src/Umbraco.Cms.Api.Management/Controllers/User/DeleteUserController.cs

using Asp.Versioning;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Umbraco.Cms.Api.Management.Security.Authorization.User;
using Umbraco.Cms.Core.Security;
using Umbraco.Cms.Core.Services;
using Umbraco.Cms.Core.Services.OperationStatus;
using Umbraco.Cms.Web.Common.Authorization;
using Umbraco.Extensions;

namespace Umbraco.Cms.Api.Management.Controllers.User;

[ApiVersion("1.0")]
public class DeleteUserController : UserControllerBase
{
    private readonly IAuthorizationService _authorizationService;
    private readonly IUserService _userService;
    private readonly IBackOfficeSecurityAccessor _backOfficeSecurityAccessor;

    public DeleteUserController(
        IAuthorizationService authorizationService,
        IUserService userService,
        IBackOfficeSecurityAccessor backOfficeSecurityAccessor)
    {
        _authorizationService = authorizationService;
        _userService = userService;
        _backOfficeSecurityAccessor = backOfficeSecurityAccessor;
    }

    [MapToApiVersion("1.0")]
    [HttpDelete("{id:guid}")]
    [ProducesResponseType(StatusCodes.Status200OK)]
    [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status404NotFound)]
    [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status400BadRequest)]
    public async Task<IActionResult> DeleteUser(Guid id)
    {
        AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync(
            User,
            UserPermissionResource.WithKeys(id),
            AuthorizationPolicies.AdminUserEditsRequireAdmin);

        if (!authorizationResult.Succeeded)
        {
            return Forbidden();
        }

        UserOperationStatus result = await _userService.DeleteAsync(CurrentUserKey(_backOfficeSecurityAccessor), id);

        return result is UserOperationStatus.Success
            ? Ok()
            : UserOperationStatusResult(result);
    }
}
-												Updated API version package and moved attribute to each controller (#14209)

* Updated API version package and moved attribute to each controller as it cannot be inherited.

* Ignore "$type" on types implementing interfaces in the delivery api
											
										
										
											2023-05-09 08:38:07 +02:00
+								using Asp.Versioning;
-												V14: Add authorization policies to Management API controllers - p2 (#15211)

* Making ProblemDetails details more generic

* Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy

* Adding method to get the GUID from claims

* Adding service methods to check user group authz

* Porting MustSatisfyRequirementAuthorizationHandler

* Adding controllers authz

* Fix return status code + produced response type

* Moving to folder

* Adding DenyLocalLogin policy scaffold

* Implement a temp DenyLocalLoginHandler

* Introducing a new Fobidden result

* Fix comment

* Introducing a helper class for authorizers

* Changed nullability for GetCurrentUser

* Changes from Attempt to Status + FIXME comments

* Create a UserGroupAuthorizationStatus to be used in the future

* Introduces a new authz status for checking media acess

* Introducing a new permission service for media

* Adding fixme

* Adding more policy configurations

* Adding Media policy requirement and handler

* Adding media authorizer

* Fix order of params

* Adding duplicate code comment

* Adding authz to media controllers

* Migrating more logic from MediaPermissions.cs

* Adding more MediaAuthorizationStatus-es

* Handling of new authorization status

* Fix comment

* Adding NotFound case

* Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled

* Changed Forbid() to Forbidden() to get the correct status code

* Remove policy that is applied on the base controller already

* Implement and apply NewUmbracoFeatureEnabled policy

* Renaming classes to add Permission in the name

* Register permission services

* Add FIXME

* Introduce new IUserGroupPermissionService and refactor accordingly

* Add single overload with default implementation

* Adding user permission policy and related

* Applying admin policy

* Register all new policies

* Better wording

* Add default implementation for a single overload

* Adding remarks to IContentPermissionService.cs

* Supporting null as key in ContentPermissionService

* Fix namespace

* Reverting back to not supporting null as content key, but having dedicated implementation

* Adding content authorizer with null values to represent root item

* Removing null key support and adding dedicated implementation

* Removing remarks

* Adding content resource with null support

* Removing null support

* Adding requirement and status

* Adding content authorizer + handlers

* Applying policies to content controllers

* Update comment

* Handling of Authorization Statuses

* More authz in controllers

* Fix comments

* New branch handler

* Obsolete old implementation

* Adding dedicated policies to root and bin

* Adding a branch specific namespace

* Bin specific requirement and namespace

* Root specific requirement and namespace

* Changing to new root policy

* Refactoring

* Save policies

* Fix null check/reference

* Add TODO comment

* Create media root- and bin-specific policies, handlers, etc.

* Apply correct policy in create and update media controllers

* Apply root policy to move and sort controllers

* Fix wording

* Adding UserGroupAuthorizationStatusResult

* Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus

* Fixing Umbraco feature policy

* Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute

* Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword

* Fix comment

* Renaming performingUser to user and fixing comments

* Rename helper method

* Fix references

* Re-add merge conflict deletion

* Adding Backoffice requirement and relevant

* Registering

* Added a simple policy test

* Fixed small test things and clean up

* Temp solution

* Added one more test and fix another static issue

* Fix another merge conflict

* Remove BackOfficePermissionRequirement and handler as they might not be necessary

* Comment out again [AllowAnonymous]

* Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary

* Fix temp implementation

* Fix reference to correct handler

* Apply authz policy to new publish/unpublish controllers

* Fix comments

* Removing duplicate ProducesResponseTypes

* Added swagger documentation about the 401 and 403

* Added Resources to Media, User and UserGroup

* Handle root, recycle bin and branch in the same handler

* Handle both parent and target when moving

* Check Ids for all sort requests

* Xml docs

* Clean up

* Clean up

* Fix build

* Cleanup

* Remove TODO

* Added missing overload

* Use yield

* Adding some keys to check

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
											
										
										
											2023-12-11 08:25:29 +01:00
+								using Microsoft.AspNetCore.Authorization;
-												User endpoint additions and corrections (#15773)

* Make create user endpoint work with the supplied id

Return 201 instead of 200 with correct resource identifier

* Add ResetPassword endpoint

* Bring changepassword route inline with other resource actions

* Fixed User endpoints not advertising all their possible response codes/ models

Fixed certain endpoints not authorizing targeted user(s) versus the admin needs admin authorization requirement
Fixed a user not found response bug for the update flow
Fix spacing

* Fixed CurrentUser endpoints not advertising all their possible response codes/ models

Fix incorrect responseStatus in UserService.GetPermissionsAsync

* Update OpenApi definition

Fix smal model oversights in previous commits

* Update incorrect Response type

* Check for duplicate id's in user create validation

* Remove unnecasary returnmodel from changepassword

Renamed the model to it's remaining usage

* rename bad constructor parameter

* Renamed method parameters for better readability and usage

* Fixed wrong userkey being passed down because of (refactored) bad naming

Technically doesn't change anything as the two id's should be the same in this case (reset with token is always for self)

* Fixed resetpassword bug

* Update openapi

* Update src/Umbraco.Core/Services/UserService.cs

Co-authored-by: Kenn Jacobsen <kja@umbraco.dk>

* Remove old password from change user password request model

Only makes sense when doing it for the logged in user => current endpoint

---------

Co-authored-by: Sven Geusens <sge@umbraco.dk>
Co-authored-by: Kenn Jacobsen <kja@umbraco.dk>
											
										
										
											2024-02-29 10:40:48 +01:00
+								using Microsoft.AspNetCore.Http;
-												Updated API version package and moved attribute to each controller (#14209)

* Updated API version package and moved attribute to each controller as it cannot be inherited.

