yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
25cb707e3e8f70ee120b25c1139de0b7f89afe13
Umbraco-CMS/src/Umbraco.Web.BackOffice/Controllers/PublicAccessController.cs

199 lines
7.8 KiB
C#
Raw Normal View History

Implements Public Access in netcore (#10137) * Getting new netcore PublicAccessChecker in place * Adds full test coverage for PublicAccessChecker * remove PublicAccessComposer * adjust namespaces, ensure RoleManager works, separate public access controller, reduce content controller * Implements the required methods on IMemberManager, removes old migrated code * Updates routing to be able to re-route, Fixes middleware ordering ensuring endpoints are last, refactors pipeline options, adds public access middleware, ensures public access follows all hops * adds note * adds note * Cleans up ext methods, ensures that members identity is added on both front-end and back ends. updates how UmbracoApplicationBuilder works in that it explicitly starts endpoints at the time of calling. * Changes name to IUmbracoEndpointBuilder * adds note * Fixing tests, fixing error describers so there's 2x one for back office, one for members, fixes TryConvertTo, fixes login redirect * fixing build * Fixes keepalive, fixes PublicAccessMiddleware to not throw, updates startup code to be more clear and removes magic that registers middleware. * adds note * removes unused filter, fixes build * fixes WebPath and tests * Looks up entities in one query * remove usings * Fix test, remove stylesheet * Set status code before we write to response to avoid error * Ensures that users and members are validated when logging in. Shares more code between users and members. * Fixes RepositoryCacheKeys to ensure the keys are normalized * oops didn't mean to commit this * Fix casing issues with caching, stop boxing value types for all cache operations, stop re-creating string keys in DefaultRepositoryCachePolicy * bah, far out this keeps getting recommitted. sorry Co-authored-by: Bjarke Berg <mail@bergmania.dk>
2021-04-20 15:11:45 +10:00
using System;
using System.Collections.Generic;
using System.Linq;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Identity;
using Microsoft.AspNetCore.Mvc;
using Umbraco.Cms.Core;
using Umbraco.Cms.Core.Mapping;
using Umbraco.Cms.Core.Models;
using Umbraco.Cms.Core.Models.ContentEditing;
using Umbraco.Cms.Core.Models.Entities;
using Umbraco.Cms.Core.Routing;
using Umbraco.Cms.Core.Security;
using Umbraco.Cms.Core.Services;
using Umbraco.Cms.Web.Common.Attributes;
using Umbraco.Cms.Web.Common.Authorization;
using Umbraco.Cms.Web.Common.Security;
using Umbraco.Extensions;
namespace Umbraco.Cms.Web.BackOffice.Controllers
{
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
[Authorize(Policy = AuthorizationPolicies.TreeAccessDocuments)]
public class PublicAccessController : BackOfficeNotificationsController
{
private readonly IContentService _contentService;
private readonly IPublicAccessService _publicAccessService;
private readonly IEntityService _entityService;
private readonly IMemberService _memberService;
private readonly UmbracoMapper _umbracoMapper;
private readonly IMemberRoleManager _memberRoleManager;
public PublicAccessController(
IPublicAccessService publicAccessService,
IContentService contentService,
IEntityService entityService,
IMemberService memberService,
UmbracoMapper umbracoMapper,
IMemberRoleManager memberRoleManager)
{
_contentService = contentService;
_publicAccessService = publicAccessService;
_entityService = entityService;
_memberService = memberService;
_umbracoMapper = umbracoMapper;
_memberRoleManager = memberRoleManager;
}
[Authorize(Policy = AuthorizationPolicies.ContentPermissionProtectById)]
[HttpGet]
public ActionResult<PublicAccess> GetPublicAccess(int contentId)
{
IContent content = _contentService.GetById(contentId);
if (content == null)
{
return NotFound();
}
PublicAccessEntry entry = _publicAccessService.GetEntryForContent(content);
if (entry == null || entry.ProtectedNodeId != content.Id)
