From e7a93b1448b97b0104e3eeb3f61bdffc7db05334 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Janis=20Daniel=20Da=CC=88hne?=
<janis.daehne2@student.uni-halle.de>
Date: Wed, 12 Jun 2019 17:36:06 +0200
Subject: [PATCH] - made system role check async - moved some permission checks
closer to method entry point
---
.../Controllers/ControllerWithDb.cs | 6 +-
.../Core/AssessmentStatisticsController.cs | 8 ++
.../Core/Exercises/PLangController.cs | 2 +-
.../Core/Exercises/ReleaseController.cs | 8 --
.../Core/Exercises/SubmissionController.cs | 117 +++++++++---------
.../Core/Exercises/TagsController.cs | 8 +-
.../TutorViewAssessmentController.cs | 35 +-----
.../Controllers/Core/Misc/LangController.cs | 2 +-
.../Core/SystemSettingsController.cs | 15 ++-
.../Controllers/Core/Users/GroupController.cs | 6 +-
.../Core/Users/GroupRolesController.cs | 8 +-
.../Core/Users/SystemRolesController.cs | 10 +-
.../Controllers/Core/Users/UsersController.cs | 18 +--
.../dashboard/DashboardController.cs | 12 +-
.../Models/Users/SystemRolePermission.cs | 3 +
15 files changed, 121 insertions(+), 137 deletions(-)
diff --git a/src/ClientServer/Controllers/ControllerWithDb.cs b/src/ClientServer/Controllers/ControllerWithDb.cs
index 62485b9..0fdf20f 100644
--- a/src/ClientServer/Controllers/ControllerWithDb.cs
+++ b/src/ClientServer/Controllers/ControllerWithDb.cs
@@ -130,7 +130,7 @@ namespace ClientServer.Controllers
/// <param name="onSessionEmptyAction">action when the user id was not found on the session, else null -> login action</param>
/// <param name="onDbResultEmptyAction">action when the db result was empty</param>
/// <returns></returns>
- public bool HasSystemPermission(Func<SystemRole, bool> checkPermissionFunc, Action onDbResultEmptyAction = null,
+ public async Task<bool> HasSystemPermission(Func<SystemRole, bool> checkPermissionFunc, Action onDbResultEmptyAction = null,
Action onSessionEmptyAction = null)
{
//int? userId = HttpContext.Session.GetInt32(Constants.SessionUserIdKey);
@@ -147,11 +147,11 @@ namespace ClientServer.Controllers
}
//check if user has permission
- User user = _context.Users
+ User user = await _context.Users
.Where(p => p.Id == userId)
.Include(p => p.SystemRole)
.Include(p => p.SystemRole.SystemRolePermission)
- .FirstOrDefault();
+ .FirstOrDefaultAsync();
if (user == null)
{
diff --git a/src/ClientServer/Controllers/Core/AssessmentStatisticsController.cs b/src/ClientServer/Controllers/Core/AssessmentStatisticsController.cs
index 1863f39..3e3a15f 100644
--- a/src/ClientServer/Controllers/Core/AssessmentStatisticsController.cs
+++ b/src/ClientServer/Controllers/Core/AssessmentStatisticsController.cs
@@ -25,6 +25,14 @@ namespace ClientServer.Controllers.Core
}
+ /// <summary>
+ ///
+ ///
+ /// PERMISSION needs to be checked for every group (where the exercise is connected) individually)
+ /// </summary>
+ /// <param name="userId"></param>
+ /// <param name="pagination"></param>
+ /// <returns></returns>
[HttpPost("all/{userId}")]
public async Task GetAssessmentStatistics(int userId, [FromBody] PaginationPostData pagination)
{
diff --git a/src/ClientServer/Controllers/Core/Exercises/PLangController.cs b/src/ClientServer/Controllers/Core/Exercises/PLangController.cs
index 56c2fe6..d0581d2 100644
--- a/src/ClientServer/Controllers/Core/Exercises/PLangController.cs
+++ b/src/ClientServer/Controllers/Core/Exercises/PLangController.cs
@@ -27,7 +27,7 @@ namespace ClientServer.Controllers.Core.Exercises
//user needs permission
- if (base.HasSystemPermission(role => role != null && role.SystemRolePermission.CanChangeSystemSettings) ==
+ if (await HasSystemPermission(role => role != null && role.SystemRolePermission.CanChangeSystemSettings) ==
false)
{
await
diff --git a/src/ClientServer/Controllers/Core/Exercises/ReleaseController.cs b/src/ClientServer/Controllers/Core/Exercises/ReleaseController.cs
index 1bf2cfa..65d3ba4 100644
