New IP addresses validation

GeeksCoreLibrary.Tests/Core/Services/WiserItemsServiceTests.cs

@@ -11,6 +11,7 @@
 using FluentAssertions;
 using GeeksCoreLibrary.Core.Interfaces;
 using GeeksCoreLibrary.Core.Models;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 
@@ -29,6 +30,7 @@
     private Mock<ILogger<WiserItemsService>> loggerMock;
     private Mock<IEntityTypesService> entityTypesServiceMock;
     private Mock<ILinkTypesService> linkTypesServiceMock;
+    private Mock<IHttpContextAccessor> httpContextAccessorMock;
 #pragma warning restore CS8618 // Non-nullable field must contain a non-null value when exiting constructor. Consider declaring as nullable.
 
     [SetUp]
@@ -44,6 +46,7 @@
         loggerMock = new Mock<ILogger<WiserItemsService>>();
         entityTypesServiceMock = new Mock<IEntityTypesService>();
         linkTypesServiceMock = new Mock<ILinkTypesService>();
+
 
         // Create the service that we're testing.
         wiserItemsService = new WiserItemsService(databaseConnectionMock.Object, objectsServiceMock.Object, stringReplacementsServiceMock.Object, dataSelectorsServiceMock.Object, databaseHelpersServiceMock.Object, gclSettingsMock, loggerMock.Object, entityTypesServiceMock.Object, linkTypesServiceMock.Object);

GeeksCoreLibrary/Core/Models/RoleModel.cs

@@ -21,4 +21,9 @@ public class RoleModel
     /// Gets or sets all permissions for this role.
     /// </summary>
     public List<PermissionModel> Permissions { get; set; }
+
+    /// <summary>
+    /// Gets or sets the ip addresses of the role.
+    /// </summary>
+    public List<string> IpAddresses { get; set; }
 }

GeeksCoreLibrary/Core/Services/RolesService.cs

@@ -9,6 +9,7 @@
 using GeeksCoreLibrary.Core.Interfaces;
 using GeeksCoreLibrary.Core.Models;
 using GeeksCoreLibrary.Modules.Databases.Interfaces;
+using Newtonsoft.Json;
 
 namespace GeeksCoreLibrary.Core.Services;
 
@@ -31,20 +32,22 @@ public async Task<List<RoleModel>> GetRolesAsync(bool includePermissions = false
         string query;
         if (includePermissions)
         {
-            query = $"""
-                     SELECT 
-                         role.id, 
-                         role.role_name,
-                         permission.item_id,
-                         permission.entity_property_id,
-                         permission.module_id,
-                         permission.permissions,
-                     	permission.endpoint_url,
-                     	permission.endpoint_http_method
-                     FROM {WiserTableNames.WiserRoles} AS role 
-                     LEFT JOIN {WiserTableNames.WiserPermission} AS permission ON permission.role_id = role.id
-                     ORDER BY role_name ASC
-                     """;
+            query = $$"""
+                      SELECT 
+                          role.id, 
+                          role.role_name,
+                          user_role.ip_addresses,
+                          permission.item_id,
+                          permission.entity_property_id,
+                          permission.module_id,
+                          permission.permissions,
+                      	permission.endpoint_url,
+                      	permission.endpoint_http_method
+                      FROM {{WiserTableNames.WiserRoles}} AS role 
+                      LEFT JOIN {{WiserTableNames.WiserUserRoles}} AS user_role ON user_role.role_id = role.id
+                      LEFT JOIN {{WiserTableNames.WiserPermission}} AS permission ON permission.role_id = role.id
+                      ORDER BY role_name ASC
+                      """;
         }
         else
         {
@@ -69,7 +72,8 @@ ORDER BY role_name ASC
                 role = new RoleModel
                 {
                     Id = roleId,
-                    Name = dataRow.Field<string>("role_name")
+                    Name = dataRow.Field<string>("role_name"),
+                    IpAddresses = dataRow.IsNull("ip_addresses") ? null : JsonConvert.DeserializeObject<List<string>>(dataRow.Field<string>("ip_addresses"))
                 };
 
                 results.Add(role);

