From 1d936d240df2fa453ff4dea07840e92cd884ea5b Mon Sep 17 00:00:00 2001 From: Sven Geusens Date: Mon, 11 Nov 2024 09:02:56 +0100 Subject: [PATCH] Made some membertype endpoints available for member related actions (#17440) Co-authored-by: nikolajlauridsen --- .../MemberType/AvailableCompositionMemberTypeController.cs | 3 +++ .../MemberType/CompositionReferenceMemberTypeController.cs | 3 +++ .../MemberType/ConfigurationMemberTypeController.cs | 1 + .../Controllers/MemberType/CopyMemberTypeController.cs | 3 +++ .../Controllers/MemberType/CreateMemberTypeController.cs | 3 +++ .../Controllers/MemberType/DeleteMemberTypeController.cs | 3 +++ .../Controllers/MemberType/MemberTypeControllerBase.cs | 2 +- .../MemberType/Tree/MemberTypeTreeControllerBase.cs | 2 +- .../Controllers/MemberType/UpdateMemberTypeController.cs | 3 +++ .../BackOfficeAuthPolicyBuilderExtensions.cs | 1 + src/Umbraco.Web.Common/Authorization/AuthorizationPolicies.cs | 1 + 11 files changed, 23 insertions(+), 2 deletions(-) diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/AvailableCompositionMemberTypeController.cs b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/AvailableCompositionMemberTypeController.cs index 277ef4c4f3..a43e662b76 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/AvailableCompositionMemberTypeController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/AvailableCompositionMemberTypeController.cs @@ -1,14 +1,17 @@ using Asp.Versioning; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Factories; using Umbraco.Cms.Api.Management.ViewModels.MemberType; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Services.ContentTypeEditing; +using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.MemberType; [ApiVersion("1.0")] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMemberTypes)] public class AvailableCompositionMemberTypeController : MemberTypeControllerBase { private readonly IMemberTypeEditingService _memberTypeEditingService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/CompositionReferenceMemberTypeController.cs b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/CompositionReferenceMemberTypeController.cs index 55df93ef63..c20037319a 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/CompositionReferenceMemberTypeController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/CompositionReferenceMemberTypeController.cs @@ -1,4 +1,5 @@ using Asp.Versioning; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.ViewModels.MemberType; @@ -6,10 +7,12 @@ using Umbraco.Cms.Core.Mapping; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; +using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.MemberType; [ApiVersion("1.0")] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMemberTypes)] public class CompositionReferenceMemberTypeController : MemberTypeControllerBase { private readonly IMemberTypeService _memberTypeService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/ConfigurationMemberTypeController.cs b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/ConfigurationMemberTypeController.cs index 141dbd80ee..2dacf50fef 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/ConfigurationMemberTypeController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/ConfigurationMemberTypeController.cs @@ -9,6 +9,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.MemberType; [ApiVersion("1.0")] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMemberTypes)] public class ConfigurationMemberTypeController : MemberTypeControllerBase { private readonly IConfigurationPresentationFactory _configurationPresentationFactory; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/CopyMemberTypeController.cs b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/CopyMemberTypeController.cs index b19bfcd3ce..e0d24d0973 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/CopyMemberTypeController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/CopyMemberTypeController.cs @@ -1,14 +1,17 @@ using Asp.Versioning; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Core; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; +using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.MemberType; [ApiVersion("1.0")] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMemberTypes)] public class CopyMemberTypeController : MemberTypeControllerBase { private readonly IMemberTypeService _memberTypeService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/CreateMemberTypeController.cs b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/CreateMemberTypeController.cs index 2439118ac7..8ab82ecb07 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/CreateMemberTypeController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/CreateMemberTypeController.cs @@ -1,4 +1,5 @@ using Asp.Versioning; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Factories; @@ -9,10 +10,12 @@ using Umbraco.Cms.Core.Models.ContentTypeEditing; using Umbraco.Cms.Core.Security; using Umbraco.Cms.Core.Services.ContentTypeEditing; using Umbraco.Cms.Core.Services.OperationStatus; +using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.MemberType; [ApiVersion("1.0")] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMemberTypes)] public class CreateMemberTypeController : MemberTypeControllerBase { private readonly IMemberTypeEditingPresentationFactory _memberTypeEditingPresentationFactory; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/DeleteMemberTypeController.cs b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/DeleteMemberTypeController.cs