* Ignore "$type" on types implementing interfaces in the delivery api
											
										
										
											2023-05-09 08:38:07 +02:00
+								using Microsoft.AspNetCore.Mvc;
-												V14: Add authorization policies to Management API controllers - p2 (#15211)

* Making ProblemDetails details more generic

* Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy

* Adding method to get the GUID from claims

* Adding service methods to check user group authz

* Porting MustSatisfyRequirementAuthorizationHandler

* Adding controllers authz

* Fix return status code + produced response type

* Moving to folder

* Adding DenyLocalLogin policy scaffold

* Implement a temp DenyLocalLoginHandler

* Introducing a new Fobidden result

* Fix comment

* Introducing a helper class for authorizers

* Changed nullability for GetCurrentUser

* Changes from Attempt to Status + FIXME comments

* Create a UserGroupAuthorizationStatus to be used in the future

* Introduces a new authz status for checking media acess

* Introducing a new permission service for media

* Adding fixme

* Adding more policy configurations

* Adding Media policy requirement and handler

* Adding media authorizer

* Fix order of params

* Adding duplicate code comment

* Adding authz to media controllers

* Migrating more logic from MediaPermissions.cs

* Adding more MediaAuthorizationStatus-es

* Handling of new authorization status

* Fix comment

* Adding NotFound case

* Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled

* Changed Forbid() to Forbidden() to get the correct status code

* Remove policy that is applied on the base controller already

* Implement and apply NewUmbracoFeatureEnabled policy

* Renaming classes to add Permission in the name

* Register permission services

* Add FIXME

* Introduce new IUserGroupPermissionService and refactor accordingly

* Add single overload with default implementation

* Adding user permission policy and related

* Applying admin policy

* Register all new policies

* Better wording

* Add default implementation for a single overload

* Adding remarks to IContentPermissionService.cs

* Supporting null as key in ContentPermissionService

* Fix namespace

* Reverting back to not supporting null as content key, but having dedicated implementation

* Adding content authorizer with null values to represent root item

* Removing null key support and adding dedicated implementation

* Removing remarks

* Adding content resource with null support

* Removing null support

* Adding requirement and status

* Adding content authorizer + handlers

* Applying policies to content controllers

* Update comment

* Handling of Authorization Statuses

* More authz in controllers

* Fix comments

* New branch handler

* Obsolete old implementation

* Adding dedicated policies to root and bin

* Adding a branch specific namespace

* Bin specific requirement and namespace

* Root specific requirement and namespace

* Changing to new root policy

* Refactoring

* Save policies

* Fix null check/reference

* Add TODO comment

* Create media root- and bin-specific policies, handlers, etc.

* Apply correct policy in create and update media controllers

* Apply root policy to move and sort controllers

* Fix wording

* Adding UserGroupAuthorizationStatusResult

* Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus

* Fixing Umbraco feature policy

* Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute

* Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword

* Fix comment

* Renaming performingUser to user and fixing comments

* Rename helper method

* Fix references

* Re-add merge conflict deletion

* Adding Backoffice requirement and relevant

* Registering

* Added a simple policy test

* Fixed small test things and clean up

* Temp solution

* Added one more test and fix another static issue

* Fix another merge conflict

* Remove BackOfficePermissionRequirement and handler as they might not be necessary

* Comment out again [AllowAnonymous]

* Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary

* Fix temp implementation

* Fix reference to correct handler

* Apply authz policy to new publish/unpublish controllers

* Fix comments

* Removing duplicate ProducesResponseTypes

* Added swagger documentation about the 401 and 403

* Added Resources to Media, User and UserGroup

* Handle root, recycle bin and branch in the same handler

* Handle both parent and target when moving

* Check Ids for all sort requests

* Xml docs

* Clean up

* Clean up

* Fix build

* Cleanup

* Remove TODO

* Added missing overload

* Use yield

* Adding some keys to check

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
											
										
										
											2023-12-11 08:25:29 +01:00
+								using Umbraco.Cms.Api.Management.Security.Authorization.User;
-												Bulk delete functionality for management api (#14735)

* Bulk delete

* Bulk delete

* Added bulk delete user groups

* Clean

---------

Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
											
										
										
											2023-08-29 15:51:20 +02:00
+								using Umbraco.Cms.Core.Security;
-												New backoffice: User controller (#13947)

* Add UserResponseModel

* Add factory to created UserResponseModel

* Add GetByKey controller

* Add GetAllUsers endpoint

* User proper response model

* Make naming consistent

* Order by username in GetAll

* Add user filter endpoint

* Fix includer user states

* Remove gravatar from the backend

* Send user avatars in response

* Add create user model

* start working on create

* Validate the create model

* Add authorization to create

* Use UserRepository instead of UserService to ValidateSessíonId

* Create IBackofficeUserStore interface

This is essentially a core-friendly version of the BackOfficeUserStore, additionally it contains basic methods for managing users, I.E. Get users, save users, create users, etc.

* Remove more usages of user service

* Remove usages of IUserService in BackofficeUserStore

* Add documentation

* Fix tests and DI

* add IBackOfficeUserStoreAccessor to resolve it in singleton services

* Resolve circular dependency

* Remove obsolete constructor

* Add core friendly user manager

* Finish createasync in user service

* Add WIP create endpoint

* Save newly creates users user groups

* Use service scope for user service

* Remove now unnecessary accessors

* Add response types

* Add update user endpoint

* Add EmailUserInviteSender

* Add technology free way of creating confirmation token

* Add invite uri provider

* Add invite user to user service

* Add invite user controller

* Add delete endpoint

* Add operation status responses

* Add operation status responses

* Added temporary file uploads including a repository implementation using local temp folder.

* Add Disable users endpoint

* missing files

* Fixed copy paste error

* Fix create users return type

* Updated OpenApi.json

* Updated OpenApi.json

* Handle if created failed in identity

* Add enable user

* Make users plural in enable/disable

We're doing the operation on multiple entities

* Added file extension check

* Add unlock user endpoint

* Clean up. Removed old TemporaryFileService and UploadFileService and updated dictionary items to use this new items

* Clean up

* Add reset password

* Add UpdateUserGroupsOnUsers method

* Add UpdateUserGroups

* Get rid of stream directly on TemporaryFileModel, and use delegate to open stream instead.

* Fix post merge

* Use keys instead of IDs

* Add ClearAvatar endpoint

* Review changes

* Moved models to their own files

* Reverted launch settings

* Move enlist extension to its own namespace

* Create set avatar endpoint

* Add reponse types

* Remove infrastructure extension after merge

* Add Cmapatibility suppressions

* Add test suppression

* Add integration tests

* Fix issue found in tests

* Add invited user to UserInvitationResult

* Add more tests

* Add update tests

* Hide different tests under parent

* Return DuplicatUserName user operation status if username matches an email

* Add update tests

* Change sorted set to HashSet

It doesn't work if it's not IComparable

* Change ID to Key when checking super

* Add get tests

* Add more GetAllTests

* Move tests to the right namespace

* Add filter test

* Fix including disabled users bug found by test

* Add test to ensure invited user state

* Add test case for UserState.All

* Add more filter tests

* Add enable disable tests

* Add resolver for keys and ids

* Replace usages of IUserService with IUserIdKeyResolver

* Add CompatibilitySuppressions

* Add UserIdKeyResolverTests

* Fix UserIdKeyResolver

* Add missing user operation results

* Updates from review

* ID not key

* Post instead of patch

* Use set instead of params for enable/disable

* Don't call to array

* Use sets for usergroup keys and user keys instead

* LanguageIsoCode instead of Language

* Update CompatibilitySuppressions after changin enumerable to set

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: kjac <kja@umbraco.dk>
											
										
										
											2023-03-29 08:14:47 +02:00
+								using Umbraco.Cms.Core.Services;
 								using Umbraco.Cms.Core.Services.OperationStatus;
-												V14: Add authorization policies to Management API controllers - p2 (#15211)

