add ModuleControllerBase helper method for validating EntityId

Oqtane.Server/Controllers/ModuleControllerBase.cs

@@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Http;
 using Oqtane.Infrastructure;
 using System.Collections.Generic;
 using System;
+using Oqtane.Shared;
 
 namespace Oqtane.Controllers
 {
@@ -48,5 +49,9 @@ namespace Oqtane.Controllers
             }
         }
 
+        protected bool IsAuthorizedEntityId(string entityname, int entityid)
+        {
+            return (entityid == AuthEntityId(entityname)) || User.IsInRole(RoleNames.Host);
+        }
     }
 }

Oqtane.Server/Modules/HtmlText/Controllers/HtmlTextController.cs

@@ -29,7 +29,7 @@ namespace Oqtane.Modules.HtmlText.Controllers
         [Authorize(Roles = RoleNames.Registered)]
         public IEnumerable<Models.HtmlText> Get(string moduleId)
         {
-            if (int.TryParse(moduleId, out int ModuleId) && AuthEntityId(EntityNames.Module) == ModuleId)
+            if (int.TryParse(moduleId, out int ModuleId) && IsAuthorizedEntityId(EntityNames.Module, ModuleId))
             {
                 return _htmlText.GetHtmlTexts(ModuleId);
             }
@@ -46,7 +46,7 @@ namespace Oqtane.Modules.HtmlText.Controllers
         [Authorize(Policy = PolicyNames.ViewModule)]
         public Models.HtmlText Get(int moduleId)
         {
-            if (AuthEntityId(EntityNames.Module) == moduleId)
+            if (IsAuthorizedEntityId(EntityNames.Module, moduleId))
             {
                 var htmltexts = _htmlText.GetHtmlTexts(moduleId);
                 if (htmltexts != null && htmltexts.Any())
@@ -71,7 +71,7 @@ namespace Oqtane.Modules.HtmlText.Controllers
         [Authorize(Policy = PolicyNames.ViewModule)]
         public Models.HtmlText Get(int id, int moduleId)
         {
-            if (AuthEntityId(EntityNames.Module) == moduleId)
+            if (IsAuthorizedEntityId(EntityNames.Module, moduleId))
             {
                 return _htmlText.GetHtmlText(id);
             }
@@ -88,7 +88,7 @@ namespace Oqtane.Modules.HtmlText.Controllers
         [Authorize(Policy = PolicyNames.EditModule)]
         public Models.HtmlText Post([FromBody] Models.HtmlText htmlText)
         {
-            if (ModelState.IsValid && AuthEntityId(EntityNames.Module) == htmlText.ModuleId)
+            if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, htmlText.ModuleId))
             {
                 htmlText = _htmlText.AddHtmlText(htmlText);
                 _logger.Log(LogLevel.Information, this, LogFunction.Create, "Html/Text Added {HtmlText}", htmlText);
@@ -107,7 +107,7 @@ namespace Oqtane.Modules.HtmlText.Controllers
         [Authorize(Policy = PolicyNames.EditModule)]
         public void Delete(int id, int moduleId)
         {
-            if (AuthEntityId(EntityNames.Module) == moduleId)
+            if (IsAuthorizedEntityId(EntityNames.Module, moduleId))
             {
                 _htmlText.DeleteHtmlText(id);
                 _logger.Log(LogLevel.Information, this, LogFunction.Delete, "Html/Text Deleted {HtmlTextId}", id);

Oqtane.Server/wwwroot/Modules/Templates/External/Server/Controllers/[Module]Controller.cs

@@ -27,7 +27,7 @@ namespace [Owner].[Module].Controllers
         public IEnumerable<Models.[Module]> Get(string moduleid)
         {
             int ModuleId;
-            if (int.TryParse(moduleid, out ModuleId) && ModuleId == AuthEntityId(EntityNames.Module))
+            if (int.TryParse(moduleid, out ModuleId) && IsAuthorizedEntityId(EntityNames.Module, ModuleId))
             {
                 return _[Module]Repository.Get[Module]s(ModuleId);
             }
@@ -45,7 +45,7 @@ namespace [Owner].[Module].Controllers
         public Models.[Module] Get(int id)
         {
             Models.[Module] [Module] = _[Module]Repository.Get[Module](id);
-            if ([Module] != null && [Module].ModuleId == AuthEntityId(EntityNames.Module))
+            if ([Module] != null && IsAuthorizedEntityId(EntityNames.Module, [Module].ModuleId))
             {
                 return [Module];
             }
@@ -62,7 +62,7 @@ namespace [Owner].[Module].Controllers
         [Authorize(Policy = PolicyNames.EditModule)]
         public Models.[Module] Post([FromBody] Models.[Module] [Module])
         {
-            if (ModelState.IsValid && [Module].ModuleId == AuthEntityId(EntityNames.Module))
+            if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, [Module].ModuleId))
             {
                 [Module] = _[Module]Repository.Add[Module]([Module]);
                 _logger.Log(LogLevel.Information, this, LogFunction.Create, "[Module] Added {[Module]}", [Module]);
@@ -81,7 +81,7 @@ namespace [Owner].[Module].Controllers
         [Authorize(Policy = PolicyNames.EditModule)]
         public Models.[Module] Put(int id, [FromBody] Models.[Module] [Module])
         {
-            if (ModelState.IsValid && [Module].ModuleId == AuthEntityId(EntityNames.Module) && _[Module]Repository.Get[Module]([Module].[Module]Id, false) != null)
+            if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, [Module].ModuleId) && _[Module]Repository.Get[Module]([Module].[Module]Id, false) != null)
             {
                 [Module] = _[Module]Repository.Update[Module]([Module]);
                 _logger.Log(LogLevel.Information, this, LogFunction.Update, "[Module] Updated {[Module]}", [Module]);
@@ -101,7 +101,7 @@ namespace [Owner].[Module].Controllers
         public void Delete(int id)
         {
             Models.[Module] [Module] = _[Module]Repository.Get[Module](id);
-            if ([Module] != null && [Module].ModuleId == AuthEntityId(EntityNames.Module))
+            if ([Module] != null && IsAuthorizedEntityId(EntityNames.Module, [Module].ModuleId))
             {
                 _[Module]Repository.Delete[Module](id);
                 _logger.Log(LogLevel.Information, this, LogFunction.Delete, "[Module] Deleted {[Module]Id}", id);

Oqtane.Server/wwwroot/Modules/Templates/External/template.json

@@ -1,5 +1,5 @@
 {
   "Title": "Default Module Template",
   "Type": "External",
-  "Version": "3.1.4"
+  "Version": "3.3.0"
 }