Allows to disable authorization for internal actions

usercode · usercode · commit d5740d618e7a · 2025-01-28T18:53:38.000+01:00
diff --git a/src/DragonFly.API.Core/ClientAPI/AssetApiStorage.cs b/src/DragonFly.API.Core/ClientAPI/AssetApiStorage.cs
@@ -39,9 +39,9 @@ public async Task<Result> UploadAsync(Guid assetId, string mimetype, Stream stre
         return await Client.SendAsync(requestMessage).ReadResultFromJsonAsync();
     }
 
-    public async Task<Result<Stream>> GetStreamAsync(Asset asset)
+    public async Task<Result<Stream>> GetStreamAsync(Guid assetId)
     {
-        return await Client.GetStreamAsync($"api/asset/{asset.Id}/download");
+        return await Client.GetStreamAsync($"api/asset/{assetId}/download");
     }
 
     public async Task<Result<Asset?>> GetAssetAsync(Guid id)
diff --git a/src/DragonFly.API.Core/DragonFly.API.Core.csproj b/src/DragonFly.API.Core/DragonFly.API.Core.csproj
@@ -44,7 +44,7 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="9.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Http" Version="9.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.SignalR.Client" Version="9.0.1" />
+    <PackageReference Include="Microsoft.Extensions.Http" Version="9.0.1" />
   </ItemGroup>
 </Project>
diff --git a/src/DragonFly.API/Rest/AssetApiExtensions.cs b/src/DragonFly.API/Rest/AssetApiExtensions.cs
@@ -104,7 +104,7 @@ private static async Task<IResult> MapDownload(HttpContext context, IAssetStorag
 
         context.Response.GetTypedHeaders().CacheControl = new CacheControlHeaderValue() { Public = true, MaxAge = TimeSpan.FromDays(30) };
 
-        Stream assetStream = await storage.GetStreamAsync(asset);
+        Stream assetStream = await storage.GetStreamAsync(asset.Id);
 
         return TypedResults.Stream(assetStream, contentType: asset.MimeType, entityTag: etag, enableRangeProcessing: true);
     }
diff --git a/src/DragonFly.App.WebAssembly.Client/DragonFly.App.WebAssembly.Client.csproj b/src/DragonFly.App.WebAssembly.Client/DragonFly.App.WebAssembly.Client.csproj
@@ -7,7 +7,7 @@
   </PropertyGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="9.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="9.0.1" />
   </ItemGroup>
 
   <ItemGroup>
diff --git a/src/DragonFly.AspNetCore.WebAssembly/DragonFly.AspNetCore.WebAssembly.csproj b/src/DragonFly.AspNetCore.WebAssembly/DragonFly.AspNetCore.WebAssembly.csproj
@@ -37,6 +37,6 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="9.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly.Server" Version="9.0.1" />
   </ItemGroup>
 </Project>
diff --git a/src/DragonFly.AspNetCore/Permissions/AuthorizationExtensions.cs b/src/DragonFly.AspNetCore/Permissions/AuthorizationExtensions.cs
@@ -3,6 +3,7 @@
 // MIT License
 
