using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Oqtane.Shared; using Oqtane.Enums; using Oqtane.Infrastructure; using Oqtane.Controllers; using System.Net; using Oqtane.Documentation; using System.Collections.Generic; using Oqtane.Modules.HtmlText.Services; using System.Threading.Tasks; namespace Oqtane.Modules.HtmlText.Controllers { [Route(ControllerRoutes.ApiRoute)] [PrivateApi("Mark HtmlText classes as private, since it's not very useful in the public docs")] public class HtmlTextController : ModuleControllerBase { private readonly IHtmlTextService _htmlTextService; public HtmlTextController(IHtmlTextService htmlTextService, ILogManager logger, IHttpContextAccessor accessor) : base(logger, accessor) { _htmlTextService = htmlTextService; } // GET: api/?moduleid=x [HttpGet] [Authorize(Roles = RoleNames.Registered)] public async Task> Get(string moduleId) { if (int.TryParse(moduleId, out int ModuleId) && IsAuthorizedEntityId(EntityNames.Module, ModuleId)) { return await _htmlTextService.GetHtmlTextsAsync(ModuleId); } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Html/Text Get Attempt {ModuleId}", moduleId); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; return null; } } // GET api//5 [HttpGet("{moduleId}")] [Authorize(Policy = PolicyNames.ViewModule)] public async Task Get(int moduleId) { if (IsAuthorizedEntityId(EntityNames.Module, moduleId)) { return await _htmlTextService.GetHtmlTextAsync(moduleId); } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Html/Text Get Attempt {ModuleId}", moduleId); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; return null; } } // GET api//5/6 [HttpGet("{id}/{moduleId}")] [Authorize(Policy = PolicyNames.ViewModule)] public async Task Get(int id, int moduleId) { if (IsAuthorizedEntityId(EntityNames.Module, moduleId)) { return await _htmlTextService.GetHtmlTextAsync(id, moduleId); } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Html/Text Get Attempt {HtmlTextId}", id); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; return null; } } // POST api/ [HttpPost] [Authorize(Policy = PolicyNames.EditModule)] public async Task Post([FromBody] Models.HtmlText htmlText) { if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, htmlText.ModuleId)) { return await _htmlTextService.AddHtmlTextAsync(htmlText); } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Html/Text Post Attempt {HtmlText}", htmlText); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; return null; } } // DELETE api//5 [HttpDelete("{id}/{moduleId}")] [Authorize(Policy = PolicyNames.EditModule)] public async Task Delete(int id, int moduleId) { if (IsAuthorizedEntityId(EntityNames.Module, moduleId)) { await _htmlTextService.DeleteHtmlTextAsync(id, moduleId); } else { _logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Html/Text Delete Attempt {HtmlTextId}", id); HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden; } } } }