Moonlight-Panel/Servers
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Moved share permission parsing to jsonb implementation of ef core. Improved auth handling for shares

Browse Source
This commit is contained in:
ChiaraBm
2025-06-06 14:15:32 +02:00
parent 1ec4450040
commit cfed1aefde
12 changed files with 176 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
MoonlightServers.ApiServer/Http/Controllers/Client/FilesController.cs
View File

@@ -164,8 +164,13 @@ public class FilesController : Controller
if (server == null)
throw new HttpApiException("No server with this id found", 404);
if (!await AuthorizeService.Authorize(User, server, permission => permission.Name == "files" && permission.Type >= type))
throw new HttpApiException("No server with this id found", 404);
var authorizeResult = await AuthorizeService.Authorize(
User, server,
permission => permission.Name == "files" && permission.Type >= type
);
if (!authorizeResult.Succeeded)
throw new HttpApiException("No permission for the requested resource", 403);
return server;
}

9
MoonlightServers.ApiServer/Http/Controllers/Client/PowerController.cs
View File

@@ -68,9 +68,14 @@ public class PowerController : Controller
if (server == null)
throw new HttpApiException("No server with this id found", 404);
if (!await AuthorizeService.Authorize(User, server, permission => permission is { Name: "power", Type: ServerPermissionType.ReadWrite }))
throw new HttpApiException("No server with this id found", 404);
var authorizeResult = await AuthorizeService.Authorize(
User, server,
permission => permission.Name == "power" && permission.Type >= ServerPermissionType.ReadWrite
);
if (!authorizeResult.Succeeded)
throw new HttpApiException("No permission for the requested resource", 403);
return server;
}
}

10
MoonlightServers.ApiServer/Http/Controllers/Client/ServersController.cs
View File

@@ -148,7 +148,9 @@ public class ServersController : Controller
if (server == null)
throw new HttpApiException("No server with this id found", 404);
if (!await AuthorizeService.Authorize(User, server))
var authorizationResult = await AuthorizeService.Authorize(User, server);
if (!authorizationResult.Succeeded)
throw new HttpApiException("No server with this id found", 404);
return new ServerDetailResponse()
@@ -256,8 +258,10 @@ public class ServersController : Controller
if (server == null)
throw new HttpApiException("No server with this id found", 404);
if (!await AuthorizeService.Authorize(User, server, filter))
throw new HttpApiException("No server with this id found", 404);
var authorizeResult = await AuthorizeService.Authorize(User, server, filter);
if (!authorizeResult.Succeeded)
throw new HttpApiException("No permission for the requested resource", 403);
return server;
}

9
MoonlightServers.ApiServer/Http/Controllers/Client/SettingsController.cs
View File

@@ -47,9 +47,14 @@ public class SettingsController : Controller
if (server == null)
throw new HttpApiException("No server with this id found", 404);
if (!await AuthorizeService.Authorize(User, server, permission => permission is { Name: "settings", Type: ServerPermissionType.ReadWrite }))
throw new HttpApiException("No server with this id found", 404);
var authorizeResult = await AuthorizeService.Authorize(
User, server,
permission => permission is { Name: "settings", Type: >= ServerPermissionType.ReadWrite }
);
if (!authorizeResult.Succeeded)
throw new HttpApiException("No permission for the requested resource", 403);
return server;
}
}

10
MoonlightServers.ApiServer/Http/Controllers/Client/VariablesController.cs
View File

@@ -132,9 +132,13 @@ public class VariablesController : Controller
if (server == null)
throw new HttpApiException("No server with this id found", 404);
if (!await AuthorizeService.Authorize(User, server,
permission => permission.Name == "variables" && permission.Type >= type))
throw new HttpApiException("No server with this id found", 404);
var authorizeResult = await AuthorizeService.Authorize(
User, server,
permission => permission.Name == "variables" && permission.Type >= type
);
if (!authorizeResult.Succeeded)
throw new HttpApiException("No permission for the requested resource", 403);
return server;
}