* Making ProblemDetails details more generic

* Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy

* Adding method to get the GUID from claims

* Adding service methods to check user group authz

* Porting MustSatisfyRequirementAuthorizationHandler

* Adding controllers authz

* Fix return status code + produced response type

* Moving to folder

* Adding DenyLocalLogin policy scaffold

* Implement a temp DenyLocalLoginHandler

* Introducing a new Fobidden result

* Fix comment

* Introducing a helper class for authorizers

* Changed nullability for GetCurrentUser

* Changes from Attempt to Status + FIXME comments

* Create a UserGroupAuthorizationStatus to be used in the future

* Introduces a new authz status for checking media acess

* Introducing a new permission service for media

* Adding fixme

* Adding more policy configurations

* Adding Media policy requirement and handler

* Adding media authorizer

* Fix order of params

* Adding duplicate code comment

* Adding authz to media controllers

* Migrating more logic from MediaPermissions.cs

* Adding more MediaAuthorizationStatus-es

* Handling of new authorization status

* Fix comment

* Adding NotFound case

* Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled

* Changed Forbid() to Forbidden() to get the correct status code

* Remove policy that is applied on the base controller already

* Implement and apply NewUmbracoFeatureEnabled policy

* Renaming classes to add Permission in the name

* Register permission services

* Add FIXME

* Introduce new IUserGroupPermissionService and refactor accordingly

* Add single overload with default implementation

* Adding user permission policy and related

* Applying admin policy

* Register all new policies

* Better wording

* Add default implementation for a single overload

* Adding remarks to IContentPermissionService.cs

* Supporting null as key in ContentPermissionService

* Fix namespace

* Reverting back to not supporting null as content key, but having dedicated implementation

* Adding content authorizer with null values to represent root item

* Removing null key support and adding dedicated implementation

* Removing remarks

* Adding content resource with null support

* Removing null support

* Adding requirement and status

* Adding content authorizer + handlers

* Applying policies to content controllers

* Update comment

* Handling of Authorization Statuses

* More authz in controllers

* Fix comments

* New branch handler

* Obsolete old implementation

* Adding dedicated policies to root and bin

* Adding a branch specific namespace

* Bin specific requirement and namespace

* Root specific requirement and namespace

* Changing to new root policy

* Refactoring

* Save policies

* Fix null check/reference

* Add TODO comment

* Create media root- and bin-specific policies, handlers, etc.

* Apply correct policy in create and update media controllers

* Apply root policy to move and sort controllers

* Fix wording

* Adding UserGroupAuthorizationStatusResult

* Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus

* Fixing Umbraco feature policy

* Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute

* Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword

* Fix comment

* Renaming performingUser to user and fixing comments

* Rename helper method

* Fix references

* Re-add merge conflict deletion

* Adding Backoffice requirement and relevant

* Registering

* Added a simple policy test

* Fixed small test things and clean up

* Temp solution

* Added one more test and fix another static issue

* Fix another merge conflict

* Remove BackOfficePermissionRequirement and handler as they might not be necessary

* Comment out again [AllowAnonymous]

* Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary

* Fix temp implementation

* Fix reference to correct handler

* Apply authz policy to new publish/unpublish controllers

* Fix comments

* Removing duplicate ProducesResponseTypes

* Added swagger documentation about the 401 and 403

* Added Resources to Media, User and UserGroup

* Handle root, recycle bin and branch in the same handler

* Handle both parent and target when moving

* Check Ids for all sort requests

* Xml docs

* Clean up

* Clean up

* Fix build

* Cleanup

* Remove TODO

* Added missing overload

* Use yield

* Adding some keys to check

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
											
										
										
											2023-12-11 08:25:29 +01:00
+								using Umbraco.Cms.Web.Common.Authorization;
 								using Umbraco.Extensions;
-												New backoffice: User controller (#13947)

* Add UserResponseModel

* Add factory to created UserResponseModel

* Add GetByKey controller

* Add GetAllUsers endpoint

* User proper response model

* Make naming consistent

* Order by username in GetAll

* Add user filter endpoint

* Fix includer user states

* Remove gravatar from the backend

* Send user avatars in response

* Add create user model

* start working on create

* Validate the create model

* Add authorization to create

* Use UserRepository instead of UserService to ValidateSessíonId

* Create IBackofficeUserStore interface

This is essentially a core-friendly version of the BackOfficeUserStore, additionally it contains basic methods for managing users, I.E. Get users, save users, create users, etc.

* Remove more usages of user service

* Remove usages of IUserService in BackofficeUserStore

* Add documentation

* Fix tests and DI

* add IBackOfficeUserStoreAccessor to resolve it in singleton services

* Resolve circular dependency

* Remove obsolete constructor

* Add core friendly user manager

* Finish createasync in user service

* Add WIP create endpoint

* Save newly creates users user groups

* Use service scope for user service

* Remove now unnecessary accessors

* Add response types

* Add update user endpoint

* Add EmailUserInviteSender

* Add technology free way of creating confirmation token

* Add invite uri provider

* Add invite user to user service

* Add invite user controller

* Add delete endpoint

* Add operation status responses

* Add operation status responses

* Added temporary file uploads including a repository implementation using local temp folder.

* Add Disable users endpoint

* missing files

* Fixed copy paste error

* Fix create users return type

* Updated OpenApi.json

* Updated OpenApi.json

* Handle if created failed in identity

* Add enable user

* Make users plural in enable/disable

We're doing the operation on multiple entities

* Added file extension check

* Add unlock user endpoint

* Clean up. Removed old TemporaryFileService and UploadFileService and updated dictionary items to use this new items

* Clean up

* Add reset password

* Add UpdateUserGroupsOnUsers method

* Add UpdateUserGroups

* Get rid of stream directly on TemporaryFileModel, and use delegate to open stream instead.

* Fix post merge

* Use keys instead of IDs

* Add ClearAvatar endpoint

* Review changes

* Moved models to their own files

* Reverted launch settings

* Move enlist extension to its own namespace

* Create set avatar endpoint

* Add reponse types

* Remove infrastructure extension after merge

* Add Cmapatibility suppressions

* Add test suppression

* Add integration tests

* Fix issue found in tests

* Add invited user to UserInvitationResult

* Add more tests

* Add update tests

* Hide different tests under parent

* Return DuplicatUserName user operation status if username matches an email

* Add update tests

* Change sorted set to HashSet

It doesn't work if it's not IComparable

* Change ID to Key when checking super

* Add get tests

* Add more GetAllTests

* Move tests to the right namespace

* Add filter test

* Fix including disabled users bug found by test

* Add test to ensure invited user state

* Add test case for UserState.All

* Add more filter tests

* Add enable disable tests

* Add resolver for keys and ids

* Replace usages of IUserService with IUserIdKeyResolver

* Add CompatibilitySuppressions

* Add UserIdKeyResolverTests

* Fix UserIdKeyResolver

* Add missing user operation results

* Updates from review

* ID not key

* Post instead of patch

* Use set instead of params for enable/disable

* Don't call to array

* Use sets for usergroup keys and user keys instead

* LanguageIsoCode instead of Language

* Update CompatibilitySuppressions after changin enumerable to set

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: kjac <kja@umbraco.dk>
											
										
										
											2023-03-29 08:14:47 +02:00
-												New backoffice: Use singular name for user and user group controllers (#14121)

* Rename UsersController to UserController

* Rename namespace to User

* Rename UserGroupsControllerBase to UserGroupControllerBase

* Rename namespace to UserGroup

* New backoffice: User and member item endpoints (#14079)

