refactoring, enhancements, and some fixes

2021-06-10 08:16:02 -04:00
parent 82c05a841f
commit bc720555c4
30 changed files with 436 additions and 244 deletions
--- a/Oqtane.Server/Modules/HtmlText/Controllers/HtmlTextController.cs
+++ b/Oqtane.Server/Modules/HtmlText/Controllers/HtmlTextController.cs
@ -3,11 +3,10 @@ using Microsoft.AspNetCore.Authorization;
 using Oqtane.Modules.HtmlText.Repository;
 using Microsoft.AspNetCore.Http;
 using Oqtane.Shared;
-using System;
-using System.Collections.Generic;
 using Oqtane.Enums;
 using Oqtane.Infrastructure;
 using Oqtane.Controllers;
+using System.Net;

 namespace Oqtane.Modules.HtmlText.Controllers
 {
@ -24,85 +23,75 @@ namespace Oqtane.Modules.HtmlText.Controllers
        // GET api/<controller>/5
        [HttpGet("{id}")]
        [Authorize(Policy = PolicyNames.ViewModule)]
-        public List<Models.HtmlText> Get(int id)
+        public Models.HtmlText Get(int id)
        {
-            var list = new List<Models.HtmlText>();
-            try
+            if (AuthEntityId(EntityNames.Module) == id)
            {
-                Models.HtmlText htmlText = null;
-                if (_authEntityId[EntityNames.Module] == id)
-                {
-                    htmlText = _htmlText.GetHtmlText(id);
-                    list.Add(htmlText);
-                }
+                return _htmlText.GetHtmlText(id);
            }
-            catch (Exception ex)
+            else
            {
-                _logger.Log(LogLevel.Error, this, LogFunction.Read, ex, "Get Error {Error}", ex.Message);
-                throw;
+                _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized HtmlText Get Attempt {ModuleId}", id);
+                HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
+                return null;
            }
-            return list;
        }

        // POST api/<controller>
+        [ValidateAntiForgeryToken]
        [HttpPost]
        [Authorize(Policy = PolicyNames.EditModule)]
        public Models.HtmlText Post([FromBody] Models.HtmlText htmlText)
        {
-            try
+            if (ModelState.IsValid && AuthEntityId(EntityNames.Module) == htmlText.ModuleId)
            {
-                if (ModelState.IsValid && htmlText.ModuleId == _authEntityId[EntityNames.Module])
-                {
-                    htmlText = _htmlText.AddHtmlText(htmlText);
-                    _logger.Log(LogLevel.Information, this, LogFunction.Create, "Html/Text Added {HtmlText}", htmlText);
-                }
+                htmlText = _htmlText.AddHtmlText(htmlText);
+                _logger.Log(LogLevel.Information, this, LogFunction.Create, "Html/Text Added {HtmlText}", htmlText);
                return htmlText;
            }
-            catch (Exception ex)
+            else
            {
-                _logger.Log(LogLevel.Error, this, LogFunction.Create, ex, "Post Error {Error}", ex.Message);
-                throw;
+                _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized HtmlText Post Attempt {HtmlText}", htmlText);
+                HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
+                return null;
            }
        }

        // PUT api/<controller>/5
+        [ValidateAntiForgeryToken]
        [HttpPut("{id}")]
        [Authorize(Policy = PolicyNames.EditModule)]
        public Models.HtmlText Put(int id, [FromBody] Models.HtmlText htmlText)
        {
-            try
+            if (ModelState.IsValid && AuthEntityId(EntityNames.Module) == htmlText.ModuleId)
            {
-                if (ModelState.IsValid && htmlText.ModuleId == _authEntityId[EntityNames.Module])
-                {
-                    htmlText = _htmlText.UpdateHtmlText(htmlText);
-                    _logger.Log(LogLevel.Information, this, LogFunction.Update, "Html/Text Updated {HtmlText}", htmlText);
-                }
+                htmlText = _htmlText.UpdateHtmlText(htmlText);
+                _logger.Log(LogLevel.Information, this, LogFunction.Update, "Html/Text Updated {HtmlText}", htmlText);
                return htmlText;
            }
-            catch (Exception ex)
+            else
            {
-                _logger.Log(LogLevel.Error, this, LogFunction.Update, ex, "Put Error {Error}", ex.Message);
-                throw;
+                _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized HtmlText Put Attempt {HtmlText}", htmlText);
+                HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
+                return null;
            }
        }

        // DELETE api/<controller>/5
+        [ValidateAntiForgeryToken]
        [HttpDelete("{id}")]
        [Authorize(Policy = PolicyNames.EditModule)]
        public void Delete(int id)
        {
-            try
+            if (AuthEntityId(EntityNames.Module) == id)
            {
-                if (id == _authEntityId[EntityNames.Module])
-                {
-                    _htmlText.DeleteHtmlText(id);
-                    _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Html/Text Deleted {HtmlTextId}", id);
-                }
+                _htmlText.DeleteHtmlText(id);
+                _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Html/Text Deleted {HtmlTextId}", id);
            }
-            catch (Exception ex)
+            else
            {
-                _logger.Log(LogLevel.Error, this, LogFunction.Delete, ex, "Delete Error {Error}", ex.Message);
-                throw;
+                _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized HtmlText Delete Attempt {ModuleId}", id);
+                HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
            }
        }
    }