new controller auth parameter should take precedence over legacy

2021-06-06 10:03:54 -04:00 · 2021-06-06 10:03:54 -04:00 · 357ef09dd1
commit 357ef09dd1
parent a2b808fde2
3 changed files with 7 additions and 7 deletions
--- a/Oqtane.Server/Controllers/ModuleControllerBase.cs
+++ b/Oqtane.Server/Controllers/ModuleControllerBase.cs
@ -28,7 +28,7 @@ namespace Oqtane.Controllers
                }
            }
            // legacy support
-            if (accessor.HttpContext.Request.Query.ContainsKey("entityid"))
+            if (_authEntityId.Count == 0 && accessor.HttpContext.Request.Query.ContainsKey("entityid"))
            {
                _entityId = int.Parse(accessor.HttpContext.Request.Query["entityid"]);
            }
--- a/Oqtane.Server/Modules/HtmlText/Migrations/01000000_InitializeModule.cs
+++ b/Oqtane.Server/Modules/HtmlText/Migrations/01000000_InitializeModule.cs
@ -1,8 +1,6 @@
-using System.Collections.Generic;
 using Microsoft.EntityFrameworkCore.Infrastructure;
 using Microsoft.EntityFrameworkCore.Migrations;
 using Oqtane.Databases.Interfaces;
-using Oqtane.Interfaces;
 using Oqtane.Migrations;
 using Oqtane.Modules.HtmlText.Migrations.EntityBuilders;
 using Oqtane.Modules.HtmlText.Repository;
@ -19,14 +17,12 @@ namespace Oqtane.Modules.HtmlText.Migrations

        protected override void Up(MigrationBuilder migrationBuilder)
        {
-            //Create HtmlText table
            var entityBuilder = new HtmlTextEntityBuilder(migrationBuilder, ActiveDatabase);
            entityBuilder.Create();
        }

        protected override void Down(MigrationBuilder migrationBuilder)
        {
-            //Drop HtmlText table
            var entityBuilder = new HtmlTextEntityBuilder(migrationBuilder, ActiveDatabase);
            entityBuilder.Drop();
        }
--- a/Oqtane.Server/Security/PermissionHandler.cs
+++ b/Oqtane.Server/Security/PermissionHandler.cs
@ -31,9 +31,13 @@ namespace Oqtane.Security
                {
                    entityId = int.Parse(ctx.Request.Query["auth" + requirement.EntityName.ToLower() + "id"]);
                }
-                if (ctx.Request.Query.ContainsKey("entityid"))
+                else
                {
-                    entityId = int.Parse(ctx.Request.Query["entityid"]);
+                    // legacy support
+                    if (ctx.Request.Query.ContainsKey("entityid"))
+                    {
+                        entityId = int.Parse(ctx.Request.Query["entityid"]);
+                    }
                }
                if (_userPermissions.IsAuthorized(context.User, requirement.EntityName, entityId, requirement.PermissionName))
                {