change show-draft permissions to be configurable #3394

2sic · Jun 3, 2024 · 7ffec20 · 7ffec20
1 parent 5c8ebdf
commit 7ffec20
Show file tree

Hide file tree

Showing 5 changed files with 47 additions and 15 deletions.
diff --git a/Src/Dnn/ToSic.Sxc.Dnn.Core/Dnn/Context/DnnUser.cs b/Src/Dnn/ToSic.Sxc.Dnn.Core/Dnn/Context/DnnUser.cs
@@ -29,14 +29,13 @@ private string GetUserIdentityToken ()
 
     public bool IsSystemAdmin => DnnUserInfo?.IsSuperUser ?? false;
 
-    public bool IsSiteAdmin => AdminPermissions.IsSiteAdmin;
-    public bool IsContentAdmin => AdminPermissions.IsContentAdmin;
+    public bool IsSiteAdmin => EffectivePermissions.IsSiteAdmin;
+    public bool IsContentAdmin => EffectivePermissions.IsContentAdmin;
     public bool IsSiteDeveloper => IsSystemAdmin;
 
-    private AdminPermissions AdminPermissions => _adminPermissions.Get(
-        () => DnnUserInfo.NullOrGetWith(userInfo => dnnSecurity.Value.UserMayAdminThis(userInfo))
-    );
-    private readonly GetOnce<AdminPermissions> _adminPermissions = new();
+    private EffectivePermissions EffectivePermissions => _adminPermissions
+        ??= DnnUserInfo.NullOrGetWith(userInfo => dnnSecurity.Value.UserMayAdminThis(userInfo));
+    private EffectivePermissions _adminPermissions;
 
 
     private UserInfo DnnUserInfo => _user.Get(() => PortalSettings.Current?.UserInfo);

diff --git a/Src/Dnn/ToSic.Sxc.Dnn.Core/Dnn/Run/DnnSecurity.cs b/Src/Dnn/ToSic.Sxc.Dnn.Core/Dnn/Run/DnnSecurity.cs
@@ -1,6 +1,7 @@
 using System.Web.Security;
 using DotNetNuke.Entities.Portals;
 using DotNetNuke.Entities.Users;
+using DotNetNuke.Security.Permissions;
 using DotNetNuke.Security.Roles;
 using ToSic.Eav.Context;
 using ToSic.Eav.Plumbing;
@@ -35,7 +36,7 @@ private bool IsNullOrAnonymous(UserInfo user)
         => user == null || user.UserID == -1;
 
 
-    internal AdminPermissions UserMayAdminThis(UserInfo user)
+    internal EffectivePermissions UserMayAdminThis(UserInfo user)
     {
         // Null-Check
         if (IsNullOrAnonymous(user))
@@ -51,6 +52,10 @@ internal AdminPermissions UserMayAdminThis(UserInfo user)
         if (portal == null)
             return new(false);
 
+        // TODO: is there a way to get this with DI?
+        //bool displayTitle = ModulePermissionController.CanEditModuleContent(module)
+        //var dnnPermissionProvider = PermissionProvider.Instance();
+
         // Non-SuperUsers must be Admin AND in the group SxcAppAdmins
         if (!user.IsInRole(portal.AdministratorRoleName ?? DnnAdminRoleDefaultName))
             return new(false);
@@ -60,7 +65,7 @@ internal AdminPermissions UserMayAdminThis(UserInfo user)
             return new(true);
 
         // If the special group doesn't exist, then the admin-state (which is true - since he got here) is valid
-        return new(true, !hasSpecialGroup);
+        return new(isSiteAdmin: !hasSpecialGroup, isContentAdmin: true);
     }
 
 

diff --git a/Src/Sxc/ToSic.Sxc/Blocks/Internal/ModuleAndBlockBuilder.cs b/Src/Sxc/ToSic.Sxc/Blocks/Internal/ModuleAndBlockBuilder.cs
@@ -28,7 +28,6 @@ public IBlock BuildBlock(int pageId, int moduleId)
         var module = GetModuleImplementation(pageId, moduleId);
         var ctx = GetContextOfBlock(module, pageId);
 
