11using Microsoft . EntityFrameworkCore ;
2+ using Microsoft . AspNetCore . Http ;
23using System . Linq ;
34using MyWebApp . Data ;
45
@@ -8,6 +9,7 @@ public class LayoutService
89{
910 private readonly CacheService _cache ;
1011 private readonly TokenRenderService _tokens ;
12+ private readonly IHttpContextAccessor _accessor ;
1113 private const string HeaderKey = "layout_header" ;
1214 private const string FooterKey = "layout_footer" ;
1315
@@ -27,50 +29,94 @@ public static string[] GetZones(string layout)
2729 return LayoutZones . TryGetValue ( layout , out var zones ) ? zones : Array . Empty < string > ( ) ;
2830 }
2931
30- public LayoutService ( CacheService cache , TokenRenderService tokens )
32+ public LayoutService ( CacheService cache , TokenRenderService tokens , IHttpContextAccessor accessor )
3133 {
3234 _cache = cache ;
3335 _tokens = tokens ;
36+ _accessor = accessor ;
37+ }
38+
39+ private string [ ] GetRoles ( )
40+ {
41+ var roles = _accessor . HttpContext ? . Session . GetString ( "Roles" ) ;
42+ return string . IsNullOrWhiteSpace ( roles ) ? Array . Empty < string > ( ) : roles . Split ( ',' ) ;
43+ }
44+
45+ private async Task < List < int > > GetAllowedPermissionsAsync ( ApplicationDbContext db , string [ ] roles )
46+ {
47+ if ( roles . Length == 0 ) return new List < int > ( ) ;
48+ return await db . RolePermissions . AsNoTracking ( )
49+ . Where ( rp => roles . Contains ( rp . Role ! . Name ) )
50+ . Select ( rp => rp . PermissionId )
51+ . Distinct ( )
52+ . ToListAsync ( ) ;
3453 }
3554
3655 public async Task < string > GetHeaderAsync ( ApplicationDbContext db )
3756 {
38- return await _cache . GetOrCreateAsync ( HeaderKey , async e =>
57+ var roles = GetRoles ( ) ;
58+ if ( roles . Length == 0 )
3959 {
40- e . AbsoluteExpirationRelativeToNow = TimeSpan . FromMinutes ( 5 ) ;
41- var parts = await db . PageSections . AsNoTracking ( )
42- . Where ( s => s . Page . Slug == "layout" && s . Zone == "header" )
43- . OrderBy ( s => s . SortOrder )
44- . Select ( s => s . Html )
45- . ToListAsync ( ) ;
46- var html = string . Join ( System . Environment . NewLine , parts ) ;
47- return await _tokens . RenderAsync ( db , html ) ;
48- } ) ;
60+ return await _cache . GetOrCreateAsync ( HeaderKey , async e =>
61+ {
62+ e . AbsoluteExpirationRelativeToNow = TimeSpan . FromMinutes ( 5 ) ;
63+ var parts = await db . PageSections . AsNoTracking ( )
64+ . Where ( s => s . Page . Slug == "layout" && s . Zone == "header" && s . PermissionId == null )
65+ . OrderBy ( s => s . SortOrder )
66+ . Select ( s => s . Html )
67+ . ToListAsync ( ) ;
68+ var html = string . Join ( System . Environment . NewLine , parts ) ;
69+ return await _tokens . RenderAsync ( db , html ) ;
70+ } ) ;
71+ }
72+
73+ var allowed = await GetAllowedPermissionsAsync ( db , roles ) ;
74+ var query = db . PageSections . AsNoTracking ( )
75+ . Where ( s => s . Page . Slug == "layout" && s . Zone == "header" ) ;
76+ query = query . Where ( s => s . PermissionId == null || allowed . Contains ( s . PermissionId . Value ) ) ;
77+ var parts2 = await query . OrderBy ( s => s . SortOrder ) . Select ( s => s . Html ) . ToListAsync ( ) ;
78+ var html2 = string . Join ( System . Environment . NewLine , parts2 ) ;
79+ return await _tokens . RenderAsync ( db , html2 ) ;
4980 }
5081
5182 public async Task < string > GetFooterAsync ( ApplicationDbContext db )
5283 {
53- return await _cache . GetOrCreateAsync ( FooterKey , async e =>
84+ var roles = GetRoles ( ) ;
85+ if ( roles . Length == 0 )
5486 {
55- e . AbsoluteExpirationRelativeToNow = TimeSpan . FromMinutes ( 5 ) ;
56- var parts = await db . PageSections . AsNoTracking ( )
57- . Where ( s => s . Page . Slug == "layout" && s . Zone == "footer" )
58- . OrderBy ( s => s . SortOrder )
59- . Select ( s => s . Html )
60- . ToListAsync ( ) ;
61- var html = string . Join ( System . Environment . NewLine , parts ) ;
62- return await _tokens . RenderAsync ( db , html ) ;
63- } ) ;
87+ return await _cache . GetOrCreateAsync ( FooterKey , async e =>
88+ {
89+ e . AbsoluteExpirationRelativeToNow = TimeSpan . FromMinutes ( 5 ) ;
90+ var parts = await db . PageSections . AsNoTracking ( )
91+ . Where ( s => s . Page . Slug == "layout" && s . Zone == "footer" && s . PermissionId == null )
92+ . OrderBy ( s => s . SortOrder )
93+ . Select ( s => s . Html )
94+ . ToListAsync ( ) ;
95+ var html = string . Join ( System . Environment . NewLine , parts ) ;
96+ return await _tokens . RenderAsync ( db , html ) ;
97+ } ) ;
98+ }
99+
100+ var allowed = await GetAllowedPermissionsAsync ( db , roles ) ;
101+ var query = db . PageSections . AsNoTracking ( )
102+ . Where ( s => s . Page . Slug == "layout" && s . Zone == "footer" ) ;
103+ query = query . Where ( s => s . PermissionId == null || allowed . Contains ( s . PermissionId . Value ) ) ;
104+ var parts2 = await query . OrderBy ( s => s . SortOrder ) . Select ( s => s . Html ) . ToListAsync ( ) ;
105+ var html2 = string . Join ( System . Environment . NewLine , parts2 ) ;
106+ return await _tokens . RenderAsync ( db , html2 ) ;
64107 }
65108
66109 public async Task < string > GetSectionAsync ( ApplicationDbContext db , int pageId , string zone )
67110 {
68-
69- var parts = await db . PageSections . AsNoTracking ( )
70- . Where ( s => s . PageId == pageId && s . Zone == zone )
71- . OrderBy ( s => s . SortOrder )
72- . Select ( s => s . Html )
73- . ToListAsync ( ) ;
111+ var roles = GetRoles ( ) ;
112+ var allowed = await GetAllowedPermissionsAsync ( db , roles ) ;
113+ var query = db . PageSections . AsNoTracking ( )
114+ . Where ( s => s . PageId == pageId && s . Zone == zone ) ;
115+ if ( allowed . Count == 0 )
116+ query = query . Where ( s => s . PermissionId == null ) ;
117+ else
118+ query = query . Where ( s => s . PermissionId == null || allowed . Contains ( s . PermissionId . Value ) ) ;
119+ var parts = await query . OrderBy ( s => s . SortOrder ) . Select ( s => s . Html ) . ToListAsync ( ) ;
74120 var html = string . Join ( System . Environment . NewLine , parts ) ;
75121 return await _tokens . RenderAsync ( db , html ) ;
76122
0 commit comments