src/Umbraco.Cms.Api.Management/Controllers/Document/DeletePublicAccessDocumentController.cs

using Asp.Versioning;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Umbraco.Cms.Api.Management.Security.Authorization.Content;
using Umbraco.Cms.Core;
using Umbraco.Cms.Core.Actions;
using Umbraco.Cms.Core.Services;
using Umbraco.Cms.Core.Services.OperationStatus;
using Umbraco.Cms.Web.Common.Authorization;
using Umbraco.Extensions;

namespace Umbraco.Cms.Api.Management.Controllers.Document;

[ApiVersion("1.0")]
public class DeletePublicAccessDocumentController : DocumentControllerBase
{
    private readonly IAuthorizationService _authorizationService;
    private readonly IPublicAccessService _publicAccessService;

    public DeletePublicAccessDocumentController(IAuthorizationService authorizationService, IPublicAccessService publicAccessService)
    {
        _authorizationService = authorizationService;
        _publicAccessService = publicAccessService;
    }

    [MapToApiVersion("1.0")]
    [HttpDelete("{id:guid}/public-access")]
    [ProducesResponseType(StatusCodes.Status200OK)]
    [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status404NotFound)]
    public async Task<IActionResult> Delete(Guid id)
    {
        AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync(
            User,
            ContentPermissionResource.WithKeys(ActionProtect.ActionLetter, id),
            AuthorizationPolicies.ContentPermissionByResource);

        if (!authorizationResult.Succeeded)
        {
            return Forbidden();
        }

        Attempt<PublicAccessOperationStatus> attempt = await _publicAccessService.DeleteAsync(id);

        return attempt.Success ? Ok() : PublicAccessOperationStatusResult(attempt.Result);
    }
}
-												V14: Public access controller (#14501)

* Implement GetEntryByContentKey

* Implement PublicAccessResponseModel

* Implement IPublicAccessPresentationFactory

* Rename MemberGroupItemReponseModel to MemberGroupItemResponseModel

* Refactor PublicAccessResponseModel to use Ids instead of entire content items

* Return attempt instead of PresentationModel

* Add missing statuses to PublicAccessOperationStatusResult

* Implement PublicAccessDocumentController.cs

* Refacotr PublicAccessResponseModel to use a base model

* Add CreatePublicAccessEntry method

* Refactor AccessRequestModel to use names not ids :(

* Rename ErrorPageNotFound to ErrorNodeNotFound

* Implement new SaveAsync method

* Introduce more OperationResults

* Implement PublicAccessEntrySlim

* Implement SaveAsync

* Remove CreatePublicAccessEntry from presentation factory

* Rename to CreateAsync

* Implement UpdateAsync

* Rename to async

* Implement CreatePublicAccessEntry

* Implement update endpoint

* remove PublicAccessEntrySlim mapping

* implement CreatePublicAccessEntrySlim method

* Refactor UpdateAsync

* Remove ContentId from request model as it should be in the request

* Use new service layer

* Amend method name in update controller

* Refactor create public access entry to use async method and return entity

* Refactor to use saveAsync method instead of synchronously

* Use presentation factory instead of mapping

* Implement deleteAsync endpoint

* Add produces response type

* Refactor mapping to not use UmbracoMapper, as that causes errors

* Update OpenApi.json

* Refactor out variables to intermediate object

* Validate that groups and names are not specified at the same time

* Make presentation factory not async

* Minor cleanup

---------

Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
											
										
										
											2023-07-05 14:56:51 +02:00
+								using Asp.Versioning;
-												V14: Add authorization policies to Management API controllers - p2 (#15211)

* Making ProblemDetails details more generic

* Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy

* Adding method to get the GUID from claims

* Adding service methods to check user group authz

* Porting MustSatisfyRequirementAuthorizationHandler

* Adding controllers authz

* Fix return status code + produced response type

* Moving to folder

* Adding DenyLocalLogin policy scaffold

* Implement a temp DenyLocalLoginHandler

* Introducing a new Fobidden result

* Fix comment

* Introducing a helper class for authorizers

* Changed nullability for GetCurrentUser

* Changes from Attempt to Status + FIXME comments

* Create a UserGroupAuthorizationStatus to be used in the future

* Introduces a new authz status for checking media acess

* Introducing a new permission service for media

* Adding fixme

* Adding more policy configurations

* Adding Media policy requirement and handler

* Adding media authorizer

* Fix order of params

* Adding duplicate code comment

* Adding authz to media controllers

* Migrating more logic from MediaPermissions.cs

* Adding more MediaAuthorizationStatus-es

* Handling of new authorization status

* Fix comment

* Adding NotFound case

* Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled

* Changed Forbid() to Forbidden() to get the correct status code

* Remove policy that is applied on the base controller already

* Implement and apply NewUmbracoFeatureEnabled policy

* Renaming classes to add Permission in the name

* Register permission services

* Add FIXME

* Introduce new IUserGroupPermissionService and refactor accordingly

* Add single overload with default implementation

* Adding user permission policy and related

* Applying admin policy

* Register all new policies

* Better wording

* Add default implementation for a single overload

* Adding remarks to IContentPermissionService.cs

* Supporting null as key in ContentPermissionService

* Fix namespace

* Reverting back to not supporting null as content key, but having dedicated implementation

* Adding content authorizer with null values to represent root item

* Removing null key support and adding dedicated implementation

* Removing remarks

* Adding content resource with null support

* Removing null support

* Adding requirement and status

* Adding content authorizer + handlers

* Applying policies to content controllers

* Update comment

* Handling of Authorization Statuses

* More authz in controllers

* Fix comments

* New branch handler

* Obsolete old implementation

* Adding dedicated policies to root and bin

* Adding a branch specific namespace

* Bin specific requirement and namespace

* Root specific requirement and namespace

* Changing to new root policy

* Refactoring

* Save policies

* Fix null check/reference

* Add TODO comment

* Create media root- and bin-specific policies, handlers, etc.