-        // 2024-03-11 2dm WIP
         var block = blockGenerator.New().Init(ctx);
         return l.ReturnAsOk(block);
     }

diff --git a/Src/Sxc/ToSic.Sxc/Context/Internal/ISxcContextResolver.cs b/Src/Sxc/ToSic.Sxc/Context/Internal/ISxcContextResolver.cs
@@ -1,6 +1,5 @@
 using ToSic.Eav.Context;
 using ToSic.Eav.Context.Internal;
-using ToSic.Sxc.Blocks;
 using ToSic.Sxc.Blocks.Internal;
 
 namespace ToSic.Sxc.Context.Internal;

diff --git a/Src/Sxc/ToSic.Sxc/Context/Internal/SxcContextResolver.cs b/Src/Sxc/ToSic.Sxc/Context/Internal/SxcContextResolver.cs
@@ -2,9 +2,9 @@
 using ToSic.Eav.Context;
 using ToSic.Eav.Context.Internal;
 using ToSic.Lib.DI;
-using ToSic.Lib.Helpers;
 using ToSic.Sxc.Blocks.Internal;
 using ToSic.Sxc.Services;
+using ToSic.Sxc.Web.Internal.DotNet;
 
 namespace ToSic.Sxc.Context.Internal;
 
@@ -13,18 +13,48 @@ internal partial class SxcContextResolver(
     LazySvc<AppIdResolver> appIdResolverLazy,
     Generator<IContextOfSite> siteCtxGenerator,
     Generator<IContextOfApp> appCtxGenerator,
-    Lazy<IFeaturesService> featuresService)
-    : ContextResolver(siteCtxGenerator, appCtxGenerator, "Sxc.CtxRes", connect: [appIdResolverLazy, siteCtxGenerator, appCtxGenerator, featuresService]), ISxcContextResolver
+    Lazy<IFeaturesService> featuresService,
+    LazySvc<IHttp> http)
+    : ContextResolver(siteCtxGenerator, appCtxGenerator, "Sxc.CtxRes", connect: [appIdResolverLazy, siteCtxGenerator, appCtxGenerator, featuresService, http]), ISxcContextResolver
 {
+    private const string CookieTemplate = "app-{0}-data-preview";
+    private const string CookieLive = "live";
 
     /// <summary>
     /// Get the best possible context which can give us insights about the user permissions.
     ///
     /// TODO: WIP - requires that if an app is to be used, it was accessed before - not yet perfect...
     /// </summary>
     /// <returns></returns>
-    public AdminPermissions UserPermissions() => _ctxUserPerm.Get(() => (BlockContextOrNull() ?? AppOrNull() ?? Site())?.Permissions);
-    private readonly GetOnce<AdminPermissions> _ctxUserPerm = new();
+    public EffectivePermissions UserPermissions() => _ctxUserPerm ??= GetUserPermissions();
+    private EffectivePermissions _ctxUserPerm;
+
+    /// <summary>
+    /// Figure out user permissions based on block-context, app-context or site-context.
+    /// In addition, (new 17.10) figure out if a cookie is set to show live or draft data.
+    /// </summary>
+    /// <returns></returns>
+    private EffectivePermissions GetUserPermissions()
+    {
+        var perms = (BlockContextOrNull() ?? AppOrNull() ?? Site())?.Permissions;
+        if (perms == null) return new(false);
+        if (!perms.ShowDraftData) return perms;
+
+        // Check if an all-apps cookie is set
+        return CookieExpectsLive("*") 
+            ? new(perms.IsSiteAdmin, perms.IsContentAdmin, perms.IsContentEditor, showDrafts: false) :
+            perms;
+
+        // Check if a cookie is set to this specific app
+        // 2024-06-03 ATM this doesn't work, because the initial access
+        // to get the view etc. already needs to know this, and at that time the block isn't created yet
+        // would need quite a bit of work to get it right, so commented out for now.
+        //if (blockOrAppCtx != null && CookieExpectsLive(blockOrAppCtx.AppState.AppId.ToString()))
+        //    return new(perms.IsSiteAdmin, perms.IsContentAdmin, perms.IsContentEditor,
+        //        showDrafts: false);
+
+        bool CookieExpectsLive(string app) => http?.Value.GetCookie(string.Format(CookieTemplate, app)) == CookieLive;
+    }
 
     public IContextOfApp SetAppOrNull(string nameOrPath)
     {