 using DragonFly.AspNetCore;
+using DragonFly.AspNetCore.Permissions;
 using Microsoft.AspNetCore.Authorization;
 using SmartResults;
 using System.Security.Claims;
@@ -32,4 +33,11 @@ public static async Task<Result> AuthorizeAsync(this IAuthorizationService autho
             return Result.Failed(new PermissionError(permission));
         }
     }
+
+    public static IDisposable DisableAuthorization(this IDragonFlyApi api)
+    {
+        var context = api.ServiceProvider.GetRequiredService<IPrincipalContext>();
+
+        return new DisableAuthorization(context);
+    }
 }
diff --git a/src/DragonFly.AspNetCore/Permissions/DisableAuthorization.cs b/src/DragonFly.AspNetCore/Permissions/DisableAuthorization.cs
@@ -0,0 +1,33 @@
+﻿// Copyright (c) usercode
+// https://github.com/usercode/DragonFly
+// MIT License
+
+using System.Security.Claims;
+
+namespace DragonFly.AspNetCore.Permissions;
+
+public class DisableAuthorization : IDisposable
+{
+    public DisableAuthorization(IPrincipalContext context)
+    {
+        Context = context;
+        OldPrincipal = Context.Current;
+
+        Context.Current = null;
+    }
+
+    /// <summary>
+    /// Context
+    /// </summary>
+    private IPrincipalContext Context { get; }
+
+    /// <summary>
+    /// OldPrincipal
+    /// </summary>
+    private ClaimsPrincipal? OldPrincipal { get; }
+
+    public void Dispose()
+    {
+        Context.Current = OldPrincipal;
+    }
+}
diff --git a/src/DragonFly.AspNetCore/Permissions/Storages/AssetPermissionStorage.cs b/src/DragonFly.AspNetCore/Permissions/Storages/AssetPermissionStorage.cs
@@ -56,9 +56,9 @@ public async Task<Result> DeleteAsync(Asset asset)
         return await Api.AuthorizeAsync(PrincipalContext.Current, AssetPermissions.ReadAsset).ThenAsync(x  => Storage.GetAssetAsync(id));
     }
 
-    public async Task<Result<Stream>> GetStreamAsync(Asset asset)
+    public async Task<Result<Stream>> GetStreamAsync(Guid assetId)
     {
-        return await Api.AuthorizeAsync(PrincipalContext.Current, AssetPermissions.DownloadAsset).ThenAsync(x => Storage.GetStreamAsync(asset));
+        return await Api.AuthorizeAsync(PrincipalContext.Current, AssetPermissions.DownloadAsset).ThenAsync(x => Storage.GetStreamAsync(assetId));
     }
 
     public async Task<Result> PublishAsync(Asset asset)
diff --git a/src/DragonFly.Client.WebAssembly/DragonFly.Client.WebAssembly.csproj b/src/DragonFly.Client.WebAssembly/DragonFly.Client.WebAssembly.csproj
@@ -40,6 +40,6 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="9.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.WebAssembly" Version="9.0.1" />
   </ItemGroup>
 </Project>
diff --git a/src/DragonFly.Client/DragonFly.Client.csproj b/src/DragonFly.Client/DragonFly.Client.csproj
@@ -50,13 +50,13 @@
   </ItemGroup>
   
   <ItemGroup>   
-    <PackageReference Include="Microsoft.AspNetCore.Components.Authorization" Version="9.0.0" />
-    <PackageReference Include="Microsoft.AspNetCore.Components.Web" Version="9.0.0" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.Authorization" Version="9.0.1" />
+    <PackageReference Include="Microsoft.AspNetCore.Components.Web" Version="9.0.1" />
     <PackageReference Include="Microsoft.Web.LibraryManager.Build" Version="2.1.175" PrivateAssets="All" />
   </ItemGroup>
 
 	<ItemGroup>
-		<PackageReference Include="BlazorStrap" Version="5.2.103.122024" />
+		<PackageReference Include="BlazorStrap" Version="5.2.103.250102" />
     <PackageReference Include="BlazorStrap.V5" Version="5.2.103.122024" />
 	</ItemGroup>
 
diff --git a/src/DragonFly.Client/Extensions/CssExtensions.cs b/src/DragonFly.Client/Extensions/CssExtensions.cs
@@ -15,7 +15,7 @@ public static string ToCss(this BackgroundTaskState state)
             BackgroundTaskState.Failed => "list-group-item-danger",
             BackgroundTaskState.Canceled => "list-group-item-warning",
             BackgroundTaskState.Canceling => "list-group-item-warning",
-            _ => "list-group-item-light"
+            _ => null
         };
     }
 }
diff --git a/src/DragonFly.Client/Pages/Assets/AssetDetail.razor.cs b/src/DragonFly.Client/Pages/Assets/AssetDetail.razor.cs
@@ -53,11 +53,11 @@ protected override void BuildToolbarItems(IList<ToolbarItem> toolbarItems)
         }
         else
         {
-            toolbarItems.Add(new ToolbarItem("Publish", BSColor.Success, () => PublishAsync()));
+            toolbarItems.Add(new ToolbarItem("Publish", BSColor.Primary, () => PublishAsync()));
             toolbarItems.AddRefreshButton(this);
             toolbarItems.AddUpdateButton(this);
             toolbarItems.AddDeleteButton(this);
-            toolbarItems.Add(new ToolbarItem("Refresh metadata", BSColor.Danger, () => ApplyMetadata()));
+            toolbarItems.Add(new ToolbarItem("Refresh metadata", BSColor.Primary, () => ApplyMetadata()));
         }            
     }
 