* Apply correct policy in create and update media controllers

* Apply root policy to move and sort controllers

* Fix wording

* Adding UserGroupAuthorizationStatusResult

* Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus

* Fixing Umbraco feature policy

* Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute

* Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword

* Fix comment

* Renaming performingUser to user and fixing comments

* Rename helper method

* Fix references

* Re-add merge conflict deletion

* Adding Backoffice requirement and relevant

* Registering

* Added a simple policy test

* Fixed small test things and clean up

* Temp solution

* Added one more test and fix another static issue

* Fix another merge conflict

* Remove BackOfficePermissionRequirement and handler as they might not be necessary

* Comment out again [AllowAnonymous]

* Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary

* Fix temp implementation

* Fix reference to correct handler

* Apply authz policy to new publish/unpublish controllers

* Fix comments

* Removing duplicate ProducesResponseTypes

* Added swagger documentation about the 401 and 403

* Added Resources to Media, User and UserGroup

* Handle root, recycle bin and branch in the same handler

* Handle both parent and target when moving

* Check Ids for all sort requests

* Xml docs

* Clean up

* Clean up

* Fix build

* Cleanup

* Remove TODO

* Added missing overload

* Use yield

* Adding some keys to check

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
											
										
										
											2023-12-11 08:25:29 +01:00
+								using Microsoft.AspNetCore.Authorization;
-												V14: Public access controller (#14501)

* Implement GetEntryByContentKey

* Implement PublicAccessResponseModel

* Implement IPublicAccessPresentationFactory

* Rename MemberGroupItemReponseModel to MemberGroupItemResponseModel

* Refactor PublicAccessResponseModel to use Ids instead of entire content items

* Return attempt instead of PresentationModel

* Add missing statuses to PublicAccessOperationStatusResult

* Implement PublicAccessDocumentController.cs

* Refacotr PublicAccessResponseModel to use a base model

* Add CreatePublicAccessEntry method

* Refactor AccessRequestModel to use names not ids :(

* Rename ErrorPageNotFound to ErrorNodeNotFound

* Implement new SaveAsync method

* Introduce more OperationResults

* Implement PublicAccessEntrySlim

* Implement SaveAsync

* Remove CreatePublicAccessEntry from presentation factory

* Rename to CreateAsync

* Implement UpdateAsync

* Rename to async

* Implement CreatePublicAccessEntry

* Implement update endpoint

* remove PublicAccessEntrySlim mapping

* implement CreatePublicAccessEntrySlim method

* Refactor UpdateAsync

* Remove ContentId from request model as it should be in the request

* Use new service layer

* Amend method name in update controller

* Refactor create public access entry to use async method and return entity

* Refactor to use saveAsync method instead of synchronously

* Use presentation factory instead of mapping

* Implement deleteAsync endpoint

* Add produces response type

* Refactor mapping to not use UmbracoMapper, as that causes errors

* Update OpenApi.json

* Refactor out variables to intermediate object

* Validate that groups and names are not specified at the same time

* Make presentation factory not async

* Minor cleanup

---------

Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
											
										
										
											2023-07-05 14:56:51 +02:00
+								using Microsoft.AspNetCore.Http;
 								using Microsoft.AspNetCore.Mvc;
-												V14: Add authorization policies to Management API controllers - p2 (#15211)

* Making ProblemDetails details more generic

* Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy

* Adding method to get the GUID from claims

* Adding service methods to check user group authz

* Porting MustSatisfyRequirementAuthorizationHandler

* Adding controllers authz

* Fix return status code + produced response type

* Moving to folder

* Adding DenyLocalLogin policy scaffold

* Implement a temp DenyLocalLoginHandler

* Introducing a new Fobidden result

* Fix comment

* Introducing a helper class for authorizers

* Changed nullability for GetCurrentUser

* Changes from Attempt to Status + FIXME comments

* Create a UserGroupAuthorizationStatus to be used in the future

* Introduces a new authz status for checking media acess

* Introducing a new permission service for media

* Adding fixme

* Adding more policy configurations

* Adding Media policy requirement and handler

* Adding media authorizer

* Fix order of params

* Adding duplicate code comment

* Adding authz to media controllers

* Migrating more logic from MediaPermissions.cs

* Adding more MediaAuthorizationStatus-es

* Handling of new authorization status

* Fix comment

* Adding NotFound case

* Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled

* Changed Forbid() to Forbidden() to get the correct status code

* Remove policy that is applied on the base controller already

* Implement and apply NewUmbracoFeatureEnabled policy

* Renaming classes to add Permission in the name

* Register permission services

* Add FIXME

* Introduce new IUserGroupPermissionService and refactor accordingly

* Add single overload with default implementation

* Adding user permission policy and related

* Applying admin policy

* Register all new policies

* Better wording

* Add default implementation for a single overload

* Adding remarks to IContentPermissionService.cs

* Supporting null as key in ContentPermissionService

* Fix namespace

* Reverting back to not supporting null as content key, but having dedicated implementation

* Adding content authorizer with null values to represent root item

* Removing null key support and adding dedicated implementation

* Removing remarks

* Adding content resource with null support

* Removing null support

* Adding requirement and status

* Adding content authorizer + handlers

* Applying policies to content controllers

* Update comment

* Handling of Authorization Statuses

* More authz in controllers

* Fix comments

* New branch handler

* Obsolete old implementation

* Adding dedicated policies to root and bin

* Adding a branch specific namespace

* Bin specific requirement and namespace

* Root specific requirement and namespace

* Changing to new root policy

* Refactoring

* Save policies

* Fix null check/reference

* Add TODO comment

* Create media root- and bin-specific policies, handlers, etc.

