2013-04-09 07:01:43 +06:00
using System ;
using System.Linq ;
using System.Web ;
using System.Web.Security ;
using Umbraco.Core ;
2013-04-09 22:11:12 +06:00
using Umbraco.Web.Security ;
2013-04-09 07:01:43 +06:00
using umbraco ;
using umbraco.BasePages ;
using umbraco.BusinessLogic ;
using umbraco.businesslogic.Exceptions ;
namespace Umbraco.Web.WebServices
{
public abstract class UmbracoAuthorizedHttpHandler : UmbracoHttpHandler
{
protected UmbracoAuthorizedHttpHandler ( )
: base ( )
{
}
protected UmbracoAuthorizedHttpHandler ( UmbracoContext umbracoContext )
: base ( umbracoContext )
{
}
2013-04-09 22:11:12 +06:00
private bool _hasValidated = false ;
2013-04-09 07:01:43 +06:00
/// <summary>
/// Checks if the umbraco context id is valid
/// </summary>
/// <param name="currentUmbracoUserContextId"></param>
/// <returns></returns>
protected bool ValidateUserContextId ( string currentUmbracoUserContextId )
{
2013-07-31 17:08:56 +10:00
return UmbracoContext . Security . ValidateCurrentUser ( ) ;
2013-04-09 07:01:43 +06:00
}
/// <summary>
/// Checks if the username/password credentials are valid
/// </summary>
/// <param name="username"></param>
/// <param name="password"></param>
/// <returns></returns>
protected bool ValidateCredentials ( string username , string password )
{
2013-04-09 22:11:12 +06:00
return UmbracoContext . Security . ValidateBackOfficeCredentials ( username , password ) ;
2013-04-09 07:01:43 +06:00
}
/// <summary>
/// Validates the user for access to a certain application
/// </summary>
/// <param name="app">The application alias.</param>
/// <param name="throwExceptions">true if an exception should be thrown if authorization fails</param>
/// <returns></returns>
protected bool AuthorizeRequest ( string app , bool throwExceptions = false )
{
//ensure we have a valid user first!
if ( ! AuthorizeRequest ( throwExceptions ) ) return false ;
//if it is empty, don't validate
if ( app . IsNullOrWhiteSpace ( ) )
{
return true ;
}
var hasAccess = UserHasAppAccess ( app , UmbracoUser ) ;
if ( ! hasAccess & & throwExceptions )
throw new UserAuthorizationException ( "The user does not have access to the required application" ) ;
return hasAccess ;
}
/// <summary>
/// Checks if the specified user as access to the app
/// </summary>
/// <param name="app"></param>
/// <param name="user"></param>
/// <returns></returns>
protected bool UserHasAppAccess ( string app , User user )
{
2013-04-09 22:11:12 +06:00
return Security . UserHasAppAccess ( app , user ) ;
2013-04-09 07:01:43 +06:00
}
/// <summary>
/// Checks if the specified user by username as access to the app
/// </summary>
/// <param name="app"></param>
/// <param name="username"></param>
/// <returns></returns>
protected bool UserHasAppAccess ( string app , string username )
{
2013-04-09 22:11:12 +06:00
return Security . UserHasAppAccess ( app , username ) ;
2013-04-09 07:01:43 +06:00
}
/// <summary>
/// Returns true if there is a valid logged in user and that ssl is enabled if required
/// </summary>
/// <param name="throwExceptions">true if an exception should be thrown if authorization fails</param>
/// <returns></returns>
protected bool AuthorizeRequest ( bool throwExceptions = false )
{
2013-06-17 16:03:27 +10:00
var result = Security . AuthorizeRequest ( throwExceptions ) ;
2013-04-09 22:11:12 +06:00
return result = = ValidateRequestAttempt . Success ;
2013-04-09 07:01:43 +06:00
}
/// <summary>
/// Returns the current user
/// </summary>
2013-08-09 13:24:26 +10:00
[Obsolete("This should no longer be used since it returns the legacy user object, use The Security.CurrentUser instead to return the proper user object")]
2013-04-09 07:01:43 +06:00
protected User UmbracoUser
{
get
{
2013-04-09 22:11:12 +06:00
if ( ! _hasValidated )
{
2013-06-17 16:03:27 +10:00
Security . ValidateCurrentUser ( ) ;
2013-04-09 22:11:12 +06:00
_hasValidated = true ;
}
2013-08-09 13:24:26 +10:00
return new User ( Security . CurrentUser ) ;
2013-04-09 07:01:43 +06:00
}
}
}
}
