make SearchResults API consistent with other core APIs

2024-07-16 16:54:55 -04:00 · 2024-07-16 16:54:55 -04:00 · deb6a9e51c
commit deb6a9e51c
parent 4d26468ede
4 changed files with 16 additions and 14 deletions
--- a/Oqtane.Client/Modules/Admin/SearchResults/Index.razor
+++ b/Oqtane.Client/Modules/Admin/SearchResults/Index.razor
@ -107,7 +107,7 @@
                PageSize = int.MaxValue
            };

-        _searchResults = await SearchResultsService.SearchAsync(ModuleState.ModuleId, searchQuery);
+        _searchResults = await SearchResultsService.GetSearchResultsAsync(searchQuery);

        _loading = false;
        StateHasChanged();
--- a/Oqtane.Client/Services/Interfaces/ISearchResultsService.cs
+++ b/Oqtane.Client/Services/Interfaces/ISearchResultsService.cs
@ -8,6 +8,6 @@ namespace Oqtane.Services
    [PrivateApi("Mark SearchResults classes as private, since it's not very useful in the public docs")]
    public interface ISearchResultsService
    {
-        Task<SearchResults> SearchAsync(int moduleId, SearchQuery searchQuery);
+        Task<SearchResults> GetSearchResultsAsync(SearchQuery searchQuery);
    }
 }
--- a/Oqtane.Client/Services/SearchResultsService.cs
+++ b/Oqtane.Client/Services/SearchResultsService.cs
@ -15,9 +15,9 @@ namespace Oqtane.Services

        private string ApiUrl => CreateApiUrl("SearchResults");

-        public async Task<SearchResults> SearchAsync(int moduleId, SearchQuery searchQuery)
+        public async Task<SearchResults> GetSearchResultsAsync(SearchQuery searchQuery)
        {
-            return await PostJsonAsync<SearchQuery, SearchResults>(CreateAuthorizationPolicyUrl(ApiUrl, EntityNames.Module, moduleId), searchQuery);
+            return await PostJsonAsync<SearchQuery, SearchResults>(ApiUrl, searchQuery);
        }
    }
 }
--- a/Oqtane.Server/Controllers/SearchResultsController.cs
+++ b/Oqtane.Server/Controllers/SearchResultsController.cs
@ -1,38 +1,40 @@
-using System;
 using System.Net;
 using System.Threading.Tasks;
-using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Oqtane.Enums;
 using Oqtane.Infrastructure;
+using Oqtane.Models;
 using Oqtane.Services;
 using Oqtane.Shared;

 namespace Oqtane.Controllers
 {
    [Route(ControllerRoutes.ApiRoute)]
-    public class SearchResultsController : ModuleControllerBase
+    public class SearchResultsController : Controller
    {
        private readonly ISearchService _searchService;
+        private readonly ILogManager _logger;
+        private readonly Alias _alias;

-        public SearchResultsController(ISearchService searchService, ILogManager logger, IHttpContextAccessor accessor) : base(logger, accessor)
+        public SearchResultsController(ISearchService searchService, ILogManager logger, ITenantManager tenantManager) 
        {
            _searchService = searchService;
+            _logger = logger;
+            _alias = tenantManager.GetAlias();
        }

        [HttpPost]
-        [Authorize(Policy = PolicyNames.ViewModule)]
-        public async Task<Models.SearchResults> Post([FromBody] Models.SearchQuery searchQuery)
+        public async Task<SearchResults> Post([FromBody] SearchQuery searchQuery)
        {
-            try
+            if (ModelState.IsValid && searchQuery.SiteId == _alias.SiteId)
            {
                return await _searchService.GetSearchResultsAsync(searchQuery);
            }
-            catch (Exception ex)
+            else
            {
-                _logger.Log(LogLevel.Error, this, LogFunction.Other, ex, "Fetch search results failed.", searchQuery);
-                HttpContext.Response.StatusCode = (int)HttpStatusCode.BadRequest;
+                _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Search Results Post Attempt {SearchQuery}", searchQuery);
+                HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
                return null;
            }
        }