security: use more antiforgery tokens
This commit is contained in:
Gary Sharp
@@ -45,25 +45,23 @@ namespace Disco.Services.Devices.DeviceFlags
|
||||
public static DeviceFlag GetDeviceFlag(int deviceFlagId) { return _cache.GetDeviceFlag(deviceFlagId); }
|
||||
|
||||
#region Device Flag Maintenance
|
||||
public static DeviceFlag CreateDeviceFlag(DiscoDataContext database, DeviceFlag deviceFlag)
|
||||
public static DeviceFlag CreateDeviceFlag(DiscoDataContext database, string name, string description)
|
||||
{
|
||||
// Verify
|
||||
if (string.IsNullOrWhiteSpace(deviceFlag.Name))
|
||||
throw new ArgumentException("The Device Flag Name is required", nameof(deviceFlag));
|
||||
if (string.IsNullOrWhiteSpace(name))
|
||||
throw new ArgumentException("The Device Flag Name is required", nameof(name));
|
||||
|
||||
// Name Unique
|
||||
if (_cache.GetDeviceFlags().Any(f => f.Name == deviceFlag.Name))
|
||||
throw new ArgumentException("Another Device Flag already exists with that name", nameof(deviceFlag));
|
||||
if (_cache.GetDeviceFlags().Any(f => f.Name.Equals(name, StringComparison.Ordinal)))
|
||||
throw new ArgumentException("Another Device Flag already exists with that name", nameof(name));
|
||||
|
||||
// Clone to break reference
|
||||
var flag = new DeviceFlag()
|
||||
{
|
||||
Name = deviceFlag.Name,
|
||||
Description = deviceFlag.Description,
|
||||
Icon = deviceFlag.Icon,
|
||||
IconColour = deviceFlag.IconColour,
|
||||
DevicesLinkedGroup = deviceFlag.DevicesLinkedGroup,
|
||||
DeviceUsersLinkedGroup = deviceFlag.DeviceUsersLinkedGroup,
|
||||
Name = name,
|
||||
Description = description,
|
||||
Icon = RandomUnusedIcon(),
|
||||
IconColour = RandomUnusedThemeColour(),
|
||||
};
|
||||
|
||||
database.DeviceFlags.Add(flag);
|
||||
|
||||
@@ -25,7 +25,7 @@ namespace Disco.Services.Documents
|
||||
Directory.Delete(cachePath, true);
|
||||
}
|
||||
|
||||
public static Stream GetCached(DiscoDataContext database, string id)
|
||||
public static Stream GetCached(DiscoDataContext database, Guid id)
|
||||
{
|
||||
var cachePath = GetCachePath(database);
|
||||
var path = Path.Combine(cachePath, $"{id}.pdf");
|
||||
|
||||
@@ -1,6 +1,7 @@
|
||||
using Disco.Data.Repository;
|
||||
using Disco.Models.Repository;
|
||||
using Disco.Models.Services.Documents;
|
||||
using Disco.Models.UI.Config.DocumentTemplate;
|
||||
using System;
|
||||
using System.Collections.Concurrent;
|
||||
using System.Collections.Generic;
|
||||
@@ -121,19 +122,26 @@ namespace Disco.Services.Documents
|
||||
return packages;
|
||||
}
|
||||
|
||||
public static DocumentTemplatePackage CreatePackage(DocumentTemplatePackage Package)
|
||||
public static DocumentTemplatePackage CreatePackage(string id, string description, AttachmentTypes scope)
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(Package.Id))
|
||||
throw new ArgumentNullException(nameof(Package), "The Package Id is required");
|
||||
if (cache.ContainsKey(Package.Id)) // Name Unique
|
||||
throw new ArgumentException("Another Package already exists with that Id", nameof(Package));
|
||||
if (string.IsNullOrWhiteSpace(Package.Description))
|
||||