index bb3e87e7bc..a79bb4c2a3 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/DeleteMemberTypeController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/DeleteMemberTypeController.cs @@ -1,13 +1,16 @@ using Asp.Versioning; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Core.Security; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; +using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.MemberType; [ApiVersion("1.0")] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMemberTypes)] public class DeleteMemberTypeController : MemberTypeControllerBase { private readonly IMemberTypeService _memberTypeService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/MemberTypeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/MemberTypeControllerBase.cs index 73ad7b6374..7b4395382d 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/MemberTypeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/MemberTypeControllerBase.cs @@ -10,7 +10,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.MemberType; [VersionedApiBackOfficeRoute(Constants.UdiEntityType.MemberType)] [ApiExplorerSettings(GroupName = "Member Type")] -[Authorize(Policy = AuthorizationPolicies.TreeAccessMemberTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMembersOrMemberTypes)] public abstract class MemberTypeControllerBase : ManagementApiControllerBase { protected IActionResult OperationStatusResult(ContentTypeOperationStatus status) diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/Tree/MemberTypeTreeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/Tree/MemberTypeTreeControllerBase.cs index 4a9211de2c..9fc8111b6c 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/Tree/MemberTypeTreeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/Tree/MemberTypeTreeControllerBase.cs @@ -13,7 +13,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.MemberType.Tree; [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Tree}/{Constants.UdiEntityType.MemberType}")] [ApiExplorerSettings(GroupName = "Member Type")] -[Authorize(Policy = AuthorizationPolicies.TreeAccessMemberTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMembersOrMemberTypes)] public class MemberTypeTreeControllerBase : NamedEntityTreeControllerBase { private readonly IMemberTypeService _memberTypeService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/UpdateMemberTypeController.cs b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/UpdateMemberTypeController.cs index 2915662da3..f3be972803 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/UpdateMemberTypeController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/UpdateMemberTypeController.cs @@ -1,4 +1,5 @@ using Asp.Versioning; +using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Factories; @@ -10,10 +11,12 @@ using Umbraco.Cms.Core.Security; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.ContentTypeEditing; using Umbraco.Cms.Core.Services.OperationStatus; +using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.MemberType; [ApiVersion("1.0")] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMemberTypes)] public class UpdateMemberTypeController : MemberTypeControllerBase { private readonly IMemberTypeEditingPresentationFactory _memberTypeEditingPresentationFactory; diff --git a/src/Umbraco.Cms.Api.Management/DependencyInjection/BackOfficeAuthPolicyBuilderExtensions.cs b/src/Umbraco.Cms.Api.Management/DependencyInjection/BackOfficeAuthPolicyBuilderExtensions.cs index 1cc8a95197..c79e64e4f1 100644 --- a/src/Umbraco.Cms.Api.Management/DependencyInjection/BackOfficeAuthPolicyBuilderExtensions.cs +++ b/src/Umbraco.Cms.Api.Management/DependencyInjection/BackOfficeAuthPolicyBuilderExtensions.cs @@ -87,6 +87,7 @@ internal static class BackOfficeAuthPolicyBuilderExtensions AddAllowedApplicationsPolicy(AuthorizationPolicies.TreeAccessMediaOrMediaTypes, Constants.Applications.Media, Constants.Applications.Settings); AddAllowedApplicationsPolicy(AuthorizationPolicies.TreeAccessMemberGroups, Constants.Applications.Members); AddAllowedApplicationsPolicy(AuthorizationPolicies.TreeAccessMemberTypes, Constants.Applications.Settings); + AddAllowedApplicationsPolicy(AuthorizationPolicies.TreeAccessMembersOrMemberTypes, Constants.Applications.Settings, Constants.Applications.Members); AddAllowedApplicationsPolicy(AuthorizationPolicies.TreeAccessPartialViews, Constants.Applications.Settings); AddAllowedApplicationsPolicy(AuthorizationPolicies.TreeAccessRelationTypes, Constants.Applications.Settings); AddAllowedApplicationsPolicy(AuthorizationPolicies.TreeAccessScripts, Constants.Applications.Settings); diff --git a/src/Umbraco.Web.Common/Authorization/AuthorizationPolicies.cs b/src/Umbraco.Web.Common/Authorization/AuthorizationPolicies.cs index fd811161c7..b27f4a85b2 100644 --- a/src/Umbraco.Web.Common/Authorization/AuthorizationPolicies.cs +++ b/src/Umbraco.Web.Common/Authorization/AuthorizationPolicies.cs @@ -54,6 +54,7 @@ public static class AuthorizationPolicies public const string TreeAccessDictionaryOrTemplates = nameof(TreeAccessDictionaryOrTemplates); public const string TreeAccessDocumentOrMediaOrContentTypes = nameof(TreeAccessDocumentOrMediaOrContentTypes); public const string TreeAccessStylesheetsOrDocumentOrMediaOrMember = nameof(TreeAccessStylesheetsOrDocumentOrMediaOrMember); + public const string TreeAccessMembersOrMemberTypes = nameof(TreeAccessMembersOrMemberTypes); // other public const string DictionaryPermissionByResource = nameof(DictionaryPermissionByResource);