src/Umbraco.Cms.Api.Management/Controllers/Document/UpdateDocumentControllerBase.cs

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Umbraco.Cms.Api.Management.ViewModels.Document;
using Umbraco.Cms.Core.Actions;
using Umbraco.Cms.Core.Security.Authorization;
using Umbraco.Cms.Web.Common.Authorization;
using Umbraco.Extensions;

namespace Umbraco.Cms.Api.Management.Controllers.Document;

public abstract class UpdateDocumentControllerBase : DocumentControllerBase
{
    private readonly IAuthorizationService _authorizationService;

    protected UpdateDocumentControllerBase(IAuthorizationService authorizationService)
        => _authorizationService = authorizationService;

    protected async Task<IActionResult> HandleRequest(Guid id, UpdateDocumentRequestModel requestModel, Func<Task<IActionResult>> authorizedHandler)
    {
        IEnumerable<string> cultures = requestModel.Variants
            .Where(v => v.Culture is not null)
            .Select(v => v.Culture!);
        AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync(
            User,
            ContentPermissionResource.WithKeys(ActionUpdate.ActionLetter, id, cultures),
            AuthorizationPolicies.ContentPermissionByResource);

        if (!authorizationResult.Succeeded)
        {
            return Forbidden();
        }

        return await authorizedHandler();
    }
}
-												Property level validation for Management API (#15644)

* Property level validation for content - initial implementation

* Always succeed create/update regardless of property level validation errors

* Move old complex editor validation classes to Web.BackOffice so they will be deleted

* Include operation status and property validation errors in ProblemDetails

* Refactor property validation to its own service(s)

* Make the problem details builder a little more generic towards extensions

* Validation for item and branch publish

* Moved malplaced test

* Get rid of a TODO

* Integration tests for content validation service

* Simplify validation service

* Add missing response types to create and update for document and media

* Remove test that no longer applies

* Use "errors" for model validation errors (property validation errors)

* Split create/update and validation into their own endpoints

* Fix forward merge

* Correct wrong assumption for missing properties

* Remove localization from validation error messages - decreases dependencies, adds a lot of obsolete constructors

* Reuse existing validation service + support custom error messages

* Fix merge errors

* Review comments
											
										
										
											2024-01-31 10:40:58 +01:00
+								using Microsoft.AspNetCore.Authorization;
 								using Microsoft.AspNetCore.Mvc;
 								using Umbraco.Cms.Api.Management.ViewModels.Document;
 								using Umbraco.Cms.Core.Actions;
-												Refactor authorizers to be reusable from the core project (#15782)

* Refactored the Authorizers to be reuseable from core by now knowing about principal but only the IUser. Also moved them to core

* Fix multiple enumeration

* Fix more multiple enumerations

---------

Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
											
										
										
											2024-02-29 09:41:56 +00:00
+								using Umbraco.Cms.Core.Security.Authorization;
-												Property level validation for Management API (#15644)

* Property level validation for content - initial implementation

* Always succeed create/update regardless of property level validation errors

* Move old complex editor validation classes to Web.BackOffice so they will be deleted

* Include operation status and property validation errors in ProblemDetails

* Refactor property validation to its own service(s)

* Make the problem details builder a little more generic towards extensions

* Validation for item and branch publish

* Moved malplaced test

* Get rid of a TODO

* Integration tests for content validation service

* Simplify validation service

* Add missing response types to create and update for document and media

* Remove test that no longer applies

* Use "errors" for model validation errors (property validation errors)

* Split create/update and validation into their own endpoints

* Fix forward merge

* Correct wrong assumption for missing properties

* Remove localization from validation error messages - decreases dependencies, adds a lot of obsolete constructors

* Reuse existing validation service + support custom error messages

* Fix merge errors

* Review comments
											
										
										
											2024-01-31 10:40:58 +01:00
+								using Umbraco.Cms.Web.Common.Authorization;
 								using Umbraco.Extensions;
 								namespace Umbraco.Cms.Api.Management.Controllers.Document;
 								public abstract class UpdateDocumentControllerBase : DocumentControllerBase
 								{
 								    private readonly IAuthorizationService _authorizationService;
-												Refactor content updates to shift responsibility downwards (#15807)