throw new ArgumentNullException(nameof(Package), "The Package Description is required");
|
||||
if (string.IsNullOrWhiteSpace(id))
|
||||
throw new ArgumentNullException(nameof(id), "The Package Id is required");
|
||||
if (cache.ContainsKey(id)) // Name Unique
|
||||
throw new ArgumentException("Another Package already exists with that Id", nameof(id));
|
||||
if (string.IsNullOrWhiteSpace(description))
|
||||
throw new ArgumentNullException(nameof(description), "The Package Description is required");
|
||||
|
||||
if (cache.TryAdd(Package.Id, Package))
|
||||
var package = new DocumentTemplatePackage()
|
||||
{
|
||||
Id = id,
|
||||
Description = description,
|
||||
Scope = scope,
|
||||
};
|
||||
|
||||
if (cache.TryAdd(id, package))
|
||||
{
|
||||
PersistCache();
|
||||
return Package;
|
||||
return package;
|
||||
}
|
||||
else
|
||||
throw new Exception("Unable to add the Package to the Cache, check the Package Id and try again");
|
||||
|
||||
@@ -28,41 +28,24 @@ namespace Disco.Services.Jobs.JobQueues
|
||||
public static JobQueueToken GetQueue(int JobQueueId) { return _cache.GetQueue(JobQueueId); }
|
||||
|
||||
#region Job Queues Maintenance
|
||||
public static JobQueueToken CreateJobQueue(DiscoDataContext Database, JobQueue JobQueue)
|
||||
public static JobQueueToken CreateJobQueue(DiscoDataContext Database, string name, string description)
|
||||
{
|
||||
// Verify
|
||||
if (string.IsNullOrWhiteSpace(JobQueue.Name))
|
||||
if (string.IsNullOrWhiteSpace(name))
|
||||
throw new ArgumentException("The Job Queue Name is required");
|
||||
|
||||
// Name Unique
|
||||
if (_cache.GetQueues().Any(q => q.JobQueue.Name == JobQueue.Name))
|
||||
if (_cache.GetQueues().Any(q => q.JobQueue.Name.Equals(name, StringComparison.Ordinal)))
|
||||
throw new ArgumentException("Another Job Queue already exists with that name", "JobQueue");
|
||||
|
||||
// Sanitize Subject Ids
|
||||
if (string.IsNullOrWhiteSpace(JobQueue.SubjectIds))
|
||||
{
|
||||
JobQueue.SubjectIds = null;
|
||||
}
|
||||
else
|
||||
{
|
||||
var subjectIds = JobQueue.SubjectIds.Split(',');
|
||||
foreach (var subjectId in subjectIds)
|
||||
{
|
||||
UserService.GetUser(subjectId, Database);
|
||||
}
|
||||
JobQueue.SubjectIds = string.Join(",", Database.Users.Where(u => subjectIds.Contains(u.UserId)).Select(u => u.UserId));
|
||||
}
|
||||
|
||||
// Clone to break reference
|
||||
var queue = new JobQueue()
|
||||
{
|
||||
Name = JobQueue.Name,
|
||||
Description = JobQueue.Description,
|
||||
Icon = JobQueue.Icon,
|
||||
IconColour = JobQueue.IconColour,
|
||||
DefaultSLAExpiry = JobQueue.DefaultSLAExpiry,
|
||||
Priority = JobQueue.Priority,
|
||||
SubjectIds = JobQueue.SubjectIds
|
||||
Name = name,
|
||||
Description = description,
|
||||
Icon = RandomUnusedIcon(),
|
||||
IconColour = RandomUnusedThemeColour(),
|
||||
Priority = JobQueuePriority.Normal,
|
||||
};
|
||||
|
||||
Database.JobQueues.Add(queue);
|
||||
@@ -85,15 +68,6 @@ namespace Disco.Services.Jobs.JobQueues
|
||||
{
|
||||
JobQueue.SubjectIds = null;
|
||||
}
|
||||
else
|
||||
{
|
||||
var subjectIds = JobQueue.SubjectIds.Split(',');
|
||||
foreach (var subjectId in subjectIds)
|
||||
{
|
||||
