jessikitty/Disco
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: use more antiforgery tokens

Browse Source
This commit is contained in:
Gary Sharp
2025-07-25 12:32:44 +10:00
parent fd43d85778
commit 7deead494b
222 changed files with 12919 additions and 11728 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Disco.Services/Jobs/JobQueues/JobQueueService.cs
+8 -34
View File
@@ -28,41 +28,24 @@ namespace Disco.Services.Jobs.JobQueues
public static JobQueueToken GetQueue(int JobQueueId) { return _cache.GetQueue(JobQueueId); }
#region Job Queues Maintenance
public static JobQueueToken CreateJobQueue(DiscoDataContext Database, JobQueue JobQueue)
public static JobQueueToken CreateJobQueue(DiscoDataContext Database, string name, string description)
{
// Verify
if (string.IsNullOrWhiteSpace(JobQueue.Name))
if (string.IsNullOrWhiteSpace(name))
throw new ArgumentException("The Job Queue Name is required");
// Name Unique
if (_cache.GetQueues().Any(q => q.JobQueue.Name == JobQueue.Name))
if (_cache.GetQueues().Any(q => q.JobQueue.Name.Equals(name, StringComparison.Ordinal)))
throw new ArgumentException("Another Job Queue already exists with that name", "JobQueue");
// Sanitize Subject Ids
if (string.IsNullOrWhiteSpace(JobQueue.SubjectIds))
{
JobQueue.SubjectIds = null;
}
else
{
var subjectIds = JobQueue.SubjectIds.Split(',');
foreach (var subjectId in subjectIds)
{
UserService.GetUser(subjectId, Database);
}
JobQueue.SubjectIds = string.Join(",", Database.Users.Where(u => subjectIds.Contains(u.UserId)).Select(u => u.UserId));
}
// Clone to break reference
var queue = new JobQueue()
{
Name = JobQueue.Name,
Description = JobQueue.Description,
Icon = JobQueue.Icon,
IconColour = JobQueue.IconColour,
DefaultSLAExpiry = JobQueue.DefaultSLAExpiry,
Priority = JobQueue.Priority,
SubjectIds = JobQueue.SubjectIds
Name = name,
Description = description,
Icon = RandomUnusedIcon(),
IconColour = RandomUnusedThemeColour(),
Priority = JobQueuePriority.Normal,
};
Database.JobQueues.Add(queue);
@@ -85,15 +68,6 @@ namespace Disco.Services.Jobs.JobQueues
{
JobQueue.SubjectIds = null;
}
else
{
var subjectIds = JobQueue.SubjectIds.Split(',');
foreach (var subjectId in subjectIds)
{
UserService.GetUser(subjectId, Database);
}
JobQueue.SubjectIds = string.Join(",", Database.Users.Where(u => subjectIds.Contains(u.UserId)).Select(u => u.UserId));
}
Database.SaveChanges();