "CanManageUsers", "CanManageLocations", "CanManageAssets", "CanManageGroups"]}`
|
- `{"Permissions": ["CanInventorize", "CanManageUsers", "CanManageLocations", "CanManageAssets", "CanManageGroups", "CanManageSettings"]}`
|
||||||
|
|
||||||
## assets
|
## assets
|
||||||
- ObjectClass:
|
- ObjectClass:
|
||||||
|
|||||||
@@ -28,12 +28,15 @@ public class SettingsController : Controller
|
|||||||
return View();
|
return View();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Authorize(Roles = "CanManageSettings")]
|
||||||
[HttpGet("Admin")]
|
[HttpGet("Admin")]
|
||||||
public async Task<IActionResult> AdminAsync()
|
public async Task<IActionResult> AdminAsync()
|
||||||
{
|
{
|
||||||
AdminSettingsModel adminSettingsModel = await _ldap.GetAdminSettingsModelAsync();
|
AdminSettingsModel adminSettingsModel = await _ldap.GetAdminSettingsModelAsync();
|
||||||
return View();
|
return View();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
[Authorize(Roles = "CanManageSettings")]
|
||||||
[HttpPut("Admin")]
|
[HttpPut("Admin")]
|
||||||
public async Task<AdminUpdateResponseModel> UpdateAdminAsync([FromBody]AdminUpdateRequestModel adminSettingsRequestModel)
|
public async Task<AdminUpdateResponseModel> UpdateAdminAsync([FromBody]AdminUpdateRequestModel adminSettingsRequestModel)
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -48,5 +48,6 @@ public enum GroupPermission
|
|||||||
CanManageUsers,
|
CanManageUsers,
|
||||||
CanManageLocations,
|
CanManageLocations,
|
||||||
CanManageAssets,
|
CanManageAssets,
|
||||||
CanManageGroups
|
CanManageGroups,
|
||||||
|
CanManageSettings
|
||||||
}
|
}
|
||||||
@@ -16,7 +16,8 @@ public class GroupsIndexViewModel
|
|||||||
CanManageAssets = model.Permissions.Any(x => x == GroupPermission.CanManageAssets),
|
CanManageAssets = model.Permissions.Any(x => x == GroupPermission.CanManageAssets),
|
||||||
CanManageGroups = model.Permissions.Any(x => x == GroupPermission.CanManageGroups),
|
CanManageGroups = model.Permissions.Any(x => x == GroupPermission.CanManageGroups),
|
||||||
CanManageLocations = model.Permissions.Any(x => x == GroupPermission.CanManageLocations),
|
CanManageLocations = model.Permissions.Any(x => x == GroupPermission.CanManageLocations),
|
||||||
CanManageUsers = model.Permissions.Any(x => x == GroupPermission.CanManageUsers)
|
CanManageUsers = model.Permissions.Any(x => x == GroupPermission.CanManageUsers),
|
||||||
|
CanManageSettings = model.Permissions.Any(x => x == GroupPermission.CanManageSettings)
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@@ -35,4 +36,5 @@ public class GroupsTableViewModel
|
|||||||
public required bool CanManageLocations { get; set; }
|
public required bool CanManageLocations { get; set; }
|
||||||
public required bool CanManageAssets { get; set; }
|
public required bool CanManageAssets { get; set; }
|
||||||
public required bool CanManageGroups { get; set; }
|
public required bool CanManageGroups { get; set; }
|
||||||
|
public required bool CanManageSettings { get; set; }
|
||||||
}
|
}
|
||||||
@@ -37,6 +37,9 @@
|
|||||||
<data name="manage groups" xml:space="preserve">
|
<data name="manage groups" xml:space="preserve">
|
||||||
<value>Gruppen verwalten</value>
|
<value>Gruppen verwalten</value>
|
||||||
</data>
|
</data>
|
||||||
|
<data name="manage settings" xml:space="preserve">
|
||||||
|
<value>Einstellungen verwalten</value>
|
||||||
|
</data>
|
||||||
<data name="Action" xml:space="preserve">