diff --git a/src/DragonFly.Client/Pages/Assets/AssetList.razor.cs b/src/DragonFly.Client/Pages/Assets/AssetList.razor.cs
@@ -21,8 +21,8 @@ public partial class AssetList
 
     protected override void BuildToolbarItems(IList<ToolbarItem> toolbarItems)
     {
-        toolbarItems.Add(new ToolbarItem("Create", BlazorStrap.BSColor.Danger, async () => Navigation.NavigateTo($"asset/create/{SelectedFolder?.Id}")));
-        toolbarItems.Add(new ToolbarItem("Apply metadata", BlazorStrap.BSColor.Danger, RefreshAllMetadataAsync));
+        toolbarItems.Add(new ToolbarItem("Create", BlazorStrap.BSColor.Primary, async () => Navigation.NavigateTo($"asset/create/{SelectedFolder?.Id}")));
+        toolbarItems.Add(new ToolbarItem("Apply metadata", BlazorStrap.BSColor.Primary, RefreshAllMetadataAsync));
     }
 
     protected virtual AssetQuery CreateQuery()
diff --git a/src/DragonFly.Client/Pages/BackgroundTasks/BackgroundTaskItem.razor b/src/DragonFly.Client/Pages/BackgroundTasks/BackgroundTaskItem.razor
@@ -13,7 +13,7 @@
             </span>
         </BSCol>
         <BSCol ColumnLarge="1">
-            <BSProgressBar Min="0" Max="Task.ProgressMaxValue" Value="Task.ProgressValue">@(((double)Task.ProgressValue * 100 / Task.ProgressMaxValue).ToString("0"))%</BSProgressBar>
+            <BSProgressBar Color="BSColor.Light" Min="0" Max="Task.ProgressMaxValue" Value="Task.ProgressValue">@(((double)Task.ProgressValue * 100 / Task.ProgressMaxValue).ToString("0"))%</BSProgressBar>
         </BSCol>
         <BSCol ColumnLarge="4">
             <span>@Task.Name</span>
diff --git a/src/DragonFly.Core/DragonFly.Core.csproj b/src/DragonFly.Core/DragonFly.Core.csproj
@@ -36,10 +36,10 @@
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Fluid.Core" Version="2.17.0" />
+    <PackageReference Include="Fluid.Core" Version="2.19.0" />
     <PackageReference Include="SmartResults" Version="1.0.2" />
-    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="9.0.0" />
-    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.0" />
+    <PackageReference Include="Microsoft.Extensions.DependencyInjection.Abstractions" Version="9.0.1" />
+    <PackageReference Include="Microsoft.Extensions.Logging.Abstractions" Version="9.0.1" />
     <PackageReference Include="Microsoft.SourceLink.GitHub" Version="8.0.0" PrivateAssets="All" />
   </ItemGroup>
   
diff --git a/src/DragonFly.Core/Modules/Assets/IAssetStorage.cs b/src/DragonFly.Core/Modules/Assets/IAssetStorage.cs
@@ -25,7 +25,7 @@ public interface IAssetStorage
 
     Task<Result> UploadAsync(Guid assetId, string mimetype, Stream stream);
 
-    Task<Result<Stream>> GetStreamAsync(Asset asset);
+    Task<Result<Stream>> GetStreamAsync(Guid assetId);
 