--- a/src/ClientServer/Controllers/Core/Exercises/ReleaseController.cs
+++ b/src/ClientServer/Controllers/Core/Exercises/ReleaseController.cs
@@ -696,14 +696,6 @@ namespace ClientServer.Controllers.Core.Exercises
int userId = GetUserId();
-
- if (releaseId <= 0)
- {
- await
- Response.WriteAsync(
- Jc.Serialize(new BasicResponse(ResponseCode.InvalidRequest, "invalid release id")));
- return;
- }
//the user group that manages the exercise
var targetUserGroup =
diff --git a/src/ClientServer/Controllers/Core/Exercises/SubmissionController.cs b/src/ClientServer/Controllers/Core/Exercises/SubmissionController.cs
index 9dd5198..a46c28d 100644
--- a/src/ClientServer/Controllers/Core/Exercises/SubmissionController.cs
+++ b/src/ClientServer/Controllers/Core/Exercises/SubmissionController.cs
@@ -71,6 +71,28 @@ namespace ClientServer.Controllers.Core.Exercises
.FirstOrDefaultAsync(p => p.Id == releaseId)
;
+ if (release == null)
+ {
+ await
+ Response.WriteAsync(
+ Jc.Serialize(new BasicResponse(ResponseCode.NotFound, "release not found")));
+ return;
+ }
+
+ //the user group that manages the exercise
+ var targetUserGroup =
+ await _context.ExerciseReleases.Where(p => p.Id == release.Id)
+ .Select(p => p.Exercise.UserGroupId)
+ .FirstOrDefaultAsync();
+
+ if (!await base.HasGroupPermission(targetUserGroup,
+ permission => permission != null && permission.CanAssessExercises))
+ {
+ await
+ Response.WriteAsync(
+ Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
+ return;
+ }
bool shouldGetPreAssessmentResults = false;
@@ -121,31 +143,6 @@ namespace ClientServer.Controllers.Core.Exercises
}
- if (release == null)
- {
- await
- Response.WriteAsync(
- Jc.Serialize(new BasicResponse(ResponseCode.NotFound, "release not found")));
- return;
- }
-
-
- //the user group that manages the exercise
- var targetUserGroup =
- await _context.ExerciseReleases.Where(p => p.Id == release.Id)
- .Select(p => p.Exercise.UserGroupId)
- .FirstOrDefaultAsync();
-
- if (!await base.HasGroupPermission(targetUserGroup,
- permission => permission != null && permission.CanAssessExercises))
- {
- await
- Response.WriteAsync(
- Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
- return;
- }
-
-
PaginatedData<AssessmentFullBase> assessments;
if (shouldGetPreAssessmentResults)
@@ -181,6 +178,41 @@ namespace ClientServer.Controllers.Core.Exercises
// because we use a link we don't get and need the csrf token...
if (!await base.IsLoggedIn(null, false, true)) return;
+ var release = await _context.ExerciseReleases
+ .Include(p => p.Exercise)
+ .Include(p => p.ExerciseReleaseWithUserAsParticipations)
+ .ThenInclude(p => p.User)
+ .Include(p => p.ExerciseReleaseWithUserAsParticipations)
+ .ThenInclude(p => p.Solutions)
+ .ThenInclude(p => p.Assessment)
+ .FirstOrDefaultAsync(p => p.GeneratedCode == releaseCode)
+ ;
+
+
+ if (release == null)
+ {
+ await
+ Response.WriteAsync(
+ Jc.Serialize(new BasicResponse(ResponseCode.NotFound, "release not found")));
+ return;
+ }
+
+ //the user group that manages the exercise
+ var targetUserGroup =
+ await _context.ExerciseReleases.Where(p => p.Id == release.Id)
+ .Select(p => p.Exercise.UserGroupId)
+ .FirstOrDefaultAsync();
+
+ if (!await base.HasGroupPermission(targetUserGroup,
+ permission => permission != null && permission.CanAssessExercises))
+ {
+ await
+ Response.WriteAsync(
+ Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
+ return;
+ }
+
+
if (csvDelimiter.Trim() == "") {
await
Response.WriteAsync(
@@ -548,26 +580,6 @@ namespace ClientServer.Controllers.Core.Exercises
}
- var release = await _context.ExerciseReleases
- .Include(p => p.Exercise)
- .Include(p => p.ExerciseReleaseWithUserAsParticipations)
- .ThenInclude(p => p.User)
- .Include(p => p.ExerciseReleaseWithUserAsParticipations)
- .ThenInclude(p => p.Solutions)
- .ThenInclude(p => p.Assessment)
- .FirstOrDefaultAsync(p => p.GeneratedCode == releaseCode)