* Apply correct policy in create and update media controllers

* Apply root policy to move and sort controllers

* Fix wording

* Adding UserGroupAuthorizationStatusResult

* Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus

* Fixing Umbraco feature policy

* Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute

* Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword

* Fix comment

* Renaming performingUser to user and fixing comments

* Rename helper method

* Fix references

* Re-add merge conflict deletion

* Adding Backoffice requirement and relevant

* Registering

* Added a simple policy test

* Fixed small test things and clean up

* Temp solution

* Added one more test and fix another static issue

* Fix another merge conflict

* Remove BackOfficePermissionRequirement and handler as they might not be necessary

* Comment out again [AllowAnonymous]

* Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary

* Fix temp implementation

* Fix reference to correct handler

* Apply authz policy to new publish/unpublish controllers

* Fix comments

* Removing duplicate ProducesResponseTypes

* Added swagger documentation about the 401 and 403

* Added Resources to Media, User and UserGroup

* Handle root, recycle bin and branch in the same handler

* Handle both parent and target when moving

* Check Ids for all sort requests

* Xml docs

* Clean up

* Clean up

* Fix build

* Cleanup

* Remove TODO

* Added missing overload

* Use yield

* Adding some keys to check

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
											
										
										
											2023-12-11 08:25:29 +01:00
+								using Umbraco.Cms.Api.Management.Security.Authorization.Content;
-												V14 Bugfix, fixed some of the document controllers (#15449)

* Updated naming to route correctly

* Added a check for null

* Added another status code for the PublicAccess

* Added a check for null

* Updated naming to match route

* Added attempt pattern

* added a ProblemDetailsBuilder for the EntryNotFound

---------

Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
											
										
										
											2024-01-29 12:58:03 +01:00
+								using Umbraco.Cms.Core;
-												V14: Add authorization policies to Management API controllers - p2 (#15211)

* Making ProblemDetails details more generic

* Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy

* Adding method to get the GUID from claims

* Adding service methods to check user group authz

* Porting MustSatisfyRequirementAuthorizationHandler

* Adding controllers authz

* Fix return status code + produced response type

* Moving to folder

* Adding DenyLocalLogin policy scaffold

* Implement a temp DenyLocalLoginHandler

* Introducing a new Fobidden result

* Fix comment

* Introducing a helper class for authorizers

* Changed nullability for GetCurrentUser

* Changes from Attempt to Status + FIXME comments

* Create a UserGroupAuthorizationStatus to be used in the future

* Introduces a new authz status for checking media acess

* Introducing a new permission service for media

* Adding fixme

* Adding more policy configurations

* Adding Media policy requirement and handler

* Adding media authorizer

* Fix order of params

* Adding duplicate code comment

* Adding authz to media controllers

* Migrating more logic from MediaPermissions.cs

* Adding more MediaAuthorizationStatus-es

* Handling of new authorization status

* Fix comment

* Adding NotFound case

* Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled

* Changed Forbid() to Forbidden() to get the correct status code

* Remove policy that is applied on the base controller already

* Implement and apply NewUmbracoFeatureEnabled policy

* Renaming classes to add Permission in the name

* Register permission services

* Add FIXME

* Introduce new IUserGroupPermissionService and refactor accordingly

* Add single overload with default implementation

* Adding user permission policy and related

* Applying admin policy

* Register all new policies

* Better wording

* Add default implementation for a single overload

* Adding remarks to IContentPermissionService.cs

* Supporting null as key in ContentPermissionService

* Fix namespace

* Reverting back to not supporting null as content key, but having dedicated implementation

* Adding content authorizer with null values to represent root item

* Removing null key support and adding dedicated implementation

* Removing remarks

* Adding content resource with null support

* Removing null support

* Adding requirement and status

* Adding content authorizer + handlers

* Applying policies to content controllers

* Update comment

* Handling of Authorization Statuses

* More authz in controllers

* Fix comments

* New branch handler

* Obsolete old implementation

* Adding dedicated policies to root and bin

* Adding a branch specific namespace

* Bin specific requirement and namespace

* Root specific requirement and namespace

* Changing to new root policy

* Refactoring

* Save policies

* Fix null check/reference

* Add TODO comment

* Create media root- and bin-specific policies, handlers, etc.

* Apply correct policy in create and update media controllers

* Apply root policy to move and sort controllers

* Fix wording

* Adding UserGroupAuthorizationStatusResult

* Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus

* Fixing Umbraco feature policy

* Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute

* Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword

* Fix comment

* Renaming performingUser to user and fixing comments

* Rename helper method

* Fix references

* Re-add merge conflict deletion

* Adding Backoffice requirement and relevant

* Registering

* Added a simple policy test

* Fixed small test things and clean up

* Temp solution

* Added one more test and fix another static issue

* Fix another merge conflict

* Remove BackOfficePermissionRequirement and handler as they might not be necessary

* Comment out again [AllowAnonymous]

* Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary

* Fix temp implementation

* Fix reference to correct handler

* Apply authz policy to new publish/unpublish controllers

* Fix comments

* Removing duplicate ProducesResponseTypes

* Added swagger documentation about the 401 and 403

* Added Resources to Media, User and UserGroup

* Handle root, recycle bin and branch in the same handler

* Handle both parent and target when moving

* Check Ids for all sort requests

* Xml docs

* Clean up

* Clean up

* Fix build

* Cleanup

* Remove TODO

* Added missing overload

* Use yield

* Adding some keys to check

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
											
										
										
											2023-12-11 08:25:29 +01:00
+								using Umbraco.Cms.Core.Actions;
-												V14: Public access controller (#14501)

* Implement GetEntryByContentKey

* Implement PublicAccessResponseModel

* Implement IPublicAccessPresentationFactory

* Rename MemberGroupItemReponseModel to MemberGroupItemResponseModel

* Refactor PublicAccessResponseModel to use Ids instead of entire content items

* Return attempt instead of PresentationModel

* Add missing statuses to PublicAccessOperationStatusResult

* Implement PublicAccessDocumentController.cs

* Refacotr PublicAccessResponseModel to use a base model

* Add CreatePublicAccessEntry method

* Refactor AccessRequestModel to use names not ids :(

* Rename ErrorPageNotFound to ErrorNodeNotFound

* Implement new SaveAsync method

* Introduce more OperationResults

* Implement PublicAccessEntrySlim

* Implement SaveAsync

* Remove CreatePublicAccessEntry from presentation factory

* Rename to CreateAsync

* Implement UpdateAsync

* Rename to async

* Implement CreatePublicAccessEntry

* Implement update endpoint

* remove PublicAccessEntrySlim mapping

* implement CreatePublicAccessEntrySlim method

* Refactor UpdateAsync

* Remove ContentId from request model as it should be in the request

* Use new service layer

* Amend method name in update controller

* Refactor create public access entry to use async method and return entity

* Refactor to use saveAsync method instead of synchronously

* Use presentation factory instead of mapping

* Implement deleteAsync endpoint

* Add produces response type

* Refactor mapping to not use UmbracoMapper, as that causes errors

* Update OpenApi.json

* Refactor out variables to intermediate object

* Validate that groups and names are not specified at the same time

* Make presentation factory not async

* Minor cleanup

---------

Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
											
										
										