* Implement ByKeys in MemberService

* Implement member item endpoint

* Add routing to static file item controller

* Implement user item endpoint

* Implement user group item endpoint

* return proper response model

* update OpenApi.json

* Add CompatibilitySuppressions

* Cleanup

* Update OpenApi

---------

Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Elitsa <elm@umbraco.dk>

* Make user-group item endpoint singular

* Make user item endpoint singular

* Renamer user and user group folders

* Move from Users namespace to user

* Move from UserGroups namespace to UserGroup

* Update OpenApi.json

* Fix namespace after merge

* Move user item endpoint to singular namespace

* Move user group item endpoint to singular namespace

* Fix open api schema

---------

Co-authored-by: Nikolaj Geisle <70372949+zeegaan@users.noreply.github.com>
Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Elitsa <elm@umbraco.dk>
											
										
										
											2023-04-20 09:40:48 +02:00
+								namespace Umbraco.Cms.Api.Management.Controllers.User;
-												New backoffice: User controller (#13947)

* Add UserResponseModel

* Add factory to created UserResponseModel

* Add GetByKey controller

* Add GetAllUsers endpoint

* User proper response model

* Make naming consistent

* Order by username in GetAll

* Add user filter endpoint

* Fix includer user states

* Remove gravatar from the backend

* Send user avatars in response

* Add create user model

* start working on create

* Validate the create model

* Add authorization to create

* Use UserRepository instead of UserService to ValidateSessíonId

* Create IBackofficeUserStore interface

This is essentially a core-friendly version of the BackOfficeUserStore, additionally it contains basic methods for managing users, I.E. Get users, save users, create users, etc.

* Remove more usages of user service

* Remove usages of IUserService in BackofficeUserStore

* Add documentation

* Fix tests and DI

* add IBackOfficeUserStoreAccessor to resolve it in singleton services

* Resolve circular dependency

* Remove obsolete constructor

* Add core friendly user manager

* Finish createasync in user service

* Add WIP create endpoint

* Save newly creates users user groups

* Use service scope for user service

* Remove now unnecessary accessors

* Add response types

* Add update user endpoint

* Add EmailUserInviteSender

* Add technology free way of creating confirmation token

* Add invite uri provider

* Add invite user to user service

* Add invite user controller

* Add delete endpoint

* Add operation status responses

* Add operation status responses

* Added temporary file uploads including a repository implementation using local temp folder.

* Add Disable users endpoint

* missing files

* Fixed copy paste error

* Fix create users return type

* Updated OpenApi.json

* Updated OpenApi.json

* Handle if created failed in identity

* Add enable user

* Make users plural in enable/disable

We're doing the operation on multiple entities

* Added file extension check

* Add unlock user endpoint

* Clean up. Removed old TemporaryFileService and UploadFileService and updated dictionary items to use this new items

* Clean up

* Add reset password

* Add UpdateUserGroupsOnUsers method

* Add UpdateUserGroups

* Get rid of stream directly on TemporaryFileModel, and use delegate to open stream instead.

* Fix post merge

* Use keys instead of IDs

* Add ClearAvatar endpoint

* Review changes

* Moved models to their own files

* Reverted launch settings

* Move enlist extension to its own namespace

* Create set avatar endpoint

* Add reponse types

* Remove infrastructure extension after merge

* Add Cmapatibility suppressions

* Add test suppression

* Add integration tests

* Fix issue found in tests

* Add invited user to UserInvitationResult

* Add more tests

* Add update tests

* Hide different tests under parent

* Return DuplicatUserName user operation status if username matches an email

* Add update tests

* Change sorted set to HashSet

It doesn't work if it's not IComparable

* Change ID to Key when checking super

* Add get tests

* Add more GetAllTests

* Move tests to the right namespace

* Add filter test

* Fix including disabled users bug found by test

* Add test to ensure invited user state

* Add test case for UserState.All

* Add more filter tests

* Add enable disable tests

* Add resolver for keys and ids

* Replace usages of IUserService with IUserIdKeyResolver

* Add CompatibilitySuppressions

* Add UserIdKeyResolverTests

* Fix UserIdKeyResolver

* Add missing user operation results

* Updates from review

* ID not key

* Post instead of patch

* Use set instead of params for enable/disable

* Don't call to array

* Use sets for usergroup keys and user keys instead

* LanguageIsoCode instead of Language

* Update CompatibilitySuppressions after changin enumerable to set

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: kjac <kja@umbraco.dk>
											
										
										
											2023-03-29 08:14:47 +02:00
-												Updated API version package and moved attribute to each controller (#14209)

* Updated API version package and moved attribute to each controller as it cannot be inherited.

* Ignore "$type" on types implementing interfaces in the delivery api
											
										
										
											2023-05-09 08:38:07 +02:00
+								[ApiVersion("1.0")]
-												New backoffice: Use singular name for user and user group controllers (#14121)

* Rename UsersController to UserController

* Rename namespace to User

* Rename UserGroupsControllerBase to UserGroupControllerBase

* Rename namespace to UserGroup

* New backoffice: User and member item endpoints (#14079)

* Implement ByKeys in MemberService

* Implement member item endpoint

* Add routing to static file item controller

* Implement user item endpoint

* Implement user group item endpoint

* return proper response model

* update OpenApi.json

* Add CompatibilitySuppressions

* Cleanup

* Update OpenApi

---------

Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Elitsa <elm@umbraco.dk>

* Make user-group item endpoint singular

* Make user item endpoint singular

* Renamer user and user group folders

* Move from Users namespace to user

* Move from UserGroups namespace to UserGroup

* Update OpenApi.json

* Fix namespace after merge

* Move user item endpoint to singular namespace

* Move user group item endpoint to singular namespace

* Fix open api schema

---------

Co-authored-by: Nikolaj Geisle <70372949+zeegaan@users.noreply.github.com>
Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Elitsa <elm@umbraco.dk>
											
										
										
											2023-04-20 09:40:48 +02:00
+								public class DeleteUserController : UserControllerBase
-												New backoffice: User controller (#13947)

* Add UserResponseModel

* Add factory to created UserResponseModel

* Add GetByKey controller

* Add GetAllUsers endpoint

* User proper response model

* Make naming consistent

* Order by username in GetAll

* Add user filter endpoint

* Fix includer user states

* Remove gravatar from the backend

* Send user avatars in response

* Add create user model

* start working on create

* Validate the create model

* Add authorization to create

* Use UserRepository instead of UserService to ValidateSessíonId

* Create IBackofficeUserStore interface

This is essentially a core-friendly version of the BackOfficeUserStore, additionally it contains basic methods for managing users, I.E. Get users, save users, create users, etc.

* Remove more usages of user service

* Remove usages of IUserService in BackofficeUserStore

* Add documentation

* Fix tests and DI

* add IBackOfficeUserStoreAccessor to resolve it in singleton services

* Resolve circular dependency

* Remove obsolete constructor

* Add core friendly user manager

* Finish createasync in user service

* Add WIP create endpoint

* Save newly creates users user groups

* Use service scope for user service

* Remove now unnecessary accessors

* Add response types

* Add update user endpoint

* Add EmailUserInviteSender

* Add technology free way of creating confirmation token

* Add invite uri provider

* Add invite user to user service

* Add invite user controller

* Add delete endpoint

* Add operation status responses

* Add operation status responses

* Added temporary file uploads including a repository implementation using local temp folder.

* Add Disable users endpoint

* missing files

* Fixed copy paste error

* Fix create users return type

* Updated OpenApi.json

* Updated OpenApi.json

* Handle if created failed in identity

* Add enable user

* Make users plural in enable/disable

We're doing the operation on multiple entities

* Added file extension check

* Add unlock user endpoint

* Clean up. Removed old TemporaryFileService and UploadFileService and updated dictionary items to use this new items

* Clean up

* Add reset password

* Add UpdateUserGroupsOnUsers method

* Add UpdateUserGroups

* Get rid of stream directly on TemporaryFileModel, and use delegate to open stream instead.