- ;
-
-
- if (release == null)
- {
- await
- Response.WriteAsync(
- Jc.Serialize(new BasicResponse(ResponseCode.NotFound, "release not found")));
- return;
- }
-
-
var pLangs = await _context.PLangs
.ToListAsync();
@@ -579,21 +591,6 @@ namespace ClientServer.Controllers.Core.Exercises
return;
}
- //the user group that manages the exercise
- var targetUserGroup =
- await _context.ExerciseReleases.Where(p => p.Id == release.Id)
- .Select(p => p.Exercise.UserGroupId)
- .FirstOrDefaultAsync();
-
- if (!await base.HasGroupPermission(targetUserGroup,
- permission => permission != null && permission.CanAssessExercises))
- {
- await
- Response.WriteAsync(
- Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
- return;
- }
-
//get all
var paginationData = new PaginationPostData()
diff --git a/src/ClientServer/Controllers/Core/Exercises/TagsController.cs b/src/ClientServer/Controllers/Core/Exercises/TagsController.cs
index 90a7ab4..44586ac 100644
--- a/src/ClientServer/Controllers/Core/Exercises/TagsController.cs
+++ b/src/ClientServer/Controllers/Core/Exercises/TagsController.cs
@@ -63,7 +63,7 @@ namespace ClientServer.Controllers.Core.Exercises
{
if (!await base.IsLoggedIn()) return;
- if (base.HasSystemPermission(role => role != null && role.SystemRolePermission.CanManageTags) == false)
+ if (await HasSystemPermission(role => role != null && role.SystemRolePermission.CanManageTags) == false)
{
await
Response.WriteAsync(Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
@@ -136,7 +136,7 @@ namespace ClientServer.Controllers.Core.Exercises
{
if (!await base.IsLoggedIn()) return;
- if (base.HasSystemPermission(role => role != null && role.SystemRolePermission.CanManageTags) == false)
+ if (await HasSystemPermission(role => role != null && role.SystemRolePermission.CanManageTags) == false)
{
await
Response.WriteAsync(Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
@@ -214,7 +214,7 @@ namespace ClientServer.Controllers.Core.Exercises
{
if (!await base.IsLoggedIn()) return;
- if (base.HasSystemPermission(role => role != null && role.SystemRolePermission.CanManageTags) == false)
+ if (await base.HasSystemPermission(role => role != null && role.SystemRolePermission.CanManageTags) == false)
{
await
Response.WriteAsync(Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
@@ -327,7 +327,7 @@ namespace ClientServer.Controllers.Core.Exercises
{
if (!await base.IsLoggedIn()) return;
- if (base.HasSystemPermission(role => role != null && role.SystemRolePermission.CanManageTags) == false)
+ if (await HasSystemPermission(role => role != null && role.SystemRolePermission.CanManageTags) == false)
{
await
Response.WriteAsync(Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
diff --git a/src/ClientServer/Controllers/Core/Exercises/TutorViewAssessmentController.cs b/src/ClientServer/Controllers/Core/Exercises/TutorViewAssessmentController.cs
index a0ecd8c..777b409 100644
--- a/src/ClientServer/Controllers/Core/Exercises/TutorViewAssessmentController.cs
+++ b/src/ClientServer/Controllers/Core/Exercises/TutorViewAssessmentController.cs
@@ -455,6 +455,8 @@ namespace ClientServer.Controllers.Core.Exercises
public async Task GetAssessment(int exerciseReleaseId, int userId, int pLangId)
{
if (!await base.IsLoggedIn()) return;
+
+ if (!await HasPermission(exerciseReleaseId)) return;
//get all automatic assessments for this release
var release = await _context.ExerciseReleases
@@ -472,21 +474,6 @@ namespace ClientServer.Controllers.Core.Exercises
return;
}
- //the user group that manages the exercise
- var targetUserGroup =
- await _context.ExerciseReleases.Where(p => p.Id == release.Id)
- .Select(p => p.Exercise.UserGroupId)
- .FirstOrDefaultAsync();
-
- if (!await base.HasGroupPermission(targetUserGroup,
- permission => permission != null && permission.CanAssessExercises))
- {
- await
- Response.WriteAsync(
- Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
- return;
- }
-
var userReleaseParticipation = await _context.ExerciseReleaseWithUserAsParticipations.Where(p =>
p.ExerciseReleaseId == exerciseReleaseId
&& p.UserId == userId
@@ -547,6 +534,8 @@ namespace ClientServer.Controllers.Core.Exercises
{
if (!await base.IsLoggedIn()) return;
+
+
//get all automatic assessments for this release
var release = await _context.ExerciseReleases
.Include(p => p.Exercise)
@@ -579,20 +568,7 @@ namespace ClientServer.Controllers.Core.Exercises
return;
}
- //the user group that manages the exercise
- var targetUserGroup =
- await _context.ExerciseReleases.Where(p => p.Id == release.Id)
- .Select(p => p.Exercise.UserGroupId)
- .FirstOrDefaultAsync();
-
- if (!await base.HasGroupPermission(targetUserGroup,
- permission => permission != null && permission.CanAssessExercises))
- {
- await
- Response.WriteAsync(
- Jc.Serialize(new BasicResponse(ResponseCode.NoPermission, "no permission")));
- return;
- }
+ if (!await HasPermission(release.Id)) return;
var userReleaseParticipation = await _context.ExerciseReleaseWithUserAsParticipations.Where(p =>
p.ExerciseReleaseId == assessmentFullBase.ExerciseReleaseId
@@ -652,7 +628,6 @@ namespace ClientServer.Controllers.Core.Exercises
await
Response.WriteAsync(
Jc.Serialize(new BasicResponse(ResponseCode.Ok, "")));
- return;
}
}
}
diff --git a/src/ClientServer/Controllers/Core/Misc/LangController.cs b/src/ClientServer/Controllers/Core/Misc/LangController.cs
index 45e840b..6760c59 100644
--- a/src/ClientServer/Controllers/Core/Misc/LangController.cs
+++ b/src/ClientServer/Controllers/Core/Misc/LangController.cs
@@ -30,7 +30,7 @@ namespace ClientServer.Controllers.Core.Exercises
//user needs permission
- if (base.HasSystemPermission(role => role != null && role.SystemRolePermission.CanChangeSystemSettings) ==
+ if (await HasSystemPermission(role => role != null && role.SystemRolePermission.CanChangeSystemSettings) ==
false)
{
await
diff --git a/src/ClientServer/Controllers/Core/SystemSettingsController.cs b/src/ClientServer/Controllers/Core/SystemSettingsController.cs
index 45c3047..4eb45f9 100644
--- a/src/ClientServer/Controllers/Core/SystemSettingsController.cs
+++ b/src/ClientServer/Controllers/Core/SystemSettingsController.cs
@@ -104,7 +104,7 @@ namespace ClientServer.Controllers.Core
{
if (!await base.IsLoggedIn()) return;
- if (base.HasSystemPermission(role =>
+ if (await HasSystemPermission(role =>
role != null && role.SystemRolePermission.CanChangeSystemSettings) == false)
{
await
@@ -134,7 +134,7 @@ namespace ClientServer.Controllers.Core
{
if (!await base.IsLoggedIn()) return;
- if (base.HasSystemPermission(role =>
+ if (await HasSystemPermission(role =>
role != null && role.SystemRolePermission.CanChangeSystemSettings) == false)
{
await
@@ -170,6 +170,15 @@ namespace ClientServer.Controllers.Core
{
if (!await base.IsLoggedIn()) return;
+ //this already checks if the user exists
+ if (await HasSystemPermission(role =>
+ role != null && role.SystemRolePermission.CanChangeSystemSettings) == false)
+ {
+ await
+ Response.WriteAsync(
+ Jc.Serialize(new BasicResponse(ResponseCode.NotFound, "no permission")));
+ return;
+ }
var settingsFromBackend = new SystemSettingsFromBackend()
{
@@ -242,7 +251,7 @@ namespace ClientServer.Controllers.Core
var userId = base.GetUserId();
//this already checks if the user exists
- if (base.HasSystemPermission(role =>
+ if (await HasSystemPermission(role =>
role != null && role.SystemRolePermission.CanChangeSystemSettings) == false)
{
await
diff --git a/src/ClientServer/Controllers/Core/Users/GroupController.cs b/src/ClientServer/Controllers/Core/Users/GroupController.cs
index 3c7d1b2..4db167e 100644
--- a/src/ClientServer/Controllers/Core/Users/GroupController.cs
+++ b/src/ClientServer/Controllers/Core/Users/GroupController.cs
@@ -33,7 +33,7 @@ namespace ClientServer.Controllers.Core.Users
