improvements for custom authorization policy usage
This commit is contained in:
Shaun Walker
parent
a4a0334ec0
commit
6e7c8e7b05
|
|
@ -21,23 +21,23 @@ namespace Oqtane.Modules.HtmlText.Services
|
||||||
|
|
||||||
public async Task<HtmlTextInfo> GetHtmlTextAsync(int moduleId)
|
public async Task<HtmlTextInfo> GetHtmlTextAsync(int moduleId)
|
||||||
{
|
{
|
||||||
var htmltext = await GetJsonAsync<List<HtmlTextInfo>>($"{ApiUrl}/{moduleId}?entityid={moduleId}");
|
var htmltext = await GetJsonAsync<List<HtmlTextInfo>>(CreateAuthorizationPolicyUrl($"{ApiUrl}/{moduleId}", moduleId));
|
||||||
return htmltext.FirstOrDefault();
|
return htmltext.FirstOrDefault();
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task AddHtmlTextAsync(HtmlTextInfo htmlText)
|
public async Task AddHtmlTextAsync(HtmlTextInfo htmlText)
|
||||||
{
|
{
|
||||||
await PostJsonAsync($"{ApiUrl}?entityid={htmlText.ModuleId}", htmlText);
|
await PostJsonAsync(CreateAuthorizationPolicyUrl($"{ApiUrl}", htmlText.ModuleId), htmlText);
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task UpdateHtmlTextAsync(HtmlTextInfo htmlText)
|
public async Task UpdateHtmlTextAsync(HtmlTextInfo htmlText)
|
||||||
{
|
{
|
||||||
await PutJsonAsync($"{ApiUrl}/{htmlText.HtmlTextId}?entityid={htmlText.ModuleId}", htmlText);
|
await PutJsonAsync(CreateAuthorizationPolicyUrl($"{ApiUrl}/{htmlText.HtmlTextId}", htmlText.ModuleId), htmlText);
|
||||||
}
|
}
|
||||||
|
|
||||||
public async Task DeleteHtmlTextAsync(int moduleId)
|
public async Task DeleteHtmlTextAsync(int moduleId)
|
||||||
{
|
{
|
||||||
await DeleteAsync($"{ApiUrl}/{moduleId}?entityid={moduleId}");
|
await DeleteAsync(CreateAuthorizationPolicyUrl($"{ApiUrl}/{moduleId}", moduleId));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -170,6 +170,19 @@ namespace Oqtane.Services
|
||||||
// can be used to override the default alias
|
// can be used to override the default alias
|
||||||
public Alias Alias { get; set; }
|
public Alias Alias { get; set; }
|
||||||
|
|
||||||
|
// add entityid parameter to url for custom authorization policy
|
||||||
|
public string CreateAuthorizationPolicyUrl(string url, int entityId)
|
||||||
|
{
|
||||||
|
if (url.Contains("?"))
|
||||||
|
{
|
||||||
|
return url + "&entityid=" + entityId.ToString();
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
return url + "?entityid=" + entityId.ToString();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
[Obsolete("This method is obsolete. Use CreateApiUrl(Alias alias, string serviceName) instead.", false)]
|
[Obsolete("This method is obsolete. Use CreateApiUrl(Alias alias, string serviceName) instead.", false)]
|
||||||
public string CreateApiUrl(Alias alias, string absoluteUri, string serviceName)
|
public string CreateApiUrl(Alias alias, string absoluteUri, string serviceName)
|
||||||
{
|
{
|
||||||
|
|
|
||||||
21
Oqtane.Server/Controllers/ModuleControllerBase.cs
Normal file
21
Oqtane.Server/Controllers/ModuleControllerBase.cs
Normal file
|
|
@ -0,0 +1,21 @@
|
||||||
|
using Microsoft.AspNetCore.Mvc;
|
||||||
|
using Microsoft.AspNetCore.Http;
|
||||||
|
using Oqtane.Infrastructure;
|
||||||
|
|
||||||
|
namespace Oqtane.Controllers
|
||||||
|
{
|
||||||
|
public class ModuleControllerBase : Controller
|
||||||
|
{
|
||||||
|
protected readonly ILogManager _logger;
|
||||||
|
protected int _entityId = -1; // passed as a querystring parameter for policy authorization and used for validation
|
||||||
|
|
||||||
|
public ModuleControllerBase(ILogManager logger, IHttpContextAccessor accessor)
|
||||||
|
{
|
||||||
|
_logger = logger;
|
||||||
|
if (accessor.HttpContext.Request.Query.ContainsKey("entityid"))
|
||||||
|
{
|
||||||
|
_entityId = int.Parse(accessor.HttpContext.Request.Query["entityid"]);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
@ -8,24 +8,18 @@ using System;
|
||||||
using System.Collections.Generic;
|
using System.Collections.Generic;
|
||||||
using Oqtane.Enums;
|
using Oqtane.Enums;
|
||||||
using Oqtane.Infrastructure;
|
using Oqtane.Infrastructure;
|
||||||
|
using Oqtane.Controllers;
|
||||||
|
|
||||||
namespace Oqtane.Modules.HtmlText.Controllers
|
namespace Oqtane.Modules.HtmlText.Controllers
|
||||||
{
|
{
|
||||||
[Route("{alias}/api/[controller]")]
|
[Route("{alias}/api/[controller]")]
|
||||||
public class HtmlTextController : Controller
|
public class HtmlTextController : ModuleControllerBase
|
||||||
{
|
{
|
||||||
private readonly IHtmlTextRepository _htmlText;
|
private readonly IHtmlTextRepository _htmlText;
|
||||||
private readonly ILogManager _logger;
|
|
||||||
private int _entityId = -1; // passed as a querystring parameter for authorization and used for validation
|
|
||||||
|
|
||||||
public HtmlTextController(IHtmlTextRepository htmlText, ILogManager logger, IHttpContextAccessor httpContextAccessor)
|
public HtmlTextController(IHtmlTextRepository htmlText, ILogManager logger, IHttpContextAccessor accessor) : base(logger, accessor)
|
||||||
{
|
{
|
||||||
_htmlText = htmlText;
|
_htmlText = htmlText;
|
||||||
_logger = logger;
|
|
||||||
if (httpContextAccessor.HttpContext.Request.Query.ContainsKey("entityid"))
|
|
||||||
{
|
|
||||||
_entityId = int.Parse(httpContextAccessor.HttpContext.Request.Query["entityid"]);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// GET api/<controller>/5
|
// GET api/<controller>/5
|
||||||
|
|
|
||||||
|
|
@ -72,7 +72,7 @@ namespace Oqtane
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
// register authorization services
|
// register custom authorization policies
|
||||||
services.AddAuthorizationCore(options =>
|
services.AddAuthorizationCore(options =>
|
||||||
{
|
{
|
||||||
options.AddPolicy("ViewPage", policy => policy.Requirements.Add(new PermissionRequirement(EntityNames.Page, PermissionNames.View)));
|
options.AddPolicy("ViewPage", policy => policy.Requirements.Add(new PermissionRequirement(EntityNames.Page, PermissionNames.View)));
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user