From a144a5c43220266a2edb4c60e73ff130423c1a5b Mon Sep 17 00:00:00 2001 From: Shaun Walker Date: Thu, 27 May 2021 21:01:25 -0400 Subject: [PATCH] improved legacy support for module authorization policy --- Oqtane.Client/Services/ServiceBase.cs | 35 ++++++------------- .../Controllers/ModuleControllerBase.cs | 13 ++++--- .../Repository/Context/DBContextBase.cs | 5 --- 3 files changed, 18 insertions(+), 35 deletions(-) diff --git a/Oqtane.Client/Services/ServiceBase.cs b/Oqtane.Client/Services/ServiceBase.cs index 5e425bd1..bf2d7995 100644 --- a/Oqtane.Client/Services/ServiceBase.cs +++ b/Oqtane.Client/Services/ServiceBase.cs @@ -75,6 +75,12 @@ namespace Oqtane.Services } } + // legacy support for modules + public string CreateAuthorizationPolicyUrl(string url, int entityId) + { + return CreateAuthorizationPolicyUrl(url, new Dictionary() { { EntityNames.Module, entityId } }); + } + protected async Task GetAsync(string uri) { var response = await _http.GetAsync(uri); @@ -189,41 +195,20 @@ namespace Oqtane.Services return mediaType != null && mediaType.Equals("application/json", StringComparison.OrdinalIgnoreCase); } - [Obsolete("This method is obsolete. Use CreateApiUrl(Alias alias, string serviceName) instead.", false)] - public string CreateApiUrl(Alias alias, string absoluteUri, string serviceName) - { - // only retained for short term backward compatibility - return CreateApiUrl(alias, serviceName); - } - - [Obsolete("This method is obsolete. Use CreateApiUrl(string serviceName, Alias alias) instead.", false)] + [Obsolete("This method is obsolete. Use CreateApiUrl(string serviceName, Alias alias) in conjunction with ControllerRoutes.ApiRoute in Controllers instead.", false)] public string CreateApiUrl(string serviceName) { return CreateApiUrl(serviceName, null, ControllerRoutes.Default); } - [Obsolete("This method is deprecated.", false)] - public Alias Alias { get; set; } - - [Obsolete("This method is obsolete. Use CreateApiUrl(string serviceName, Alias alias) instead.", false)] + [Obsolete("This method is obsolete. Use CreateApiUrl(string serviceName, Alias alias) in conjunction with ControllerRoutes.ApiRoute in Controllers instead.", false)] public string CreateApiUrl(Alias alias, string serviceName) { return CreateApiUrl(serviceName, alias, ControllerRoutes.Default); } - [Obsolete("This method is obsolete. Use CreateAuthorizationPolicyUrl(string url, Dictionary args) instead - in conjunction with _authEntityId in Server Controller.", false)] - public string CreateAuthorizationPolicyUrl(string url, int entityId) - { - string qs = "entityid=" + entityId.ToString(); + [Obsolete("This property of ServiceBase is deprecated. Cross tenant service calls are not supported.", false)] + public Alias Alias { get; set; } - if (url.Contains("?")) - { - return url + "&" + qs; - } - else - { - return url + "?" + qs; - } - } } } diff --git a/Oqtane.Server/Controllers/ModuleControllerBase.cs b/Oqtane.Server/Controllers/ModuleControllerBase.cs index baa9a0a1..8400809e 100644 --- a/Oqtane.Server/Controllers/ModuleControllerBase.cs +++ b/Oqtane.Server/Controllers/ModuleControllerBase.cs @@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Http; using Oqtane.Infrastructure; using System.Collections.Generic; using System; +using Oqtane.Shared; namespace Oqtane.Controllers { @@ -11,23 +12,25 @@ namespace Oqtane.Controllers protected readonly ILogManager _logger; // querystring parameters for policy authorization and validation protected Dictionary _authEntityId = new Dictionary(StringComparer.OrdinalIgnoreCase); - protected int _entityId = -1; // deprecated + protected int _entityId = -1; // legacy support public ModuleControllerBase(ILogManager logger, IHttpContextAccessor accessor) { _logger = logger; + + // populate policy authorization dictionary int value; foreach (var param in accessor.HttpContext.Request.Query) { if (param.Key.StartsWith("auth") && param.Key.EndsWith("id") && int.TryParse(param.Value, out value)) { - _authEntityId.Add(param.Key.Substring(4, param.Key.Length - 6), int.Parse(param.Value)); + _authEntityId.Add(param.Key.Substring(4, param.Key.Length - 6), value); } } - // entityid is deprecated - if (accessor.HttpContext.Request.Query.ContainsKey("entityid")) + // legacy support + if (_authEntityId.ContainsKey(EntityNames.Module)) { - _entityId = int.Parse(accessor.HttpContext.Request.Query["entityid"]); + _entityId = _authEntityId[EntityNames.Module]; } } diff --git a/Oqtane.Server/Repository/Context/DBContextBase.cs b/Oqtane.Server/Repository/Context/DBContextBase.cs index 7d50fbf3..4a5180e6 100644 --- a/Oqtane.Server/Repository/Context/DBContextBase.cs +++ b/Oqtane.Server/Repository/Context/DBContextBase.cs @@ -1,19 +1,14 @@ using System; -using System.Collections.Generic; -using System.Linq; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Identity; using Microsoft.AspNetCore.Identity.EntityFrameworkCore; using Microsoft.EntityFrameworkCore; using Microsoft.EntityFrameworkCore.Migrations; -using Microsoft.Extensions.Configuration; using Oqtane.Databases.Interfaces; using Oqtane.Extensions; using Oqtane.Infrastructure; -using Oqtane.Interfaces; using Oqtane.Migrations.Framework; using Oqtane.Models; -using Oqtane.Shared; // ReSharper disable BuiltInTypeReferenceStyleForMemberAccess