add additional validation logic to Update API methods to ensure model ID matches ID parameter

Oqtane.Server/Controllers/RoleController.cs

@@ -98,7 +98,7 @@ namespace Oqtane.Controllers
         [Authorize(Policy = $"{EntityNames.Role}:{PermissionNames.Write}:{RoleNames.Admin}")]
         public Role Put(int id, [FromBody] Role role)
         {
-            if (ModelState.IsValid && role.SiteId == _alias.SiteId && _roles.GetRole(role.RoleId, false) != null)
+            if (ModelState.IsValid && role.SiteId == _alias.SiteId && role.RoleId == id && _roles.GetRole(role.RoleId, false) != null)
             {
                 role = _roles.UpdateRole(role);
                 _syncManager.AddSyncEvent(_alias.TenantId, EntityNames.Role, role.RoleId, SyncEventActions.Update);