58 lines
1.8 KiB
C#
58 lines
1.8 KiB
C#
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Oqtane.Infrastructure;
|
|
using System.Collections.Generic;
|
|
using System;
|
|
using Oqtane.Shared;
|
|
|
|
namespace Oqtane.Controllers
|
|
{
|
|
public class ModuleControllerBase : Controller
|
|
{
|
|
protected readonly ILogManager _logger;
|
|
|
|
// parameters for policy authorization and validation
|
|
protected Dictionary<string, int> _authEntityId = new Dictionary<string, int>(StringComparer.OrdinalIgnoreCase);
|
|
protected int _entityId = -1; // legacy support
|
|
|
|
public ModuleControllerBase(ILogManager logger, IHttpContextAccessor accessor)
|
|
{
|
|
_logger = logger;
|
|
|
|
// populate policy authorization dictionary from querystring
|
|
int value;
|
|
foreach (var param in accessor.HttpContext.Request.Query)
|
|
{
|
|
if (param.Key.StartsWith("auth") && param.Key.EndsWith("id") && int.TryParse(param.Value, out value))
|
|
{
|
|
_authEntityId.Add(param.Key.Substring(4, param.Key.Length - 6), value);
|
|
}
|
|
}
|
|
|
|
// legacy support
|
|
if (_authEntityId.Count == 0 && accessor.HttpContext.Request.Query.ContainsKey("entityid"))
|
|
{
|
|
_entityId = int.Parse(accessor.HttpContext.Request.Query["entityid"]);
|
|
}
|
|
|
|
}
|
|
|
|
protected int AuthEntityId(string entityname)
|
|
{
|
|
if (_authEntityId.ContainsKey(entityname))
|
|
{
|
|
return _authEntityId[entityname];
|
|
}
|
|
else
|
|
{
|
|
return -1;
|
|
}
|
|
}
|
|
|
|
protected bool IsAuthorizedEntityId(string entityname, int entityid)
|
|
{
|
|
return (entityid == AuthEntityId(entityname)) || User.IsInRole(RoleNames.Host);
|
|
}
|
|
}
|
|
}
|