From d3b55d155b662476c7ed4d155a3e54170c3d07de Mon Sep 17 00:00:00 2001 From: Marcel Baumgartner Date: Mon, 17 Jul 2023 22:16:39 +0200 Subject: [PATCH] Added permission groups. Cleaned security ui. Added some permission stuff --- Moonlight/App/Perms/PermissionStorage.cs | 15 + Moonlight/App/Perms/Permissions.cs | 24 +- .../App/Services/Sessions/IdentityService.cs | 23 +- .../Navigations/AdminSecurityNavigation.razor | 32 ++ .../Components/Partials/SidebarMenu.razor | 10 +- .../Shared/Views/Admin/Security/Index.razor | 7 + .../Security.razor => Security/IpBans.razor} | 34 +- .../Admin/{Sys => Security}/Malware.razor | 6 +- .../Admin/Security/PermissionGroups.razor | 132 ++++++ Moonlight/Shared/Views/Admin/Users/View.razor | 392 ++++++++---------- 10 files changed, 430 insertions(+), 245 deletions(-) create mode 100644 Moonlight/Shared/Components/Navigations/AdminSecurityNavigation.razor create mode 100644 Moonlight/Shared/Views/Admin/Security/Index.razor rename Moonlight/Shared/Views/Admin/{Sys/Security.razor => Security/IpBans.razor} (65%) rename Moonlight/Shared/Views/Admin/{Sys => Security}/Malware.razor (97%) create mode 100644 Moonlight/Shared/Views/Admin/Security/PermissionGroups.razor diff --git a/Moonlight/App/Perms/PermissionStorage.cs b/Moonlight/App/Perms/PermissionStorage.cs index 8be69d83..f5ddaa91 100644 --- a/Moonlight/App/Perms/PermissionStorage.cs +++ b/Moonlight/App/Perms/PermissionStorage.cs @@ -22,6 +22,10 @@ public class PermissionStorage { return BitHelper.ReadBit(Data, permission.Index); } + catch (ArgumentOutOfRangeException) + { + return false; + } catch (Exception e) { Logger.Verbose("Error reading permissions. (Can be intentional)"); @@ -37,4 +41,15 @@ public class PermissionStorage Data = BitHelper.WriteBit(Data, permission.Index, value); } } + + public bool HasAnyPermissions() + { + foreach (var permission in Permissions.GetAllPermissions()) + { + if (this[permission]) + return true; + } + + return false; + } } \ No newline at end of file diff --git a/Moonlight/App/Perms/Permissions.cs b/Moonlight/App/Perms/Permissions.cs index ad88c641..96701835 100644 --- a/Moonlight/App/Perms/Permissions.cs +++ b/Moonlight/App/Perms/Permissions.cs @@ -261,10 +261,10 @@ public static class Permissions Description = "Manage mail settings in the admin area" }; - public static Permission AdminSysMalware = new() + public static Permission AdminSecurityMalware = new() { Index = 39, - Name = "Admin system Malware", + Name = "Admin security Malware", Description = "Manage malware settings in the admin area" }; @@ -275,11 +275,11 @@ public static class Permissions Description = "View system resources in the admin area" }; - public static Permission AdminSysSecurity = new() + public static Permission AdminSecurity = new() { Index = 41, - Name = "Admin system Security", - Description = "Manage security settings in the admin area" + Name = "Admin Security", + Description = "View security logs in the admin area" }; public static Permission AdminSysSentry = new() @@ -379,6 +379,20 @@ public static class Permissions Name = "Admin Webspaces Server New", Description = "Create a new webspace server in the admin area" }; + + public static Permission AdminSecurityIpBans = new() + { + Index = 56, + Name = "Admin security ip bans", + Description = "Manage ip bans in the admin area" + }; + + public static Permission AdminSecurityPermissionGroups = new() + { + Index = 57, + Name = "Admin security permission groups", + Description = "View, add and delete permission groups" + }; public static Permission? FromString(string name) { diff --git a/Moonlight/App/Services/Sessions/IdentityService.cs b/Moonlight/App/Services/Sessions/IdentityService.cs index 8f615b35..f9a5d763 100644 --- a/Moonlight/App/Services/Sessions/IdentityService.cs +++ b/Moonlight/App/Services/Sessions/IdentityService.cs @@ -242,11 +242,22 @@ public class IdentityService Permissions.IsReadyOnly = true; return; } - - Permissions = new PermissionStorage(BitHelper.OverwriteByteArrays( - UserPermissions.Data, - GroupPermissions.Data), - true - ); + + Permissions = new(Array.Empty()); + + foreach (var permission in Perms.Permissions.GetAllPermissions()) + { + Permissions[permission] = GroupPermissions[permission]; + } + + foreach (var permission in Perms.Permissions.GetAllPermissions()) + { + if (UserPermissions[permission]) + { + Permissions[permission] = true; + } + } + + Permissions.IsReadyOnly = true; } } \ No newline at end of file diff --git a/Moonlight/Shared/Components/Navigations/AdminSecurityNavigation.razor b/Moonlight/Shared/Components/Navigations/AdminSecurityNavigation.razor new file mode 100644 index 00000000..85589958 --- /dev/null +++ b/Moonlight/Shared/Components/Navigations/AdminSecurityNavigation.razor @@ -0,0 +1,32 @@ +
+
+ +
+
+ +@code +{ + [Parameter] + public int Index { get; set; } = 0; +} \ No newline at end of file diff --git a/Moonlight/Shared/Components/Partials/SidebarMenu.razor b/Moonlight/Shared/Components/Partials/SidebarMenu.razor index 9661c502..de1240ef 100644 --- a/Moonlight/Shared/Components/Partials/SidebarMenu.razor +++ b/Moonlight/Shared/Components/Partials/SidebarMenu.razor @@ -69,7 +69,7 @@ else - if (User.Admin) + if (IdentityService.Permissions.HasAnyPermissions()) {
@@ -92,6 +92,14 @@ else System
+
+ + + + + Security + +
diff --git a/Moonlight/Shared/Views/Admin/Security/Index.razor b/Moonlight/Shared/Views/Admin/Security/Index.razor new file mode 100644 index 00000000..66aaa417 --- /dev/null +++ b/Moonlight/Shared/Views/Admin/Security/Index.razor @@ -0,0 +1,7 @@ +@page "/admin/security" + +@using Moonlight.Shared.Components.Navigations + +@attribute [PermissionRequired(nameof(Permissions.AdminSecurity))] + + \ No newline at end of file diff --git a/Moonlight/Shared/Views/Admin/Sys/Security.razor b/Moonlight/Shared/Views/Admin/Security/IpBans.razor similarity index 65% rename from Moonlight/Shared/Views/Admin/Sys/Security.razor rename to Moonlight/Shared/Views/Admin/Security/IpBans.razor index 2f3ee141..d167d1a7 100644 --- a/Moonlight/Shared/Views/Admin/Sys/Security.razor +++ b/Moonlight/Shared/Views/Admin/Security/IpBans.razor @@ -1,4 +1,4 @@ -@page "/admin/system/security" +@page "/admin/security/ipbans" @using Moonlight.Shared.Components.Navigations @using BlazorTable @@ -13,9 +13,9 @@ @inject EventSystem Event @inject ToastService ToastService -@attribute [PermissionRequired(nameof(Permissions.AdminSysSecurity))] +@attribute [PermissionRequired(nameof(Permissions.AdminSecurityIpBans))] - +
@@ -41,31 +41,33 @@
- - - - - - -
+
+ + + + + + +
+
@code { - private IpBan[] IpBans; + private IpBan[] AllIpBans; private string Ip; private LazyLoader LazyLoader; private Task Load(LazyLoader arg) { - IpBans = IpBanRepository.Get().ToArray(); + AllIpBans = IpBanRepository.Get().ToArray(); return Task.CompletedTask; } diff --git a/Moonlight/Shared/Views/Admin/Sys/Malware.razor b/Moonlight/Shared/Views/Admin/Security/Malware.razor similarity index 97% rename from Moonlight/Shared/Views/Admin/Sys/Malware.razor rename to Moonlight/Shared/Views/Admin/Security/Malware.razor index ccaeec64..958b4f1e 100644 --- a/Moonlight/Shared/Views/Admin/Sys/Malware.razor +++ b/Moonlight/Shared/Views/Admin/Security/Malware.razor @@ -1,4 +1,4 @@ -@page "/admin/system/malware" +@page "/admin/security/malware" @using Moonlight.Shared.Components.Navigations @using Moonlight.App.Services.Background @@ -14,9 +14,9 @@ @implements IDisposable -@attribute [PermissionRequired(nameof(Permissions.AdminSysMalware))] +@attribute [PermissionRequired(nameof(Permissions.AdminSecurityMalware))] - +
