kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

add ModuleControllerBase helper method for validating EntityId

Browse Source
This commit is contained in:
Shaun Walker 2022-12-05 14:21:12 -05:00
parent cb10dde97d
commit 28b58b9048
4 changed files with 16 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Oqtane.Server/Controllers/ModuleControllerBase.cs
View File

@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Http;
using Oqtane.Infrastructure;
using System.Collections.Generic;
using System;
using Oqtane.Shared;
namespace Oqtane.Controllers
{
@ -48,5 +49,9 @@ namespace Oqtane.Controllers
}
}
protected bool IsAuthorizedEntityId(string entityname, int entityid)
{
return (entityid == AuthEntityId(entityname)) || User.IsInRole(RoleNames.Host);
}
}
}

10
Oqtane.Server/Modules/HtmlText/Controllers/HtmlTextController.cs
View File

@ -29,7 +29,7 @@ namespace Oqtane.Modules.HtmlText.Controllers
[Authorize(Roles = RoleNames.Registered)]
public IEnumerable<Models.HtmlText> Get(string moduleId)
{
if (int.TryParse(moduleId, out int ModuleId) && AuthEntityId(EntityNames.Module) == ModuleId)
if (int.TryParse(moduleId, out int ModuleId) && IsAuthorizedEntityId(EntityNames.Module, ModuleId))
{
return _htmlText.GetHtmlTexts(ModuleId);
}
@ -46,7 +46,7 @@ namespace Oqtane.Modules.HtmlText.Controllers
[Authorize(Policy = PolicyNames.ViewModule)]
public Models.HtmlText Get(int moduleId)
{
if (AuthEntityId(EntityNames.Module) == moduleId)
if (IsAuthorizedEntityId(EntityNames.Module, moduleId))
{
var htmltexts = _htmlText.GetHtmlTexts(moduleId);
if (htmltexts != null && htmltexts.Any())
@ -71,7 +71,7 @@ namespace Oqtane.Modules.HtmlText.Controllers
[Authorize(Policy = PolicyNames.ViewModule)]
public Models.HtmlText Get(int id, int moduleId)
{
if (AuthEntityId(EntityNames.Module) == moduleId)
if (IsAuthorizedEntityId(EntityNames.Module, moduleId))
{
return _htmlText.GetHtmlText(id);
}
@ -88,7 +88,7 @@ namespace Oqtane.Modules.HtmlText.Controllers
[Authorize(Policy = PolicyNames.EditModule)]
public Models.HtmlText Post([FromBody] Models.HtmlText htmlText)
{
if (ModelState.IsValid && AuthEntityId(EntityNames.Module) == htmlText.ModuleId)
if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, htmlText.ModuleId))
{
htmlText = _htmlText.AddHtmlText(htmlText);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "Html/Text Added {HtmlText}", htmlText);
@ -107,7 +107,7 @@ namespace Oqtane.Modules.HtmlText.Controllers
[Authorize(Policy = PolicyNames.EditModule)]
public void Delete(int id, int moduleId)
{
if (AuthEntityId(EntityNames.Module) == moduleId)
if (IsAuthorizedEntityId(EntityNames.Module, moduleId))
{
_htmlText.DeleteHtmlText(id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "Html/Text Deleted {HtmlTextId}", id);

10
Oqtane.Server/wwwroot/Modules/Templates/External/Server/Controllers/[Module]Controller.cs vendored
View File

@ -27,7 +27,7 @@ namespace [Owner].[Module].Controllers
public IEnumerable<Models.[Module]> Get(string moduleid)
{
int ModuleId;
if (int.TryParse(moduleid, out ModuleId) && ModuleId == AuthEntityId(EntityNames.Module))
if (int.TryParse(moduleid, out ModuleId) && IsAuthorizedEntityId(EntityNames.Module, ModuleId))
{
return _[Module]Repository.Get[Module]s(ModuleId);
}
@ -45,7 +45,7 @@ namespace [Owner].[Module].Controllers
public Models.[Module] Get(int id)
{
Models.[Module] [Module] = _[Module]Repository.Get[Module](id);
if ([Module] != null && [Module].ModuleId == AuthEntityId(EntityNames.Module))
if ([Module] != null && IsAuthorizedEntityId(EntityNames.Module, [Module].ModuleId))
{
return [Module];
}
@ -62,7 +62,7 @@ namespace [Owner].[Module].Controllers
[Authorize(Policy = PolicyNames.EditModule)]
public Models.[Module] Post([FromBody] Models.[Module] [Module])
{
if (ModelState.IsValid && [Module].ModuleId == AuthEntityId(EntityNames.Module))
if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, [Module].ModuleId))
{
[Module] = _[Module]Repository.Add[Module]([Module]);
_logger.Log(LogLevel.Information, this, LogFunction.Create, "[Module] Added {[Module]}", [Module]);
@ -81,7 +81,7 @@ namespace [Owner].[Module].Controllers
[Authorize(Policy = PolicyNames.EditModule)]
public Models.[Module] Put(int id, [FromBody] Models.[Module] [Module])
{
if (ModelState.IsValid && [Module].ModuleId == AuthEntityId(EntityNames.Module) && _[Module]Repository.Get[Module]([Module].[Module]Id, false) != null)
if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, [Module].ModuleId) && _[Module]Repository.Get[Module]([Module].[Module]Id, false) != null)
{
[Module] = _[Module]Repository.Update[Module]([Module]);
_logger.Log(LogLevel.Information, this, LogFunction.Update, "[Module] Updated {[Module]}", [Module]);
@ -101,7 +101,7 @@ namespace [Owner].[Module].Controllers
public void Delete(int id)
{
Models.[Module] [Module] = _[Module]Repository.Get[Module](id);
if ([Module] != null && [Module].ModuleId == AuthEntityId(EntityNames.Module))
if ([Module] != null && IsAuthorizedEntityId(EntityNames.Module, [Module].ModuleId))
{
_[Module]Repository.Delete[Module](id);
_logger.Log(LogLevel.Information, this, LogFunction.Delete, "[Module] Deleted {[Module]Id}", id);

2
Oqtane.Server/wwwroot/Modules/Templates/External/template.json vendored
View File

@ -1,5 +1,5 @@
{
"Title": "Default Module Template",
"Type": "External",
"Version": "3.1.4"
"Version": "3.3.0"
}