Updated mooncore versions. Updated permission checking. Added client side permission check. Added dotnet tool specifications for scripts project
This commit is contained in:
@@ -1,9 +1,9 @@
|
||||
using System.ComponentModel.DataAnnotations;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using MoonCore.Exceptions;
|
||||
using MoonCore.Extended.Abstractions;
|
||||
using MoonCore.Extended.PermFilter;
|
||||
using MoonCore.Models;
|
||||
using Moonlight.ApiServer.Database.Entities;
|
||||
using Moonlight.ApiServer.Services;
|
||||
@@ -26,7 +26,7 @@ public class ApiKeysController : Controller
|
||||
}
|
||||
|
||||
[HttpGet]
|
||||
[RequirePermission("admin.apikeys.read")]
|
||||
[Authorize(Policy = "permissions:admin.apikeys.get")]
|
||||
public async Task<IPagedData<ApiKeyResponse>> Get(
|
||||
[FromQuery] int page,
|
||||
[FromQuery] [Range(1, 100)] int pageSize = 50
|
||||
@@ -62,7 +62,7 @@ public class ApiKeysController : Controller
|
||||
}
|
||||
|
||||
[HttpGet("{id}")]
|
||||
[RequirePermission("admin.apikeys.read")]
|
||||
[Authorize(Policy = "permissions:admin.apikeys.get")]
|
||||
public async Task<ApiKeyResponse> GetSingle(int id)
|
||||
{
|
||||
var apiKey = await ApiKeyRepository
|
||||
@@ -82,7 +82,7 @@ public class ApiKeysController : Controller
|
||||
}
|
||||
|
||||
[HttpPost]
|
||||
[RequirePermission("admin.apikeys.create")]
|
||||
[Authorize(Policy = "permissions:admin.apikeys.create")]
|
||||
public async Task<CreateApiKeyResponse> Create([FromBody] CreateApiKeyRequest request)
|
||||
{
|
||||
var apiKey = new ApiKey()
|
||||
@@ -107,7 +107,7 @@ public class ApiKeysController : Controller
|
||||
}
|
||||
|
||||
[HttpPatch("{id}")]
|
||||
[RequirePermission("admin.apikeys.update")]
|
||||
[Authorize(Policy = "permissions:admin.apikeys.update")]
|
||||
public async Task<ApiKeyResponse> Update([FromRoute] int id, [FromBody] UpdateApiKeyRequest request)
|
||||
{
|
||||
var apiKey = await ApiKeyRepository
|
||||
@@ -131,7 +131,7 @@ public class ApiKeysController : Controller
|
||||
}
|
||||
|
||||
[HttpDelete("{id}")]
|
||||
[RequirePermission("admin.apikeys.delete")]
|
||||
[Authorize(Policy = "permissions:admin.apikeys.delete")]
|
||||
public async Task Delete([FromRoute] int id)
|
||||
{
|
||||
var apiKey = await ApiKeyRepository
|
||||
|
||||
@@ -1,6 +1,5 @@
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using MoonCore.Extended.PermFilter;
|
||||
using Moonlight.ApiServer.Services;
|
||||
|
||||
namespace Moonlight.ApiServer.Http.Controllers.Admin.Sys;
|
||||
@@ -18,7 +17,7 @@ public class AdvancedController : Controller
|
||||
}
|
||||
|
||||
[HttpGet("frontend")]
|
||||
[RequirePermission("admin.system.advanced.frontend")]
|
||||
[Authorize(Policy = "permissions:admin.system.advanced.frontend")]
|
||||
public async Task Frontend()
|
||||
{
|
||||
var stream = await FrontendService.GenerateZip();
|
||||
|
||||
@@ -1,16 +1,15 @@
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using MoonCore.Attributes;
|
||||
using Moonlight.ApiServer.Services;
|
||||
using Moonlight.Shared.Http.Requests.Admin.Sys;
|
||||
using Moonlight.Shared.Http.Responses.Admin.Sys;
|
||||
using Moonlight.Shared.Misc;
|
||||
|
||||
|
||||
namespace Moonlight.ApiServer.Http.Controllers.Admin.Sys;
|
||||
|
||||
[ApiController]
|
||||
[Route("api/admin/system/diagnose")]
|
||||
[RequirePermission("admin.system.diagnose")]
|
||||
[Authorize(Policy = "permissions:admin.system.diagnose")]
|
||||
public class DiagnoseController : Controller
|
||||
{
|
||||
private readonly DiagnoseService DiagnoseService;
|
||||
|
||||
@@ -2,9 +2,9 @@
|
||||
using ICSharpCode.SharpZipLib.GZip;
|
||||
using ICSharpCode.SharpZipLib.Tar;
|
||||
using ICSharpCode.SharpZipLib.Zip;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using MoonCore.Exceptions;
|
||||
using MoonCore.Extended.PermFilter;
|
||||
using MoonCore.Helpers;
|
||||
using Moonlight.Shared.Http.Requests.Admin.Sys.Files;
|
||||
using Moonlight.Shared.Http.Responses.Admin.Sys;
|
||||
@@ -13,7 +13,7 @@ namespace Moonlight.ApiServer.Http.Controllers.Admin.Sys;
|
||||
|
||||
[ApiController]
|
||||
[Route("api/admin/system/files")]
|
||||
[RequirePermission("admin.system.files")]
|
||||
[Authorize(Policy = "permissions:admin.system.files")]
|
||||
public class FilesController : Controller
|
||||
{
|
