First code submission for MVC Pipeline #6749
Conversation
…tomizations for the MVC pipeline.
Fix layout issue
client dependecy for mvc (because it not exist in nuget)
Merge latest DNN dev commits and fix for MVC modules
Merge latest development branch from core project
Solution to get AF token to work on MVC pipeline
# Conflicts: # DNN Platform/DotNetNuke.Web.Client/packages.config
|
Awesome, I'll try to get my review in this weekend... |
|
@donker In looking at this at this moment the solution isn't building, would you be able to review this and resolve the issue? |
| [IsDependentOn(typeof(CreateUpgrade))] | ||
| [IsDependentOn(typeof(CreateNugetPackages))] | ||
| [IsDependentOn(typeof(GeneratePackagesChecksums))] | ||
| public sealed class BuildPackages : FrostingTask<Context> |
There was a problem hiding this comment.
What is the purpose/goal of this task addition? I'm concerned that this will be deleting a source controlled file.
There was a problem hiding this comment.
@donker Can you answer this ?
There was a problem hiding this comment.
Sorry ... that is my code bleed. I can delete it. It just builds the packages. But I believe the "default" task also does this.
| // The .NET Foundation licenses this file to you under the MIT license. | ||
| // See the LICENSE file in the project root for more information | ||
|
|
||
| namespace DotNetNuke.ContentSecurityPolicy |
There was a problem hiding this comment.
Is this the same as the pending CSP PR into develop?
There was a problem hiding this comment.
Yes it's the same. It need to be removed from here after the pr in develop is merged, so we can remerg it in this branch.
Or some other sujestion how to manage this ?
| { | ||
| get | ||
| { | ||
| var settingsVersion = this.dnnSettingsHelper.AreCompositeFilesEnabled(); |
There was a problem hiding this comment.
Given the changes to CDF (In pending state now) should this be removed?
There was a problem hiding this comment.
Yes, the idee is to remove all CDF for mvc that is done here once the changes to CDF are ready to be integrated in this branch.
| private static readonly ReaderWriterLockSlim LockFileExistsCache = new ReaderWriterLockSlim(); | ||
|
|
||
| /// <summary>Adds the necessary configuration to website root <c>web.config</c> to use the Client Dependency component.</summary> | ||
| public static void AddConfiguration() |
There was a problem hiding this comment.
Why is this beind done as a Web.Client item, shouldn't this be handled by the existing functionality? I'm concerned this is going to introduce a duplicate or race condition
There was a problem hiding this comment.
Yes, you are right, it's will beter to do all the web.config modification in one place.
In reality, this class will be removed once the new CDF is used.
@mitchelsellers I just try to build a fresh checkout of feature/mvc-pipeline-old without issuues (.\build.ps1). Can you tell witch build you use or what kind of errors you get ? |
|
@sachatrauwaen It is the AzureDevOps build that is failing, it looks like it is unit tests that are failing to execute. The most recent run - https://github.com/dnnsoftware/Dnn.Platform/pull/6749/checks?check_run_id=51891737747 |
There was a problem hiding this comment.
Ok, I found a bit of time and reviewed about the first 1/4 of this PR.
I think we should bring this PR to the minimal viable MVC working state (even if incomplete) just with the minimum to load up an mvc theme and module.
MVC Pipeline and CSP are 2 big ticket items and bringing both in the same PR makes putthing this in a reviewable state hard IMO. The goal of this PR was to have a baseline so that we can review smaller additions in an easier way.
Other than that, it does not have to be in this PR but I would like that we add our stylecop rules to the new projects to enforce our coding standards on this huge amount of new code.
I'll try to review some more the next coming days.
Thanks @sachatrauwaen for this huge contribution!
| private void CheckPermissions() | ||
| { | ||
| // Verify that the current user has access to edit this module | ||
| if (!ModulePermissionController.HasModuleAccess(SecurityAccessLevel.Edit, "MANAGE", this.Module)) | ||
| { | ||
| if (!(this.IsSharedViewOnly() && TabPermissionController.CanAddContentToPage())) | ||
| { | ||
| throw new UnauthorizedAccessException("Access denied"); | ||
| } | ||
| } | ||
| } |
There was a problem hiding this comment.
