INSANEMODE/IW4M-Admin
1
0
Fork 0
mirror of https://github.com/RaidMax/IW4M-Admin.git synced 2025-06-07 21:58:06 -05:00
Code Issues Releases Wiki Activity

Add missing permission check to interaction controller

Browse Source
This commit is contained in:
RaidMax 2024-02-17 15:27:38 -06:00
parent 1dd125c579
commit d325993670
1 changed files with 9 additions and 10 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
WebfrontCore/Controllers/InteractionController.cs
View File

@ -7,28 +7,27 @@ using SharedLibraryCore.Interfaces;
namespace WebfrontCore.Controllers; namespace WebfrontCore.Controllers;
public class InteractionController : BaseController public class InteractionController(IManager manager, IInteractionRegistration interactionRegistration)
: BaseController(manager)
{ {
private readonly IInteractionRegistration _interactionRegistration;
public InteractionController(IManager manager, IInteractionRegistration interactionRegistration) : base(manager)
{
_interactionRegistration = interactionRegistration;
}
[HttpGet("[controller]/[action]/{interactionName}")] [HttpGet("[controller]/[action]/{interactionName}")]
public async Task<IActionResult> Render([FromRoute]string interactionName, CancellationToken token) public async Task<IActionResult> Render([FromRoute]string interactionName, CancellationToken token)
{ {
var interactionData = (await _interactionRegistration.GetInteractions(interactionName, token: token)).FirstOrDefault(); var interactionData = (await interactionRegistration.GetInteractions(interactionName, token: token)).FirstOrDefault();
if (interactionData is null) if (interactionData is null)
{ {
return NotFound(); return NotFound();
} }
if (Client.Level < interactionData.MinimumPermission)
{
return Unauthorized();
}
ViewBag.Title = interactionData.Description; ViewBag.Title = interactionData.Description;
var meta = HttpContext.Request.Query.ToDictionary(key => key.Key, value => value.Value.ToString()); var meta = HttpContext.Request.Query.ToDictionary(key => key.Key, value => value.Value.ToString());
var result = await _interactionRegistration.ProcessInteraction(interactionName, Client.ClientId, meta: meta, token: token); var result = await interactionRegistration.ProcessInteraction(interactionName, Client.ClientId, meta: meta, token: token);
if (interactionData.InteractionType == InteractionType.TemplateContent) if (interactionData.InteractionType == InteractionType.TemplateContent)
{ {