											2023-07-05 14:56:51 +02:00
+								using Umbraco.Cms.Core.Services;
-												V14 Bugfix, fixed some of the document controllers (#15449)

* Updated naming to route correctly

* Added a check for null

* Added another status code for the PublicAccess

* Added a check for null

* Updated naming to match route

* Added attempt pattern

* added a ProblemDetailsBuilder for the EntryNotFound

---------

Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
											
										
										
											2024-01-29 12:58:03 +01:00
+								using Umbraco.Cms.Core.Services.OperationStatus;
-												V14: Add authorization policies to Management API controllers - p2 (#15211)

* Making ProblemDetails details more generic

* Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy

* Adding method to get the GUID from claims

* Adding service methods to check user group authz

* Porting MustSatisfyRequirementAuthorizationHandler

* Adding controllers authz

* Fix return status code + produced response type

* Moving to folder

* Adding DenyLocalLogin policy scaffold

* Implement a temp DenyLocalLoginHandler

* Introducing a new Fobidden result

* Fix comment

* Introducing a helper class for authorizers

* Changed nullability for GetCurrentUser

* Changes from Attempt to Status + FIXME comments

* Create a UserGroupAuthorizationStatus to be used in the future

* Introduces a new authz status for checking media acess

* Introducing a new permission service for media

* Adding fixme

* Adding more policy configurations

* Adding Media policy requirement and handler

* Adding media authorizer

* Fix order of params

* Adding duplicate code comment

* Adding authz to media controllers

* Migrating more logic from MediaPermissions.cs

* Adding more MediaAuthorizationStatus-es

* Handling of new authorization status

* Fix comment

* Adding NotFound case

* Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled

* Changed Forbid() to Forbidden() to get the correct status code

* Remove policy that is applied on the base controller already

* Implement and apply NewUmbracoFeatureEnabled policy

* Renaming classes to add Permission in the name

* Register permission services

* Add FIXME

* Introduce new IUserGroupPermissionService and refactor accordingly

* Add single overload with default implementation

* Adding user permission policy and related

* Applying admin policy

* Register all new policies

* Better wording

* Add default implementation for a single overload

* Adding remarks to IContentPermissionService.cs

* Supporting null as key in ContentPermissionService

* Fix namespace

* Reverting back to not supporting null as content key, but having dedicated implementation

* Adding content authorizer with null values to represent root item

* Removing null key support and adding dedicated implementation

* Removing remarks

* Adding content resource with null support

* Removing null support

* Adding requirement and status

* Adding content authorizer + handlers

* Applying policies to content controllers

* Update comment

* Handling of Authorization Statuses

* More authz in controllers

* Fix comments

* New branch handler

* Obsolete old implementation

* Adding dedicated policies to root and bin

* Adding a branch specific namespace

* Bin specific requirement and namespace

* Root specific requirement and namespace

* Changing to new root policy

* Refactoring

* Save policies

* Fix null check/reference

* Add TODO comment

* Create media root- and bin-specific policies, handlers, etc.

* Apply correct policy in create and update media controllers

* Apply root policy to move and sort controllers

* Fix wording

* Adding UserGroupAuthorizationStatusResult

* Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus

* Fixing Umbraco feature policy

* Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute

* Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword

* Fix comment

* Renaming performingUser to user and fixing comments

* Rename helper method

* Fix references

* Re-add merge conflict deletion

* Adding Backoffice requirement and relevant

* Registering

* Added a simple policy test

* Fixed small test things and clean up

* Temp solution

* Added one more test and fix another static issue

* Fix another merge conflict

* Remove BackOfficePermissionRequirement and handler as they might not be necessary

* Comment out again [AllowAnonymous]

* Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary

* Fix temp implementation

* Fix reference to correct handler

* Apply authz policy to new publish/unpublish controllers

* Fix comments

* Removing duplicate ProducesResponseTypes

* Added swagger documentation about the 401 and 403

* Added Resources to Media, User and UserGroup

* Handle root, recycle bin and branch in the same handler

* Handle both parent and target when moving

* Check Ids for all sort requests

* Xml docs

* Clean up

* Clean up

* Fix build

* Cleanup

* Remove TODO

* Added missing overload

* Use yield

* Adding some keys to check

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
											
										
										
											2023-12-11 08:25:29 +01:00
+								using Umbraco.Cms.Web.Common.Authorization;
 								using Umbraco.Extensions;
-												V14: Public access controller (#14501)

* Implement GetEntryByContentKey

* Implement PublicAccessResponseModel

* Implement IPublicAccessPresentationFactory

* Rename MemberGroupItemReponseModel to MemberGroupItemResponseModel

* Refactor PublicAccessResponseModel to use Ids instead of entire content items

* Return attempt instead of PresentationModel

* Add missing statuses to PublicAccessOperationStatusResult

* Implement PublicAccessDocumentController.cs

* Refacotr PublicAccessResponseModel to use a base model

* Add CreatePublicAccessEntry method

* Refactor AccessRequestModel to use names not ids :(

* Rename ErrorPageNotFound to ErrorNodeNotFound

* Implement new SaveAsync method

* Introduce more OperationResults

* Implement PublicAccessEntrySlim

* Implement SaveAsync

* Remove CreatePublicAccessEntry from presentation factory

* Rename to CreateAsync

* Implement UpdateAsync

* Rename to async

* Implement CreatePublicAccessEntry

* Implement update endpoint

* remove PublicAccessEntrySlim mapping

* implement CreatePublicAccessEntrySlim method

* Refactor UpdateAsync

* Remove ContentId from request model as it should be in the request

* Use new service layer

* Amend method name in update controller

* Refactor create public access entry to use async method and return entity

* Refactor to use saveAsync method instead of synchronously

* Use presentation factory instead of mapping

* Implement deleteAsync endpoint

* Add produces response type

* Refactor mapping to not use UmbracoMapper, as that causes errors

* Update OpenApi.json

* Refactor out variables to intermediate object

* Validate that groups and names are not specified at the same time

* Make presentation factory not async

* Minor cleanup

---------

Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
											
										
										