* Fix post merge

* Use keys instead of IDs

* Add ClearAvatar endpoint

* Review changes

* Moved models to their own files

* Reverted launch settings

* Move enlist extension to its own namespace

* Create set avatar endpoint

* Add reponse types

* Remove infrastructure extension after merge

* Add Cmapatibility suppressions

* Add test suppression

* Add integration tests

* Fix issue found in tests

* Add invited user to UserInvitationResult

* Add more tests

* Add update tests

* Hide different tests under parent

* Return DuplicatUserName user operation status if username matches an email

* Add update tests

* Change sorted set to HashSet

It doesn't work if it's not IComparable

* Change ID to Key when checking super

* Add get tests

* Add more GetAllTests

* Move tests to the right namespace

* Add filter test

* Fix including disabled users bug found by test

* Add test to ensure invited user state

* Add test case for UserState.All

* Add more filter tests

* Add enable disable tests

* Add resolver for keys and ids

* Replace usages of IUserService with IUserIdKeyResolver

* Add CompatibilitySuppressions

* Add UserIdKeyResolverTests

* Fix UserIdKeyResolver

* Add missing user operation results

* Updates from review

* ID not key

* Post instead of patch

* Use set instead of params for enable/disable

* Don't call to array

* Use sets for usergroup keys and user keys instead

* LanguageIsoCode instead of Language

* Update CompatibilitySuppressions after changin enumerable to set

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: kjac <kja@umbraco.dk>
											
										
										
											2023-03-29 08:14:47 +02:00
+								{
-												V14: Add authorization policies to Management API controllers - p2 (#15211)

* Making ProblemDetails details more generic

* Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy

* Adding method to get the GUID from claims

* Adding service methods to check user group authz

* Porting MustSatisfyRequirementAuthorizationHandler

* Adding controllers authz

* Fix return status code + produced response type

* Moving to folder

* Adding DenyLocalLogin policy scaffold

* Implement a temp DenyLocalLoginHandler

* Introducing a new Fobidden result

* Fix comment

* Introducing a helper class for authorizers

* Changed nullability for GetCurrentUser

* Changes from Attempt to Status + FIXME comments

* Create a UserGroupAuthorizationStatus to be used in the future

* Introduces a new authz status for checking media acess

* Introducing a new permission service for media

* Adding fixme

* Adding more policy configurations

* Adding Media policy requirement and handler

* Adding media authorizer

* Fix order of params

* Adding duplicate code comment

* Adding authz to media controllers

* Migrating more logic from MediaPermissions.cs

* Adding more MediaAuthorizationStatus-es

* Handling of new authorization status

* Fix comment

* Adding NotFound case

* Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled

* Changed Forbid() to Forbidden() to get the correct status code

* Remove policy that is applied on the base controller already

* Implement and apply NewUmbracoFeatureEnabled policy

* Renaming classes to add Permission in the name

* Register permission services

* Add FIXME

* Introduce new IUserGroupPermissionService and refactor accordingly

* Add single overload with default implementation

* Adding user permission policy and related

* Applying admin policy

* Register all new policies

* Better wording

* Add default implementation for a single overload

* Adding remarks to IContentPermissionService.cs

* Supporting null as key in ContentPermissionService

* Fix namespace

* Reverting back to not supporting null as content key, but having dedicated implementation

* Adding content authorizer with null values to represent root item

* Removing null key support and adding dedicated implementation

* Removing remarks

* Adding content resource with null support

* Removing null support

* Adding requirement and status

* Adding content authorizer + handlers

* Applying policies to content controllers

* Update comment

* Handling of Authorization Statuses

* More authz in controllers

* Fix comments

* New branch handler

* Obsolete old implementation

* Adding dedicated policies to root and bin

* Adding a branch specific namespace

* Bin specific requirement and namespace

* Root specific requirement and namespace

* Changing to new root policy

* Refactoring

* Save policies

* Fix null check/reference

* Add TODO comment

* Create media root- and bin-specific policies, handlers, etc.

* Apply correct policy in create and update media controllers

* Apply root policy to move and sort controllers

* Fix wording

* Adding UserGroupAuthorizationStatusResult

* Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus

* Fixing Umbraco feature policy

* Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute

* Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword

* Fix comment

* Renaming performingUser to user and fixing comments

* Rename helper method

* Fix references

* Re-add merge conflict deletion

* Adding Backoffice requirement and relevant

* Registering

* Added a simple policy test

* Fixed small test things and clean up

* Temp solution

* Added one more test and fix another static issue

* Fix another merge conflict

* Remove BackOfficePermissionRequirement and handler as they might not be necessary

* Comment out again [AllowAnonymous]

* Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary

* Fix temp implementation

* Fix reference to correct handler

* Apply authz policy to new publish/unpublish controllers

* Fix comments

* Removing duplicate ProducesResponseTypes

* Added swagger documentation about the 401 and 403

* Added Resources to Media, User and UserGroup

* Handle root, recycle bin and branch in the same handler

* Handle both parent and target when moving

* Check Ids for all sort requests

* Xml docs

* Clean up

* Clean up

* Fix build

* Cleanup

* Remove TODO

* Added missing overload

* Use yield

* Adding some keys to check

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
											
										
										
											2023-12-11 08:25:29 +01:00
+								    private readonly IAuthorizationService _authorizationService;
 								    private readonly IUserService _userService;
 								    private readonly IBackOfficeSecurityAccessor _backOfficeSecurityAccessor;
 								    public DeleteUserController(
 								        IAuthorizationService authorizationService,
 								        IUserService userService,
 								        IBackOfficeSecurityAccessor backOfficeSecurityAccessor)
-												Bulk delete functionality for management api (#14735)

* Bulk delete

* Bulk delete

* Added bulk delete user groups

* Clean

---------

Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
											
										
										
											2023-08-29 15:51:20 +02:00
+								    {
-												V14: Add authorization policies to Management API controllers - p2 (#15211)

* Making ProblemDetails details more generic

* Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy

* Adding method to get the GUID from claims

* Adding service methods to check user group authz

* Porting MustSatisfyRequirementAuthorizationHandler

* Adding controllers authz

* Fix return status code + produced response type

* Moving to folder

* Adding DenyLocalLogin policy scaffold

* Implement a temp DenyLocalLoginHandler

* Introducing a new Fobidden result

* Fix comment

* Introducing a helper class for authorizers

* Changed nullability for GetCurrentUser

* Changes from Attempt to Status + FIXME comments

* Create a UserGroupAuthorizationStatus to be used in the future

* Introduces a new authz status for checking media acess

* Introducing a new permission service for media

* Adding fixme

* Adding more policy configurations

* Adding Media policy requirement and handler

* Adding media authorizer

* Fix order of params

* Adding duplicate code comment

* Adding authz to media controllers

* Migrating more logic from MediaPermissions.cs

* Adding more MediaAuthorizationStatus-es

* Handling of new authorization status

* Fix comment

* Adding NotFound case

* Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled

* Changed Forbid() to Forbidden() to get the correct status code

* Remove policy that is applied on the base controller already

* Implement and apply NewUmbracoFeatureEnabled policy

* Renaming classes to add Permission in the name

* Register permission services

* Add FIXME

* Introduce new IUserGroupPermissionService and refactor accordingly

* Add single overload with default implementation

* Adding user permission policy and related

* Applying admin policy

* Register all new policies

* Better wording

* Add default implementation for a single overload

* Adding remarks to IContentPermissionService.cs

* Supporting null as key in ContentPermissionService

* Fix namespace

* Reverting back to not supporting null as content key, but having dedicated implementation

* Adding content authorizer with null values to represent root item

* Removing null key support and adding dedicated implementation

* Removing remarks

* Adding content resource with null support

* Removing null support

* Adding requirement and status

* Adding content authorizer + handlers

* Applying policies to content controllers

* Update comment

* Handling of Authorization Statuses

* More authz in controllers

* Fix comments

* New branch handler

* Obsolete old implementation

* Adding dedicated policies to root and bin

* Adding a branch specific namespace

* Bin specific requirement and namespace

* Root specific requirement and namespace

* Changing to new root policy

* Refactoring

* Save policies

* Fix null check/reference

* Add TODO comment

* Create media root- and bin-specific policies, handlers, etc.

