public async Task <ActionResult> Update(UserPageViewModel model)
{
var userContext = _userContextAccessor.GetContext();
var userId = userContext.UserId;
if (ModelState.IsValid)
{
var page = model.ProjectTo <Page>();
if (page.Id != null)
{
await _pageManager.UpdateAsync(page);
}
else
{
await _pageManager.CreateAsync(page, userId);
model.Id = page.Id;
}
return(Ok(model));
}
return(BadRequest(ModelState));
}
public bool IsUserAuthenticated()
{
var userContext = _userContextAccessor.GetContext();
//TODO find out how to implement security for calendar widget
if (userContext.IsAuthenticated)
{
return(true);
}
return(false);
}
private bool HasAdminClaim(string claimType)
{
var siteContext = _siteContextAccessor.GetContext();
var userContext = _userContextAccessor.GetContext();
// EG, ClientLevelOrAbove
return(userContext.SecurityClaims.FindAny(new[]
{
new SecurityClaim(claimType, ConnectCoreConstants.CorporateId),
new SecurityClaim(claimType, siteContext.Client.Id),
}));
}
//[HttpPost, Route("/api/content/Calendar/post")]
public IActionResult UpdateCalendarEvent(CalendarEvent model)
{
if (ModelState.IsValid)
{
var userContext = _userContextAccessor.GetContext();
Ensure.NotNull(userContext, "User context is missing.");
Ensure.NotNullOrEmpty(userContext.UserId, "Cannot resolve user information.");
var existingEvent = _calendarQueryService.GetEventById(model.EventId);
if (existingEvent == null)
{
model.Posted = DateTime.Now;
model.Title = string.IsNullOrEmpty(model.Title) ? "" : model.Title;
model.SiteId = _siteContext.SiteId;
model.UserId = userContext.UserId;
//model.EventId = Guid.NewGuid().ToString("N");
model = _calendarQueryService.SaveEvent(model);
return(Ok(model));
}
else
{
existingEvent.Title = string.IsNullOrEmpty(model.Title) ? "" : model.Title;
existingEvent.EventStart = model.EventStart;
existingEvent.EventEnd = model.EventEnd;
existingEvent.Posted = DateTime.Now;
existingEvent.Style = model.Style;
existingEvent.Description = model.Description;
existingEvent.Phone = model.Phone;
existingEvent.BackgroundColor = model.BackgroundColor;
existingEvent.AllDayEvent = model.AllDayEvent;
existingEvent.IsRecurrent = model.IsRecurrent;
existingEvent.Location = model.Location;
existingEvent.ShowOrganizerName = model.ShowOrganizerName;
existingEvent.ShowPhoneNumber = model.ShowPhoneNumber;
existingEvent.Url = model.Url;
existingEvent.LinkTarget = model.LinkTarget;
existingEvent.RecurrenceDetails.Count = model.RecurrenceDetails?.Count;
existingEvent.RecurrenceDetails.DayOfMonth = model.RecurrenceDetails?.DayOfMonth;
existingEvent.RecurrenceDetails.DaysOfWeek = model.RecurrenceDetails?.DaysOfWeek;
existingEvent.RecurrenceDetails.EndDate = model.RecurrenceDetails?.EndDate;
existingEvent.RecurrenceDetails.Frequency = model.RecurrenceDetails?.Frequency;
existingEvent.RecurrenceDetails.Interval = model.RecurrenceDetails.Interval;
existingEvent.RecurrenceDetails.Months = model.RecurrenceDetails?.Months;
_calendarQueryService.UpdateEvent(existingEvent);
return(Ok(model));
}
}
return(BadRequest(ModelState));
}
public string ClientAdmin(string action, object queryParams)
{
var client = _adminContextAccessor.GetContext()?.ClientContext?.Client;
if (client == null)
{
throw new ArgumentNullException("Cannot create route from a null client context");
}
var basePath = $"/sys/clients/{client.TenantKey}/admin";
return(BuildRoute(basePath, action, queryParams));
}
public async Task <IViewComponentResult> InvokeAsync(string pageId = "")
{
IList <SecurityClaimConfig> configurations = new List <SecurityClaimConfig>();
var userContext = _adminContextAccessor.GetContext().UserContext;
var securityPoolId = _siteContext.SecurityPoolId;
if (configurations == null)