											2023-07-05 14:56:51 +02:00
 								namespace Umbraco.Cms.Api.Management.Controllers.Document;
-												Add missing API version attributes to management API controllers (#15310)


											
										
										
											2023-11-29 09:23:23 +01:00
+								[ApiVersion("1.0")]
-												V14: Public access controller (#14501)

* Implement GetEntryByContentKey

* Implement PublicAccessResponseModel

* Implement IPublicAccessPresentationFactory

* Rename MemberGroupItemReponseModel to MemberGroupItemResponseModel

* Refactor PublicAccessResponseModel to use Ids instead of entire content items

* Return attempt instead of PresentationModel

* Add missing statuses to PublicAccessOperationStatusResult

* Implement PublicAccessDocumentController.cs

* Refacotr PublicAccessResponseModel to use a base model

* Add CreatePublicAccessEntry method

* Refactor AccessRequestModel to use names not ids :(

* Rename ErrorPageNotFound to ErrorNodeNotFound

* Implement new SaveAsync method

* Introduce more OperationResults

* Implement PublicAccessEntrySlim

* Implement SaveAsync

* Remove CreatePublicAccessEntry from presentation factory

* Rename to CreateAsync

* Implement UpdateAsync

* Rename to async

* Implement CreatePublicAccessEntry

* Implement update endpoint

* remove PublicAccessEntrySlim mapping

* implement CreatePublicAccessEntrySlim method

* Refactor UpdateAsync

* Remove ContentId from request model as it should be in the request

* Use new service layer

* Amend method name in update controller

* Refactor create public access entry to use async method and return entity

* Refactor to use saveAsync method instead of synchronously

* Use presentation factory instead of mapping

* Implement deleteAsync endpoint

* Add produces response type

* Refactor mapping to not use UmbracoMapper, as that causes errors

* Update OpenApi.json

* Refactor out variables to intermediate object

* Validate that groups and names are not specified at the same time

* Make presentation factory not async

* Minor cleanup

---------

Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
											
										
										
											2023-07-05 14:56:51 +02:00
+								public class DeletePublicAccessDocumentController : DocumentControllerBase
 								{
-												V14: Add authorization policies to Management API controllers - p2 (#15211)

* Making ProblemDetails details more generic

* Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy

* Adding method to get the GUID from claims

* Adding service methods to check user group authz

* Porting MustSatisfyRequirementAuthorizationHandler

* Adding controllers authz

* Fix return status code + produced response type

* Moving to folder

* Adding DenyLocalLogin policy scaffold

* Implement a temp DenyLocalLoginHandler

* Introducing a new Fobidden result

* Fix comment

* Introducing a helper class for authorizers

* Changed nullability for GetCurrentUser

* Changes from Attempt to Status + FIXME comments

* Create a UserGroupAuthorizationStatus to be used in the future

* Introduces a new authz status for checking media acess

* Introducing a new permission service for media

* Adding fixme

* Adding more policy configurations

* Adding Media policy requirement and handler

* Adding media authorizer

* Fix order of params

* Adding duplicate code comment

* Adding authz to media controllers

* Migrating more logic from MediaPermissions.cs

* Adding more MediaAuthorizationStatus-es

* Handling of new authorization status

* Fix comment

* Adding NotFound case

* Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled

* Changed Forbid() to Forbidden() to get the correct status code

* Remove policy that is applied on the base controller already

* Implement and apply NewUmbracoFeatureEnabled policy

* Renaming classes to add Permission in the name

* Register permission services

* Add FIXME

* Introduce new IUserGroupPermissionService and refactor accordingly

* Add single overload with default implementation

* Adding user permission policy and related

* Applying admin policy

* Register all new policies

* Better wording

* Add default implementation for a single overload

* Adding remarks to IContentPermissionService.cs

* Supporting null as key in ContentPermissionService

* Fix namespace

* Reverting back to not supporting null as content key, but having dedicated implementation

* Adding content authorizer with null values to represent root item

* Removing null key support and adding dedicated implementation

* Removing remarks

* Adding content resource with null support

* Removing null support

* Adding requirement and status

* Adding content authorizer + handlers

* Applying policies to content controllers

* Update comment

* Handling of Authorization Statuses

* More authz in controllers

* Fix comments

* New branch handler

* Obsolete old implementation

* Adding dedicated policies to root and bin

* Adding a branch specific namespace

* Bin specific requirement and namespace

* Root specific requirement and namespace

* Changing to new root policy

* Refactoring

* Save policies

* Fix null check/reference

* Add TODO comment

* Create media root- and bin-specific policies, handlers, etc.

* Apply correct policy in create and update media controllers

* Apply root policy to move and sort controllers

* Fix wording

* Adding UserGroupAuthorizationStatusResult

* Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus

* Fixing Umbraco feature policy

* Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute

* Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword

* Fix comment

* Renaming performingUser to user and fixing comments

* Rename helper method

* Fix references

* Re-add merge conflict deletion

* Adding Backoffice requirement and relevant

* Registering

* Added a simple policy test

* Fixed small test things and clean up

* Temp solution

* Added one more test and fix another static issue

* Fix another merge conflict

* Remove BackOfficePermissionRequirement and handler as they might not be necessary

* Comment out again [AllowAnonymous]

* Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary

* Fix temp implementation

* Fix reference to correct handler

* Apply authz policy to new publish/unpublish controllers

* Fix comments

* Removing duplicate ProducesResponseTypes

* Added swagger documentation about the 401 and 403

* Added Resources to Media, User and UserGroup

* Handle root, recycle bin and branch in the same handler

* Handle both parent and target when moving

* Check Ids for all sort requests

* Xml docs

* Clean up

* Clean up

* Fix build

* Cleanup

* Remove TODO

* Added missing overload

* Use yield

* Adding some keys to check

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
											
										
										