* Apply correct policy in create and update media controllers

* Apply root policy to move and sort controllers

* Fix wording

* Adding UserGroupAuthorizationStatusResult

* Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus

* Fixing Umbraco feature policy

* Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute

* Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword

* Fix comment

* Renaming performingUser to user and fixing comments

* Rename helper method

* Fix references

* Re-add merge conflict deletion

* Adding Backoffice requirement and relevant

* Registering

* Added a simple policy test

* Fixed small test things and clean up

* Temp solution

* Added one more test and fix another static issue

* Fix another merge conflict

* Remove BackOfficePermissionRequirement and handler as they might not be necessary

* Comment out again [AllowAnonymous]

* Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary

* Fix temp implementation

* Fix reference to correct handler

* Apply authz policy to new publish/unpublish controllers

* Fix comments

* Removing duplicate ProducesResponseTypes

* Added swagger documentation about the 401 and 403

* Added Resources to Media, User and UserGroup

* Handle root, recycle bin and branch in the same handler

* Handle both parent and target when moving

* Check Ids for all sort requests

* Xml docs

* Clean up

* Clean up

* Fix build

* Cleanup

* Remove TODO

* Added missing overload

* Use yield

* Adding some keys to check

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
											
										
										
											2023-12-11 08:25:29 +01:00
+								        _authorizationService = authorizationService;
-												Bulk delete functionality for management api (#14735)

* Bulk delete

* Bulk delete

* Added bulk delete user groups

* Clean

---------

Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
											
										
										
											2023-08-29 15:51:20 +02:00
+								        _userService = userService;
 								        _backOfficeSecurityAccessor = backOfficeSecurityAccessor;
 								    }
-												New backoffice: User controller (#13947)

* Add UserResponseModel

* Add factory to created UserResponseModel

* Add GetByKey controller

* Add GetAllUsers endpoint

* User proper response model

* Make naming consistent

* Order by username in GetAll

* Add user filter endpoint

* Fix includer user states

* Remove gravatar from the backend

* Send user avatars in response

* Add create user model

* start working on create

* Validate the create model

* Add authorization to create

* Use UserRepository instead of UserService to ValidateSessíonId

* Create IBackofficeUserStore interface

This is essentially a core-friendly version of the BackOfficeUserStore, additionally it contains basic methods for managing users, I.E. Get users, save users, create users, etc.

* Remove more usages of user service

* Remove usages of IUserService in BackofficeUserStore

* Add documentation

* Fix tests and DI

* add IBackOfficeUserStoreAccessor to resolve it in singleton services

* Resolve circular dependency

* Remove obsolete constructor

* Add core friendly user manager

* Finish createasync in user service

* Add WIP create endpoint

* Save newly creates users user groups

* Use service scope for user service

* Remove now unnecessary accessors

* Add response types

* Add update user endpoint

* Add EmailUserInviteSender

* Add technology free way of creating confirmation token

* Add invite uri provider

* Add invite user to user service

* Add invite user controller

* Add delete endpoint

* Add operation status responses

* Add operation status responses

* Added temporary file uploads including a repository implementation using local temp folder.

* Add Disable users endpoint

* missing files

* Fixed copy paste error

* Fix create users return type

* Updated OpenApi.json

* Updated OpenApi.json

* Handle if created failed in identity

* Add enable user

* Make users plural in enable/disable

We're doing the operation on multiple entities

* Added file extension check

* Add unlock user endpoint

* Clean up. Removed old TemporaryFileService and UploadFileService and updated dictionary items to use this new items

* Clean up

* Add reset password

* Add UpdateUserGroupsOnUsers method

* Add UpdateUserGroups

* Get rid of stream directly on TemporaryFileModel, and use delegate to open stream instead.

* Fix post merge

* Use keys instead of IDs

* Add ClearAvatar endpoint

* Review changes

* Moved models to their own files

* Reverted launch settings

* Move enlist extension to its own namespace

* Create set avatar endpoint

* Add reponse types

* Remove infrastructure extension after merge

* Add Cmapatibility suppressions

* Add test suppression

* Add integration tests

* Fix issue found in tests

* Add invited user to UserInvitationResult

* Add more tests

* Add update tests

* Hide different tests under parent

* Return DuplicatUserName user operation status if username matches an email

* Add update tests

* Change sorted set to HashSet

It doesn't work if it's not IComparable

* Change ID to Key when checking super

* Add get tests

* Add more GetAllTests

* Move tests to the right namespace

* Add filter test

* Fix including disabled users bug found by test

* Add test to ensure invited user state

* Add test case for UserState.All

* Add more filter tests

* Add enable disable tests

* Add resolver for keys and ids

* Replace usages of IUserService with IUserIdKeyResolver

* Add CompatibilitySuppressions

* Add UserIdKeyResolverTests

* Fix UserIdKeyResolver

* Add missing user operation results

* Updates from review

* ID not key

* Post instead of patch

* Use set instead of params for enable/disable

* Don't call to array

* Use sets for usergroup keys and user keys instead

* LanguageIsoCode instead of Language

* Update CompatibilitySuppressions after changin enumerable to set

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: kjac <kja@umbraco.dk>
											
										
										
											2023-03-29 08:14:47 +02:00
-												Updated API version package and moved attribute to each controller (#14209)

* Updated API version package and moved attribute to each controller as it cannot be inherited.

* Ignore "$type" on types implementing interfaces in the delivery api
											
										
										
											2023-05-09 08:38:07 +02:00
+								    [MapToApiVersion("1.0")]
-												New backoffice: User controller (#13947)

* Add UserResponseModel

* Add factory to created UserResponseModel

* Add GetByKey controller

* Add GetAllUsers endpoint

* User proper response model

* Make naming consistent

* Order by username in GetAll

* Add user filter endpoint

* Fix includer user states

* Remove gravatar from the backend

* Send user avatars in response

* Add create user model

* start working on create

* Validate the create model

* Add authorization to create

* Use UserRepository instead of UserService to ValidateSessíonId

* Create IBackofficeUserStore interface

This is essentially a core-friendly version of the BackOfficeUserStore, additionally it contains basic methods for managing users, I.E. Get users, save users, create users, etc.

* Remove more usages of user service

* Remove usages of IUserService in BackofficeUserStore

* Add documentation

* Fix tests and DI

* add IBackOfficeUserStoreAccessor to resolve it in singleton services

* Resolve circular dependency

* Remove obsolete constructor

* Add core friendly user manager

* Finish createasync in user service

* Add WIP create endpoint

* Save newly creates users user groups

* Use service scope for user service

* Remove now unnecessary accessors

* Add response types

* Add update user endpoint

* Add EmailUserInviteSender

* Add technology free way of creating confirmation token

* Add invite uri provider

* Add invite user to user service

* Add invite user controller

* Add delete endpoint

* Add operation status responses

* Add operation status responses

* Added temporary file uploads including a repository implementation using local temp folder.