{
configurations = new List <SecurityClaimConfig>();
}
SecurityClaimConfig config = new SecurityClaimConfig
{
Title = "Private Audience",
Description = "Manage who can view this page.",
AllowRoles = true,
AllowUsers = true,
Claim = new Claim(PageClaimTypes.ViewPrivatePage, pageId),
SecurityPoolId = securityPoolId,
ResourceType = typeof(Models.Page).ToString()
};
configurations.Add(config);
var componentId = (string)ViewData["cid"];
return(await _securityUserRoleClaims.InvokeAsync(configurations, componentId));
}
public SiteLibraryBrowser(IFolderManager <FileDocument> folderManager,
IContextAccessor <AdminContext> adminContextAccessor)
{
_folderManager = folderManager;
_adminContext = adminContextAccessor.GetContext();
ownerId = _adminContext?.SiteId;
}
protected override Task HandleRequirementAsync(AuthorizationHandlerContext context, TRequirement requirement)
{
if (ValidClaimTypes != null && ValidClaimTypes.Count() > 0)
{
var adminContext = _adminContextAccessor.GetContext();
var userContext = adminContext.UserContext;
// Build Claims with Corp values since any would be valid
var validClaims = ValidClaimTypes.SelectMany(type => new Claim[]
{
new Claim(type, adminContext.CorpId)
});
// Aegis does not return permission level claims to keep the ticket small, etc.
// Instead, these are loaded locally into the UserContext
var hasAtLeastOneClaim = userContext.SecurityClaims.Any(
userClaim => validClaims.Any(
validClaim => userClaim.Type == validClaim.Type && userClaim.Value == validClaim.Value
)
);
if (hasAtLeastOneClaim)
{
context.Succeed(requirement);
}
}
return(Task.CompletedTask);
}
public LibraryDataController(
IFolderManager <FileDocument> folderManager,
IDocumentService <FileDocument> documentService,
IOptions <DriveOptions> driveOptions,
TagManager tagManager,
DbLoggerProvider log,
DbLogService logFetcher,
ILogger <LibraryDataController> logger,
ResourceManager resourceManager,
FileFolderBrowser fileFolderBrowser,
IAuthorizationService authorizationService,
IContextAccessor <AdminContext> adminContextAccessor,
IContextAccessor <SiteContext> siteContextAccessor) : base(logger)
{
_folderManager = folderManager;
_documentService = documentService;
_driveOptions = driveOptions.Value;
_tagManager = tagManager;
_log = log;
_logFetcher = logFetcher;
_resourceManager = resourceManager;
_fileFolderBrowser = fileFolderBrowser;
_authorizationService = authorizationService;
_adminContext = adminContextAccessor.GetContext();
_siteContext = siteContextAccessor.GetContext();
}
public async Task <IViewComponentResult> InvokeAsync(string widgetId, bool shared = false)
{
var userContext = _userContextAccessor.GetContext();
var viewModel = new BlogWidgetCategoryFormViewModel
{
WidgetId = widgetId,
UserId = userContext.UserId
};
var categories = new List <BlogCategory>();
if (!shared)
{
viewModel.BlogCategories = _blogManager.GetBlogCategoriesOwnedByUser(userContext.UserId);
}
else
{
viewModel.BlogCategories = _blogManager.GetBlogCategoriesSharedWithUser(userContext);
}
viewModel.SelectedCategoryIds = await GetSelectedCategories(widgetId);
return(View("/UI/Views/Components/BlogWidgetCategoryForm.cshtml", viewModel));
}
public IEnumerable <Permission> PermissionGroups()
{
var clientContext = _clientContextAccessor.GetContext();
if (clientContext?.Client == null)
{
throw new NullReferenceException("ClientAdminContext.Client is required");
}
var currentClientId = clientContext.Client.Id;
//build permissions groups
return(new List <Permission>()
{
new Permission {
Title = "Calendar Content",
Permissions = new Permission[]
{
new Permission {
Title = "Create Calendars Events",
Claims =
{
new SecurityClaim(CalendarClaimTypes.CalendarEventGroupContribute, currentClientId)