diff --git a/Moonlight/Shared/Views/Admin/Security/PermissionGroups.razor b/Moonlight/Shared/Views/Admin/Security/PermissionGroups.razor new file mode 100644 index 00000000..78705c25 --- /dev/null +++ b/Moonlight/Shared/Views/Admin/Security/PermissionGroups.razor @@ -0,0 +1,132 @@ +@page "/admin/security/permissiongroups" + +@using Moonlight.Shared.Components.Navigations +@using Moonlight.App.Services +@using Moonlight.App.Repositories +@using Moonlight.App.Database.Entities +@using BlazorTable +@using Microsoft.EntityFrameworkCore +@using Moonlight.App.Services.Interop +@using Moonlight.App.Services.Sessions + +@inject SmartTranslateService SmartTranslateService +@inject Repository PermissionGroupRepository +@inject SessionServerService SessionServerService +@inject Repository UserRepository +@inject AlertService AlertService +@inject ToastService ToastService + +@attribute [PermissionRequired(nameof(Permissions.AdminSecurityPermissionGroups))] + + + +
+
+ + Permission groups + +
+ + +
+
+
+ +
+ + + + + + +
+
+ +
+
+ + + +@code +{ + private PermissionGroup[] AllPermissionGroups; + private PermissionGroup CurrentPermissionGroup; + private LazyLoader LazyLoader; + private PermissionEditor PermissionEditor; + + private Task Load(LazyLoader arg) + { + AllPermissionGroups = PermissionGroupRepository + .Get() + .ToArray(); + + return Task.CompletedTask; + } + + private async Task EditPermissions(PermissionGroup group) + { + CurrentPermissionGroup = group; + PermissionEditor.InitialData = CurrentPermissionGroup.Permissions; + + await PermissionEditor.Launch(); + } + + private async Task DeletePermissionGroup(PermissionGroup group) + { + PermissionGroupRepository.Delete(group); + + await LazyLoader.Reload(); + } + + private async Task OnSave(byte[] data) + { + CurrentPermissionGroup.Permissions = data; + PermissionGroupRepository.Update(CurrentPermissionGroup); + + await ToastService.Success("Successfully modified permissions"); + + var usersWithTheGroup = UserRepository + .Get() + .Include(x => x.PermissionGroup) + .Where(x => x.PermissionGroup != null) + .Where(x => x.PermissionGroup!.Id == CurrentPermissionGroup.Id) + .ToArray(); + + foreach (var user in usersWithTheGroup) + { + await SessionServerService.ReloadUserSessions(user); + } + } + + private async Task NewGroupPermission() + { + var name = await AlertService.Text( + SmartTranslateService.Translate("Enter the name for the new group"), + "", + "" + ); + + if(string.IsNullOrEmpty(name)) + return; + + var group = new PermissionGroup() + { + Name = name, + Permissions = Array.Empty() + }; + + PermissionGroupRepository.Add(group); + + await LazyLoader.Reload(); + } +} \ No newline at end of file diff --git a/Moonlight/Shared/Views/Admin/Users/View.razor b/Moonlight/Shared/Views/Admin/Users/View.razor index fc4641cd..15bcccc1 100644 --- a/Moonlight/Shared/Views/Admin/Users/View.razor +++ b/Moonlight/Shared/Views/Admin/Users/View.razor @@ -1,245 +1,201 @@ @page "/admin/users/view/{Id:int}" @using Moonlight.App.Database.Entities -@using Moonlight.App.Helpers @using Moonlight.App.Repositories -@using Moonlight.App.Repositories.Servers @using Microsoft.EntityFrameworkCore -@using Moonlight.App.Repositories.Domains +@using Moonlight.App.Helpers +@using Moonlight.App.Services.Files -@inject UserRepository UserRepository -@inject ServerRepository ServerRepository -@inject DomainRepository DomainRepository +@inject Repository UserRepository +@inject Repository ServerRepository +@inject Repository DomainRepository +@inject Repository WebSpaceRepository +@inject ResourceService ResourceService @attribute [PermissionRequired(nameof(Permissions.AdminUserView))] - @if (User == null) - { -
- No user with this id found -
- } - else - { -
-
-
-
- Profile picture + @if (User == null) + { +
+ No user with this id found +
+ } + else + { +
+
+
+
+
+
+ Avatar +
+ + @(User.FirstName) @(User.LastName) + + @if (User.Admin) + { +
+
+ Admin +
+
+ } +
+
+
+
+ Account ID +
+
@(User.Id)
+ +
Email
+
+ @(User.Email) +
+ +
+ Address +
+
@(User.Address),
@(User.City)
@(User.State)
@(User.Country)
+ +
+ Status +
+
+ @(User.Status) +
+ +
+ TOTP +
+
+ @(User.TotpEnabled) +
+ +
+ Discord ID +
+
+ @(User.DiscordId) +
+ +
+ Last Login IP +
+
+ @(User.LastIp) at @(Formatter.FormatDate(User.LastVisitedAt)) +
+ +
+ Register IP +
+
+ @(User.RegisterIp) at @(Formatter.FormatDate(User.CreatedAt)) +
+
-
-
- +
+
+
+
+
+ + Services + +
+ Edit - - Back to list - - - Open support -
-
-
-

