Merge with 4.10.1

2012-11-14 21:18:34 +05:00
parent 8e7fe5ee55 3fb9ffca5b
commit 0ad5da67ea
4 changed files with 96 additions and 2 deletions
--- a/src/Umbraco.Core/Configuration/GlobalSettings.cs
+++ b/src/Umbraco.Core/Configuration/GlobalSettings.cs
@@ -28,7 +28,7 @@ namespace Umbraco.Core.Configuration
        #region Private static fields
        
 		// CURRENT UMBRACO VERSION ID
-    	private const string CurrentUmbracoVersion = "4.10.0";
+    	private const string CurrentUmbracoVersion = "4.10.1";

    	private static string _reservedUrlsCache;
        private static string _reservedPathsCache;
--- a/src/Umbraco.Web/Install/InstallPackageController.cs
+++ b/src/Umbraco.Web/Install/InstallPackageController.cs
@@ -16,6 +16,7 @@ namespace Umbraco.Web.Install
 	/// Currently this is used for web services however we should/could eventually migrate the whole installer to MVC as it
 	/// is a bit of a mess currently.
 	/// </remarks>
+	[UmbracoInstallAuthorize]
 	public class InstallPackageController : Controller
 	{
 		private readonly ApplicationContext _applicationContext;
@@ -173,6 +174,6 @@ namespace Umbraco.Web.Install
 				message = "Starter kit has been installed"
 			});
 		}
-
 	}
+
 }
--- a/src/Umbraco.Web/Install/UmbracoInstallAuthorizeAttribute.cs
+++ b/src/Umbraco.Web/Install/UmbracoInstallAuthorizeAttribute.cs
@@ -0,0 +1,92 @@
+using System;
+using System.Web;
+using System.Web.Mvc;
+using Umbraco.Core;
+using umbraco.BasePages;
+
+namespace Umbraco.Web.Install
+{
+	/// <summary>
+	/// Ensures authorization occurs for the installer if it has already completed. If install has not yet occured
+	/// then the authorization is successful
+	/// </summary>
+	internal class UmbracoInstallAuthorizeAttribute : AuthorizeAttribute
+	{
+
+		public const string InstallRoleName = "umbraco-install-EF732A6E-AA55-4A93-9F42-6C989D519A4F";
+
+		public ApplicationContext ApplicationContext { get; set; }
+
+		public UmbracoInstallAuthorizeAttribute(ApplicationContext appContext)
+		{
+			if (appContext == null) throw new ArgumentNullException("appContext");
+			ApplicationContext = appContext;
+		}
+
+		public UmbracoInstallAuthorizeAttribute()
+			: this(ApplicationContext.Current)
+		{
+			
+		}
+
+		/// <summary>
+		/// Ensures that the user must be in the Administrator or the Install role
+		/// </summary>
+		/// <param name="httpContext"></param>
+		/// <returns></returns>
+		protected override bool AuthorizeCore(HttpContextBase httpContext)
+		{
+			if (httpContext == null)
+			{
+				throw new ArgumentNullException("httpContext");
+			}
+
+			try
+			{
+				//if its not configured then we can continue
+				if (!ApplicationContext.IsConfigured)
+				{
+					return true;
+				}
+				
+				//otherwise we need to ensure that a user is logged in
+				var isLoggedIn = BasePage.ValidateUserContextID(BasePage.umbracoUserContextID);
+				if (isLoggedIn)
+				{
+					return true;
+				}
+
+				return false;			
+			}
+			catch (Exception)
+			{
+				return false;
+			}
+		}
+
+		public override void OnAuthorization(AuthorizationContext filterContext)
+		{
+			Mandate.ParameterNotNull(filterContext, "filterContext");
+			if (OutputCacheAttribute.IsChildActionCacheActive(filterContext))
+				throw new InvalidOperationException("Cannot use UmbracoInstallAuthorizeAttribute on a child action");
+			if (AuthorizeCore(filterContext.HttpContext))
+			{
+				//with a little help from dotPeek... this is what it normally would do
+				var cache = filterContext.HttpContext.Response.Cache;
+				cache.SetProxyMaxAge(new TimeSpan(0L));
+				cache.AddValidationCallback(CacheValidateHandler, null);
+			}
+			else
+			{
+				//they aren't authorized but the app has installed
+				throw new HttpException((int)global::System.Net.HttpStatusCode.Unauthorized,
+				                        "You must login to view this resource.");
+			}
+		}
+
+		private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
+		{
+			validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
+		}
+	}
+}
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -251,6 +251,7 @@
    <Compile Include="Dynamics\ExtensionMethods.cs" />
    <Compile Include="Dynamics\Grouping.cs" />
    <Compile Include="Install\InstallPackageController.cs" />
+    <Compile Include="Install\UmbracoInstallAuthorizeAttribute.cs" />
    <Compile Include="Models\DynamicPublishedContent.cs" />
    <Compile Include="Models\DynamicPublishedContentList.cs" />
    <Compile Include="Mvc\AreaRegistrationExtensions.cs" />