Merge remote-tracking branch 'origin/v8/dev' into netcore/feature/merge-v8-05032021

# Conflicts: # src/SolutionInfo.cs # src/Umbraco.Web/Editors/Filters/UserGroupValidateAttribute.cs # src/Umbraco.Web/Editors/PasswordChanger.cs # src/Umbraco.Web/Editors/UserGroupsController.cs
2021-03-09 10:08:53 +01:00
parent d81874aee3 745014a4c3
commit 1aa8d3aa09
12 changed files with 188 additions and 47 deletions
--- a/src/Umbraco.Web.BackOffice/Controllers/UserGroupEditorAuthorizationHelper.cs
+++ b/src/Umbraco.Web.BackOffice/Controllers/UserGroupEditorAuthorizationHelper.cs
@@ -78,18 +78,15 @@ namespace Umbraco.Cms.Web.BackOffice.Controllers
        /// <summary>
        /// Authorize that the user is not adding a section to the group that they don't have access to
        /// </summary>
-        /// <param name="currentUser"></param>
-        /// <param name="currentAllowedSections"></param>
-        /// <param name="proposedAllowedSections"></param>
-        /// <returns></returns>
-        public Attempt<string> AuthorizeSectionChanges(IUser currentUser,
-            IEnumerable<string> currentAllowedSections,
+        public Attempt<string> AuthorizeSectionChanges(
+            IUser currentUser,
+            IEnumerable<string> existingSections,
            IEnumerable<string> proposedAllowedSections)
        {
            if (currentUser.IsAdmin())
                return Attempt<string>.Succeed();

-            var sectionsAdded = currentAllowedSections.Except(proposedAllowedSections).ToArray();
+            var sectionsAdded = proposedAllowedSections.Except(existingSections).ToArray();
            var sectionAccessMissing = sectionsAdded.Except(currentUser.AllowedSections).ToArray();
            return sectionAccessMissing.Length > 0
                ? Attempt.Fail("Current user doesn't have access to add these sections " + string.Join(", ", sectionAccessMissing))