diff --git a/src/Umbraco.Core/Configuration/GlobalSettings.cs b/src/Umbraco.Core/Configuration/GlobalSettings.cs
index 0ad32fc4d2..91ea96096f 100644
--- a/src/Umbraco.Core/Configuration/GlobalSettings.cs
+++ b/src/Umbraco.Core/Configuration/GlobalSettings.cs
@@ -28,7 +28,7 @@ namespace Umbraco.Core.Configuration
#region Private static fields
// CURRENT UMBRACO VERSION ID
- private const string CurrentUmbracoVersion = "4.10.0";
+ private const string CurrentUmbracoVersion = "4.10.1";
private static string _reservedUrlsCache;
private static string _reservedPathsCache;
diff --git a/src/Umbraco.Web/Install/InstallPackageController.cs b/src/Umbraco.Web/Install/InstallPackageController.cs
index 8e9a5d02ba..212cb3f97e 100644
--- a/src/Umbraco.Web/Install/InstallPackageController.cs
+++ b/src/Umbraco.Web/Install/InstallPackageController.cs
@@ -16,6 +16,7 @@ namespace Umbraco.Web.Install
/// Currently this is used for web services however we should/could eventually migrate the whole installer to MVC as it
/// is a bit of a mess currently.
///
+ [UmbracoInstallAuthorize]
public class InstallPackageController : Controller
{
private readonly ApplicationContext _applicationContext;
@@ -173,6 +174,6 @@ namespace Umbraco.Web.Install
message = "Starter kit has been installed"
});
}
-
}
+
}
diff --git a/src/Umbraco.Web/Install/UmbracoInstallAuthorizeAttribute.cs b/src/Umbraco.Web/Install/UmbracoInstallAuthorizeAttribute.cs
new file mode 100644
index 0000000000..4bfe4dc8d3
--- /dev/null
+++ b/src/Umbraco.Web/Install/UmbracoInstallAuthorizeAttribute.cs
@@ -0,0 +1,92 @@
+using System;
+using System.Web;
+using System.Web.Mvc;
+using Umbraco.Core;
+using umbraco.BasePages;
+
+namespace Umbraco.Web.Install
+{
+ ///
+ /// Ensures authorization occurs for the installer if it has already completed. If install has not yet occured
+ /// then the authorization is successful
+ ///
+ internal class UmbracoInstallAuthorizeAttribute : AuthorizeAttribute
+ {
+
+ public const string InstallRoleName = "umbraco-install-EF732A6E-AA55-4A93-9F42-6C989D519A4F";
+
+ public ApplicationContext ApplicationContext { get; set; }
+
+ public UmbracoInstallAuthorizeAttribute(ApplicationContext appContext)
+ {
+ if (appContext == null) throw new ArgumentNullException("appContext");
+ ApplicationContext = appContext;
+ }
+
+ public UmbracoInstallAuthorizeAttribute()
+ : this(ApplicationContext.Current)
+ {
+
+ }
+
+ ///
+ /// Ensures that the user must be in the Administrator or the Install role
+ ///
+ ///
+ ///
+ protected override bool AuthorizeCore(HttpContextBase httpContext)
+ {
+ if (httpContext == null)
+ {
+ throw new ArgumentNullException("httpContext");
+ }
+
+ try
+ {
+ //if its not configured then we can continue
+ if (!ApplicationContext.IsConfigured)
+ {
+ return true;
+ }
+
+ //otherwise we need to ensure that a user is logged in
+ var isLoggedIn = BasePage.ValidateUserContextID(BasePage.umbracoUserContextID);
+ if (isLoggedIn)
+ {
+ return true;
+ }
+
+ return false;
+ }
+ catch (Exception)
+ {
+ return false;
+ }
+ }
+
+ public override void OnAuthorization(AuthorizationContext filterContext)
+ {
+ Mandate.ParameterNotNull(filterContext, "filterContext");
+ if (OutputCacheAttribute.IsChildActionCacheActive(filterContext))
+ throw new InvalidOperationException("Cannot use UmbracoInstallAuthorizeAttribute on a child action");
+ if (AuthorizeCore(filterContext.HttpContext))
+ {
+ //with a little help from dotPeek... this is what it normally would do
+ var cache = filterContext.HttpContext.Response.Cache;
+ cache.SetProxyMaxAge(new TimeSpan(0L));
+ cache.AddValidationCallback(CacheValidateHandler, null);
+ }
+ else
+ {
+ //they aren't authorized but the app has installed
+ throw new HttpException((int)global::System.Net.HttpStatusCode.Unauthorized,
+ "You must login to view this resource.");
+ }
+ }
+
+ private void CacheValidateHandler(HttpContext context, object data, ref HttpValidationStatus validationStatus)
+ {
+ validationStatus = OnCacheAuthorization(new HttpContextWrapper(context));
+ }
+ }
+}
\ No newline at end of file
diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj
index 5d8846ba5d..47e474b0fa 100644
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -251,6 +251,7 @@
+