GeeksCoreLibrary/Core/Services/WiserItemsService.cs

@@ -15,13 +15,15 @@
 using System.Text.RegularExpressions;
 using System.Threading.Tasks;
 using GeeksCoreLibrary.Core.Exceptions;
+using GeeksCoreLibrary.Core.Helpers;
 using GeeksCoreLibrary.Modules.Databases.Helpers;
 using GeeksCoreLibrary.Modules.Databases.Interfaces;
 using GeeksCoreLibrary.Modules.Databases.Models;
 using GeeksCoreLibrary.Modules.DataSelector.Interfaces;
 using GeeksCoreLibrary.Modules.GclReplacements.Interfaces;
 using GeeksCoreLibrary.Modules.ItemFiles.Models;
 using GeeksCoreLibrary.Modules.Objects.Interfaces;
+using Microsoft.AspNetCore.Http;
 using Microsoft.Extensions.Logging;
 using Microsoft.Extensions.Options;
 using MySqlConnector;
@@ -39,7 +41,8 @@ public class WiserItemsService(
     IOptions<GclSettings> gclSettings,
     ILogger<WiserItemsService> logger,
     IEntityTypesService entityTypesService,
-    ILinkTypesService linkTypesService)
+    ILinkTypesService linkTypesService,
+    IHttpContextAccessor httpContextAccessor = null)
     : IWiserItemsService, IScopedService
 {
     private readonly GclSettings gclSettings = gclSettings.Value;
@@ -2012,18 +2015,20 @@ public async Task<AccessRights> GetUserItemPermissionsAsync(IWiserItemsService w
         // If someone is not logged in, they will have no permissions by default. If someone is logged in, then they have all permissions by default.
         var defaultPermissions = userId == 0 ? AccessRights.Nothing : AccessRights.Read | AccessRights.Create | AccessRights.Update | AccessRights.Delete;
         var tablePrefix = await wiserItemsService.GetTablePrefixForEntityAsync(entityType);
+        var userIp = HttpContextHelpers.GetUserIpAddress(httpContextAccessor?.HttpContext);
 
         // First check permissions based on module ID.
         var permissionsQuery = $"""
                                 SELECT permission.permissions
                                                                     FROM {WiserTableNames.WiserUserRoles} AS user_role
                                                                     JOIN {tablePrefix}{WiserTableNames.WiserItem} AS item ON item.id = ?itemId AND item.moduleid > 0
                                                                     LEFT JOIN {WiserTableNames.WiserPermission} AS permission ON permission.role_id = user_role.role_id AND permission.module_id = item.moduleid
-                                                                    WHERE user_role.user_id = ?userId
+                                                                    WHERE user_role.user_id = ?userId AND (user_role.ip_addresses IS NULL OR JSON_CONTAINS(user_role.ip_addresses, JSON_QUOTE(?userIp)))
                                 """;
 
         databaseConnection.AddParameter("itemId", itemId);
         databaseConnection.AddParameter("userId", userId);
+        databaseConnection.AddParameter("userIp", userIp);
         var dataTable = await databaseConnection.GetAsync(permissionsQuery, true);
 
         var modulePermissionsFound = false;
@@ -2067,7 +2072,7 @@ SELECT permission.permissions
                             SELECT permission.permissions
                                                             FROM {WiserTableNames.WiserUserRoles} AS user_role
                                                             LEFT JOIN {WiserTableNames.WiserPermission} AS permission ON permission.role_id = user_role.role_id AND permission.item_id = ?itemId
-                                                            WHERE user_role.user_id = ?userId
+                                                            WHERE user_role.user_id = ?userId AND (user_role.ip_addresses IS NULL OR JSON_CONTAINS(user_role.ip_addresses, JSON_QUOTE(?userIp)))
                             """;
         dataTable = await databaseConnection.GetAsync(permissionsQuery, true);