}
}
}
}
});
}
public IEnumerable <Permission> PermissionGroups()
{
var siteContext = _siteContextAccessor.GetContext();
if (siteContext?.Site == null)
{
throw new NullReferenceException("SiteAdminContext.Site is required");
}
var currentSiteId = siteContext.Site.Id;
//build permissions groups
return(new List <Permission>()
{
new Permission {
Title = "Blog Content",
Permissions = new Permission[]
{
new Permission {
Title = "Author & Create Personal Blogs",
Claims =
{
new SecurityClaim(BlogClaimTypes.PersonalBlogAuthor, currentSiteId),
new SecurityClaim(BlogClaimTypes.PersonalBlogPublish, currentSiteId),
}
},
}
}
});
}
public SiteAlertsController(ILogger <SiteAlertsController> logger, SiteAlertsManager siteAlertsManager,
IContextAccessor <UserContext> userContextAccessor, IContextAccessor <SiteContext> siteContextAccessor) : base(logger)
{
_siteAlertsManager = siteAlertsManager;
_userContext = userContextAccessor.GetContext();
_siteContext = siteContextAccessor.GetContext();
}
public async Task <IViewComponentResult> InvokeAsync(string id, bool allEventGroups = false)
{
var userContext = _userContextAccessor.GetContext();
var eventGroups = new List <CalendarEventGroup>();
//Get Event or set default
ViewData["eventId"] = id;
var theEvent = _calendarQueryService.GetEventById(id);
var allMyGroups = !allEventGroups
? _calendarQueryService.GetEventGroupsByUserId(userContext.UserId)
: _calendarQueryService.GetSharedEventGroups(_calendarSecurity.GetEventGroupsSharedWithMe(), userContext.UserId);
//TODO add my groups or option to add all other groups
ViewData["EventGroups"] = allMyGroups;
ViewData["AllEventGroups"] = allEventGroups;
if (theEvent == null)
{
theEvent = new CalendarEvent();
}
else
{
foreach (var refObject in theEvent.EventGroupEvents)
{
refObject.Event = null;
}
}
return(View(theEvent));
}
public ActionResult AnnouncementPostCategorySelectForm()
{
var user = _userContextAccessor.GetContext();
var userCategories = _announcementManager.GetAnnouncementCategoriesOwnedByUser(user.UserId);
var sharedCategories = _announcementManager.GetAnnouncementCategoriesSharedWithUser(user);
ViewData["UserCategories"] = userCategories;
ViewData["SharedCategories"] = sharedCategories;
return(PartialView("/UI/Views/Console/Announcements/AnnouncementCategorySelect.cshtml"));
}
public IEnumerable <Page> GetChildPages(string pageId)
{
var userContext = _userContextAccessor.GetContext();
var siteContext = _siteContextAccessor.GetContext();
var childPages = GetChildPagesAuthorizedForView(pageId, userContext);
return(childPages.OrderBy(x => x.Title));
}
public UserContentMenu(IContextAccessor <SiteContext> siteContextAccessor, Routes routes,
IHttpContextAccessor httpContextAccessor)
{
var siteContext = siteContextAccessor.GetContext();
if (siteContext != null)
{
_siteId = siteContext.SiteId;
_tenant = siteContext.TenantKey;
_clientId = siteContext.Client.Id;
_corpId = ConnectCoreConstants.CorporateId;
var isSiteAlertsFeatureEnabled =
siteContext.ProductContext.Features.Get(FeatureId.Alerts)?.GetSettingValue <bool>("enabled") ?? false;
var isNotificationFeatureEnabled =
siteContext.ProductContext.Features.Get(FeatureId.Notifications)?.GetSettingValue <bool>("enabled") ?? false;
var httpContext = httpContextAccessor.HttpContext;
var returnUrl = httpContext.Request.GetRelativeUrlEncoded();
MenuItems = new List <IMenuItem>()
{
// NOTE: This menu provider is part of core, thus only "known" core types of content should be listed here
// So far, we have none. "Create Blog Link" moved to Blog.UserContentMenu
new MenuItemSecureCustom()
{
Title = "Add Notifications",
Url = routes.Account("notifications") + "?ru=" + returnUrl,
