112 lines
4.2 KiB
C#
112 lines
4.2 KiB
C#
using Microsoft.AspNetCore.Mvc;
|
|
using Microsoft.AspNetCore.Authorization;
|
|
using Microsoft.AspNetCore.Http;
|
|
using Oqtane.Shared;
|
|
using Oqtane.Enums;
|
|
using Oqtane.Infrastructure;
|
|
using Oqtane.Controllers;
|
|
using System.Net;
|
|
using Oqtane.Documentation;
|
|
using System.Collections.Generic;
|
|
using Oqtane.Modules.HtmlText.Services;
|
|
using System.Threading.Tasks;
|
|
|
|
namespace Oqtane.Modules.HtmlText.Controllers
|
|
{
|
|
[Route(ControllerRoutes.ApiRoute)]
|
|
[PrivateApi("Mark HtmlText classes as private, since it's not very useful in the public docs")]
|
|
public class HtmlTextController : ModuleControllerBase
|
|
{
|
|
private readonly IHtmlTextService _htmlTextService;
|
|
|
|
public HtmlTextController(IHtmlTextService htmlTextService, ILogManager logger, IHttpContextAccessor accessor) : base(logger, accessor)
|
|
{
|
|
_htmlTextService = htmlTextService;
|
|
}
|
|
|
|
// GET: api/<controller>?moduleid=x
|
|
[HttpGet]
|
|
[Authorize(Roles = RoleNames.Registered)]
|
|
public async Task<IEnumerable<Models.HtmlText>> Get(string moduleId)
|
|
{
|
|
if (int.TryParse(moduleId, out int ModuleId) && IsAuthorizedEntityId(EntityNames.Module, ModuleId))
|
|
{
|
|
return await _htmlTextService.GetHtmlTextsAsync(ModuleId);
|
|
}
|
|
else
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Html/Text Get Attempt {ModuleId}", moduleId);
|
|
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
|
|
return null;
|
|
}
|
|
}
|
|
|
|
// GET api/<controller>/5
|
|
[HttpGet("{moduleId}")]
|
|
[Authorize(Policy = PolicyNames.ViewModule)]
|
|
public async Task<Models.HtmlText> Get(int moduleId)
|
|
{
|
|
if (IsAuthorizedEntityId(EntityNames.Module, moduleId))
|
|
{
|
|
return await _htmlTextService.GetHtmlTextAsync(moduleId);
|
|
}
|
|
else
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Html/Text Get Attempt {ModuleId}", moduleId);
|
|
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
|
|
return null;
|
|
}
|
|
}
|
|
|
|
// GET api/<controller>/5/6
|
|
[HttpGet("{id}/{moduleId}")]
|
|
[Authorize(Policy = PolicyNames.ViewModule)]
|
|
public async Task<Models.HtmlText> Get(int id, int moduleId)
|
|
{
|
|
if (IsAuthorizedEntityId(EntityNames.Module, moduleId))
|
|
{
|
|
return await _htmlTextService.GetHtmlTextAsync(id, moduleId);
|
|
}
|
|
else
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Html/Text Get Attempt {HtmlTextId}", id);
|
|
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
|
|
return null;
|
|
}
|
|
}
|
|
|
|
// POST api/<controller>
|
|
[HttpPost]
|
|
[Authorize(Policy = PolicyNames.EditModule)]
|
|
public async Task<Models.HtmlText> Post([FromBody] Models.HtmlText htmlText)
|
|
{
|
|
if (ModelState.IsValid && IsAuthorizedEntityId(EntityNames.Module, htmlText.ModuleId))
|
|
{
|
|
return await _htmlTextService.AddHtmlTextAsync(htmlText);
|
|
}
|
|
else
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Html/Text Post Attempt {HtmlText}", htmlText);
|
|
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
|
|
return null;
|
|
}
|
|
}
|
|
|
|
// DELETE api/<controller>/5
|
|
[HttpDelete("{id}/{moduleId}")]
|
|
[Authorize(Policy = PolicyNames.EditModule)]
|
|
public async Task Delete(int id, int moduleId)
|
|
{
|
|
if (IsAuthorizedEntityId(EntityNames.Module, moduleId))
|
|
{
|
|
await _htmlTextService.DeleteHtmlTextAsync(id, moduleId);
|
|
}
|
|
else
|
|
{
|
|
_logger.Log(LogLevel.Error, this, LogFunction.Security, "Unauthorized Html/Text Delete Attempt {HtmlTextId}", id);
|
|
HttpContext.Response.StatusCode = (int)HttpStatusCode.Forbidden;
|
|
}
|
|
}
|
|
}
|
|
}
|