make SearchResults API consistent with other core APIs

Oqtane.Client/Modules/Admin/SearchResults/Index.razor

@@ -107,7 +107,7 @@
                 PageSize = int.MaxValue
             };
 
-        _searchResults = await SearchResultsService.SearchAsync(ModuleState.ModuleId, searchQuery);
+        _searchResults = await SearchResultsService.GetSearchResultsAsync(searchQuery);
 
         _loading = false;
         StateHasChanged();

Oqtane.Client/Services/Interfaces/ISearchResultsService.cs

@@ -8,6 +8,6 @@ namespace Oqtane.Services
     [PrivateApi("Mark SearchResults classes as private, since it's not very useful in the public docs")]
     public interface ISearchResultsService
     {
-        Task<SearchResults> SearchAsync(int moduleId, SearchQuery searchQuery);
+        Task<SearchResults> GetSearchResultsAsync(SearchQuery searchQuery);
     }
 }

Oqtane.Client/Services/SearchResultsService.cs

@@ -15,9 +15,9 @@ namespace Oqtane.Services
 
         private string ApiUrl => CreateApiUrl("SearchResults");
 
-        public async Task<SearchResults> SearchAsync(int moduleId, SearchQuery searchQuery)
+        public async Task<SearchResults> GetSearchResultsAsync(SearchQuery searchQuery)
         {
-            return await PostJsonAsync<SearchQuery, SearchResults>(CreateAuthorizationPolicyUrl(ApiUrl, EntityNames.Module, moduleId), searchQuery);
+            return await PostJsonAsync<SearchQuery, SearchResults>(ApiUrl, searchQuery);
         }
     }
 }

Oqtane.Server/Controllers/SearchResultsController.cs

@@ -1,38 +1,40 @@
-using System;
 using System.Net;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Oqtane.Enums;
 using Oqtane.Infrastructure;
+using Oqtane.Models;
 using Oqtane.Services;
 using Oqtane.Shared;
 
 namespace Oqtane.Controllers
 {
     [Route(ControllerRoutes.ApiRoute)]
-    public class SearchResultsController : ModuleControllerBase
+    public class SearchResultsController : Controller
     {
         private readonly ISearchService _searchService;
+        private readonly ILogManager _logger;
+        private readonly Alias _alias;
 
-        public SearchResultsController(ISearchService searchService, ILogManager logger, IHttpContextAccessor accessor) : base(logger, accessor)
+        public SearchResultsController(ISearchService searchService, ILogManager logger, ITenantManager tenantManager) 
         {
             _searchService = searchService;
+            _logger = logger;
+            _alias = tenantManager.GetAlias();
         }
 
         [HttpPost]
-        [Authorize(Policy = PolicyNames.ViewModule)]
+        public async Task<SearchResults> Post([FromBody] SearchQuery searchQuery)
-        public async Task<Models.SearchResults> Post([FromBody] Models.SearchQuery searchQuery)
         {
-            try
+            if (ModelState.IsValid && searchQuery.SiteId == _alias.SiteId)
             {
                 return await _searchService.GetSearchResultsAsync(searchQuery);
             }
-            catch (Exception ex)
+            else
             {
-                _logger.Log(LogLevel.Error, this, LogFunction.Other, ex, "Fetch search results failed.", searchQuery);
+                _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Search Results Post Attempt {SearchQuery}", searchQuery);
-                HttpContext.Response.StatusCode = (int)HttpStatusCode.BadRequest;
+                HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
                 return null;
             }
         }