src/Umbraco.Cms.Api.Management/Controllers/Document/UpdateDocumentControllerBase.cs

using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Mvc;
using Umbraco.Cms.Api.Management.ViewModels.Document;
using Umbraco.Cms.Core.Actions;
using Umbraco.Cms.Core.Security.Authorization;
using Umbraco.Cms.Web.Common.Authorization;
using Umbraco.Extensions;

namespace Umbraco.Cms.Api.Management.Controllers.Document;

public abstract class UpdateDocumentControllerBase : DocumentControllerBase
{
    private readonly IAuthorizationService _authorizationService;

    protected UpdateDocumentControllerBase(IAuthorizationService authorizationService)
        => _authorizationService = authorizationService;

    protected async Task<IActionResult> HandleRequest(Guid id, UpdateDocumentRequestModel requestModel, Func<Task<IActionResult>> authorizedHandler)
    {
        // TODO This have temporarily been uncommented, to support the client sends values from all cultures, even when the user do not have access to the languages.
        // The values are ignored in the ContentEditingService

        // IEnumerable<string> cultures = requestModel.Variants
        //     .Where(v => v.Culture is not null)
        //     .Select(v => v.Culture!);
        // AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync(
        //     User,
        //     ContentPermissionResource.WithKeys(ActionUpdate.ActionLetter, id, cultures),
        //     AuthorizationPolicies.ContentPermissionByResource);
        //
        // if (!authorizationResult.Succeeded)
        // {
        //     return Forbidden();
        // }

        return await authorizedHandler();
    }
}
-												Property level validation for Management API (#15644)

* Property level validation for content - initial implementation

* Always succeed create/update regardless of property level validation errors

* Move old complex editor validation classes to Web.BackOffice so they will be deleted

* Include operation status and property validation errors in ProblemDetails

* Refactor property validation to its own service(s)

* Make the problem details builder a little more generic towards extensions

* Validation for item and branch publish

* Moved malplaced test

* Get rid of a TODO

* Integration tests for content validation service

* Simplify validation service

* Add missing response types to create and update for document and media

* Remove test that no longer applies

* Use "errors" for model validation errors (property validation errors)

* Split create/update and validation into their own endpoints

* Fix forward merge

* Correct wrong assumption for missing properties

* Remove localization from validation error messages - decreases dependencies, adds a lot of obsolete constructors

* Reuse existing validation service + support custom error messages

* Fix merge errors

* Review comments
											
										
										
											2024-01-31 10:40:58 +01:00
+								using Microsoft.AspNetCore.Authorization;
 								using Microsoft.AspNetCore.Mvc;
 								using Umbraco.Cms.Api.Management.ViewModels.Document;
 								using Umbraco.Cms.Core.Actions;
-												Refactor authorizers to be reusable from the core project (#15782)

* Refactored the Authorizers to be reuseable from core by now knowing about principal but only the IUser. Also moved them to core

* Fix multiple enumeration

* Fix more multiple enumerations

---------

Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
											
										
										
											2024-02-29 09:41:56 +00:00
+								using Umbraco.Cms.Core.Security.Authorization;
-												Property level validation for Management API (#15644)

* Property level validation for content - initial implementation

* Always succeed create/update regardless of property level validation errors

* Move old complex editor validation classes to Web.BackOffice so they will be deleted

* Include operation status and property validation errors in ProblemDetails

* Refactor property validation to its own service(s)

* Make the problem details builder a little more generic towards extensions

* Validation for item and branch publish

* Moved malplaced test

* Get rid of a TODO

* Integration tests for content validation service

* Simplify validation service

* Add missing response types to create and update for document and media

* Remove test that no longer applies

* Use "errors" for model validation errors (property validation errors)

* Split create/update and validation into their own endpoints

* Fix forward merge

* Correct wrong assumption for missing properties

* Remove localization from validation error messages - decreases dependencies, adds a lot of obsolete constructors

* Reuse existing validation service + support custom error messages

* Fix merge errors

* Review comments
											
										
										
											2024-01-31 10:40:58 +01:00
+								using Umbraco.Cms.Web.Common.Authorization;
 								using Umbraco.Extensions;
 								namespace Umbraco.Cms.Api.Management.Controllers.Document;
 								public abstract class UpdateDocumentControllerBase : DocumentControllerBase
 								{
 								    private readonly IAuthorizationService _authorizationService;
-												Refactor content updates to shift responsibility downwards (#15807)


											
										
										
											2024-03-01 10:45:19 +01:00
+								    protected UpdateDocumentControllerBase(IAuthorizationService authorizationService)
 								        => _authorizationService = authorizationService;
-												Property level validation for Management API (#15644)

* Property level validation for content - initial implementation

* Always succeed create/update regardless of property level validation errors

* Move old complex editor validation classes to Web.BackOffice so they will be deleted

* Include operation status and property validation errors in ProblemDetails

* Refactor property validation to its own service(s)

* Make the problem details builder a little more generic towards extensions

* Validation for item and branch publish

* Moved malplaced test

* Get rid of a TODO

* Integration tests for content validation service

* Simplify validation service

* Add missing response types to create and update for document and media

* Remove test that no longer applies

* Use "errors" for model validation errors (property validation errors)

* Split create/update and validation into their own endpoints

* Fix forward merge

* Correct wrong assumption for missing properties

* Remove localization from validation error messages - decreases dependencies, adds a lot of obsolete constructors

