Moonlight-Panel/Moonlight
2
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added permission checks to all controllers. Added role permission loading. Added frontend permission checks. Implemented user logout in admin panel.

Browse Source
This commit was merged in pull request #4.
This commit is contained in:
ChiaraBm
2026-01-16 13:07:19 +01:00
parent bee381702b
commit a28b8aca7a
24 changed files with 401 additions and 62 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
Moonlight.Api/Http/Controllers/Admin/DiagnoseController.cs
View File

@@ -1,11 +1,14 @@
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Moonlight.Api.Mappers;
using Moonlight.Api.Services;
using Moonlight.Shared;
using Moonlight.Shared.Http.Responses.Admin;
namespace Moonlight.Api.Http.Controllers.Admin;
[ApiController]
[Authorize(Policy = Permissions.System.Diagnose)]
[Route("api/admin/system/diagnose")]
public class DiagnoseController : Controller
{

7
Moonlight.Api/Http/Controllers/Admin/RoleMembersController.cs
View File

@@ -1,14 +1,17 @@
using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Moonlight.Api.Database;
using Moonlight.Api.Database.Entities;
using Moonlight.Api.Mappers;
using Moonlight.Shared;
using Moonlight.Shared.Http.Responses;
using Moonlight.Shared.Http.Responses.Users;
namespace Moonlight.Api.Http.Controllers.Admin;
[ApiController]
[Authorize(Policy = Permissions.Roles.Members)]
[Route("api/admin/roles/{roleId:int}/members")]
public class RoleMembersController : Controller
{
@@ -59,6 +62,7 @@ public class RoleMembersController : Controller
// Pagination
var items = query
.OrderBy(x => x.Id)
.Skip(startIndex)
.Take(length)
.ProjectToDto()
@@ -100,6 +104,7 @@ public class RoleMembersController : Controller
// Pagination
var items = query
.OrderBy(x => x.Id)
.Skip(startIndex)
.Take(length)
.ProjectToDto()

8
Moonlight.Api/Http/Controllers/Admin/RolesController.cs
View File

@@ -1,8 +1,10 @@
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Moonlight.Api.Database;
using Moonlight.Api.Database.Entities;
using Moonlight.Api.Mappers;
using Moonlight.Shared;
using Moonlight.Shared.Http.Requests;
using Moonlight.Shared.Http.Requests.Roles;
using Moonlight.Shared.Http.Responses;
@@ -22,6 +24,7 @@ public class RolesController : Controller
}
[HttpGet]
[Authorize(Policy = Permissions.Roles.View)]
public async Task<ActionResult<PagedData<RoleDto>>> GetAsync(
[FromQuery] int startIndex,
[FromQuery] int length,
@@ -57,6 +60,7 @@ public class RolesController : Controller
// Pagination
var data = await query
.OrderBy(x => x.Id)
.ProjectToDto()
.Skip(startIndex)
.Take(length)
@@ -68,6 +72,7 @@ public class RolesController : Controller
}
[HttpGet("{id:int}")]
[Authorize(Policy = Permissions.Roles.View)]
public async Task<ActionResult<RoleDto>> GetAsync([FromRoute] int id)
{
var role = await RoleRepository
@@ -81,6 +86,7 @@ public class RolesController : Controller
}
[HttpPost]
[Authorize(Policy = Permissions.Roles.Create)]
public async Task<ActionResult<RoleDto>> CreateAsync([FromBody] CreateRoleDto request)
{
var role = RoleMapper.ToEntity(request);
@@ -91,6 +97,7 @@ public class RolesController : Controller
}
[HttpPatch("{id:int}")]
[Authorize(Policy = Permissions.Roles.Edit)]
public async Task<ActionResult<RoleDto>> UpdateAsync([FromRoute] int id, [FromBody] UpdateRoleDto request)
{
var role = await RoleRepository
@@ -108,6 +115,7 @@ public class RolesController : Controller
}
[HttpDelete("{id:int}")]
[Authorize(Policy = Permissions.Roles.Delete)]
public async Task<ActionResult> DeleteAsync([FromRoute] int id)
{
var role = await RoleRepository

