diff --git a/Oqtane.Server/Controllers/ModuleControllerBase.cs b/Oqtane.Server/Controllers/ModuleControllerBase.cs index 6f89bac2..561fe312 100644 --- a/Oqtane.Server/Controllers/ModuleControllerBase.cs +++ b/Oqtane.Server/Controllers/ModuleControllerBase.cs @@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Http; using Oqtane.Infrastructure; using System.Collections.Generic; using System; +using Oqtane.Shared; namespace Oqtane.Controllers { @@ -48,5 +49,9 @@ namespace Oqtane.Controllers } } + protected bool IsAuthorizedEntityId(string entityname, int entityid) + { + return (entityid == AuthEntityId(entityname)) || User.IsInRole(RoleNames.Host); + } } } diff --git a/Oqtane.Server/Modules/HtmlText/Controllers/HtmlTextController.cs b/Oqtane.Server/Modules/HtmlText/Controllers/HtmlTextController.cs index 730b9f33..7fb6a143 100644 --- a/Oqtane.Server/Modules/HtmlText/Controllers/HtmlTextController.cs +++ b/Oqtane.Server/Modules/HtmlText/Controllers/HtmlTextController.cs @@ -29,7 +29,7 @@ namespace Oqtane.Modules.HtmlText.Controllers [Authorize(Roles = RoleNames.Registered)] public IEnumerable Get(string moduleId) { - if (int.TryParse(moduleId, out int ModuleId) && AuthEntityId(EntityNames.Module) == ModuleId) + if (int.TryParse(moduleId, out int ModuleId) && IsAuthorizedEntityId(EntityNames.Module, ModuleId)) { return _htmlText.GetHtmlTexts(ModuleId); } @@ -46,7 +46,7 @@ namespace Oqtane.Modules.HtmlText.Controllers [Authorize(Policy = PolicyNames.ViewModule)] public Models.HtmlText Get(int moduleId) { - if (AuthEntityId(EntityNames.Module) == moduleId) + if (IsAuthorizedEntityId(EntityNames.Module, moduleId)) { var htmltexts = _htmlText.GetHtmlTexts(moduleId); if (htmltexts != null && htmltexts.Any()) @@ -71,7 +71,7 @@ namespace Oqtane.Modules.HtmlText.Controllers [Authorize(Policy = PolicyNames.ViewModule)] public Models.HtmlText Get(int id, int moduleId) { - if (AuthEntityId(EntityNames.Module) == moduleId) + if (IsAuthorizedEntityId(EntityNames.Module, moduleId)) { return _htmlText.GetHtmlText(id); } @@ -88,7 +88,7 @@ namespace Oqtane.Modules.HtmlText.Controllers [Authorize(Policy = PolicyNames.EditModule)] public Models.HtmlText Post([FromBody] Models.HtmlText htmlText) { - if (ModelState.IsValid && AuthEntityId(EntityNames.Module) == htmlText.ModuleId) + if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, htmlText.ModuleId)) { htmlText = _htmlText.AddHtmlText(htmlText); _logger.Log(LogLevel.Information, this, LogFunction.Create, "Html/Text Added {HtmlText}", htmlText); @@ -107,7 +107,7 @@ namespace Oqtane.Modules.HtmlText.Controllers [Authorize(Policy = PolicyNames.EditModule)] public void Delete(int id, int moduleId) { - if (AuthEntityId(EntityNames.Module) == moduleId) + if (IsAuthorizedEntityId(EntityNames.Module, moduleId)) { _htmlText.DeleteHtmlText(id); _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Html/Text Deleted {HtmlTextId}", id); diff --git a/Oqtane.Server/wwwroot/Modules/Templates/External/Server/Controllers/[Module]Controller.cs b/Oqtane.Server/wwwroot/Modules/Templates/External/Server/Controllers/[Module]Controller.cs index 3cb8fed1..f5bf1443 100644 --- a/Oqtane.Server/wwwroot/Modules/Templates/External/Server/Controllers/[Module]Controller.cs +++ b/Oqtane.Server/wwwroot/Modules/Templates/External/Server/Controllers/[Module]Controller.cs @@ -27,7 +27,7 @@ namespace [Owner].[Module].Controllers public IEnumerable Get(string moduleid) { int ModuleId; - if (int.TryParse(moduleid, out ModuleId) && ModuleId == AuthEntityId(EntityNames.Module)) + if (int.TryParse(moduleid, out ModuleId) && IsAuthorizedEntityId(EntityNames.Module, ModuleId)) { return _[Module]Repository.Get[Module]s(ModuleId); } @@ -45,7 +45,7 @@ namespace [Owner].[Module].Controllers public Models.[Module] Get(int id) { Models.[Module] [Module] = _[Module]Repository.Get[Module](id); - if ([Module] != null && [Module].ModuleId == AuthEntityId(EntityNames.Module)) + if ([Module] != null && IsAuthorizedEntityId(EntityNames.Module, [Module].ModuleId)) { return [Module]; } @@ -62,7 +62,7 @@ namespace [Owner].[Module].Controllers [Authorize(Policy = PolicyNames.EditModule)] public Models.[Module] Post([FromBody] Models.[Module] [Module]) { - if (ModelState.IsValid && [Module].ModuleId == AuthEntityId(EntityNames.Module)) + if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, [Module].ModuleId)) { [Module] = _[Module]Repository.Add[Module]([Module]); _logger.Log(LogLevel.Information, this, LogFunction.Create, "[Module] Added {[Module]}", [Module]); @@ -81,7 +81,7 @@ namespace [Owner].[Module].Controllers [Authorize(Policy = PolicyNames.EditModule)] public Models.[Module] Put(int id, [FromBody] Models.[Module] [Module]) { - if (ModelState.IsValid && [Module].ModuleId == AuthEntityId(EntityNames.Module) && _[Module]Repository.Get[Module]([Module].[Module]Id, false) != null) + if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, [Module].ModuleId) && _[Module]Repository.Get[Module]([Module].[Module]Id, false) != null) { [Module] = _[Module]Repository.Update[Module]([Module]); _logger.Log(LogLevel.Information, this, LogFunction.Update, "[Module] Updated {[Module]}", [Module]); @@ -101,7 +101,7 @@ namespace [Owner].[Module].Controllers public void Delete(int id) { Models.[Module] [Module] = _[Module]Repository.Get[Module](id); - if ([Module] != null && [Module].ModuleId == AuthEntityId(EntityNames.Module)) + if ([Module] != null && IsAuthorizedEntityId(EntityNames.Module, [Module].ModuleId)) { _[Module]Repository.Delete[Module](id); _logger.Log(LogLevel.Information, this, LogFunction.Delete, "[Module] Deleted {[Module]Id}", id); diff --git a/Oqtane.Server/wwwroot/Modules/Templates/External/template.json b/Oqtane.Server/wwwroot/Modules/Templates/External/template.json index ce4e9acb..89075449 100644 --- a/Oqtane.Server/wwwroot/Modules/Templates/External/template.json +++ b/Oqtane.Server/wwwroot/Modules/Templates/External/template.json @@ -1,5 +1,5 @@ { "Title": "Default Module Template", "Type": "External", - "Version": "3.1.4" + "Version": "3.3.0" }