From 912b7755535f15d14e6f67f11ce9fea2dbddece3 Mon Sep 17 00:00:00 2001
From: Shaun Walker <shaun.walker@siliqon.com>
Date: Wed, 2 Jun 2021 12:20:31 -0400
Subject: [PATCH] preserve backward compatibility of
 CreateAuthorizationPolicyUrl method

---
 Oqtane.Client/Services/ServiceBase.cs          | 18 +++++++++++-------
 Oqtane.Server/Security/PermissionHandler.cs    |  4 ++++
 .../Client/Services/[Module]Service.cs         | 10 +++++-----
 3 files changed, 20 insertions(+), 12 deletions(-)

diff --git a/Oqtane.Client/Services/ServiceBase.cs b/Oqtane.Client/Services/ServiceBase.cs
index bf2d7995..81d12dc8 100644
--- a/Oqtane.Client/Services/ServiceBase.cs
+++ b/Oqtane.Client/Services/ServiceBase.cs
@@ -55,7 +55,12 @@ namespace Oqtane.Services
             return apiurl;
         }
 
-        // add authentityid parameters to url for custom authorization policy - args in form of entityname = entityid
+        // add authentityid parameters to url for custom authorization policy
+        public string CreateAuthorizationPolicyUrl(string url, string entityName, int entityId)
+        {
+            return CreateAuthorizationPolicyUrl(url, new Dictionary<string, int>() { { entityName, entityId } });
+        }
+
         public string CreateAuthorizationPolicyUrl(string url, Dictionary<string, int> args)
         {
             string qs = "";
@@ -75,12 +80,6 @@ namespace Oqtane.Services
             }
         }
 
-        // legacy support for modules
-        public string CreateAuthorizationPolicyUrl(string url, int entityId)
-        {
-            return CreateAuthorizationPolicyUrl(url, new Dictionary<string, int>() { { EntityNames.Module, entityId } });
-        }
-
         protected async Task GetAsync(string uri)
         {
             var response = await _http.GetAsync(uri);
@@ -210,5 +209,10 @@ namespace Oqtane.Services
         [Obsolete("This property of ServiceBase is deprecated. Cross tenant service calls are not supported.", false)]
         public Alias Alias { get; set; }
 
+        [Obsolete("This method is obsolete. Use CreateApiUrl(string entityName, int entityId) instead.", false)]
+        public string CreateAuthorizationPolicyUrl(string url, int entityId)
+        {
+            return url + ((url.Contains("?")) ? "&" : "?") + "entityid=" + entityId.ToString();
+        }
     }
 }
diff --git a/Oqtane.Server/Security/PermissionHandler.cs b/Oqtane.Server/Security/PermissionHandler.cs
index e5c7e7cc..1a36cdce 100644
--- a/Oqtane.Server/Security/PermissionHandler.cs
+++ b/Oqtane.Server/Security/PermissionHandler.cs
@@ -31,6 +31,10 @@ namespace Oqtane.Security
                 {
                     entityId = int.Parse(ctx.Request.Query["auth" + requirement.EntityName.ToLower() + "id"]);
                 }
+                if (ctx.Request.Query.ContainsKey("entityid"))
+                {
+                    entityId = int.Parse(ctx.Request.Query["entityid"]);
+                }
                 if (_userPermissions.IsAuthorized(context.User, requirement.EntityName, entityId, requirement.PermissionName))
                 {
                     context.Succeed(requirement);
diff --git a/Oqtane.Server/wwwroot/Modules/Templates/External/Client/Services/[Module]Service.cs b/Oqtane.Server/wwwroot/Modules/Templates/External/Client/Services/[Module]Service.cs
index 344554e5..5e807628 100644
--- a/Oqtane.Server/wwwroot/Modules/Templates/External/Client/Services/[Module]Service.cs
+++ b/Oqtane.Server/wwwroot/Modules/Templates/External/Client/Services/[Module]Service.cs
@@ -22,28 +22,28 @@ namespace [Owner].[Module].Services
 
         public async Task<List<Models.[Module]>> Get[Module]sAsync(int ModuleId)
         {
-            List<Models.[Module]> [Module]s = await GetJsonAsync<List<Models.[Module]>>(CreateAuthorizationPolicyUrl($"{Apiurl}?moduleid={ModuleId}", ModuleId));
+            List<Models.[Module]> [Module]s = await GetJsonAsync<List<Models.[Module]>>(CreateAuthorizationPolicyUrl($"{Apiurl}?moduleid={ModuleId}", EntityNames.Module, ModuleId));
             return [Module]s.OrderBy(item => item.Name).ToList();
         }
 
         public async Task<Models.[Module]> Get[Module]Async(int [Module]Id, int ModuleId)
         {
-            return await GetJsonAsync<Models.[Module]>(CreateAuthorizationPolicyUrl($"{Apiurl}/{[Module]Id}", ModuleId));
+            return await GetJsonAsync<Models.[Module]>(CreateAuthorizationPolicyUrl($"{Apiurl}/{[Module]Id}", EntityNames.Module, ModuleId));
         }
 
         public async Task<Models.[Module]> Add[Module]Async(Models.[Module] [Module])
         {
-            return await PostJsonAsync<Models.[Module]>(CreateAuthorizationPolicyUrl($"{Apiurl}", [Module].ModuleId), [Module]);
+            return await PostJsonAsync<Models.[Module]>(CreateAuthorizationPolicyUrl($"{Apiurl}", EntityNames.Module, [Module].ModuleId), [Module]);
         }
 
         public async Task<Models.[Module]> Update[Module]Async(Models.[Module] [Module])
         {
-            return await PutJsonAsync<Models.[Module]>(CreateAuthorizationPolicyUrl($"{Apiurl}/{[Module].[Module]Id}", [Module].ModuleId), [Module]);
+            return await PutJsonAsync<Models.[Module]>(CreateAuthorizationPolicyUrl($"{Apiurl}/{[Module].[Module]Id}", EntityNames.Module, [Module].ModuleId), [Module]);
         }
 
         public async Task Delete[Module]Async(int [Module]Id, int ModuleId)
         {
-            await DeleteAsync(CreateAuthorizationPolicyUrl($"{Apiurl}/{[Module]Id}", ModuleId));
+            await DeleteAsync(CreateAuthorizationPolicyUrl($"{Apiurl}/{[Module]Id}", EntityNames.Module, ModuleId));
         }
     }
 }