* Reuse existing validation service + support custom error messages

* Fix merge errors

* Review comments
											
										
										
											2024-01-31 10:40:58 +01:00
-												Refactor content updates to shift responsibility downwards (#15807)


											
										
										
											2024-03-01 10:45:19 +01:00
+								    protected async Task<IActionResult> HandleRequest(Guid id, UpdateDocumentRequestModel requestModel, Func<Task<IActionResult>> authorizedHandler)
-												Property level validation for Management API (#15644)

* Property level validation for content - initial implementation

* Always succeed create/update regardless of property level validation errors

* Move old complex editor validation classes to Web.BackOffice so they will be deleted

* Include operation status and property validation errors in ProblemDetails

* Refactor property validation to its own service(s)

* Make the problem details builder a little more generic towards extensions

* Validation for item and branch publish

* Moved malplaced test

* Get rid of a TODO

* Integration tests for content validation service

* Simplify validation service

* Add missing response types to create and update for document and media

* Remove test that no longer applies

* Use "errors" for model validation errors (property validation errors)

* Split create/update and validation into their own endpoints

* Fix forward merge

* Correct wrong assumption for missing properties

* Remove localization from validation error messages - decreases dependencies, adds a lot of obsolete constructors

* Reuse existing validation service + support custom error messages

* Fix merge errors

* Review comments
											
										
										
											2024-01-31 10:40:58 +01:00
+								    {
-												Allow the client to send all content, with all languages, even when the user do not have permissions to save a specific language. (#17052)


											
										
										
											2024-09-18 13:10:15 +02:00
+								        // TODO This have temporarily been uncommented, to support the client sends values from all cultures, even when the user do not have access to the languages.
 								        // The values are ignored in the ContentEditingService
-												Property level validation for Management API (#15644)

* Property level validation for content - initial implementation

* Always succeed create/update regardless of property level validation errors

* Move old complex editor validation classes to Web.BackOffice so they will be deleted

* Include operation status and property validation errors in ProblemDetails

* Refactor property validation to its own service(s)

* Make the problem details builder a little more generic towards extensions

* Validation for item and branch publish

* Moved malplaced test

* Get rid of a TODO

* Integration tests for content validation service

* Simplify validation service

* Add missing response types to create and update for document and media

* Remove test that no longer applies

* Use "errors" for model validation errors (property validation errors)

* Split create/update and validation into their own endpoints

* Fix forward merge

* Correct wrong assumption for missing properties

* Remove localization from validation error messages - decreases dependencies, adds a lot of obsolete constructors

* Reuse existing validation service + support custom error messages

* Fix merge errors

* Review comments
											
										
										
											2024-01-31 10:40:58 +01:00
-												Allow the client to send all content, with all languages, even when the user do not have permissions to save a specific language. (#17052)


											
										
										
											2024-09-18 13:10:15 +02:00
+								        // IEnumerable<string> cultures = requestModel.Variants
 								        //     .Where(v => v.Culture is not null)
 								        //     .Select(v => v.Culture!);
 								        // AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync(
 								        //     User,
 								        //     ContentPermissionResource.WithKeys(ActionUpdate.ActionLetter, id, cultures),
 								        //     AuthorizationPolicies.ContentPermissionByResource);
 								        //
 								        // if (!authorizationResult.Succeeded)
 								        // {
 								        //     return Forbidden();
 								        // }
-												Property level validation for Management API (#15644)

* Property level validation for content - initial implementation

* Always succeed create/update regardless of property level validation errors

* Move old complex editor validation classes to Web.BackOffice so they will be deleted

* Include operation status and property validation errors in ProblemDetails

* Refactor property validation to its own service(s)

* Make the problem details builder a little more generic towards extensions

* Validation for item and branch publish

* Moved malplaced test

* Get rid of a TODO

* Integration tests for content validation service

* Simplify validation service

* Add missing response types to create and update for document and media

* Remove test that no longer applies

* Use "errors" for model validation errors (property validation errors)

* Split create/update and validation into their own endpoints

* Fix forward merge

* Correct wrong assumption for missing properties

* Remove localization from validation error messages - decreases dependencies, adds a lot of obsolete constructors

* Reuse existing validation service + support custom error messages

* Fix merge errors

* Review comments
											
										
										
											2024-01-31 10:40:58 +01:00
-												Refactor content updates to shift responsibility downwards (#15807)


											
										
										
											2024-03-01 10:45:19 +01:00
+								        return await authorizedHandler();
-												Property level validation for Management API (#15644)

* Property level validation for content - initial implementation

* Always succeed create/update regardless of property level validation errors

* Move old complex editor validation classes to Web.BackOffice so they will be deleted

* Include operation status and property validation errors in ProblemDetails

* Refactor property validation to its own service(s)

* Make the problem details builder a little more generic towards extensions

* Validation for item and branch publish

* Moved malplaced test

* Get rid of a TODO

* Integration tests for content validation service

* Simplify validation service

* Add missing response types to create and update for document and media

* Remove test that no longer applies

* Use "errors" for model validation errors (property validation errors)

* Split create/update and validation into their own endpoints

* Fix forward merge

* Correct wrong assumption for missing properties

* Remove localization from validation error messages - decreases dependencies, adds a lot of obsolete constructors

* Reuse existing validation service + support custom error messages

* Fix merge errors

* Review comments
											
										
										
											2024-01-31 10:40:58 +01:00
+								    }
 								}