improvements for custom authorization policy usage

2020-06-25 10:23:27 -04:00
parent a4a0334ec0
commit 6e7c8e7b05
5 changed files with 42 additions and 14 deletions
--- a/Oqtane.Server/Controllers/ModuleControllerBase.cs
+++ b/Oqtane.Server/Controllers/ModuleControllerBase.cs
@ -0,0 +1,21 @@
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Http;
+using Oqtane.Infrastructure;
+
+namespace Oqtane.Controllers
+{
+    public class ModuleControllerBase : Controller
+    {
+        protected readonly ILogManager _logger;
+        protected int _entityId = -1; // passed as a querystring parameter for policy authorization and used for validation
+
+        public ModuleControllerBase(ILogManager logger, IHttpContextAccessor accessor)
+        {
+            _logger = logger;
+            if (accessor.HttpContext.Request.Query.ContainsKey("entityid"))
+            {
+                _entityId = int.Parse(accessor.HttpContext.Request.Query["entityid"]);
+            }
+        }
+    }
+}
--- a/Oqtane.Server/Modules/HtmlText/Controllers/HtmlTextController.cs
+++ b/Oqtane.Server/Modules/HtmlText/Controllers/HtmlTextController.cs
@ -8,24 +8,18 @@ using System;
 using System.Collections.Generic;
 using Oqtane.Enums;
 using Oqtane.Infrastructure;
+using Oqtane.Controllers;

 namespace Oqtane.Modules.HtmlText.Controllers
 {
    [Route("{alias}/api/[controller]")]
-    public class HtmlTextController : Controller
+    public class HtmlTextController : ModuleControllerBase
    {
        private readonly IHtmlTextRepository _htmlText;
-        private readonly ILogManager _logger;
-        private int _entityId = -1; // passed as a querystring parameter for authorization and used for validation

-        public HtmlTextController(IHtmlTextRepository htmlText, ILogManager logger, IHttpContextAccessor httpContextAccessor)
+        public HtmlTextController(IHtmlTextRepository htmlText, ILogManager logger, IHttpContextAccessor accessor) : base(logger, accessor)
        {
            _htmlText = htmlText;
-            _logger = logger;
-            if (httpContextAccessor.HttpContext.Request.Query.ContainsKey("entityid"))
-            {
-                _entityId = int.Parse(httpContextAccessor.HttpContext.Request.Query["entityid"]);
-            }
        }

        // GET api/<controller>/5
--- a/Oqtane.Server/Startup.cs
+++ b/Oqtane.Server/Startup.cs
@ -72,7 +72,7 @@ namespace Oqtane
                });
            }

-            // register authorization services
+            // register custom authorization policies
            services.AddAuthorizationCore(options =>
            {
                options.AddPolicy("ViewPage", policy => policy.Requirements.Add(new PermissionRequirement(EntityNames.Page, PermissionNames.View)));