kocoded/oqtane.framework
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

preserve backward compatibility of CreateAuthorizationPolicyUrl method

Browse Source
This commit is contained in:
Shaun Walker 2021-06-02 12:20:31 -04:00
parent 9bccc402a0
commit 912b775553
3 changed files with 20 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
Oqtane.Client/Services/ServiceBase.cs
View File

@ -55,7 +55,12 @@ namespace Oqtane.Services
return apiurl;
}
// add authentityid parameters to url for custom authorization policy - args in form of entityname = entityid
// add authentityid parameters to url for custom authorization policy
public string CreateAuthorizationPolicyUrl(string url, string entityName, int entityId)
{
return CreateAuthorizationPolicyUrl(url, new Dictionary<string, int>() { { entityName, entityId } });
}
public string CreateAuthorizationPolicyUrl(string url, Dictionary<string, int> args)
{
string qs = "";
@ -75,12 +80,6 @@ namespace Oqtane.Services
}
}
// legacy support for modules
public string CreateAuthorizationPolicyUrl(string url, int entityId)
{
return CreateAuthorizationPolicyUrl(url, new Dictionary<string, int>() { { EntityNames.Module, entityId } });
}
protected async Task GetAsync(string uri)
{
var response = await _http.GetAsync(uri);
@ -210,5 +209,10 @@ namespace Oqtane.Services
[Obsolete("This property of ServiceBase is deprecated. Cross tenant service calls are not supported.", false)]
public Alias Alias { get; set; }
[Obsolete("This method is obsolete. Use CreateApiUrl(string entityName, int entityId) instead.", false)]
public string CreateAuthorizationPolicyUrl(string url, int entityId)
{
return url + ((url.Contains("?")) ? "&" : "?") + "entityid=" + entityId.ToString();
}
}
}

4
Oqtane.Server/Security/PermissionHandler.cs
View File

@ -31,6 +31,10 @@ namespace Oqtane.Security
{
entityId = int.Parse(ctx.Request.Query["auth" + requirement.EntityName.ToLower() + "id"]);
}
if (ctx.Request.Query.ContainsKey("entityid"))
{
entityId = int.Parse(ctx.Request.Query["entityid"]);
}
if (_userPermissions.IsAuthorized(context.User, requirement.EntityName, entityId, requirement.PermissionName))
{
context.Succeed(requirement);

10
Oqtane.Server/wwwroot/Modules/Templates/External/Client/Services/[Module]Service.cs vendored
View File

@ -22,28 +22,28 @@ namespace [Owner].[Module].Services
public async Task<List<Models.[Module]>> Get[Module]sAsync(int ModuleId)
{
List<Models.[Module]> [Module]s = await GetJsonAsync<List<Models.[Module]>>(CreateAuthorizationPolicyUrl($"{Apiurl}?moduleid={ModuleId}", ModuleId));
List<Models.[Module]> [Module]s = await GetJsonAsync<List<Models.[Module]>>(CreateAuthorizationPolicyUrl($"{Apiurl}?moduleid={ModuleId}", EntityNames.Module, ModuleId));
return [Module]s.OrderBy(item => item.Name).ToList();
}
public async Task<Models.[Module]> Get[Module]Async(int [Module]Id, int ModuleId)
{
return await GetJsonAsync<Models.[Module]>(CreateAuthorizationPolicyUrl($"{Apiurl}/{[Module]Id}", ModuleId));
return await GetJsonAsync<Models.[Module]>(CreateAuthorizationPolicyUrl($"{Apiurl}/{[Module]Id}", EntityNames.Module, ModuleId));
}
public async Task<Models.[Module]> Add[Module]Async(Models.[Module] [Module])
{
return await PostJsonAsync<Models.[Module]>(CreateAuthorizationPolicyUrl($"{Apiurl}", [Module].ModuleId), [Module]);
return await PostJsonAsync<Models.[Module]>(CreateAuthorizationPolicyUrl($"{Apiurl}", EntityNames.Module, [Module].ModuleId), [Module]);
}
public async Task<Models.[Module]> Update[Module]Async(Models.[Module] [Module])
{
return await PutJsonAsync<Models.[Module]>(CreateAuthorizationPolicyUrl($"{Apiurl}/{[Module].[Module]Id}", [Module].ModuleId), [Module]);
return await PutJsonAsync<Models.[Module]>(CreateAuthorizationPolicyUrl($"{Apiurl}/{[Module].[Module]Id}", EntityNames.Module, [Module].ModuleId), [Module]);
}
public async Task Delete[Module]Async(int [Module]Id, int ModuleId)
{
await DeleteAsync(CreateAuthorizationPolicyUrl($"{Apiurl}/{[Module]Id}", ModuleId));
await DeleteAsync(CreateAuthorizationPolicyUrl($"{Apiurl}/{[Module]Id}", EntityNames.Module, ModuleId));
}
}
}