new controller auth parameter should take precedence over legacy

2021-06-06 10:03:54 -04:00
parent a2b808fde2
commit 357ef09dd1
3 changed files with 7 additions and 7 deletions
--- a/Oqtane.Server/Security/PermissionHandler.cs
+++ b/Oqtane.Server/Security/PermissionHandler.cs
@ -31,9 +31,13 @@ namespace Oqtane.Security
                {
                    entityId = int.Parse(ctx.Request.Query["auth" + requirement.EntityName.ToLower() + "id"]);
                }
-                if (ctx.Request.Query.ContainsKey("entityid"))
+                else
                {
-                    entityId = int.Parse(ctx.Request.Query["entityid"]);
+                    // legacy support
+                    if (ctx.Request.Query.ContainsKey("entityid"))
+                    {
+                        entityId = int.Parse(ctx.Request.Query["entityid"]);
+                    }
                }
                if (_userPermissions.IsAuthorized(context.User, requirement.EntityName, entityId, requirement.PermissionName))
                {