* Add Disable users endpoint

* missing files

* Fixed copy paste error

* Fix create users return type

* Updated OpenApi.json

* Updated OpenApi.json

* Handle if created failed in identity

* Add enable user

* Make users plural in enable/disable

We're doing the operation on multiple entities

* Added file extension check

* Add unlock user endpoint

* Clean up. Removed old TemporaryFileService and UploadFileService and updated dictionary items to use this new items

* Clean up

* Add reset password

* Add UpdateUserGroupsOnUsers method

* Add UpdateUserGroups

* Get rid of stream directly on TemporaryFileModel, and use delegate to open stream instead.

* Fix post merge

* Use keys instead of IDs

* Add ClearAvatar endpoint

* Review changes

* Moved models to their own files

* Reverted launch settings

* Move enlist extension to its own namespace

* Create set avatar endpoint

* Add reponse types

* Remove infrastructure extension after merge

* Add Cmapatibility suppressions

* Add test suppression

* Add integration tests

* Fix issue found in tests

* Add invited user to UserInvitationResult

* Add more tests

* Add update tests

* Hide different tests under parent

* Return DuplicatUserName user operation status if username matches an email

* Add update tests

* Change sorted set to HashSet

It doesn't work if it's not IComparable

* Change ID to Key when checking super

* Add get tests

* Add more GetAllTests

* Move tests to the right namespace

* Add filter test

* Fix including disabled users bug found by test

* Add test to ensure invited user state

* Add test case for UserState.All

* Add more filter tests

* Add enable disable tests

* Add resolver for keys and ids

* Replace usages of IUserService with IUserIdKeyResolver

* Add CompatibilitySuppressions

* Add UserIdKeyResolverTests

* Fix UserIdKeyResolver

* Add missing user operation results

* Updates from review

* ID not key

* Post instead of patch

* Use set instead of params for enable/disable

* Don't call to array

* Use sets for usergroup keys and user keys instead

* LanguageIsoCode instead of Language

* Update CompatibilitySuppressions after changin enumerable to set

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: kjac <kja@umbraco.dk>
											
										
										
											2023-03-29 08:14:47 +02:00
+								    [HttpDelete("{id:guid}")]
-												User endpoint additions and corrections (#15773)

* Make create user endpoint work with the supplied id

Return 201 instead of 200 with correct resource identifier

* Add ResetPassword endpoint

* Bring changepassword route inline with other resource actions

* Fixed User endpoints not advertising all their possible response codes/ models

Fixed certain endpoints not authorizing targeted user(s) versus the admin needs admin authorization requirement
Fixed a user not found response bug for the update flow
Fix spacing

* Fixed CurrentUser endpoints not advertising all their possible response codes/ models

Fix incorrect responseStatus in UserService.GetPermissionsAsync

* Update OpenApi definition

Fix smal model oversights in previous commits

* Update incorrect Response type

* Check for duplicate id's in user create validation

* Remove unnecasary returnmodel from changepassword

Renamed the model to it's remaining usage

* rename bad constructor parameter

* Renamed method parameters for better readability and usage

* Fixed wrong userkey being passed down because of (refactored) bad naming

Technically doesn't change anything as the two id's should be the same in this case (reset with token is always for self)

* Fixed resetpassword bug

* Update openapi

* Update src/Umbraco.Core/Services/UserService.cs

Co-authored-by: Kenn Jacobsen <kja@umbraco.dk>

* Remove old password from change user password request model

Only makes sense when doing it for the logged in user => current endpoint

---------

Co-authored-by: Sven Geusens <sge@umbraco.dk>
Co-authored-by: Kenn Jacobsen <kja@umbraco.dk>
											
										
										
											2024-02-29 10:40:48 +01:00
+								    [ProducesResponseType(StatusCodes.Status200OK)]
 								    [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status404NotFound)]
 								    [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status400BadRequest)]
-												New backoffice: User controller (#13947)

* Add UserResponseModel

* Add factory to created UserResponseModel

* Add GetByKey controller

* Add GetAllUsers endpoint

* User proper response model

* Make naming consistent

* Order by username in GetAll

* Add user filter endpoint

* Fix includer user states

* Remove gravatar from the backend

* Send user avatars in response

* Add create user model

* start working on create

* Validate the create model

* Add authorization to create

* Use UserRepository instead of UserService to ValidateSessíonId

* Create IBackofficeUserStore interface

This is essentially a core-friendly version of the BackOfficeUserStore, additionally it contains basic methods for managing users, I.E. Get users, save users, create users, etc.

* Remove more usages of user service

* Remove usages of IUserService in BackofficeUserStore

* Add documentation

* Fix tests and DI

* add IBackOfficeUserStoreAccessor to resolve it in singleton services

* Resolve circular dependency

* Remove obsolete constructor

* Add core friendly user manager

* Finish createasync in user service

* Add WIP create endpoint

* Save newly creates users user groups

* Use service scope for user service

* Remove now unnecessary accessors

* Add response types

* Add update user endpoint

* Add EmailUserInviteSender

* Add technology free way of creating confirmation token

* Add invite uri provider

* Add invite user to user service

* Add invite user controller

* Add delete endpoint

* Add operation status responses

* Add operation status responses

* Added temporary file uploads including a repository implementation using local temp folder.

* Add Disable users endpoint

* missing files

* Fixed copy paste error

* Fix create users return type

* Updated OpenApi.json

* Updated OpenApi.json

* Handle if created failed in identity

* Add enable user

* Make users plural in enable/disable

We're doing the operation on multiple entities

* Added file extension check

* Add unlock user endpoint

* Clean up. Removed old TemporaryFileService and UploadFileService and updated dictionary items to use this new items

* Clean up

* Add reset password

* Add UpdateUserGroupsOnUsers method

* Add UpdateUserGroups

* Get rid of stream directly on TemporaryFileModel, and use delegate to open stream instead.

* Fix post merge

* Use keys instead of IDs

* Add ClearAvatar endpoint

* Review changes

* Moved models to their own files

* Reverted launch settings

* Move enlist extension to its own namespace

* Create set avatar endpoint

* Add reponse types

* Remove infrastructure extension after merge

* Add Cmapatibility suppressions

* Add test suppression

* Add integration tests

* Fix issue found in tests

* Add invited user to UserInvitationResult

* Add more tests

* Add update tests

* Hide different tests under parent

* Return DuplicatUserName user operation status if username matches an email

* Add update tests

* Change sorted set to HashSet

It doesn't work if it's not IComparable

* Change ID to Key when checking super

* Add get tests

* Add more GetAllTests

* Move tests to the right namespace

* Add filter test

* Fix including disabled users bug found by test

* Add test to ensure invited user state

* Add test case for UserState.All

* Add more filter tests

* Add enable disable tests

* Add resolver for keys and ids

* Replace usages of IUserService with IUserIdKeyResolver

* Add CompatibilitySuppressions

* Add UserIdKeyResolverTests

* Fix UserIdKeyResolver

* Add missing user operation results

* Updates from review

* ID not key

* Post instead of patch

* Use set instead of params for enable/disable

* Don't call to array

* Use sets for usergroup keys and user keys instead

* LanguageIsoCode instead of Language

* Update CompatibilitySuppressions after changin enumerable to set

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: kjac <kja@umbraco.dk>
											
										
										
											2023-03-29 08:14:47 +02:00
+								    public async Task<IActionResult> DeleteUser(Guid id)
 								    {
-												V14: Add authorization policies to Management API controllers - p2 (#15211)