|
<data name="Action" xml:space="preserve">
|
||||||
<value>Aktion</value>
|
<value>Aktion</value>
|
||||||
</data>
|
</data>
|
||||||
@@ -79,6 +82,9 @@
|
|||||||
<data name="Can manage locations" xml:space="preserve">
|
<data name="Can manage locations" xml:space="preserve">
|
||||||
<value>Kann Orte verwalten</value>
|
<value>Kann Orte verwalten</value>
|
||||||
</data>
|
</data>
|
||||||
|
<data name="Can manage settings" xml:space="preserve">
|
||||||
|
<value>Kann Einstellungen verwalten</value>
|
||||||
|
</data>
|
||||||
<data name="Cancel" xml:space="preserve">
|
<data name="Cancel" xml:space="preserve">
|
||||||
<value>Abbrechen</value>
|
<value>Abbrechen</value>
|
||||||
</data>
|
</data>
|
||||||
|
|||||||
@@ -29,6 +29,7 @@
|
|||||||
<th class="text-center">@T["Can"]:<br/>@T["manage locations"]</th>
|
<th class="text-center">@T["Can"]:<br/>@T["manage locations"]</th>
|
||||||
<th class="text-center">@T["Can"]:<br/>@T["manage assets"]</th>
|
<th class="text-center">@T["Can"]:<br/>@T["manage assets"]</th>
|
||||||
<th class="text-center">@T["Can"]:<br/>@T["manage groups"]</th>
|
<th class="text-center">@T["Can"]:<br/>@T["manage groups"]</th>
|
||||||
|
<th class="text-center">@T["Can"]:<br/>@T["manage settings"]</th>
|
||||||
<th class="text-center">@T["Action"]</th>
|
<th class="text-center">@T["Action"]</th>
|
||||||
</tr>
|
</tr>
|
||||||
</thead>
|
</thead>
|
||||||
@@ -43,6 +44,7 @@
|
|||||||
<td class="text-center @(groupTableViewModel.CanManageLocations ? "text-success" : "text-danger")">@(groupTableViewModel.CanManageLocations ? "✓" : "✗")</td>
|
<td class="text-center @(groupTableViewModel.CanManageLocations ? "text-success" : "text-danger")">@(groupTableViewModel.CanManageLocations ? "✓" : "✗")</td>
|
||||||
<td class="text-center @(groupTableViewModel.CanManageAssets ? "text-success" : "text-danger")">@(groupTableViewModel.CanManageAssets ? "✓" : "✗")</td>
|
<td class="text-center @(groupTableViewModel.CanManageAssets ? "text-success" : "text-danger")">@(groupTableViewModel.CanManageAssets ? "✓" : "✗")</td>
|
||||||
<td class="text-center @(groupTableViewModel.CanManageGroups ? "text-success" : "text-danger")">@(groupTableViewModel.CanManageGroups ? "✓" : "✗")</td>
|
<td class="text-center @(groupTableViewModel.CanManageGroups ? "text-success" : "text-danger")">@(groupTableViewModel.CanManageGroups ? "✓" : "✗")</td>
|
||||||
|
<td class="text-center @(groupTableViewModel.CanManageSettings ? "text-success" : "text-danger")">@(groupTableViewModel.CanManageSettings ? "✓" : "✗")</td>
|
||||||
<td class="text-center">
|
<td class="text-center">
|
||||||
<div class="d-flex gap-2 justify-content-center">
|
<div class="d-flex gap-2 justify-content-center">
|
||||||
<button class="btn btn-sm btn-warning btn-update"
|
<button class="btn btn-sm btn-warning btn-update"
|
||||||
@@ -202,6 +204,10 @@
|
|||||||
<input type="checkbox" class="form-check-input" name="Permissions.CanManageLocations" id="canManageLocations" />
|
<input type="checkbox" class="form-check-input" name="Permissions.CanManageLocations" id="canManageLocations" />
|
||||||
<label class="form-check-label" for="canManageLocations">@T["Can manage locations"]</label>
|
<label class="form-check-label" for="canManageLocations">@T["Can manage locations"]</label>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="form-check">
|
||||||
|
<input type="checkbox" class="form-check-input" name="Permissions.CanManageSettings" id="canManageSettings" />