											2023-12-11 08:25:29 +01:00
+								    private readonly IAuthorizationService _authorizationService;
-												V14: Public access controller (#14501)

* Implement GetEntryByContentKey

* Implement PublicAccessResponseModel

* Implement IPublicAccessPresentationFactory

* Rename MemberGroupItemReponseModel to MemberGroupItemResponseModel

* Refactor PublicAccessResponseModel to use Ids instead of entire content items

* Return attempt instead of PresentationModel

* Add missing statuses to PublicAccessOperationStatusResult

* Implement PublicAccessDocumentController.cs

* Refacotr PublicAccessResponseModel to use a base model

* Add CreatePublicAccessEntry method

* Refactor AccessRequestModel to use names not ids :(

* Rename ErrorPageNotFound to ErrorNodeNotFound

* Implement new SaveAsync method

* Introduce more OperationResults

* Implement PublicAccessEntrySlim

* Implement SaveAsync

* Remove CreatePublicAccessEntry from presentation factory

* Rename to CreateAsync

* Implement UpdateAsync

* Rename to async

* Implement CreatePublicAccessEntry

* Implement update endpoint

* remove PublicAccessEntrySlim mapping

* implement CreatePublicAccessEntrySlim method

* Refactor UpdateAsync

* Remove ContentId from request model as it should be in the request

* Use new service layer

* Amend method name in update controller

* Refactor create public access entry to use async method and return entity

* Refactor to use saveAsync method instead of synchronously

* Use presentation factory instead of mapping

* Implement deleteAsync endpoint

* Add produces response type

* Refactor mapping to not use UmbracoMapper, as that causes errors

* Update OpenApi.json

* Refactor out variables to intermediate object

* Validate that groups and names are not specified at the same time

* Make presentation factory not async

* Minor cleanup

---------

Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
											
										
										
											2023-07-05 14:56:51 +02:00
+								    private readonly IPublicAccessService _publicAccessService;
-												V14: Add authorization policies to Management API controllers - p2 (#15211)

* Making ProblemDetails details more generic

* Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy

* Adding method to get the GUID from claims

* Adding service methods to check user group authz

* Porting MustSatisfyRequirementAuthorizationHandler

* Adding controllers authz

* Fix return status code + produced response type

* Moving to folder

* Adding DenyLocalLogin policy scaffold

* Implement a temp DenyLocalLoginHandler

* Introducing a new Fobidden result

* Fix comment

* Introducing a helper class for authorizers

* Changed nullability for GetCurrentUser

* Changes from Attempt to Status + FIXME comments

* Create a UserGroupAuthorizationStatus to be used in the future

* Introduces a new authz status for checking media acess

* Introducing a new permission service for media

* Adding fixme

* Adding more policy configurations

* Adding Media policy requirement and handler

* Adding media authorizer

* Fix order of params

* Adding duplicate code comment

* Adding authz to media controllers

* Migrating more logic from MediaPermissions.cs

* Adding more MediaAuthorizationStatus-es

* Handling of new authorization status

* Fix comment

* Adding NotFound case

* Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled

* Changed Forbid() to Forbidden() to get the correct status code

* Remove policy that is applied on the base controller already

* Implement and apply NewUmbracoFeatureEnabled policy

* Renaming classes to add Permission in the name

* Register permission services

* Add FIXME

* Introduce new IUserGroupPermissionService and refactor accordingly

* Add single overload with default implementation

* Adding user permission policy and related

* Applying admin policy

* Register all new policies

* Better wording

* Add default implementation for a single overload

* Adding remarks to IContentPermissionService.cs

* Supporting null as key in ContentPermissionService

* Fix namespace

* Reverting back to not supporting null as content key, but having dedicated implementation

* Adding content authorizer with null values to represent root item

* Removing null key support and adding dedicated implementation

* Removing remarks

* Adding content resource with null support

* Removing null support

* Adding requirement and status

* Adding content authorizer + handlers

* Applying policies to content controllers

* Update comment

* Handling of Authorization Statuses

* More authz in controllers

* Fix comments

* New branch handler

* Obsolete old implementation

* Adding dedicated policies to root and bin

* Adding a branch specific namespace

* Bin specific requirement and namespace

* Root specific requirement and namespace

* Changing to new root policy

* Refactoring

* Save policies

* Fix null check/reference

* Add TODO comment

* Create media root- and bin-specific policies, handlers, etc.

* Apply correct policy in create and update media controllers

* Apply root policy to move and sort controllers

* Fix wording

* Adding UserGroupAuthorizationStatusResult

* Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus

* Fixing Umbraco feature policy

* Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute

* Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword

* Fix comment

* Renaming performingUser to user and fixing comments

* Rename helper method

* Fix references

* Re-add merge conflict deletion

* Adding Backoffice requirement and relevant

* Registering

* Added a simple policy test

* Fixed small test things and clean up

* Temp solution

* Added one more test and fix another static issue

* Fix another merge conflict

* Remove BackOfficePermissionRequirement and handler as they might not be necessary

* Comment out again [AllowAnonymous]

* Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary

* Fix temp implementation

* Fix reference to correct handler

* Apply authz policy to new publish/unpublish controllers

* Fix comments

* Removing duplicate ProducesResponseTypes

* Added swagger documentation about the 401 and 403

* Added Resources to Media, User and UserGroup

* Handle root, recycle bin and branch in the same handler

* Handle both parent and target when moving

* Check Ids for all sort requests

* Xml docs

* Clean up

* Clean up

* Fix build

* Cleanup

* Remove TODO

* Added missing overload

* Use yield

* Adding some keys to check

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
											
										
										
											2023-12-11 08:25:29 +01:00
+								    public DeletePublicAccessDocumentController(IAuthorizationService authorizationService, IPublicAccessService publicAccessService)
 								    {
 								        _authorizationService = authorizationService;
 								        _publicAccessService = publicAccessService;
 								    }
-												V14: Public access controller (#14501)