     Task<Result> ApplyMetadataAsync(Asset asset);
 
diff --git a/src/DragonFly.Core/Modules/ContentItems/Events/ContentPublished.cs b/src/DragonFly.Core/Modules/ContentItems/Events/ContentPublished.cs
@@ -0,0 +1,10 @@
+﻿// Copyright (c) usercode
+// https://github.com/usercode/DragonFly
+// MIT License
+
+namespace DragonFly;
+
+public class ContentPublished
+{
+    public Guid ContentId { get; set; }
+}
diff --git a/src/DragonFly.Core/Modules/ContentItems/Events/ContentUnpublished.cs b/src/DragonFly.Core/Modules/ContentItems/Events/ContentUnpublished.cs
@@ -0,0 +1,10 @@
+﻿// Copyright (c) usercode
+// https://github.com/usercode/DragonFly
+// MIT License
+
+namespace DragonFly;
+
+public class ContentUnpublished
+{
+    public Guid ContentId { get; set; }
+}
diff --git a/src/DragonFly.Core/Modules/ContentModels/Extensions/ModelStorageExtensions.cs b/src/DragonFly.Core/Modules/ContentModels/Extensions/ModelStorageExtensions.cs
@@ -14,10 +14,10 @@ public static class ModelStorageExtensions
     /// <summary>
     /// Gets <typeparamref name="TContentModel"/> by id.
     /// </summary>
-    public static async Task<TContentModel?> GetContentAsync<TContentModel>(this IContentStorage storage, string schema, Guid id)
+    public static async Task<TContentModel?> GetContentAsync<TContentModel>(this IContentStorage storage, Guid id)
         where TContentModel : class, IContentModel
     {
-        ContentItem? content = await storage.GetContentAsync(schema, id);
+        ContentItem? content = await storage.GetContentAsync(TContentModel.Schema.Name, id);
 
         if (content == null)
         {
diff --git a/src/DragonFly.Generator.Tests/DragonFly.Generator.Tests.csproj b/src/DragonFly.Generator.Tests/DragonFly.Generator.Tests.csproj
@@ -10,18 +10,18 @@
     <PackageReference Include="Microsoft.CodeAnalysis.Analyzer.Testing" Version="1.1.2" />
     <PackageReference Include="Microsoft.CodeAnalysis.CSharp" Version="4.12.0" />
     <PackageReference Include="Microsoft.NET.Test.Sdk" Version="17.12.0" />
-    <PackageReference Include="System.Formats.Asn1" Version="9.0.0" />
-    <PackageReference Include="xunit" Version="2.9.2" />
-    <PackageReference Include="xunit.runner.visualstudio" Version="3.0.0">
+    <PackageReference Include="System.Formats.Asn1" Version="9.0.1" />
+    <PackageReference Include="xunit" Version="2.9.3" />
+    <PackageReference Include="xunit.runner.visualstudio" Version="3.0.1">
       <PrivateAssets>all</PrivateAssets>
       <IncludeAssets>runtime; build; native; contentfiles; analyzers</IncludeAssets>
     </PackageReference>
   </ItemGroup>
 
   <ItemGroup>
-    <PackageReference Include="Verify.XUnit" Version="28.7.0" />
+    <PackageReference Include="Verify.XUnit" Version="28.9.0" />
     <PackageReference Include="Verify.SourceGenerators" Version="2.5.0" />
-    <PackageReference Include="coverlet.collector" Version="6.0.3">
+    <PackageReference Include="coverlet.collector" Version="6.0.4">
       <IncludeAssets>runtime; build; native; contentfiles; analyzers; buildtransitive</IncludeAssets>
       <PrivateAssets>all</PrivateAssets>
     </PackageReference>
diff --git a/src/DragonFly.GraphQL/DragonFly.GraphQL.csproj b/src/DragonFly.GraphQL/DragonFly.GraphQL.csproj
@@ -24,7 +24,7 @@
   </ItemGroup>
   