+

+ +
+
+

+

-
-
- @foreach (var server in Servers) - { -
-
- @(server.Name) - @(server.Image.Name) -
-
- - if (server != Servers.Last()) + + +
+
+ @foreach (var server in Servers) { -
+
+
+ @(server.Name) - @(server.Image.Name) +
+
+ + if (server != Servers.Last()) + { +
+ } } - } +
-
-
-

+

+ +
+
+

+

-
-
- @foreach (var domain in Domains) - { -
-
- @(domain.Name).@(domain.SharedDomain.Name) -
-
- - if (domain != Domains.Last()) + + +
+
+ @foreach (var domain in Domains) { -
+
+
+ @(domain.Name).@(domain.SharedDomain.Name) +
+
+ + if (domain != Domains.Last()) + { +
+ } } - } -
-
-
-
-
-
-
- -
- @(User.FirstName) -
-
-
-
- -
- @(User.LastName) -
-
-
-
- -
- @(User.Email) -
-
-
-
- -
- @(User.Address) -
-
-
-
- -
- @(User.City) -
-
-
-
- -
- @(User.State) -
-
-
-
- -
- @(User.Country) -
-
-
-
- -
- - @if (User.Admin) - { - - } - else - { - - } - -
-
-
-
- -
- @(User.Status) -
-
-
-
- -
- @(User.TotpEnabled) -
-
-
-
- -
- @(User.DiscordId) -
-
-
-
- -
- - - -
-
-
-
- -
- @(Formatter.FormatDate(User.CreatedAt)) -
-
-
-
- -
- @(User.RegisterIp) -
-
-
-
- -
- @(User.LastIp) -
+ +
+
+

+ +

+
+
+ @foreach (var webSpace in WebSpaces) + { +
+
+ @(webSpace.Domain) - @(webSpace.CloudPanel.Name) +
+
+ + if (webSpace != WebSpaces.Last()) + { +
+ } + } +
+
+
- } - +
+
+ } + @code { @@ -249,6 +205,7 @@ private User? User; private Server[] Servers; private Domain[] Domains; + private WebSpace[] WebSpaces; private Task Load(LazyLoader arg) { @@ -269,6 +226,13 @@ .Include(x => x.Owner) .Where(x => x.Owner.Id == User.Id) .ToArray(); + + WebSpaces = WebSpaceRepository + .Get() + .Include(x => x.CloudPanel) + .Include(x => x.Owner) + .Where(x => x.Owner.Id == User.Id) + .ToArray(); } return Task.CompletedTask;