improved legacy support for module authorization policy

2021-05-27 21:01:25 -04:00 · 2021-05-27 21:01:25 -04:00 · a144a5c432
commit a144a5c432
parent 9aff82e504
3 changed files with 18 additions and 35 deletions
--- a/Oqtane.Client/Services/ServiceBase.cs
+++ b/Oqtane.Client/Services/ServiceBase.cs
@ -75,6 +75,12 @@ namespace Oqtane.Services
            }
        }

+        // legacy support for modules
+        public string CreateAuthorizationPolicyUrl(string url, int entityId)
+        {
+            return CreateAuthorizationPolicyUrl(url, new Dictionary<string, int>() { { EntityNames.Module, entityId } });
+        }
+
        protected async Task GetAsync(string uri)
        {
            var response = await _http.GetAsync(uri);
@ -189,41 +195,20 @@ namespace Oqtane.Services
            return mediaType != null && mediaType.Equals("application/json", StringComparison.OrdinalIgnoreCase);
        }

-        [Obsolete("This method is obsolete. Use CreateApiUrl(Alias alias, string serviceName) instead.", false)]
-        public string CreateApiUrl(Alias alias, string absoluteUri, string serviceName)
-        {
-            // only retained for short term backward compatibility
-            return CreateApiUrl(alias, serviceName);
-        }
-
-        [Obsolete("This method is obsolete. Use CreateApiUrl(string serviceName, Alias alias) instead.", false)]
+        [Obsolete("This method is obsolete. Use CreateApiUrl(string serviceName, Alias alias) in conjunction with ControllerRoutes.ApiRoute in Controllers instead.", false)]
        public string CreateApiUrl(string serviceName)
        {
            return CreateApiUrl(serviceName, null, ControllerRoutes.Default);
        }

-        [Obsolete("This method is deprecated.", false)]
-        public Alias Alias { get; set; }
-
-        [Obsolete("This method is obsolete. Use CreateApiUrl(string serviceName, Alias alias) instead.", false)]
+        [Obsolete("This method is obsolete. Use CreateApiUrl(string serviceName, Alias alias) in conjunction with ControllerRoutes.ApiRoute in Controllers instead.", false)]
        public string CreateApiUrl(Alias alias, string serviceName)
        {
            return CreateApiUrl(serviceName, alias, ControllerRoutes.Default);
        }

-        [Obsolete("This method is obsolete. Use CreateAuthorizationPolicyUrl(string url, Dictionary<string, int> args) instead - in conjunction with _authEntityId in Server Controller.", false)]
-        public string CreateAuthorizationPolicyUrl(string url, int entityId)
-        {
-            string qs = "entityid=" + entityId.ToString();
+        [Obsolete("This property of ServiceBase is deprecated. Cross tenant service calls are not supported.", false)]
+        public Alias Alias { get; set; }

-            if (url.Contains("?"))
-            {
-                return url + "&" + qs;
-            }
-            else
-            {
-                return url + "?" + qs;
-            }
-        }
    }
 }
--- a/Oqtane.Server/Controllers/ModuleControllerBase.cs
+++ b/Oqtane.Server/Controllers/ModuleControllerBase.cs
@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Http;
 using Oqtane.Infrastructure;
 using System.Collections.Generic;
 using System;
+using Oqtane.Shared;

 namespace Oqtane.Controllers
 {
@ -11,23 +12,25 @@ namespace Oqtane.Controllers
        protected readonly ILogManager _logger;
        // querystring parameters for policy authorization and validation
        protected Dictionary<string, int> _authEntityId = new Dictionary<string, int>(StringComparer.OrdinalIgnoreCase);
-        protected int _entityId = -1; // deprecated
+        protected int _entityId = -1; // legacy support

        public ModuleControllerBase(ILogManager logger, IHttpContextAccessor accessor)
        {
            _logger = logger;
+
+            // populate policy authorization dictionary
            int value;
            foreach (var param in accessor.HttpContext.Request.Query)
            {
                if (param.Key.StartsWith("auth") && param.Key.EndsWith("id") && int.TryParse(param.Value, out value))
                {
-                    _authEntityId.Add(param.Key.Substring(4, param.Key.Length - 6), int.Parse(param.Value));
+                    _authEntityId.Add(param.Key.Substring(4, param.Key.Length - 6), value);
                }
            }
-            // entityid is deprecated
-            if (accessor.HttpContext.Request.Query.ContainsKey("entityid"))
+            // legacy support
+            if (_authEntityId.ContainsKey(EntityNames.Module))
            {
-                _entityId = int.Parse(accessor.HttpContext.Request.Query["entityid"]);
+                _entityId = _authEntityId[EntityNames.Module];
            }
        }

--- a/Oqtane.Server/Repository/Context/DBContextBase.cs
+++ b/Oqtane.Server/Repository/Context/DBContextBase.cs
@ -1,19 +1,14 @@
 using System;
-using System.Collections.Generic;
-using System.Linq;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Identity;
 using Microsoft.AspNetCore.Identity.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore;
 using Microsoft.EntityFrameworkCore.Migrations;
-using Microsoft.Extensions.Configuration;
 using Oqtane.Databases.Interfaces;
 using Oqtane.Extensions;
 using Oqtane.Infrastructure;
-using Oqtane.Interfaces;
 using Oqtane.Migrations.Framework;
 using Oqtane.Models;
-using Oqtane.Shared;

 // ReSharper disable BuiltInTypeReferenceStyleForMemberAccess