|
||||||
|
<label class="form-check-label" for="canManageSettings">@T["Can manage settings"]</label>
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@@ -236,6 +242,7 @@
|
|||||||
if (createForm.querySelector('[name="Permissions.CanManageAssets"]').checked) jsonData.Permissions.push("CanManageAssets");
|
if (createForm.querySelector('[name="Permissions.CanManageAssets"]').checked) jsonData.Permissions.push("CanManageAssets");
|
||||||
if (createForm.querySelector('[name="Permissions.CanManageUsers"]').checked) jsonData.Permissions.push("CanManageUsers");
|
if (createForm.querySelector('[name="Permissions.CanManageUsers"]').checked) jsonData.Permissions.push("CanManageUsers");
|
||||||
if (createForm.querySelector('[name="Permissions.CanManageGroups"]').checked) jsonData.Permissions.push("CanManageGroups");
|
if (createForm.querySelector('[name="Permissions.CanManageGroups"]').checked) jsonData.Permissions.push("CanManageGroups");
|
||||||
|
if (createForm.querySelector('[name="Permissions.CanManageSettings"]').checked) jsonData.Permissions.push("CanManageSettings");
|
||||||
if (createForm.querySelector('[name="Permissions.CanManageLocations"]').checked) jsonData.Permissions.push("CanManageLocations");
|
if (createForm.querySelector('[name="Permissions.CanManageLocations"]').checked) jsonData.Permissions.push("CanManageLocations");
|
||||||
|
|
||||||
try {
|
try {
|
||||||
@@ -265,6 +272,7 @@
|
|||||||
<td class="text-center ${jsonData.Permissions.includes("CanManageLocations") ? "text-success" : "text-danger"}">${jsonData.Permissions.includes("CanManageLocations") ? "✓" : "✗"}</td>
|
<td class="text-center ${jsonData.Permissions.includes("CanManageLocations") ? "text-success" : "text-danger"}">${jsonData.Permissions.includes("CanManageLocations") ? "✓" : "✗"}</td>
|
||||||
<td class="text-center ${jsonData.Permissions.includes("CanManageAssets") ? "text-success" : "text-danger"}">${jsonData.Permissions.includes("CanManageAssets") ? "✓" : "✗"}</td>
|
<td class="text-center ${jsonData.Permissions.includes("CanManageAssets") ? "text-success" : "text-danger"}">${jsonData.Permissions.includes("CanManageAssets") ? "✓" : "✗"}</td>
|
||||||
<td class="text-center ${jsonData.Permissions.includes("CanManageGroups") ? "text-success" : "text-danger"}">${jsonData.Permissions.includes("CanManageGroups") ? "✓" : "✗"}</td>
|
<td class="text-center ${jsonData.Permissions.includes("CanManageGroups") ? "text-success" : "text-danger"}">${jsonData.Permissions.includes("CanManageGroups") ? "✓" : "✗"}</td>
|
||||||
|
<td class="text-center ${jsonData.Permissions.includes("CanManageSettings") ? "text-success" : "text-danger"}">${jsonData.Permissions.includes("CanManageSettings") ? "✓" : "✗"}</td>
|
||||||
<td style="text-align: center">
|
<td style="text-align: center">
|
||||||
<div class="d-flex gap-2 justify-content-center">
|
<div class="d-flex gap-2 justify-content-center">
|
||||||
<button class="btn btn-sm btn-warning btn-update"
|
<button class="btn btn-sm btn-warning btn-update"
|
||||||
@@ -353,6 +361,10 @@
|
|||||||
<input type="checkbox" class="form-check-input" name="Description.Permissions.CanManageLocations" id="canManageLocations" />
|
<input type="checkbox" class="form-check-input" name="Description.Permissions.CanManageLocations" id="canManageLocations" />
|
||||||
<label class="form-check-label" for="canManageLocations">@T["Can manage locations"]</label>
|
