Merge remote-tracking branch 'origin/v8/dev' into netcore/feature/merge-v8-05032021

# Conflicts:
#	src/SolutionInfo.cs
#	src/Umbraco.Web/Editors/Filters/UserGroupValidateAttribute.cs
#	src/Umbraco.Web/Editors/PasswordChanger.cs
#	src/Umbraco.Web/Editors/UserGroupsController.cs

src/Umbraco.Web.BackOffice/Controllers/UserGroupEditorAuthorizationHelper.cs

@@ -78,18 +78,15 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
         /// <summary>
         /// Authorize that the user is not adding a section to the group that they don't have access to
         /// </summary>
-        /// <param name="currentUser"></param>
-        /// <param name="currentAllowedSections"></param>
-        /// <param name="proposedAllowedSections"></param>
-        /// <returns></returns>
-        public Attempt<string> AuthorizeSectionChanges(IUser currentUser,
-            IEnumerable<string> currentAllowedSections,
+        public Attempt<string> AuthorizeSectionChanges(
+            IUser currentUser,
+            IEnumerable<string> existingSections,
             IEnumerable<string> proposedAllowedSections)
         {
             if (currentUser.IsAdmin())
                 return Attempt<string>.Succeed();
 
-            var sectionsAdded = currentAllowedSections.Except(proposedAllowedSections).ToArray();
+            var sectionsAdded = proposedAllowedSections.Except(existingSections).ToArray();
             var sectionAccessMissing = sectionsAdded.Except(currentUser.AllowedSections).ToArray();
             return sectionAccessMissing.Length > 0
                 ? Attempt.Fail("Current user doesn't have access to add these sections " + string.Join(", ", sectionAccessMissing))

src/Umbraco.Web.BackOffice/Controllers/UserGroupsController.cs

@@ -34,9 +34,14 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
         private readonly IShortStringHelper _shortStringHelper;
         private readonly AppCaches _appCaches;
 
-        public UserGroupsController(IUserService userService, IContentService contentService,
-            IEntityService entityService, IMediaService mediaService, IBackOfficeSecurityAccessor backofficeSecurityAccessor,
-            UmbracoMapper umbracoMapper, ILocalizedTextService localizedTextService,
+        public UserGroupsController(
+            IUserService userService,
+            IContentService contentService,
+            IEntityService entityService,
+            IMediaService mediaService,
+            IBackOfficeSecurityAccessor backofficeSecurityAccessor,
+            UmbracoMapper umbracoMapper,
+            ILocalizedTextService localizedTextService,
             IShortStringHelper shortStringHelper,
             AppCaches appCaches)
         {
@@ -66,7 +71,8 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
                 return Unauthorized(isAuthorized.Result);
 
             //if sections were added we need to check that the current user has access to that section
-            isAuthorized = authHelper.AuthorizeSectionChanges(_backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser,
+            isAuthorized = authHelper.AuthorizeSectionChanges(
+                _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser,
                 userGroupSave.PersistedUserGroup.AllowedSections,
                 userGroupSave.Sections);
             if (isAuthorized == false)
@@ -82,7 +88,10 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
                 return Unauthorized(isAuthorized.Result);
 
             //need to ensure current user is in a group if not an admin to avoid a 401
-            EnsureNonAdminUserIsInSavedUserGroup(userGroupSave);
+             EnsureNonAdminUserIsInSavedUserGroup(userGroupSave);
+
+            //map the model to the persisted instance
+            _umbracoMapper.Map(userGroupSave, userGroupSave.PersistedUserGroup);
 
             //save the group
             _userService.Save(userGroupSave.PersistedUserGroup, userGroupSave.Users.ToArray());