Icon = IconType.Message,
AuthorizeCallback = user =>
{
return(user.SecurityClaims.Any(x =>
(((x.Type == SiteClaimTypes.SiteNotificationsSend) && ((x.Value == _siteId) || (x.Value == _clientId) || (x.Value == _corpId)) ||
(x.Type == SiteClaimTypes.SitePrimaryAdmin) && ((x.Value == _siteId) || (x.Value == _clientId) || (x.Value == _corpId))) ||
(x.Type.StartsWith("corp-") && x.Value == ConnectCoreConstants.CorporateId)) &&
isNotificationFeatureEnabled));
}
},
new MenuItemSecureCustom()
{
Title = "Create Alert",
Url = "javascript: void $.console('alerts', '/sys/console/sitealerts/create')",
Icon = IconType.Alert,
AuthorizeCallback = user =>
{
return(user.SecurityClaims.Any(x =>
((x.Type == ClientClaimTypes.PrimaryAdmin) ||
(x.Type == SiteClaimTypes.SitePrimaryAdmin) ||
(x.Type.StartsWith("corp-") && x.Value == ConnectCoreConstants.CorporateId)) &&
isSiteAlertsFeatureEnabled));
}
}
};
}
}
public RequireFeatureActionFilter(IContextAccessor <ClientAdminContext> clientAccessor, string id)
{
Ensure.NotNull(clientAccessor, "Null ClientAdminContextAccessor passed into constructor of " + GetType().Name);
_product = clientAccessor.GetContext()?.Product;
Ensure.NotNull(_product, "Null ProductContext derived from ClientAdminContext passed into constructor of " + GetType().Name);
_featureId = id;
}
public ClientLibraryBrowser(IFolderManager <FileDocument> folderManager,
IContextAccessor <AdminContext> adminContextAccessor,
IContextAccessor <UserContext> userContextAccessor)
{
_folderManager = folderManager;
_adminContext = adminContextAccessor.GetContext();
_userContext = userContextAccessor.GetContext();
ownerId = _adminContext?.ClientId;
}
private async Task <IEnumerable <string> > GetUserManagedPageIds()
{
var userContext = _userContextAccessor.GetContext();
var securityClaims = userContext.SecurityClaims;
var pageIds = securityClaims
.Where(x => x.Type == PageClaimTypes.PageOwner)
.Select(x => x.Value);
return(await Task.FromResult(pageIds));
}
public async Task <IViewComponentResult> InvokeAsync(AnnouncementWidget model)
{
var userContext = _userContextAccessor.GetContext();
var viewModel = new AnnouncementWidgetCategoryFormViewModel
{
WidgetId = model.Id,
UserId = userContext.UserId
};
return(View("/UI/Views/Components/AnnouncementWidgetCategoryBase.cshtml", viewModel));
}
public async Task <IViewComponentResult> InvokeAsync(UpcomingEventsWidget model)
{
var userContext = _userContextAccessor.GetContext();
var viewModel = new UpcomingEventsGroupFormViewModel
{
WidgetId = model.Id,
UserId = userContext.UserId
};
return(View(viewModel));
}
public FileFolderBrowser(IFolderManager <FileDocument> folderManager,
IEnumerable <ISecurityGroupProvider> groupProviders,
ISharedContent sharedContentProvider,
IDocumentService <FileDocument> documentService,
IContextAccessor <AdminContext> adminContextAccessor)
{
_folderManager = folderManager;
_groupProviders = groupProviders;
_sharedContentProvider = sharedContentProvider;
_documentService = documentService;
_adminContext = adminContextAccessor.GetContext();
}
public async Task Invoke(HttpContext httpContext)
{
var route = httpContext.Request.Path.ToString().ToLower();
UserContext userContext;
if (route.StartsWith("/sys/clients"))
{
var adminContext = _clientContextAccessor.GetContext();
if (adminContext.ClientContext.Client != null)
{
userContext = _userContextAccessor.GetContext();
if (!adminContext.ClientContext.Client.Active && !userContext.IsCorpUser)
{
RedirectToInactivePage(httpContext);
}
}
}
else if (route.StartsWith("/sys/sites"))
{
// retrieve site admin context and check site is published + client active flags
userContext = _userContextAccessor.GetContext();