* Implement GetEntryByContentKey

* Implement PublicAccessResponseModel

* Implement IPublicAccessPresentationFactory

* Rename MemberGroupItemReponseModel to MemberGroupItemResponseModel

* Refactor PublicAccessResponseModel to use Ids instead of entire content items

* Return attempt instead of PresentationModel

* Add missing statuses to PublicAccessOperationStatusResult

* Implement PublicAccessDocumentController.cs

* Refacotr PublicAccessResponseModel to use a base model

* Add CreatePublicAccessEntry method

* Refactor AccessRequestModel to use names not ids :(

* Rename ErrorPageNotFound to ErrorNodeNotFound

* Implement new SaveAsync method

* Introduce more OperationResults

* Implement PublicAccessEntrySlim

* Implement SaveAsync

* Remove CreatePublicAccessEntry from presentation factory

* Rename to CreateAsync

* Implement UpdateAsync

* Rename to async

* Implement CreatePublicAccessEntry

* Implement update endpoint

* remove PublicAccessEntrySlim mapping

* implement CreatePublicAccessEntrySlim method

* Refactor UpdateAsync

* Remove ContentId from request model as it should be in the request

* Use new service layer

* Amend method name in update controller

* Refactor create public access entry to use async method and return entity

* Refactor to use saveAsync method instead of synchronously

* Use presentation factory instead of mapping

* Implement deleteAsync endpoint

* Add produces response type

* Refactor mapping to not use UmbracoMapper, as that causes errors

* Update OpenApi.json

* Refactor out variables to intermediate object

* Validate that groups and names are not specified at the same time

* Make presentation factory not async

* Minor cleanup

---------

Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
											
										
										
											2023-07-05 14:56:51 +02:00
 								    [MapToApiVersion("1.0")]
 								    [HttpDelete("{id:guid}/public-access")]
 								    [ProducesResponseType(StatusCodes.Status200OK)]
-												Updated all 404 and 500 responses to use problem details model (#14634)

* Updated all 404 and 500 responses to use problem details

* Updated OpenApi.json

* Add missing ProducesResponseType

* Updated OpenApi.json
											
										
										
											2023-08-04 10:51:20 +02:00
+								    [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status404NotFound)]
-												V14: Public access controller (#14501)

* Implement GetEntryByContentKey

* Implement PublicAccessResponseModel

* Implement IPublicAccessPresentationFactory

* Rename MemberGroupItemReponseModel to MemberGroupItemResponseModel

* Refactor PublicAccessResponseModel to use Ids instead of entire content items

* Return attempt instead of PresentationModel

* Add missing statuses to PublicAccessOperationStatusResult

* Implement PublicAccessDocumentController.cs

* Refacotr PublicAccessResponseModel to use a base model

* Add CreatePublicAccessEntry method

* Refactor AccessRequestModel to use names not ids :(

* Rename ErrorPageNotFound to ErrorNodeNotFound

* Implement new SaveAsync method

* Introduce more OperationResults

* Implement PublicAccessEntrySlim

* Implement SaveAsync

* Remove CreatePublicAccessEntry from presentation factory

* Rename to CreateAsync

* Implement UpdateAsync

* Rename to async

* Implement CreatePublicAccessEntry

* Implement update endpoint

* remove PublicAccessEntrySlim mapping

* implement CreatePublicAccessEntrySlim method

* Refactor UpdateAsync

* Remove ContentId from request model as it should be in the request

* Use new service layer

* Amend method name in update controller

* Refactor create public access entry to use async method and return entity

* Refactor to use saveAsync method instead of synchronously

* Use presentation factory instead of mapping

* Implement deleteAsync endpoint

* Add produces response type

* Refactor mapping to not use UmbracoMapper, as that causes errors

* Update OpenApi.json

* Refactor out variables to intermediate object

* Validate that groups and names are not specified at the same time

* Make presentation factory not async

* Minor cleanup

---------

Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
											
										
										
											2023-07-05 14:56:51 +02:00
+								    public async Task<IActionResult> Delete(Guid id)
 								    {
-												V14: Add authorization policies to Management API controllers - p2 (#15211)

* Making ProblemDetails details more generic

* Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy

* Adding method to get the GUID from claims

* Adding service methods to check user group authz

* Porting MustSatisfyRequirementAuthorizationHandler

* Adding controllers authz

* Fix return status code + produced response type

* Moving to folder

* Adding DenyLocalLogin policy scaffold

* Implement a temp DenyLocalLoginHandler

* Introducing a new Fobidden result

* Fix comment

* Introducing a helper class for authorizers

* Changed nullability for GetCurrentUser

* Changes from Attempt to Status + FIXME comments

* Create a UserGroupAuthorizationStatus to be used in the future

* Introduces a new authz status for checking media acess

* Introducing a new permission service for media

* Adding fixme

* Adding more policy configurations

* Adding Media policy requirement and handler

* Adding media authorizer

* Fix order of params

* Adding duplicate code comment

* Adding authz to media controllers

* Migrating more logic from MediaPermissions.cs

* Adding more MediaAuthorizationStatus-es

* Handling of new authorization status

* Fix comment

* Adding NotFound case

* Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled

* Changed Forbid() to Forbidden() to get the correct status code

* Remove policy that is applied on the base controller already

* Implement and apply NewUmbracoFeatureEnabled policy

* Renaming classes to add Permission in the name

* Register permission services

* Add FIXME

* Introduce new IUserGroupPermissionService and refactor accordingly

* Add single overload with default implementation

* Adding user permission policy and related

* Applying admin policy

* Register all new policies

* Better wording

* Add default implementation for a single overload

* Adding remarks to IContentPermissionService.cs

* Supporting null as key in ContentPermissionService

* Fix namespace

* Reverting back to not supporting null as content key, but having dedicated implementation

* Adding content authorizer with null values to represent root item

* Removing null key support and adding dedicated implementation

* Removing remarks

* Adding content resource with null support

* Removing null support

* Adding requirement and status

* Adding content authorizer + handlers

* Applying policies to content controllers

* Update comment

* Handling of Authorization Statuses

* More authz in controllers

* Fix comments

* New branch handler

* Obsolete old implementation

* Adding dedicated policies to root and bin

* Adding a branch specific namespace

* Bin specific requirement and namespace

* Root specific requirement and namespace

* Changing to new root policy

* Refactoring

* Save policies

* Fix null check/reference

* Add TODO comment

* Create media root- and bin-specific policies, handlers, etc.

