forked from OrchardCMS/OrchardCore
-
Notifications
You must be signed in to change notification settings - Fork 0
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
1 parent
d1774e8
commit d524386
Showing
7 changed files
with
265 additions
and
217 deletions.
There are no files selected for viewing
205 changes: 0 additions & 205 deletions
205
src/OrchardCore.Modules/OrchardCore.Contents/Controllers/ApiController.cs
This file was deleted.
Oops, something went wrong.
143 changes: 143 additions & 0 deletions
143
src/OrchardCore.Modules/OrchardCore.Contents/Endpoints/Api/CreateEndpoint.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,143 @@ | ||
using System.Linq; | ||
using System.Security.Claims; | ||
using System.Text.Json.Settings; | ||
using System.Threading.Tasks; | ||
using Microsoft.AspNetCore.Authorization; | ||
using Microsoft.AspNetCore.Builder; | ||
using Microsoft.AspNetCore.Http; | ||
using Microsoft.AspNetCore.Mvc.ModelBinding; | ||
using Microsoft.AspNetCore.Routing; | ||
using OrchardCore.ContentManagement; | ||
using OrchardCore.ContentManagement.Handlers; | ||
using OrchardCore.ContentManagement.Metadata; | ||
using OrchardCore.DisplayManagement.ModelBinding; | ||
using OrchardCore.Modules; | ||
|
||
namespace OrchardCore.Contents.Endpoints.Api; | ||
|
||
public static class CreateEndpoint | ||
{ | ||
public static IEndpointRouteBuilder AddCreateContentEndpoint(this IEndpointRouteBuilder builder) | ||
{ | ||
builder.MapPost("api/content", ActionAsync) | ||
.AllowAnonymous() | ||
.DisableAntiforgery(); | ||
|
||
return builder; | ||
} | ||
|
||
private static readonly JsonMergeSettings _updateJsonMergeSettings = new() | ||
{ | ||
MergeArrayHandling = MergeArrayHandling.Replace, | ||
}; | ||
|
||
[Authorize(AuthenticationSchemes = "Api")] | ||
private static async Task<IResult> ActionAsync( | ||
ContentItem model, | ||
IContentManager contentManager, | ||
IAuthorizationService authorizationService, | ||
IContentDefinitionManager contentDefinitionManager, | ||
IUpdateModelAccessor updateModelAccessor, | ||
HttpContext httpContext, | ||
bool draft = false) | ||
{ | ||
if (!await authorizationService.AuthorizeAsync(httpContext.User, Permissions.AccessContentApi)) | ||
{ | ||
return httpContext.ChallengeOrForbid("Api"); | ||
} | ||
|
||
var contentItem = await contentManager.GetAsync(model.ContentItemId, VersionOptions.DraftRequired); | ||
var modelState = updateModelAccessor.ModelUpdater.ModelState; | ||
|
||
if (contentItem == null) | ||
{ | ||
if (string.IsNullOrEmpty(model?.ContentType) || await contentDefinitionManager.GetTypeDefinitionAsync(model.ContentType) == null) | ||
{ | ||
return TypedResults.BadRequest(); | ||
} | ||
|
||
contentItem = await contentManager.NewAsync(model.ContentType); | ||
contentItem.Owner = httpContext.User.FindFirstValue(ClaimTypes.NameIdentifier); | ||
|
||
if (!await authorizationService.AuthorizeAsync(httpContext.User, CommonPermissions.PublishContent, contentItem)) | ||
{ | ||
return httpContext.ChallengeOrForbid("Api"); | ||
} | ||
|
||
contentItem.Merge(model); | ||
|
||
var result = await contentManager.UpdateValidateAndCreateAsync(contentItem, VersionOptions.Draft); | ||
|
||
if (!result.Succeeded) | ||
{ | ||
// Add the validation results to the ModelState to present the errors as part of the response. | ||
AddValidationErrorsToModelState(result, modelState); | ||
} | ||
|
||
// We check the model state after calling all handlers because they trigger WF content events so, even they are not | ||
// intended to add model errors (only drivers), a WF content task may be executed inline and add some model errors. | ||
if (!modelState.IsValid) | ||
{ | ||
var errors = modelState.ToDictionary(entry => entry.Key, entry => entry.Value.Errors.Select(x => x.ErrorMessage).ToArray()); | ||
|
||
return TypedResults.ValidationProblem(errors, detail: string.Join(", ", modelState.Values.SelectMany(x => x.Errors.Select(x => x.ErrorMessage)))); | ||
} | ||
} | ||
else | ||
{ | ||
if (!await authorizationService.AuthorizeAsync(httpContext.User, CommonPermissions.EditContent, contentItem)) | ||
{ | ||
return httpContext.ChallengeOrForbid("Api"); | ||
} | ||
|
||
contentItem.Merge(model, _updateJsonMergeSettings); | ||
|
||
await contentManager.UpdateAsync(contentItem); | ||
var result = await contentManager.ValidateAsync(contentItem); | ||
|
||
if (!result.Succeeded) | ||
{ | ||
// Add the validation results to the ModelState to present the errors as part of the response. | ||
AddValidationErrorsToModelState(result, modelState); | ||
} | ||
|
||
// We check the model state after calling all handlers because they trigger WF content events so, even they are not | ||
// intended to add model errors (only drivers), a WF content task may be executed inline and add some model errors. | ||
if (!modelState.IsValid) | ||
{ | ||
var errors = modelState.ToDictionary(entry => entry.Key, entry => entry.Value.Errors.Select(x => x.ErrorMessage).ToArray()); | ||
|
||
return TypedResults.ValidationProblem(errors, detail: string.Join(", ", modelState.Values.SelectMany(x => x.Errors.Select(x => x.ErrorMessage)))); | ||
} | ||
} | ||
|
||
if (!draft) | ||
{ | ||
await contentManager.PublishAsync(contentItem); | ||
} | ||
else | ||
{ | ||
await contentManager.SaveDraftAsync(contentItem); | ||
} | ||
|
||
return TypedResults.Ok(contentItem); | ||
} | ||
|
||
private static void AddValidationErrorsToModelState(ContentValidateResult result, ModelStateDictionary modelState) | ||
{ | ||
foreach (var error in result.Errors) | ||
{ | ||
if (error.MemberNames != null && error.MemberNames.Any()) | ||
{ | ||
foreach (var memberName in error.MemberNames) | ||
{ | ||
modelState.AddModelError(memberName, error.ErrorMessage); | ||
} | ||
} | ||
else | ||
{ | ||
modelState.AddModelError(string.Empty, error.ErrorMessage); | ||
} | ||
} | ||
} | ||
} |
Oops, something went wrong.