   <ItemGroup>
-    <PackageReference Include="GraphQL" Version="8.2.1" />
+    <PackageReference Include="GraphQL" Version="8.3.0" />
     <PackageReference Include="GraphQL.Server.Transports.AspNetCore" Version="8.2.0" />
     <PackageReference Include="GraphQL.Server.Ui.Playground" Version="8.2.0" />
   </ItemGroup>
diff --git a/src/DragonFly.ImageWizard/DragonFlyLoader.cs b/src/DragonFly.ImageWizard/DragonFlyLoader.cs
@@ -13,12 +13,18 @@ namespace DragonFly.ImageWizard;
 /// </summary>
 public class DragonFlyLoader : Loader<DragonFlyLoaderOptions>
 {
-    public DragonFlyLoader(IAssetStorage storage, IOptions<DragonFlyLoaderOptions> options)
+    public DragonFlyLoader(IDragonFlyApi api, IAssetStorage storage, IOptions<DragonFlyLoaderOptions> options)
         : base(options)
     {
+        Api = api;
         Storage = storage;
     }
 
+    /// <summary>
+    /// Api
+    /// </summary>
+    private IDragonFlyApi Api { get; }
+
     /// <summary>
     /// Storage
     /// </summary>
@@ -38,17 +44,20 @@ public override async Task<LoaderResult> GetAsync(string source, ICachedData? ex
         else
         {
             id = Guid.Parse(source);
-        }            
-
-        Asset? asset = await Storage.GetAssetAsync(id);
+        }
 
-        if (asset == null)
+        using (Api.DisableAuthorization())
         {
-            return LoaderResult.Failed();
-        }
+            Asset? asset = await Storage.GetAssetAsync(id);
 
-        Stream stream = await Storage.GetStreamAsync(asset);
+            if (asset == null)
+            {
+                return LoaderResult.Failed();
+            }
 
-        return LoaderResult.Success(new OriginalData(asset.MimeType, stream));
+            Stream stream = await Storage.GetStreamAsync(asset.Id);
+
+            return LoaderResult.Success(new OriginalData(asset.MimeType, stream));
+        }
     }
 }
diff --git a/src/DragonFly.MongoDB/Storages/AssetMongoStorage.cs b/src/DragonFly.MongoDB/Storages/AssetMongoStorage.cs
@@ -159,9 +159,9 @@ public async Task<Result> UploadAsync(Guid assetId, string mimetype, Stream stre
         return Result.Ok();
     }
 
-    public async Task<Result<Stream>> GetStreamAsync(Asset asset)
+    public async Task<Result<Stream>> GetStreamAsync(Guid assetId)
     {
-        return await AssetData.OpenDownloadStreamByNameAsync(asset.Id.ToString());
+        return await AssetData.OpenDownloadStreamByNameAsync(assetId.ToString());
     }
 
     public async Task<Result<QueryResult<Asset>>> QueryAsync(AssetQuery assetQuery)
diff --git a/src/Template/templatepack.csproj b/src/Template/templatepack.csproj
@@ -2,7 +2,7 @@
 
   <PropertyGroup>
     <PackageType>Template</PackageType>
-    <PackageVersion>1.0.23</PackageVersion>
+    <PackageVersion>1.0.24</PackageVersion>
     <PackageId>DragonFly.Templates</PackageId>
     <PackageProjectUrl>https://github.com/usercode/DragonFly</PackageProjectUrl>
     <PackageLicenseExpression>MIT</PackageLicenseExpression>
diff --git a/src/Template/templates/DragonFlyApp.Server/Pages/BlogPost.cshtml b/src/Template/templates/DragonFlyApp.Server/Pages/BlogPost.cshtml
@@ -13,7 +13,9 @@
             <div class="col-lg-3">
                 <div class="heading-index">
                     <div class="list-group">
-                            @foreach (HeadingBlock heading in Model.Document.EnumerateBlocks().OfType<HeadingBlock>())
+                            @foreach (HeadingBlock heading in Model.Document.EnumerateBlocks()
+                                                                                .Select(x => x.Block)
+                                                                                .OfType<HeadingBlock>())
                             {
                             <a href="#@SlugService.Transform(heading.Text)" class="list-group-item list-group-item-action">@heading.Text</a>
                             }

