add API method to get File based on name, and fix permission validation for Folder

Oqtane.Client/Services/FileService.cs

@@ -46,6 +46,11 @@ namespace Oqtane.Services
             return await GetJsonAsync<File>($"{Apiurl}/{fileId}");
         }
 
+        public async Task<File> GetFileAsync(int folderId, string name)
+        {
+            return await GetJsonAsync<File>($"{Apiurl}/name/{name}/{folderId}");
+        }
+
         public async Task<File> AddFileAsync(File file)
         {
             return await PostJsonAsync<File>(Apiurl, file);

Oqtane.Client/Services/Interfaces/IFileService.cs

@@ -1,5 +1,6 @@
 using Oqtane.Models;
 using System.Collections.Generic;
+using System.Diagnostics.CodeAnalysis;
 using System.Threading.Tasks;
 
 namespace Oqtane.Services
@@ -33,6 +34,15 @@ namespace Oqtane.Services
         /// <returns></returns>
         Task<File> GetFileAsync(int fileId);
 
+        /// <summary>
+        /// Get a <see cref="File"/> based on the <see cref="Folder"/> and file name.
+        /// </summary>
+        /// <param name="folderId">Reference to the <see cref="Folder"/></param>
+        /// <param name="name">name of the file
+        /// </param>
+        /// <returns></returns>
+        Task<File> GetFileAsync(int folderId, string name);
+
         /// <summary>
         /// Add / store a <see cref="File"/> record.
         /// This does not contain the file contents. 

Oqtane.Server/Controllers/FileController.cs

@@ -129,6 +129,22 @@ namespace Oqtane.Controllers
             }
         }
 
+        [HttpGet("name/{name}/{folderId}")]
+        public Models.File Get(string name, int folderId)
+        {
+            Models.File file = _files.GetFile(folderId, name);
+            if (file != null && file.Folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, file.Folder.PermissionList))
+            {
+                return file;
+            }
+            else
+            {
+                _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized File Get Attempt {Name} For Folder {FolderId}", name, folderId);
+                HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
+                return null;
+            }
+        }
+
         // PUT api/<controller>/5
         [HttpPut("{id}")]
         [Authorize(Roles = RoleNames.Registered)]

Oqtane.Server/Controllers/FolderController.cs

@@ -43,7 +43,7 @@ namespace Oqtane.Controllers
             {
                 foreach (Folder folder in _folders.GetFolders(SiteId))
                 {
-                    if (_userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.PermissionList))
+                    if (_userPermissions.IsAuthorized(User, PermissionNames.View, folder.PermissionList))
                     {
                         folders.Add(folder);
                     }
@@ -64,7 +64,7 @@ namespace Oqtane.Controllers
         public Folder Get(int id)
         {
             Folder folder = _folders.GetFolder(id);
-            if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.PermissionList))
+            if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, folder.PermissionList))
             {
                 return folder;
             }
@@ -85,7 +85,7 @@ namespace Oqtane.Controllers
                 folderPath += "/";
             }
             Folder folder = _folders.GetFolder(siteId, folderPath);
-            if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.Browse, folder.PermissionList))
+            if (folder != null && folder.SiteId == _alias.SiteId && _userPermissions.IsAuthorized(User, PermissionNames.View, folder.PermissionList))
             {
                 return folder;
             }