||||
private readonly string BaseDirectory = PathBuilder.Dir("storage");
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
using Hangfire;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using MoonCore.Extended.PermFilter;
|
||||
using Moonlight.Shared.Http.Responses.Admin.Hangfire;
|
||||
|
||||
namespace Moonlight.ApiServer.Http.Controllers.Admin.Sys;
|
||||
|
||||
[ApiController]
|
||||
[Route("api/admin/system/hangfire")]
|
||||
[RequirePermission("admin.system.hangfire")]
|
||||
[Authorize(Policy = "permissions:admin.system.hangfire")]
|
||||
public class HangfireController : Controller
|
||||
{
|
||||
private readonly JobStorage JobStorage;
|
||||
|
||||
@@ -1,3 +1,4 @@
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using MoonCore.Attributes;
|
||||
using Moonlight.ApiServer.Interfaces;
|
||||
@@ -21,7 +22,7 @@ public class SystemController : Controller
|
||||
}
|
||||
|
||||
[HttpGet]
|
||||
[RequirePermission("admin.system.overview")]
|
||||
[Authorize(Policy = "permissions:admin.system.overview")]
|
||||
public async Task<SystemOverviewResponse> GetOverview()
|
||||
{
|
||||
return new()
|
||||
@@ -34,7 +35,7 @@ public class SystemController : Controller
|
||||
}
|
||||
|
||||
[HttpPost("shutdown")]
|
||||
[RequirePermission("admin.system.shutdown")]
|
||||
[Authorize(Policy = "permissions:admin.system.shutdown")]
|
||||
public async Task Shutdown()
|
||||
{
|
||||
await ApplicationService.Shutdown();
|
||||
|
||||
@@ -1,6 +1,6 @@
|
||||
using System.Text.Json;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using MoonCore.Extended.PermFilter;
|
||||
using MoonCore.Helpers;
|
||||
using Moonlight.Shared.Http.Requests.Admin.Sys;
|
||||
|
||||
@@ -11,7 +11,7 @@ namespace Moonlight.ApiServer.Http.Controllers.Admin.Sys;
|
||||
public class ThemeController : Controller
|
||||
{
|
||||
[HttpPatch]
|
||||
[RequirePermission("admin.system.theme.update")]
|
||||
[Authorize(Policy = "permissions:admin.system.theme.update")]
|
||||
public async Task Patch([FromBody] UpdateThemeRequest request)
|
||||
{
|
||||
var themePath = PathBuilder.File("storage", "theme.json");
|
||||
|
||||
@@ -1,10 +1,10 @@
|
||||
using System.ComponentModel.DataAnnotations;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.EntityFrameworkCore;
|
||||
using MoonCore.Exceptions;
|
||||
using MoonCore.Extended.Abstractions;
|
||||
using MoonCore.Extended.Helpers;
|
||||
using MoonCore.Extended.PermFilter;
|
||||
using MoonCore.Models;
|
||||
using Moonlight.ApiServer.Database.Entities;
|
||||
using Moonlight.Shared.Http.Requests.Admin.Users;
|
||||
@@ -24,7 +24,7 @@ public class UsersController : Controller
|
||||
}
|
||||
|
||||
[HttpGet]
|
||||
[RequirePermission("admin.users.read")]
|
||||
[Authorize(Policy = "permissions:admin.users.get")]
|
||||
public async Task<IPagedData<UserResponse>> Get(
|
||||
[FromQuery] int page,
|
||||
[FromQuery] [Range(1, 100)] int pageSize = 50
|
||||
@@ -60,7 +60,7 @@ public class UsersController : Controller
|
||||
}
|
||||
|
||||
[HttpGet("{id}")]
|
||||
[RequirePermission("admin.users.read")]
|
||||
[Authorize(Policy = "permissions:admin.users.get")]
|
||||
public async Task<UserResponse> GetSingle(int id)
|
||||
{
|
||||
var user = await UserRepository
|
||||
@@ -80,7 +80,7 @@ public class UsersController : Controller
|
||||
}
|
||||
|
||||
[HttpPost]
|
||||
[RequirePermission("admin.users.create")]
|
||||
[Authorize(Policy = "permissions:admin.users.create")]
|
||||
public async Task<UserResponse> Create([FromBody] CreateUserRequest request)
|
||||
{
|
||||
// Reformat values
|
||||
@@ -116,7 +116,7 @@ public class UsersController : Controller
|
||||
}
|
||||
|
||||
[HttpPatch("{id}")]
|
||||
[RequirePermission("admin.users.update")]
|
||||
[Authorize(Policy = "permissions:admin.users.update")]
|
||||
public async Task<UserResponse> Update([FromRoute] int id, [FromBody] UpdateUserRequest request)
|
||||
{
|
||||
var user = await UserRepository
|
||||
@@ -165,7 +165,7 @@ public class UsersController : Controller
|
||||
}
|
||||
|
||||
[HttpDelete("{id}")]
|
||||
[RequirePermission("admin.users.delete")]
|
||||
[Authorize(Policy = "permissions:admin.users.delete")]
|
||||
public async Task Delete([FromRoute] int id)
|
||||
{
|
||||
var user = await UserRepository
|
||||
|
||||
Reference in New Issue
Block a user