From 4cf1b5c0e7df4af0f6ab08f58afa8259e515fcfb Mon Sep 17 00:00:00 2001
From: sbwalker <shaun.walker@siliqon.com>
Date: Thu, 7 Aug 2025 15:07:33 -0400
Subject: [PATCH] add missing delete setting API method

---
 .../Controllers/SettingController.cs          | 33 +++++++++++++++----
 1 file changed, 27 insertions(+), 6 deletions(-)

diff --git a/Oqtane.Server/Controllers/SettingController.cs b/Oqtane.Server/Controllers/SettingController.cs
index b2db2def..1c42ab7d 100644
--- a/Oqtane.Server/Controllers/SettingController.cs
+++ b/Oqtane.Server/Controllers/SettingController.cs
@@ -89,7 +89,7 @@ namespace Oqtane.Controllers
                 // suppress unauthorized visitor logging as it is usually caused by clients that do not support cookies or private browsing sessions
                 if (entityName != EntityNames.Visitor) 
                 {
-                    _logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Settings {EntityName} {EntityId}", entityName, entityId);
+                    _logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Settings For EntityName {EntityName} And EntityId {EntityId}", entityName, entityId);
                     HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
                 }
             }
@@ -101,7 +101,7 @@ namespace Oqtane.Controllers
         public Setting Get(int id, string entityName)
         {
             Setting setting = _settings.GetSetting(entityName, id);
-            if (IsAuthorized(setting.EntityName, setting.EntityId, PermissionNames.View))
+            if (setting != null && IsAuthorized(setting.EntityName, setting.EntityId, PermissionNames.View))
             {
                 if (FilterPrivate(entityName, id) && setting.IsPrivate)
                 {
@@ -113,7 +113,7 @@ namespace Oqtane.Controllers
             {
                 if (setting != null && entityName != EntityNames.Visitor)
                 {
-                    _logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access Setting {EntityName} {SettingId}", entityName, id);
+                    _logger.Log(LogLevel.Error, this, LogFunction.Read, "User Not Authorized To Access SettingId {SettingId} For EntityName {EntityName} ", id, entityName);
                     HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
                 }
                 else
@@ -201,12 +201,12 @@ namespace Oqtane.Controllers
             }
             else
             {
-                _logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Add Or Update Setting {EntityName} {EntityId} {SettingName}", entityName, entityId, settingName);
+                _logger.Log(LogLevel.Error, this, LogFunction.Update, "User Not Authorized To Add Or Update Setting For EntityName {EntityName} EntityId {EntityId} SettingName {SettingName}", entityName, entityId, settingName);
                 HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
             }
         }
 
-        // DELETE api/<controller>/site/1/settingname
+        // DELETE api/<controller>/site/1/settingname/settingid
         [HttpDelete("{entityName}/{entityId}/{settingName}")]
         public void Delete(string entityName, int entityId, string settingName)
         {
@@ -221,7 +221,28 @@ namespace Oqtane.Controllers
             {
                 if (entityName != EntityNames.Visitor)
                 {
-                    _logger.Log(LogLevel.Error, this, LogFunction.Delete, "Setting Does Not Exist Or User Not Authorized To Delete Setting For Entity {EntityName} Id {EntityId} Name {SettingName}", entityName, entityId, settingName);
+                    _logger.Log(LogLevel.Error, this, LogFunction.Delete, "Setting Does Not Exist Or User Not Authorized To Delete Setting For EntityName {EntityName} EntityId {EntityId} SettingName {SettingName}", entityName, entityId, settingName);
+                    HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
+                }
+            }
+        }
+
+        // DELETE api/<controller>/1/site
+        [HttpDelete("{id}/{entityName}")]
+        public void Delete(int id, string entityName)
+        {
+            Setting setting = _settings.GetSetting(entityName, id);
+            if (setting != null && IsAuthorized(setting.EntityName, setting.EntityId, PermissionNames.Edit))
+            {
+                _settings.DeleteSetting(setting.EntityName, setting.SettingId);
+                AddSyncEvent(setting.EntityName, setting.EntityId, setting.SettingId, SyncEventActions.Delete);
+                _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Setting Deleted {Setting}", setting);
+            }
+            else
+            {
+                if (entityName != EntityNames.Visitor)
+                {
+                    _logger.Log(LogLevel.Error, this, LogFunction.Delete, "Setting Does Not Exist Or User Not Authorized To Delete Setting For SettingId {SettingId} For EntityName {EntityName} ", id, entityName);
                     HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
                 }
             }