var siteAdminContext = _siteAdminContextAccessor.GetContext();
if (!siteAdminContext.Site.Published && !userContext.IsCorpUser)
{
RedirectToInactivePage(httpContext);
}
}
else if (route.Equals("/"))
{
// retrieve site context (not siteadmincontext) and check site active + client active flags
userContext = _userContextAccessor.GetContext();
var siteContext = _siteContextAccessor.GetContext();
if ((!siteContext.Published || !siteContext.Client.Active) && !userContext.IsCorpUser)
{
RedirectToInactivePage(httpContext);
}
}
await _next(httpContext);
}
public ClientMenu(IContextAccessor <AdminContext> adminContextAccessor, ClientManager clientManager)
{
var context = adminContextAccessor.GetContext();
var client = context.ClientContext?.Client;
if (client != null)
{
_corpId = context.CorpId;
_clientId = client.Id;
_tenant = client.TenantKey;
BuildMenuItems(context);
}
}
public IActionResult UpdateAnnouncementPost(AnnouncementPostUpdateModel model)
{
if (model != null && ModelState.IsValid)
{
var user = _userContextAccessor.GetContext();
var oldPost = _announcementManager.GetAnnouncementPost(model.Id);
if (_announcementSecurity.AuthorizeForEdit(oldPost))
{
var newPost = model.ProjectTo <AnnouncementPost>();
newPost.UserId = user.UserId;
// update the versioned post & non-versioned settings
_announcementManager.UpdateAnnouncementPost(newPost);
_announcementManager.UpdateAnnouncementPostSettings(newPost.Id, model.IsPrivate);
// update category mappings
var categoryIds = (model.CategoryIds ?? "").Split(new char[] { ',' }, StringSplitOptions.RemoveEmptyEntries);
_announcementManager.SetAnnouncementPostCategories(newPost.Id, categoryIds);
// update version label
if (!string.IsNullOrEmpty(model.NewVersionLabel))
{
_contentManager.UpdateVersionLabel(AnnouncementManager.CONTENT_TYPE_ANNOUNCEMENTPOST, model.Id, model.VersionCode, model.NewVersionLabel).Wait();
}
}
if (model.ShouldPublish && _announcementSecurity.AuthorizeForPublish(oldPost))
{
_announcementManager.PublishAnnouncementPost(model.Id, model.VersionCode);
}
return(Ok(model));
}
return(BadRequest(ModelState));
}
public SiteMenu(IContextAccessor <AdminContext> adminContextAccessor)
{
var context = adminContextAccessor.GetContext();
var site = context.SiteContext?.Site;
if (site != null)
{
_siteId = site.Id;
_tenant = site.TenantKey;
_clientId = site.ClientId;
_corpId = context.CorpId;
BuildMenuItems(context);
}
}
public async Task <IViewComponentResult> InvokeAsync()
{
var userContext = _userContextAccessor.GetContext();
var groups = (await _groupManager.GetGroupsOwnedByUser(userContext.UserId));
var groupsViewModel = groups.Select(x => new GroupViewModel
{
Id = x.Id,
Name = x.Name,
OwnerId = x.UserId
}).ToList();
return(View("GroupList", groupsViewModel));
}
public async Task <GenericViewResult> ComposeExplorer()
{
var user = _userContextAccessor.GetContext();
var categories = _blogManager.GetBlogCategoriesOwnedByUser(user.UserId);
categories = categories.OrderBy(x => x.Title).ToList();
var result = new GenericViewResult
{
Title = "My Blogs",
ViewPath = "/UI/Views/Console/BlogExplorer.cshtml",
ViewModel = categories
};
return(await Task.FromResult(result));
}
public string PublicUrl(string route = null, object queryParams = null)
{
var adminContext = _adminContextAccessor.GetContext();
if (adminContext?.SiteContext != null)
{
return(PublicUrl(adminContext.SiteContext.Site, route));
}
// else
// NOTE: Should not ever hit here since SiteAdminContext defaults to SiteContext
// but putting code here anyway in case that gets changed
var siteContext = _siteContextAccessor.GetContext();
var site = _siteManager.GetByIdAsync(siteContext.SiteId).Result;
return(PublicUrl(site, route));
}