int userId = GetUserId();
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanCreateGroups))
{
await
@@ -170,7 +170,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanDeleteGroups))
{
await
@@ -731,7 +731,7 @@ namespace ClientServer.Controllers.Core.Users
/// <param name="userId">the user who wants to leave</param>
/// <param name="userGroupRoleId">the current role of the user in the group</param>
/// <returns>null: system settings not found (no creator role), true: user can leave, false: cannot leave</returns>
- public async Task<bool?> HasGroupAtLeastOnCreator(int groupId, int userId, int userGroupRoleId)
+ private async Task<bool?> HasGroupAtLeastOnCreator(int groupId, int userId, int userGroupRoleId)
{
SystemSetting systemSetting = await _context.SystemSettings
.Include(p => p.DefaultGroupRole)
diff --git a/src/ClientServer/Controllers/Core/Users/GroupRolesController.cs b/src/ClientServer/Controllers/Core/Users/GroupRolesController.cs
index 4ed84ab..504098d 100644
--- a/src/ClientServer/Controllers/Core/Users/GroupRolesController.cs
+++ b/src/ClientServer/Controllers/Core/Users/GroupRolesController.cs
@@ -30,7 +30,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null &&
(
permission.SystemRolePermission.CanCreateRoles
@@ -172,7 +172,7 @@ namespace ClientServer.Controllers.Core.Users
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanCreateRoles))
{
await
@@ -248,7 +248,7 @@ namespace ClientServer.Controllers.Core.Users
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanChangeRoles))
{
await
@@ -328,7 +328,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanDeleteRoles))
{
await
diff --git a/src/ClientServer/Controllers/Core/Users/SystemRolesController.cs b/src/ClientServer/Controllers/Core/Users/SystemRolesController.cs
index cf9eac1..325479b 100644
--- a/src/ClientServer/Controllers/Core/Users/SystemRolesController.cs
+++ b/src/ClientServer/Controllers/Core/Users/SystemRolesController.cs
@@ -31,7 +31,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null &&
(permission.SystemRolePermission.CanManageNewUsers
|| permission.SystemRolePermission.CanCreateRoles
@@ -89,7 +89,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null &&
(permission.SystemRolePermission.CanManageNewUsers
|| permission.SystemRolePermission.CanCreateRoles
@@ -123,7 +123,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanCreateRoles))
{
await
@@ -202,7 +202,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanChangeRoles))
{
await
@@ -298,7 +298,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanDeleteRoles))
{
await
diff --git a/src/ClientServer/Controllers/Core/Users/UsersController.cs b/src/ClientServer/Controllers/Core/Users/UsersController.cs
index b768c52..04ab0e5 100644
--- a/src/ClientServer/Controllers/Core/Users/UsersController.cs
+++ b/src/ClientServer/Controllers/Core/Users/UsersController.cs
@@ -165,7 +165,7 @@ namespace ClientServer.Controllers.Core.Users
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
(permission) => permission != null && permission.SystemRolePermission.CanChangeUserData))
{
await
@@ -240,7 +240,7 @@ namespace ClientServer.Controllers.Core.Users
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
(permission) => permission != null && permission.SystemRolePermission.CanChangeUserData))
{
await
@@ -399,7 +399,7 @@ namespace ClientServer.Controllers.Core.Users
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
(permission) => permission != null && permission.SystemRolePermission.CanManageNewUsers))
{
await
@@ -505,7 +505,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanManageNewUsers))
//TODo or use permission can delete users??
{
@@ -550,7 +550,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanManageNewUsers))
{
await
@@ -577,7 +577,7 @@ namespace ClientServer.Controllers.Core.Users
{
//check if the creating user is allowed to set the role...