3
Moonlight.Api/Http/Controllers/Admin/SystemController.cs
View File

@@ -1,5 +1,7 @@
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Moonlight.Api.Services;
using Moonlight.Shared;
using Moonlight.Shared.Http.Responses.Admin;
namespace Moonlight.Api.Http.Controllers.Admin;
@@ -16,6 +18,7 @@ public class SystemController : Controller
}
[HttpGet("info")]
[Authorize(Policy = Permissions.System.Info)]
public async Task<ActionResult<SystemInfoDto>> GetInfoAsync()
{
var cpuUsage = await ApplicationService.GetCpuUsageAsync();

45
Moonlight.Api/Http/Controllers/Admin/UserActionsController.cs Normal file
View File

@@ -0,0 +1,45 @@
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Microsoft.EntityFrameworkCore;
using Microsoft.Extensions.Caching.Memory;
using Moonlight.Api.Database;
using Moonlight.Api.Database.Entities;
using Moonlight.Api.Services;
using Moonlight.Shared;
namespace Moonlight.Api.Http.Controllers.Admin;
[ApiController]
[Route("api/admin/users/{id:int}")]
public class UserActionsController : Controller
{
// Consider building a service for deletion and logout or actions in general
private readonly DatabaseRepository<User> UsersRepository;
private readonly IMemoryCache Cache;
public UserActionsController(DatabaseRepository<User> usersRepository, IMemoryCache cache)
{
UsersRepository = usersRepository;
Cache = cache;
}
[HttpPost("logout")]
[Authorize(Policy = Permissions.Users.Logout)]
public async Task<ActionResult> LogoutAsync([FromRoute] int id)
{
var user = await UsersRepository
.Query()
.FirstOrDefaultAsync(u => u.Id == id);
if(user == null)
return Problem("User not found", statusCode: 404);
user.InvalidateTimestamp = DateTimeOffset.UtcNow;
await UsersRepository.UpdateAsync(user);
Cache.Remove(string.Format(UserAuthService.ValidationCacheKeyPattern, id));
return NoContent();
}
}

7
Moonlight.Api/Http/Controllers/Admin/UsersController.cs
View File

@@ -4,6 +4,7 @@ using Microsoft.EntityFrameworkCore;
using Moonlight.Api.Database;
using Moonlight.Api.Database.Entities;
using Moonlight.Api.Mappers;
using Moonlight.Shared;
using Moonlight.Shared.Http.Requests;
using Moonlight.Shared.Http.Requests.Users;
using Moonlight.Shared.Http.Responses;
@@ -24,6 +25,7 @@ public class UsersController : Controller
}
[HttpGet]
[Authorize(Policy = Permissions.Users.View)]
public async Task<ActionResult<PagedData<UserDto>>> GetAsync(
[FromQuery] int startIndex,
[FromQuery] int length,
@@ -62,6 +64,7 @@ public class UsersController : Controller
// Pagination
var data = await query
.OrderBy(x => x.Id)
.ProjectToDto()
.Skip(startIndex)
.Take(length)
@@ -73,6 +76,7 @@ public class UsersController : Controller
}
[HttpGet("{id:int}")]
[Authorize(Policy = Permissions.Users.View)]
public async Task<ActionResult<UserDto>> GetAsync([FromRoute] int id)
{
var user = await UserRepository
@@ -86,6 +90,7 @@ public class UsersController : Controller
}
[HttpPost]
[Authorize(Policy = Permissions.Users.Create)]
public async Task<ActionResult<UserDto>> CreateAsync([FromBody] CreateUserDto request)
{
var user = UserMapper.ToEntity(request);
@@ -97,6 +102,7 @@ public class UsersController : Controller
}
[HttpPatch("{id:int}")]
[Authorize(Policy = Permissions.Users.Edit)]
public async Task<ActionResult<UserDto>> UpdateAsync([FromRoute] int id, [FromBody] UpdateUserDto request)
{
var user = await UserRepository
@@ -113,6 +119,7 @@ public class UsersController : Controller
}
[HttpDelete("{id:int}")]
[Authorize(Policy = Permissions.Users.Delete)]
public async Task<ActionResult> DeleteAsync([FromRoute] int id)
{
var user = await UserRepository