This one hurts my brain a bit specially since it relates to permissions and should be very clear and intuitive.
| private void CheckPermissions() | |
| { | |
| // Verify that the current user has access to edit this module | |
| if (!ModulePermissionController.HasModuleAccess(SecurityAccessLevel.Edit, "MANAGE", this.Module)) | |
| { | |
| if (!(this.IsSharedViewOnly() && TabPermissionController.CanAddContentToPage())) | |
| { | |
| throw new UnauthorizedAccessException("Access denied"); | |
| } | |
| } | |
| } | |
| private void CheckPermissions() | |
| { | |
| // Verify that the current user has access to edit this module | |
| if (ModulePermissionController.HasModuleAccess(SecurityAccessLevel.Edit, "MANAGE", this.Module)) | |
| { | |
| return; | |
| } | |
| if (this.IsSharedViewOnly() && TabPermissionController.CanAddContentToPage()) | |
| { | |
| return; | |
| } | |
| throw new UnauthorizedAccessException("Access denied"); | |
| } |
Which then begs the question, should we allow the module settings control to be viewed for a shared module to content editors? It looks wrong to me unless I am missing something.
| } | ||
| } | ||
|
|
||
| private void CheckPermissions() |
There was a problem hiding this comment.
Same concern here as my previous comment on the similar code in ModuleSettingsController.cs
Also what is the difference between ModuleSettingscontroller and MOduleSettingsViewController.cs?
| public bool EditMode | ||
| { | ||
| get | ||
| { | ||
| return this.ModuleContext.EditMode; | ||
| } | ||
| } | ||
|
|
||
| public bool IsEditable | ||
| { | ||
| get | ||
| { | ||
| return this.ModuleContext.IsEditable; | ||
| } | ||
| } | ||
|
|
||
| public int PortalId | ||
| { | ||
| get | ||
| { | ||
| return this.ModuleContext.PortalId; | ||
| } | ||
| } | ||
|
|
||
| public int TabId | ||
| { | ||
| get | ||
| { | ||
| return this.ModuleContext.TabId; | ||
| } | ||
| } |
There was a problem hiding this comment.
If we expose ModuleContext, do we need to also expose those properties, could we make the API surface simper by limiting the redundant properties?
| public UserInfo UserInfo | ||
| { | ||
| get | ||
| { | ||
| return this.PortalSettings.UserInfo; | ||
| } | ||
| } | ||
|
|
||
| public int UserId | ||
| { | ||
| get | ||
| { | ||
| return this.PortalSettings.UserId; | ||
| } | ||
| } | ||
|
|
||
| public PortalAliasInfo PortalAlias | ||
| { | ||
| get | ||
| { | ||
| return this.PortalSettings.PortalAlias; | ||
| } | ||
| } |
There was a problem hiding this comment.
Same for PortalSetings which is already exposed, do we need those properties also exposed?
| type is { IsClass: true, IsAbstract: false }); | ||
| foreach (var controller in mvcControllerTypes) | ||
| { | ||
| services.TryAddTransient(controller); |
There was a problem hiding this comment.
Should this be scoped @bdukes ?
There was a problem hiding this comment.
We're using scoped for web API controllers, but transient for MVC controllers:
Scoped it probably the right way
There an separate PR for CSP on the develop branch. But removing it from this PR needs to remove a lot of code. Actually we heave a lot of sync issues between the differnt PR's. |
So if that is the case, we need to review/agree on the CSP one first before spending too much time reviewing this one... |
1 similar comment
So if that is the case, we need to review/agree on the CSP one first before spending too much time reviewing this one... |
5 participants
This PR is a first submission of the work of the MVC Pipeline team to bring the main project up to date with what has been developed in a forked repo.