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission =>
permission != null && permission.SystemRolePermission.CanChangeOtherUsersSystemRole))
{
@@ -635,7 +635,7 @@ namespace ClientServer.Controllers.Core.Users
if (!await base.IsLoggedIn()) return;
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
(permission) => permission != null
&& (permission.SystemRolePermission.CanChangeOtherUsersSystemRole
|| permission.SystemRolePermission.CanDeleteActivatedUsers
@@ -748,7 +748,7 @@ namespace ClientServer.Controllers.Core.Users
int ownId = GetUserId();
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanDeleteActivatedUsers))
{
await
@@ -817,7 +817,7 @@ namespace ClientServer.Controllers.Core.Users
int userId = GetUserId();
if (
- !HasSystemPermission(
+ !await HasSystemPermission(
permission => permission != null && permission.SystemRolePermission.CanChangeOtherUsersSystemRole))
{
await
diff --git a/src/ClientServer/Controllers/dashboard/DashboardController.cs b/src/ClientServer/Controllers/dashboard/DashboardController.cs
index f2fac83..94635e2 100644
--- a/src/ClientServer/Controllers/dashboard/DashboardController.cs
+++ b/src/ClientServer/Controllers/dashboard/DashboardController.cs
@@ -42,7 +42,7 @@ namespace ClientServer.Controllers
{
if (!await base.IsLoggedIn()) return;
- if (!base.HasSystemPermission(role =>
+ if (!await HasSystemPermission(role =>
role != null && role.SystemRolePermission != null && role.SystemRolePermission.CanViewDashboard))
{
await
@@ -127,7 +127,7 @@ namespace ClientServer.Controllers
{
if (!await base.IsLoggedIn()) return;
- if (!base.HasSystemPermission(role =>
+ if (!await HasSystemPermission(role =>
role != null && role.SystemRolePermission != null && role.SystemRolePermission.CanViewDashboard))
{
await
@@ -160,7 +160,7 @@ namespace ClientServer.Controllers
{
if (!await base.IsLoggedIn()) return;
- if (!base.HasSystemPermission(role =>
+ if (!await HasSystemPermission(role =>
role != null && role.SystemRolePermission != null && role.SystemRolePermission.CanViewDashboard))
{
await
@@ -203,7 +203,7 @@ namespace ClientServer.Controllers
{
if (!await base.IsLoggedIn()) return;
- if (!base.HasSystemPermission(role =>
+ if (!await HasSystemPermission(role =>
role != null && role.SystemRolePermission != null && role.SystemRolePermission.CanViewDashboard))
{
await
@@ -240,7 +240,7 @@ namespace ClientServer.Controllers
{
if (!await base.IsLoggedIn()) return;
- if (!base.HasSystemPermission(role =>
+ if (!await HasSystemPermission(role =>
role != null && role.SystemRolePermission != null && role.SystemRolePermission.CanViewDashboard))
{
await Response.WriteAsync(
@@ -298,7 +298,7 @@ namespace ClientServer.Controllers
{
if (!await base.IsLoggedIn()) return;
- if (!base.HasSystemPermission(role =>
+ if (!await HasSystemPermission(role =>
role != null && role.SystemRolePermission != null && role.SystemRolePermission.CanViewDashboard))
{
await
diff --git a/src/ClientServer/Models/Users/SystemRolePermission.cs b/src/ClientServer/Models/Users/SystemRolePermission.cs
index b237953..b9df0a6 100644
--- a/src/ClientServer/Models/Users/SystemRolePermission.cs
+++ b/src/ClientServer/Models/Users/SystemRolePermission.cs
@@ -40,6 +40,7 @@ namespace ClientServer.Models.Users
/// <summary>
/// true: can change user data (e.g. firstname, lastname...), false: not
+ /// TODO maybe combine CanChangeOtherUsersSystemRole, CanDeleteActivatedUsers, CanChangeUserData to CanManageActivatedUsers/CanManageOldUsers
/// </summary>
public bool CanChangeUserData { get; set; }
@@ -49,11 +50,13 @@ namespace ClientServer.Models.Users
public bool CanManageNewUsers { get; set; }
/// <summary>
/// true: can change the group independent role (system role) of other users, false: not
+ /// TODO maybe combine CanChangeOtherUsersSystemRole, CanDeleteActivatedUsers, CanChangeUserData to CanManageActivatedUsers/CanManageOldUsers
/// </summary>
public bool CanChangeOtherUsersSystemRole { get; set; }
/// <summary>
/// true: can delete activated users, false: not
+ /// TODO maybe combine CanChangeOtherUsersSystemRole, CanDeleteActivatedUsers, CanChangeUserData to CanManageActivatedUsers/CanManageOldUsers
/// </summary>
public bool CanDeleteActivatedUsers { get; set; }
--
GitLab