improvements for custom authorization policy usage

2020-06-25 10:23:27 -04:00 · 2020-06-25 10:23:27 -04:00 · 6e7c8e7b05
commit 6e7c8e7b05
parent a4a0334ec0
5 changed files with 42 additions and 14 deletions
--- a/Oqtane.Client/Modules/HtmlText/Services/HtmlTextService.cs
+++ b/Oqtane.Client/Modules/HtmlText/Services/HtmlTextService.cs
@ -21,23 +21,23 @@ namespace Oqtane.Modules.HtmlText.Services

        public async Task<HtmlTextInfo> GetHtmlTextAsync(int moduleId)
        {
-            var htmltext = await GetJsonAsync<List<HtmlTextInfo>>($"{ApiUrl}/{moduleId}?entityid={moduleId}");
+            var htmltext = await GetJsonAsync<List<HtmlTextInfo>>(CreateAuthorizationPolicyUrl($"{ApiUrl}/{moduleId}", moduleId));
            return htmltext.FirstOrDefault();
        }

        public async Task AddHtmlTextAsync(HtmlTextInfo htmlText)
        {
-            await PostJsonAsync($"{ApiUrl}?entityid={htmlText.ModuleId}", htmlText);
+            await PostJsonAsync(CreateAuthorizationPolicyUrl($"{ApiUrl}", htmlText.ModuleId), htmlText);
        }

        public async Task UpdateHtmlTextAsync(HtmlTextInfo htmlText)
        {
-            await PutJsonAsync($"{ApiUrl}/{htmlText.HtmlTextId}?entityid={htmlText.ModuleId}", htmlText);
+            await PutJsonAsync(CreateAuthorizationPolicyUrl($"{ApiUrl}/{htmlText.HtmlTextId}", htmlText.ModuleId), htmlText);
        }

        public async Task DeleteHtmlTextAsync(int moduleId)
        {
-            await DeleteAsync($"{ApiUrl}/{moduleId}?entityid={moduleId}");
+            await DeleteAsync(CreateAuthorizationPolicyUrl($"{ApiUrl}/{moduleId}", moduleId));
        }
    }
 }
--- a/Oqtane.Client/Services/ServiceBase.cs
+++ b/Oqtane.Client/Services/ServiceBase.cs
@ -170,6 +170,19 @@ namespace Oqtane.Services
        // can be used to override the default alias
        public Alias Alias { get; set; }

+        // add entityid parameter to url for custom authorization policy
+        public string CreateAuthorizationPolicyUrl(string url, int entityId)
+        {
+            if (url.Contains("?"))
+            {
+                return url + "&entityid=" + entityId.ToString();
+            }
+            else
+            {
+                return url + "?entityid=" + entityId.ToString();
+            }
+        }
+
        [Obsolete("This method is obsolete. Use CreateApiUrl(Alias alias, string serviceName) instead.", false)]
        public string CreateApiUrl(Alias alias, string absoluteUri, string serviceName)
        {
--- a/Oqtane.Server/Controllers/ModuleControllerBase.cs
+++ b/Oqtane.Server/Controllers/ModuleControllerBase.cs
@ -0,0 +1,21 @@
+using Microsoft.AspNetCore.Mvc;
+using Microsoft.AspNetCore.Http;
+using Oqtane.Infrastructure;
+
+namespace Oqtane.Controllers
+{
+    public class ModuleControllerBase : Controller
+    {
+        protected readonly ILogManager _logger;
+        protected int _entityId = -1; // passed as a querystring parameter for policy authorization and used for validation
+
+        public ModuleControllerBase(ILogManager logger, IHttpContextAccessor accessor)
+        {
+            _logger = logger;
+            if (accessor.HttpContext.Request.Query.ContainsKey("entityid"))
+            {
+                _entityId = int.Parse(accessor.HttpContext.Request.Query["entityid"]);
+            }
+        }
+    }
+}
--- a/Oqtane.Server/Modules/HtmlText/Controllers/HtmlTextController.cs
+++ b/Oqtane.Server/Modules/HtmlText/Controllers/HtmlTextController.cs
@ -8,24 +8,18 @@ using System;
 using System.Collections.Generic;
 using Oqtane.Enums;
 using Oqtane.Infrastructure;
+using Oqtane.Controllers;

 namespace Oqtane.Modules.HtmlText.Controllers
 {
    [Route("{alias}/api/[controller]")]
-    public class HtmlTextController : Controller
+    public class HtmlTextController : ModuleControllerBase
    {
        private readonly IHtmlTextRepository _htmlText;
-        private readonly ILogManager _logger;
-        private int _entityId = -1; // passed as a querystring parameter for authorization and used for validation

-        public HtmlTextController(IHtmlTextRepository htmlText, ILogManager logger, IHttpContextAccessor httpContextAccessor)
+        public HtmlTextController(IHtmlTextRepository htmlText, ILogManager logger, IHttpContextAccessor accessor) : base(logger, accessor)
        {
            _htmlText = htmlText;
-            _logger = logger;
-            if (httpContextAccessor.HttpContext.Request.Query.ContainsKey("entityid"))
-            {
-                _entityId = int.Parse(httpContextAccessor.HttpContext.Request.Query["entityid"]);
-            }
        }

        // GET api/<controller>/5
--- a/Oqtane.Server/Startup.cs
+++ b/Oqtane.Server/Startup.cs
@ -72,7 +72,7 @@ namespace Oqtane
                });
            }

-            // register authorization services
+            // register custom authorization policies
            services.AddAuthorizationCore(options =>
            {
                options.AddPolicy("ViewPage", policy => policy.Requirements.Add(new PermissionRequirement(EntityNames.Page, PermissionNames.View)));