Diplomarbeit-Absolventenverein/oqtane.framework
6
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

Merge pull request #5469 from sbwalker/dev

Browse Source 
add missing delete setting API method
This commit is contained in:
Shaun Walker
2025-08-07 15:07:46 -04:00
committed by GitHub
parent 764b883579 4cf1b5c0e7
commit 1a34bf4460
1 changed files with 27 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
Oqtane.Server/Controllers/SettingController.cs
View File

@ -89,7 +89,7 @@ namespace Oqtane.Controllers
// suppress unauthorized visitor logging as it is usually caused by clients that do not support cookies or private browsing sessions // suppress unauthorized visitor logging as it is usually caused by clients that do not support cookies or private browsing sessions
if (entityName != EntityNames.Visitor) if (entityName != EntityNames.Visitor)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Settings {EntityName} {EntityId}", entityName, entityId); _logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Settings For EntityName {EntityName} And EntityId {EntityId}", entityName, entityId);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
} }
} }
@ -101,7 +101,7 @@ namespace Oqtane.Controllers
public Setting Get(int id, string entityName) public Setting Get(int id, string entityName)
{ {
Setting setting = _settings.GetSetting(entityName, id); Setting setting = _settings.GetSetting(entityName, id);
if (IsAuthorized(setting.EntityName, setting.EntityId, PermissionNames.View)) if (setting != null && IsAuthorized(setting.EntityName, setting.EntityId, PermissionNames.View))
{ {
if (FilterPrivate(entityName, id) && setting.IsPrivate) if (FilterPrivate(entityName, id) && setting.IsPrivate)
{ {
@ -113,7 +113,7 @@ namespace Oqtane.Controllers
{ {
if (setting != null && entityName != EntityNames.Visitor) if (setting != null && entityName != EntityNames.Visitor)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Setting {EntityName} {SettingId}", entityName, id); _logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access SettingId {SettingId} For EntityName {EntityName} ", id, entityName);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
} }
else else
@ -201,12 +201,12 @@ namespace Oqtane.Controllers
} }
else else
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Add Or Update Setting {EntityName} {EntityId} {SettingName}", entityName, entityId, settingName); _logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Add Or Update Setting For EntityName {EntityName} EntityId {EntityId} SettingName {SettingName}", entityName, entityId, settingName);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
} }
} }
// DELETE api/<controller>/site/1/settingname // DELETE api/<controller>/site/1/settingname/settingid
[HttpDelete("{entityName}/{entityId}/{settingName}")] [HttpDelete("{entityName}/{entityId}/{settingName}")]
public void Delete(string entityName, int entityId, string settingName) public void Delete(string entityName, int entityId, string settingName)
{ {
@ -221,7 +221,28 @@ namespace Oqtane.Controllers
{ {
if (entityName != EntityNames.Visitor) if (entityName != EntityNames.Visitor)
{ {
_logger.Log(LogLevel.Error, this, LogFunction.Delete, "Setting Does Not Exist Or User Not Authorized To Delete Setting For Entity {EntityName} Id {EntityId} Name {SettingName}", entityName, entityId, settingName); _logger.Log(LogLevel.Error, this, LogFunction.Delete, "Setting Does Not Exist Or User Not Authorized To Delete Setting For EntityName {EntityName} EntityId {EntityId} SettingName {SettingName}", entityName, entityId, settingName);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
}
}
}
// DELETE api/<controller>/1/site
[HttpDelete("{id}/{entityName}")]
public void Delete(int id, string entityName)
{
Setting setting = _settings.GetSetting(entityName, id);
if (setting != null && IsAuthorized(setting.EntityName, setting.EntityId, PermissionNames.Edit))
{
_settings.DeleteSetting(setting.EntityName, setting.SettingId);
AddSyncEvent(setting.EntityName, setting.EntityId, setting.SettingId, SyncEventActions.Delete);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Setting Deleted {Setting}", setting);
}
else
{
if (entityName != EntityNames.Visitor)
{
_logger.Log(LogLevel.Error, this, LogFunction.Delete, "Setting Does Not Exist Or User Not Authorized To Delete Setting For SettingId {SettingId} For EntityName {EntityName} ", id, entityName);
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
} }
} }