{
return Ok();
}
var nodes = _entityService
.GetAll(UmbracoObjectTypes.Document, entry.LoginNodeId, entry.NoAccessNodeId)
.ToDictionary(x => x.Id);
if (!nodes.TryGetValue(entry.LoginNodeId, out IEntitySlim loginPageEntity))
{
throw new InvalidOperationException($"Login node with id ${entry.LoginNodeId} was not found");
}
if (!nodes.TryGetValue(entry.NoAccessNodeId, out IEntitySlim errorPageEntity))
{
throw new InvalidOperationException($"Error node with id ${entry.LoginNodeId} was not found");
}
// unwrap the current public access setup for the client
// - this API method is the single point of entry for both "modes" of public access (single user and role based)
var usernames = entry.Rules
.Where(rule => rule.RuleType == Constants.Conventions.PublicAccess.MemberUsernameRuleType)
.Select(rule => rule.RuleValue)
.ToArray();
MemberDisplay[] members = usernames
.Select(username => _memberService.GetByUsername(username))
.Where(member => member != null)
.Select(_umbracoMapper.Map<MemberDisplay>)
.ToArray();
var allGroups = _memberRoleManager.Roles.ToDictionary(x => x.Name);
MemberGroupDisplay[] groups = entry.Rules
.Where(rule => rule.RuleType == Constants.Conventions.PublicAccess.MemberRoleRuleType)
.Select(rule => allGroups.TryGetValue(rule.RuleValue, out UmbracoIdentityRole memberRole) ? memberRole : null)
.Where(x => x != null)
.Select(_umbracoMapper.Map<MemberGroupDisplay>)
.ToArray();
return new PublicAccess
{
Members = members,
Groups = groups,
LoginPage = loginPageEntity != null ? _umbracoMapper.Map<EntityBasic>(loginPageEntity) : null,
ErrorPage = errorPageEntity != null ? _umbracoMapper.Map<EntityBasic>(errorPageEntity) : null
};
}
// set up public access using role based access
[Authorize(Policy = AuthorizationPolicies.ContentPermissionProtectById)]
[HttpPost]
public IActionResult PostPublicAccess(int contentId, [FromQuery(Name = "groups[]")] string[] groups, [FromQuery(Name = "usernames[]")] string[] usernames, int loginPageId, int errorPageId)
{
if ((groups == null || groups.Any() == false) && (usernames == null || usernames.Any() == false))
{
return BadRequest();
}
var content = _contentService.GetById(contentId);
var loginPage = _contentService.GetById(loginPageId);
var errorPage = _contentService.GetById(errorPageId);
if (content == null || loginPage == null || errorPage == null)
{
return BadRequest();
}
var isGroupBased = groups != null && groups.Any();
var candidateRuleValues = isGroupBased
? groups
: usernames;
var newRuleType = isGroupBased
? Constants.Conventions.PublicAccess.MemberRoleRuleType
: Constants.Conventions.PublicAccess.MemberUsernameRuleType;
var entry = _publicAccessService.GetEntryForContent(content);
if (entry == null || entry.ProtectedNodeId != content.Id)
{
entry = new PublicAccessEntry(content, loginPage, errorPage, new List<PublicAccessRule>());
foreach (var ruleValue in candidateRuleValues)
{
entry.AddRule(ruleValue, newRuleType);
}
}
else
{
entry.LoginNodeId = loginPage.Id;
entry.NoAccessNodeId = errorPage.Id;
var currentRules = entry.Rules.ToArray();
var obsoleteRules = currentRules.Where(rule =>
rule.RuleType != newRuleType
|| candidateRuleValues.Contains(rule.RuleValue) == false
);
var newRuleValues = candidateRuleValues.Where(group =>
currentRules.Any(rule =>
rule.RuleType == newRuleType
&& rule.RuleValue == group
) == false
);
foreach (var rule in obsoleteRules)
{
entry.RemoveRule(rule);
}
foreach (var ruleValue in newRuleValues)
{
entry.AddRule(ruleValue, newRuleType);
}
}
return _publicAccessService.Save(entry).Success
? Ok()
: Problem();
}
[Authorize(Policy = AuthorizationPolicies.ContentPermissionProtectById)]
[HttpPost]
public IActionResult RemovePublicAccess(int contentId)
{
var content = _contentService.GetById(contentId);
if (content == null)
{
return NotFound();
}
var entry = _publicAccessService.GetEntryForContent(content);
if (entry == null)
{
return Ok();
}
return _publicAccessService.Delete(entry).Success
? Ok()
: Problem();
}
}
}
Reference in New Issue Copy Permalink