* Apply correct policy in create and update media controllers

* Apply root policy to move and sort controllers

* Fix wording

* Adding UserGroupAuthorizationStatusResult

* Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus

* Fixing Umbraco feature policy

* Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute

* Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword

* Fix comment

* Renaming performingUser to user and fixing comments

* Rename helper method

* Fix references

* Re-add merge conflict deletion

* Adding Backoffice requirement and relevant

* Registering

* Added a simple policy test

* Fixed small test things and clean up

* Temp solution

* Added one more test and fix another static issue

* Fix another merge conflict

* Remove BackOfficePermissionRequirement and handler as they might not be necessary

* Comment out again [AllowAnonymous]

* Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary

* Fix temp implementation

* Fix reference to correct handler

* Apply authz policy to new publish/unpublish controllers

* Fix comments

* Removing duplicate ProducesResponseTypes

* Added swagger documentation about the 401 and 403

* Added Resources to Media, User and UserGroup

* Handle root, recycle bin and branch in the same handler

* Handle both parent and target when moving

* Check Ids for all sort requests

* Xml docs

* Clean up

* Clean up

* Fix build

* Cleanup

* Remove TODO

* Added missing overload

* Use yield

* Adding some keys to check

---------

Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
											
										
										
											2023-12-11 08:25:29 +01:00
+								        AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync(
 								            User,
 								            ContentPermissionResource.WithKeys(ActionProtect.ActionLetter, id),
 								            AuthorizationPolicies.ContentPermissionByResource);
 								        if (!authorizationResult.Succeeded)
 								        {
 								            return Forbidden();
 								        }
-												V14 Bugfix, fixed some of the document controllers (#15449)

* Updated naming to route correctly

* Added a check for null

* Added another status code for the PublicAccess

* Added a check for null

* Updated naming to match route

* Added attempt pattern

* added a ProblemDetailsBuilder for the EntryNotFound

---------

Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
											
										
										
											2024-01-29 12:58:03 +01:00
+								        Attempt<PublicAccessOperationStatus> attempt = await _publicAccessService.DeleteAsync(id);
-												V14: Public access controller (#14501)

* Implement GetEntryByContentKey

* Implement PublicAccessResponseModel

* Implement IPublicAccessPresentationFactory

* Rename MemberGroupItemReponseModel to MemberGroupItemResponseModel

* Refactor PublicAccessResponseModel to use Ids instead of entire content items

* Return attempt instead of PresentationModel

* Add missing statuses to PublicAccessOperationStatusResult

* Implement PublicAccessDocumentController.cs

* Refacotr PublicAccessResponseModel to use a base model

* Add CreatePublicAccessEntry method

* Refactor AccessRequestModel to use names not ids :(

* Rename ErrorPageNotFound to ErrorNodeNotFound

* Implement new SaveAsync method

* Introduce more OperationResults

* Implement PublicAccessEntrySlim

* Implement SaveAsync

* Remove CreatePublicAccessEntry from presentation factory

* Rename to CreateAsync

* Implement UpdateAsync

* Rename to async

* Implement CreatePublicAccessEntry

* Implement update endpoint

* remove PublicAccessEntrySlim mapping

* implement CreatePublicAccessEntrySlim method

* Refactor UpdateAsync

* Remove ContentId from request model as it should be in the request

* Use new service layer

* Amend method name in update controller

* Refactor create public access entry to use async method and return entity

* Refactor to use saveAsync method instead of synchronously

* Use presentation factory instead of mapping

* Implement deleteAsync endpoint

* Add produces response type

* Refactor mapping to not use UmbracoMapper, as that causes errors

* Update OpenApi.json

* Refactor out variables to intermediate object

* Validate that groups and names are not specified at the same time

* Make presentation factory not async

* Minor cleanup

---------

Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
											
										
										
											2023-07-05 14:56:51 +02:00
-												V14 Bugfix, fixed some of the document controllers (#15449)

* Updated naming to route correctly

* Added a check for null

* Added another status code for the PublicAccess

* Added a check for null

* Updated naming to match route

* Added attempt pattern

* added a ProblemDetailsBuilder for the EntryNotFound

---------

Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
											
										
										
											2024-01-29 12:58:03 +01:00
+								        return attempt.Success ? Ok() : PublicAccessOperationStatusResult(attempt.Result);
-												V14: Public access controller (#14501)

* Implement GetEntryByContentKey

* Implement PublicAccessResponseModel

* Implement IPublicAccessPresentationFactory

* Rename MemberGroupItemReponseModel to MemberGroupItemResponseModel

* Refactor PublicAccessResponseModel to use Ids instead of entire content items

* Return attempt instead of PresentationModel

* Add missing statuses to PublicAccessOperationStatusResult

* Implement PublicAccessDocumentController.cs

* Refacotr PublicAccessResponseModel to use a base model

* Add CreatePublicAccessEntry method

* Refactor AccessRequestModel to use names not ids :(

* Rename ErrorPageNotFound to ErrorNodeNotFound

* Implement new SaveAsync method

* Introduce more OperationResults

* Implement PublicAccessEntrySlim

* Implement SaveAsync

* Remove CreatePublicAccessEntry from presentation factory

* Rename to CreateAsync

* Implement UpdateAsync

* Rename to async

* Implement CreatePublicAccessEntry

* Implement update endpoint

* remove PublicAccessEntrySlim mapping

* implement CreatePublicAccessEntrySlim method

* Refactor UpdateAsync

* Remove ContentId from request model as it should be in the request

* Use new service layer

* Amend method name in update controller

* Refactor create public access entry to use async method and return entity

* Refactor to use saveAsync method instead of synchronously

* Use presentation factory instead of mapping

* Implement deleteAsync endpoint

* Add produces response type

* Refactor mapping to not use UmbracoMapper, as that causes errors

* Update OpenApi.json

* Refactor out variables to intermediate object

* Validate that groups and names are not specified at the same time

* Make presentation factory not async

* Minor cleanup

---------

Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
											
										
										
											2023-07-05 14:56:51 +02:00
+								    }
 								}