* Making ProblemDetails details more generic

* Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy

* Adding method to get the GUID from claims

* Adding service methods to check user group authz

* Porting MustSatisfyRequirementAuthorizationHandler

* Adding controllers authz

* Fix return status code + produced response type

* Moving to folder

* Adding DenyLocalLogin policy scaffold

* Implement a temp DenyLocalLoginHandler

* Introducing a new Fobidden result

* Fix comment

* Introducing a helper class for authorizers

* Changed nullability for GetCurrentUser

* Changes from Attempt to Status + FIXME comments

* Create a UserGroupAuthorizationStatus to be used in the future

* Introduces a new authz status for checking media acess

* Introducing a new permission service for media

* Adding fixme

* Adding more policy configurations

* Adding Media policy requirement and handler

* Adding media authorizer

* Fix order of params

* Adding duplicate code comment

* Adding authz to media controllers

* Migrating more logic from MediaPermissions.cs

* Adding more MediaAuthorizationStatus-es

* Handling of new authorization status

* Fix comment

* Adding NotFound case

* Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled

* Changed Forbid() to Forbidden() to get the correct status code

* Remove policy that is applied on the base controller already

* Implement and apply NewUmbracoFeatureEnabled policy

* Renaming classes to add Permission in the name

* Register permission services

* Add FIXME

* Introduce new IUserGroupPermissionService and refactor accordingly

* Add single overload with default implementation

* Adding user permission policy and related

* Applying admin policy

* Register all new policies

* Better wording

* Add default implementation for a single overload

* Adding remarks to IContentPermissionService.cs

* Supporting null as key in ContentPermissionService

* Fix namespace

* Reverting back to not supporting null as content key, but having dedicated implementation

* Adding content authorizer with null values to represent root item

* Removing null key support and adding dedicated implementation

* Removing remarks

* Adding content resource with null support

* Removing null support

* Adding requirement and status

* Adding content authorizer + handlers

* Applying policies to content controllers

* Update comment

* Handling of Authorization Statuses

* More authz in controllers

* Fix comments

* New branch handler

* Obsolete old implementation

* Adding dedicated policies to root and bin

* Adding a branch specific namespace

* Bin specific requirement and namespace

* Root specific requirement and namespace

* Changing to new root policy

* Refactoring

* Save policies

* Fix null check/reference

* Add TODO comment

* Create media root- and bin-specific policies, handlers, etc.

* Apply correct policy in create and update media controllers

* Apply root policy to move and sort controllers

* Fix wording

* Adding UserGroupAuthorizationStatusResult

* Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus

* Fixing Umbraco feature policy

* Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute

* Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword

* Fix comment

* Renaming performingUser to user and fixing comments

* Rename helper method

* Fix references

* Re-add merge conflict deletion

* Adding Backoffice requirement and relevant

* Registering

* Added a simple policy test

* Fixed small test things and clean up

* Temp solution

* Added one more test and fix another static issue

* Fix another merge conflict

* Remove BackOfficePermissionRequirement and handler as they might not be necessary

* Comment out again [AllowAnonymous]

* Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary

* Fix temp implementation

* Fix reference to correct handler

* Apply authz policy to new publish/unpublish controllers

* Fix comments

* Removing duplicate ProducesResponseTypes

* Added swagger documentation about the 401 and 403

* Added Resources to Media, User and UserGroup

* Handle root, recycle bin and branch in the same handler

* Handle both parent and target when moving

* Check Ids for all sort requests

* Xml docs

* Clean up

* Clean up

* Fix build

* Cleanup

* Remove TODO

* Added missing overload

* Use yield

* Adding some keys to check

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
											
										
										
											2023-12-11 08:25:29 +01:00
+								        AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync(
 								            User,
 								            UserPermissionResource.WithKeys(id),
 								            AuthorizationPolicies.AdminUserEditsRequireAdmin);
 								        if (!authorizationResult.Succeeded)
 								        {
 								            return Forbidden();
 								        }
-												Bulk delete functionality for management api (#14735)

* Bulk delete

* Bulk delete

* Added bulk delete user groups

* Clean

---------

Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
											
										
										
											2023-08-29 15:51:20 +02:00
+								        UserOperationStatus result = await _userService.DeleteAsync(CurrentUserKey(_backOfficeSecurityAccessor), id);
-												New backoffice: User controller (#13947)

* Add UserResponseModel

* Add factory to created UserResponseModel

* Add GetByKey controller

* Add GetAllUsers endpoint

* User proper response model

* Make naming consistent

* Order by username in GetAll

* Add user filter endpoint

* Fix includer user states

* Remove gravatar from the backend

* Send user avatars in response

* Add create user model

* start working on create

* Validate the create model

* Add authorization to create

* Use UserRepository instead of UserService to ValidateSessíonId

* Create IBackofficeUserStore interface

This is essentially a core-friendly version of the BackOfficeUserStore, additionally it contains basic methods for managing users, I.E. Get users, save users, create users, etc.

* Remove more usages of user service

* Remove usages of IUserService in BackofficeUserStore

* Add documentation

* Fix tests and DI

* add IBackOfficeUserStoreAccessor to resolve it in singleton services

* Resolve circular dependency

* Remove obsolete constructor

* Add core friendly user manager

* Finish createasync in user service

* Add WIP create endpoint

* Save newly creates users user groups

* Use service scope for user service

* Remove now unnecessary accessors

* Add response types

* Add update user endpoint

* Add EmailUserInviteSender

* Add technology free way of creating confirmation token

* Add invite uri provider

* Add invite user to user service

* Add invite user controller

* Add delete endpoint

* Add operation status responses

* Add operation status responses

* Added temporary file uploads including a repository implementation using local temp folder.

* Add Disable users endpoint

* missing files

* Fixed copy paste error

* Fix create users return type

* Updated OpenApi.json

* Updated OpenApi.json

* Handle if created failed in identity

* Add enable user

* Make users plural in enable/disable

We're doing the operation on multiple entities

* Added file extension check

* Add unlock user endpoint

* Clean up. Removed old TemporaryFileService and UploadFileService and updated dictionary items to use this new items

* Clean up

* Add reset password

* Add UpdateUserGroupsOnUsers method

* Add UpdateUserGroups

* Get rid of stream directly on TemporaryFileModel, and use delegate to open stream instead.

* Fix post merge

* Use keys instead of IDs

* Add ClearAvatar endpoint

* Review changes

* Moved models to their own files

* Reverted launch settings

* Move enlist extension to its own namespace

* Create set avatar endpoint

* Add reponse types

* Remove infrastructure extension after merge

* Add Cmapatibility suppressions

* Add test suppression

* Add integration tests

* Fix issue found in tests

* Add invited user to UserInvitationResult

* Add more tests

* Add update tests

* Hide different tests under parent

* Return DuplicatUserName user operation status if username matches an email

* Add update tests

* Change sorted set to HashSet

It doesn't work if it's not IComparable

* Change ID to Key when checking super

* Add get tests

* Add more GetAllTests

* Move tests to the right namespace

* Add filter test

* Fix including disabled users bug found by test

* Add test to ensure invited user state

* Add test case for UserState.All

* Add more filter tests

* Add enable disable tests

* Add resolver for keys and ids

* Replace usages of IUserService with IUserIdKeyResolver

* Add CompatibilitySuppressions

* Add UserIdKeyResolverTests

* Fix UserIdKeyResolver

* Add missing user operation results

* Updates from review

* ID not key

* Post instead of patch

* Use set instead of params for enable/disable

* Don't call to array

* Use sets for usergroup keys and user keys instead

* LanguageIsoCode instead of Language

* Update CompatibilitySuppressions after changin enumerable to set

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: kjac <kja@umbraco.dk>
											
										
										
											2023-03-29 08:14:47 +02:00
 								        return result is UserOperationStatus.Success
 								            ? Ok()
 								            : UserOperationStatusResult(result);
 								    }
 								}