Original file line number	Diff line number	Diff line change
`@@ -39,9 +39,9 @@ public async Task<Result> UploadAsync(Guid assetId, string mimetype, Stream stre`
`39`	`39`	`return await Client.SendAsync(requestMessage).ReadResultFromJsonAsync();`
`40`	`40`	`}`
`41`	`41`
`42`		`- public async Task<Result<Stream>> GetStreamAsync(Asset asset)`
	`42`	`+ public async Task<Result<Stream>> GetStreamAsync(Guid assetId)`
`43`	`43`	`{`
`44`		`- return await Client.GetStreamAsync($"api/asset/{asset.Id}/download");`
	`44`	`+ return await Client.GetStreamAsync($"api/asset/{assetId}/download");`
`45`	`45`	`}`
`46`	`46`
`47`	`47`	`public async Task<Result<Asset?>> GetAssetAsync(Guid id)`
Original file line number	Diff line number	Diff line change
`@@ -104,7 +104,7 @@ private static async Task<IResult> MapDownload(HttpContext context, IAssetStorag`
`104`	`104`
`105`	`105`	`context.Response.GetTypedHeaders().CacheControl = new CacheControlHeaderValue() { Public = true, MaxAge = TimeSpan.FromDays(30) };`
`106`	`106`
`107`		`- Stream assetStream = await storage.GetStreamAsync(asset);`
	`107`	`+ Stream assetStream = await storage.GetStreamAsync(asset.Id);`
`108`	`108`
`109`	`109`	`return TypedResults.Stream(assetStream, contentType: asset.MimeType, entityTag: etag, enableRangeProcessing: true);`
`110`	`110`	`}`
Original file line number	Diff line number	Diff line change
`@@ -3,6 +3,7 @@`
`3`	`3`	`// MIT License`
`4`	`4`
`5`	`5`	`using DragonFly.AspNetCore;`
	`6`	`+using DragonFly.AspNetCore.Permissions;`
`6`	`7`	`using Microsoft.AspNetCore.Authorization;`
`7`	`8`	`using SmartResults;`
`8`	`9`	`using System.Security.Claims;`
`@@ -32,4 +33,11 @@ public static async Task<Result> AuthorizeAsync(this IAuthorizationService autho`
`32`	`33`	`return Result.Failed(new PermissionError(permission));`
`33`	`34`	`}`
`34`	`35`	`}`
	`36`	`+`
	`37`	`+ public static IDisposable DisableAuthorization(this IDragonFlyApi api)`
	`38`	`+ {`
	`39`	`+ var context = api.ServiceProvider.GetRequiredService<IPrincipalContext>();`
	`40`	`+`
	`41`	`+ return new DisableAuthorization(context);`
	`42`	`+ }`
`35`	`43`	`}`
Original file line number	Diff line number	Diff line change
`@@ -56,9 +56,9 @@ public async Task<Result> DeleteAsync(Asset asset)`
`56`	`56`	`return await Api.AuthorizeAsync(PrincipalContext.Current, AssetPermissions.ReadAsset).ThenAsync(x => Storage.GetAssetAsync(id));`
`57`	`57`	`}`
`58`	`58`
`59`		`- public async Task<Result<Stream>> GetStreamAsync(Asset asset)`
	`59`	`+ public async Task<Result<Stream>> GetStreamAsync(Guid assetId)`
`60`	`60`	`{`
`61`		`- return await Api.AuthorizeAsync(PrincipalContext.Current, AssetPermissions.DownloadAsset).ThenAsync(x => Storage.GetStreamAsync(asset));`
	`61`	`+ return await Api.AuthorizeAsync(PrincipalContext.Current, AssetPermissions.DownloadAsset).ThenAsync(x => Storage.GetStreamAsync(assetId));`
`62`	`62`	`}`
`63`	`63`
`64`	`64`	`public async Task<Result> PublishAsync(Asset asset)`