<label class="form-check-label" for="canManageLocations">@T["Can manage locations"]</label>
|
||||||
</div>
|
</div>
|
||||||
|
<div class="form-check">
|
||||||
|
<input type="checkbox" class="form-check-input" name="Description.Permissions.CanManageSettings" id="canManageSettings" />
|
||||||
|
<label class="form-check-label" for="canManageSettings">@T["Can manage settings"]</label>
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@@ -451,6 +463,7 @@ document.addEventListener('DOMContentLoaded', () => {
|
|||||||
row.children[3].textContent = jsonData.Description.Permissions.includes("CanManageLocations") ? "✓" : "✗" || '';
|
row.children[3].textContent = jsonData.Description.Permissions.includes("CanManageLocations") ? "✓" : "✗" || '';
|
||||||
row.children[4].textContent = jsonData.Description.Permissions.includes("CanManageAssets") ? "✓" : "✗" || '';
|
row.children[4].textContent = jsonData.Description.Permissions.includes("CanManageAssets") ? "✓" : "✗" || '';
|
||||||
row.children[5].textContent = jsonData.Description.Permissions.includes("CanManageGroups") ? "✓" : "✗" || '';
|
row.children[5].textContent = jsonData.Description.Permissions.includes("CanManageGroups") ? "✓" : "✗" || '';
|
||||||
|
row.children[6].textContent = jsonData.Description.Permissions.includes("CanManageSettings") ? "✓" : "✗" || '';
|
||||||
if (jsonData.Description.Permissions.includes("CanInventorize")) {
|
if (jsonData.Description.Permissions.includes("CanInventorize")) {
|
||||||
row.children[1].className = "text-center text-success";
|
row.children[1].className = "text-center text-success";
|
||||||
} else {
|
} else {
|
||||||
@@ -480,6 +493,12 @@ document.addEventListener('DOMContentLoaded', () => {
|
|||||||
} else {
|
} else {
|
||||||
row.children[5].className = "text-center text-danger";
|
row.children[5].className = "text-center text-danger";
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (jsonData.Description.Permissions.includes("CanManageSettings")) {
|
||||||
|
row.children[6].className = "text-center text-success";
|
||||||
|
} else {
|
||||||
|
row.children[6].className = "text-center text-danger";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
showToast(result.reason || '@T["Error updating group"]', 'danger');
|
showToast(result.reason || '@T["Error updating group"]', 'danger');
|
||||||
|
|||||||
@@ -97,7 +97,10 @@
|
|||||||
</div>
|
</div>
|
||||||
<ul class="dropdown-menu dropdown-menu-end" aria-labelledby="userDropdown">
|
<ul class="dropdown-menu dropdown-menu-end" aria-labelledby="userDropdown">
|
||||||
<li><a class="dropdown-item" asp-controller="Settings" asp-action="User">@T["User settings"]</a></li>
|
<li><a class="dropdown-item" asp-controller="Settings" asp-action="User">@T["User settings"]</a></li>
|
||||||
<li><a class="dropdown-item" asp-controller="Settings" asp-action="Admin">@T["Admin settings"]</a></li>
|
@if (User.HasClaim(ClaimTypes.Role, "CanManageSettings"))
|
||||||
|
{
|
||||||
|
<li><a class="dropdown-item" asp-controller="Settings" asp-action="Admin">@T["Admin settings"]</a></li>
|
||||||
|
}
|
||||||
<li><hr class="dropdown-divider"></li>
|
<li><hr class="dropdown-divider"></li>
|
||||||
<li><a class="dropdown-item" asp-controller="Home" asp-action="Logout">@T["Log out"]</a></li>
|
<li><a class="dropdown-item" asp-controller="Home" asp-action="Logout">@T["Log out"]</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
|
|||||||
Reference in New Issue
Block a user