											
										
										
											2024-03-01 10:45:19 +01:00
+								    protected UpdateDocumentControllerBase(IAuthorizationService authorizationService)
 								        => _authorizationService = authorizationService;
-												Property level validation for Management API (#15644)

* Property level validation for content - initial implementation

* Always succeed create/update regardless of property level validation errors

* Move old complex editor validation classes to Web.BackOffice so they will be deleted

* Include operation status and property validation errors in ProblemDetails

* Refactor property validation to its own service(s)

* Make the problem details builder a little more generic towards extensions

* Validation for item and branch publish

* Moved malplaced test

* Get rid of a TODO

* Integration tests for content validation service

* Simplify validation service

* Add missing response types to create and update for document and media

* Remove test that no longer applies

* Use "errors" for model validation errors (property validation errors)

* Split create/update and validation into their own endpoints

* Fix forward merge

* Correct wrong assumption for missing properties

* Remove localization from validation error messages - decreases dependencies, adds a lot of obsolete constructors

* Reuse existing validation service + support custom error messages

* Fix merge errors

* Review comments
											
										
										
											2024-01-31 10:40:58 +01:00
-												Refactor content updates to shift responsibility downwards (#15807)


											
										
										
											2024-03-01 10:45:19 +01:00
+								    protected async Task<IActionResult> HandleRequest(Guid id, UpdateDocumentRequestModel requestModel, Func<Task<IActionResult>> authorizedHandler)
-												Property level validation for Management API (#15644)

* Property level validation for content - initial implementation

* Always succeed create/update regardless of property level validation errors

* Move old complex editor validation classes to Web.BackOffice so they will be deleted

* Include operation status and property validation errors in ProblemDetails

* Refactor property validation to its own service(s)

* Make the problem details builder a little more generic towards extensions

* Validation for item and branch publish

* Moved malplaced test

* Get rid of a TODO

* Integration tests for content validation service

* Simplify validation service

* Add missing response types to create and update for document and media

* Remove test that no longer applies

* Use "errors" for model validation errors (property validation errors)

* Split create/update and validation into their own endpoints

* Fix forward merge

* Correct wrong assumption for missing properties

* Remove localization from validation error messages - decreases dependencies, adds a lot of obsolete constructors

* Reuse existing validation service + support custom error messages

* Fix merge errors

* Review comments
											
										
										
											2024-01-31 10:40:58 +01:00
+								    {
 								        IEnumerable<string> cultures = requestModel.Variants
 								            .Where(v => v.Culture is not null)
 								            .Select(v => v.Culture!);
 								        AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync(
 								            User,
 								            ContentPermissionResource.WithKeys(ActionUpdate.ActionLetter, id, cultures),
 								            AuthorizationPolicies.ContentPermissionByResource);
 								        if (!authorizationResult.Succeeded)
 								        {
 								            return Forbidden();
 								        }
-												Refactor content updates to shift responsibility downwards (#15807)


											
										
										
											2024-03-01 10:45:19 +01:00
+								        return await authorizedHandler();
-												Property level validation for Management API (#15644)

* Property level validation for content - initial implementation

* Always succeed create/update regardless of property level validation errors

* Move old complex editor validation classes to Web.BackOffice so they will be deleted

* Include operation status and property validation errors in ProblemDetails

* Refactor property validation to its own service(s)

* Make the problem details builder a little more generic towards extensions

* Validation for item and branch publish

* Moved malplaced test

* Get rid of a TODO

* Integration tests for content validation service

* Simplify validation service

* Add missing response types to create and update for document and media

* Remove test that no longer applies

* Use "errors" for model validation errors (property validation errors)

* Split create/update and validation into their own endpoints

* Fix forward merge

* Correct wrong assumption for missing properties

* Remove localization from validation error messages - decreases dependencies, adds a lot of obsolete constructors

* Reuse existing validation service + support custom error messages

* Fix merge errors

* Review comments
											
										
										
											2024-01-31 10:40:58 +01:00
+								    }
 								}