UserService.GetUser(subjectId, Database);
|
||||
}
|
||||
JobQueue.SubjectIds = string.Join(",", Database.Users.Where(u => subjectIds.Contains(u.UserId)).Select(u => u.UserId));
|
||||
}
|
||||
|
||||
Database.SaveChanges();
|
||||
|
||||
|
||||
@@ -45,25 +45,23 @@ namespace Disco.Services.Users.UserFlags
|
||||
public static UserFlag GetUserFlag(int UserFlagId) { return _cache.GetUserFlag(UserFlagId); }
|
||||
|
||||
#region User Flag Maintenance
|
||||
public static UserFlag CreateUserFlag(DiscoDataContext Database, UserFlag UserFlag)
|
||||
public static UserFlag CreateUserFlag(DiscoDataContext Database, string name, string description)
|
||||
{
|
||||
// Verify
|
||||
if (string.IsNullOrWhiteSpace(UserFlag.Name))
|
||||
throw new ArgumentException("The User Flag Name is required");
|
||||
if (string.IsNullOrWhiteSpace(name))
|
||||
throw new ArgumentException("The User Flag Name is required", nameof(name));
|
||||
|
||||
// Name Unique
|
||||
if (_cache.GetUserFlags().Any(f => f.Name == UserFlag.Name))
|
||||
throw new ArgumentException("Another User Flag already exists with that name", "UserFlag");
|
||||
if (_cache.GetUserFlags().Any(f => f.Name.Equals(name, StringComparison.Ordinal)))
|
||||
throw new ArgumentException("Another User Flag already exists with that name", nameof(name));
|
||||
|
||||
// Clone to break reference
|
||||
var flag = new UserFlag()
|
||||
{
|
||||
Name = UserFlag.Name,
|
||||
Description = UserFlag.Description,
|
||||
Icon = UserFlag.Icon,
|
||||
IconColour = UserFlag.IconColour,
|
||||
UsersLinkedGroup = UserFlag.UsersLinkedGroup,
|
||||
UserDevicesLinkedGroup = UserFlag.UserDevicesLinkedGroup
|
||||
Name = name,
|
||||
Description = description,
|
||||
Icon = RandomUnusedIcon(),
|
||||
IconColour = RandomUnusedThemeColour(),
|
||||
};
|
||||
|
||||
Database.UserFlags.Add(flag);
|
||||
|
||||
@@ -138,26 +138,28 @@ namespace Disco.Services.Users
|
||||
return Cache.InvalidateRecord(UserId);
|
||||
}
|
||||
|
||||
public static int CreateAuthorizationRole(DiscoDataContext Database, AuthorizationRole Role)
|
||||
public static int CreateAuthorizationRole(DiscoDataContext Database, string name)
|
||||
{
|
||||
if (Role == null)
|
||||
if (string.IsNullOrWhiteSpace(name))
|
||||
throw new ArgumentNullException("Role");
|
||||
|
||||
if (string.IsNullOrWhiteSpace(Role.ClaimsJson))
|
||||
Role.ClaimsJson = JsonConvert.SerializeObject(new RoleClaims());
|
||||
|
||||
Database.AuthorizationRoles.Add(Role);
|
||||
var role = new AuthorizationRole()
|
||||
{
|
||||
Name = name,
|
||||
ClaimsJson = JsonConvert.SerializeObject(new RoleClaims()),
|
||||
};
|
||||
Database.AuthorizationRoles.Add(role);
|
||||
Database.SaveChanges();
|
||||
|
||||
AuthorizationLog.LogRoleCreated(Role, CurrentUserId);
|
||||
AuthorizationLog.LogRoleCreated(role, CurrentUserId);
|
||||
|
||||
// Add to Cache
|
||||
RoleCache.AddRole(Role);
|
||||
RoleCache.AddRole(role);
|
||||
|
||||
// Flush User Cache
|
||||
Cache.FlushCache();
|
||||
|
||||
return Role.Id;
|
||||
return role.Id;
|
||||
}
|
||||
public static void DeleteAuthorizationRole(DiscoDataContext Database, AuthorizationRole Role)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user