diff --git a/src/Umbraco.Cms.Api.Delivery/Controllers/DeliveryApiControllerBase.cs b/src/Umbraco.Cms.Api.Delivery/Controllers/DeliveryApiControllerBase.cs index 76d14b8f68..698ac8958d 100644 --- a/src/Umbraco.Cms.Api.Delivery/Controllers/DeliveryApiControllerBase.cs +++ b/src/Umbraco.Cms.Api.Delivery/Controllers/DeliveryApiControllerBase.cs @@ -13,7 +13,7 @@ namespace Umbraco.Cms.Api.Delivery.Controllers; [ApiController] [JsonOptionsName(Constants.JsonOptionsNames.DeliveryApi)] [MapToApi(DeliveryApiConfiguration.ApiName)] -[Authorize(Policy = "New" + AuthorizationPolicies.UmbracoFeatureEnabled)] +[Authorize(Policy = AuthorizationPolicies.UmbracoFeatureEnabled)] public abstract class DeliveryApiControllerBase : Controller, IUmbracoFeature { protected string DecodePath(string path) diff --git a/src/Umbraco.Cms.Api.Management/Controllers/AuditLog/ByKeyAuditLogController.cs b/src/Umbraco.Cms.Api.Management/Controllers/AuditLog/ByKeyAuditLogController.cs index 7875ad0d84..5fd59656ab 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/AuditLog/ByKeyAuditLogController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/AuditLog/ByKeyAuditLogController.cs @@ -13,7 +13,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.AuditLog; [ApiVersion("1.0")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessContentOrMedia)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessContentOrMedia)] public class ByKeyAuditLogController : AuditLogControllerBase { private readonly IAuditService _auditService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/DataType/DataTypeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/DataType/DataTypeControllerBase.cs index 9ee0fbb237..3ea49f38ca 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/DataType/DataTypeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/DataType/DataTypeControllerBase.cs @@ -12,7 +12,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.DataType; [ApiController] [VersionedApiBackOfficeRoute(Constants.UdiEntityType.DataType)] [ApiExplorerSettings(GroupName = "Data Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessDocumentsOrDocumentTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessDocumentsOrDocumentTypes)] public abstract class DataTypeControllerBase : ManagementApiControllerBase { protected IActionResult DataTypeOperationStatusResult(DataTypeOperationStatus status) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/DataType/Folder/DataTypeFolderControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/DataType/Folder/DataTypeFolderControllerBase.cs index 80194b97d1..d6b3849c36 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/DataType/Folder/DataTypeFolderControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/DataType/Folder/DataTypeFolderControllerBase.cs @@ -12,7 +12,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.DataType.Folder; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.UdiEntityType.DataType}/folder")] [ApiExplorerSettings(GroupName = "Data Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessDocumentTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessDocumentTypes)] public abstract class DataTypeFolderControllerBase : FolderManagementControllerBase { protected DataTypeFolderControllerBase( diff --git a/src/Umbraco.Cms.Api.Management/Controllers/DataType/Item/DatatypeItemControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/DataType/Item/DatatypeItemControllerBase.cs index 5d1496cf0c..6f55c78719 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/DataType/Item/DatatypeItemControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/DataType/Item/DatatypeItemControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.DataType.Item; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Item}/{Constants.UdiEntityType.DataType}")] [ApiExplorerSettings(GroupName = "Data Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessDocumentsOrDocumentTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessDocumentsOrDocumentTypes)] public class DatatypeItemControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/DataType/Tree/DataTypeTreeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/DataType/Tree/DataTypeTreeControllerBase.cs index ab9bcf2041..f5b314c7d7 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/DataType/Tree/DataTypeTreeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/DataType/Tree/DataTypeTreeControllerBase.cs @@ -15,7 +15,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.DataType.Tree; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Tree}/{Constants.UdiEntityType.DataType}")] [ApiExplorerSettings(GroupName = "Data Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessDataTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessDataTypes)] public class DataTypeTreeControllerBase : FolderTreeControllerBase { private readonly IDataTypeService _dataTypeService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/DictionaryControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/DictionaryControllerBase.cs index c527e96281..676a665c7f 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/DictionaryControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/DictionaryControllerBase.cs @@ -11,7 +11,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Dictionary; [ApiController] [VersionedApiBackOfficeRoute("dictionary")] [ApiExplorerSettings(GroupName = "Dictionary")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessDictionary)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessDictionary)] public abstract class DictionaryControllerBase : ManagementApiControllerBase { protected IActionResult DictionaryItemOperationStatusResult(DictionaryItemOperationStatus status) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/Item/DictionaryItemControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/Item/DictionaryItemControllerBase.cs index b83525ae7b..90b9ff509a 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/Item/DictionaryItemControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/Item/DictionaryItemControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Dictionary.Item; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Item}/dictionary")] [ApiExplorerSettings(GroupName = "Dictionary")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessDictionary)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessDictionary)] public class DictionaryItemControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/Tree/DictionaryTreeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/Tree/DictionaryTreeControllerBase.cs index 2113804361..cbd1089cb1 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/Tree/DictionaryTreeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/Tree/DictionaryTreeControllerBase.cs @@ -14,7 +14,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Dictionary.Tree; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Tree}/dictionary")] [ApiExplorerSettings(GroupName = "Dictionary")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessDictionaryOrTemplates)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessDictionaryOrTemplates)] // NOTE: at the moment dictionary items (renamed to dictionary tree) aren't supported by EntityService, so we have little use of the // tree controller base. We'll keep it though, in the hope that we can mend EntityService. public class DictionaryTreeControllerBase : NamedEntityTreeControllerBase diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/Collection/DocumentCollectionControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/Collection/DocumentCollectionControllerBase.cs index 20b1553d8d..b72e5389bc 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/Collection/DocumentCollectionControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/Collection/DocumentCollectionControllerBase.cs @@ -15,7 +15,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Document.Collection; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Collection}/{Constants.UdiEntityType.Document}")] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Document))] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessDocuments)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessDocuments)] public abstract class DocumentCollectionControllerBase : ContentCollectionControllerBase { protected DocumentCollectionControllerBase(IUmbracoMapper mapper) diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/DeleteDocumentController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/DeleteDocumentController.cs index 74e2a7463c..7eb02498b2 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/DeleteDocumentController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/DeleteDocumentController.cs @@ -39,7 +39,7 @@ public class DeleteDocumentController : DocumentControllerBase [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status404NotFound)] public async Task Delete(Guid id) { - AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( + AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, ContentPermissionResource.WithKeys(ActionDelete.ActionLetter, id), AuthorizationPolicies.ContentPermissionByResource); diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/DocumentControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/DocumentControllerBase.cs index 4c7b58d884..b6dd74b1d4 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/DocumentControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/DocumentControllerBase.cs @@ -16,7 +16,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Document; [ApiController] [VersionedApiBackOfficeRoute(Constants.UdiEntityType.Document)] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Document))] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessDocuments)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessDocuments)] public abstract class DocumentControllerBase : ContentControllerBase { protected IActionResult DocumentNotFound() diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/Item/DocumentItemControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/Item/DocumentItemControllerBase.cs index 406fdde38c..d32f2c2977 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/Item/DocumentItemControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/Item/DocumentItemControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Document.Item; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Item}/{Constants.UdiEntityType.Document}")] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Document))] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessDocuments)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessDocuments)] public class DocumentItemControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/DeleteDocumentRecycleBinController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/DeleteDocumentRecycleBinController.cs index 22beb9e93c..cb8085e769 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/DeleteDocumentRecycleBinController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/DeleteDocumentRecycleBinController.cs @@ -43,7 +43,7 @@ public class DeleteDocumentRecycleBinController : DocumentRecycleBinControllerBa [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status404NotFound)] public async Task Delete(Guid id) { - AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( + AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, ContentPermissionResource.RecycleBin(ActionDelete.ActionLetter), AuthorizationPolicies.ContentPermissionByResource); diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/DocumentRecycleBinControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/DocumentRecycleBinControllerBase.cs index 5f73af8a99..b82e78593e 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/DocumentRecycleBinControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/DocumentRecycleBinControllerBase.cs @@ -17,7 +17,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Document.RecycleBin; [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.RecycleBin}/{Constants.UdiEntityType.Document}")] [RequireDocumentTreeRootAccess] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Document))] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessDocuments)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessDocuments)] public class DocumentRecycleBinControllerBase : RecycleBinControllerBase { private readonly IDocumentPresentationFactory _documentPresentationFactory; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/Tree/DocumentTreeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/Tree/DocumentTreeControllerBase.cs index 930cd66828..f81e908b87 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/Tree/DocumentTreeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/Tree/DocumentTreeControllerBase.cs @@ -18,7 +18,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Document.Tree; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Tree}/{Constants.UdiEntityType.Document}")] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Document))] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessForContentTree)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessForContentTree)] public abstract class DocumentTreeControllerBase : UserStartNodeTreeControllerBase { private readonly IPublicAccessService _publicAccessService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/DocumentBlueprint/Item/DocumentBlueprintItemControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/DocumentBlueprint/Item/DocumentBlueprintItemControllerBase.cs index 8c2bd7efe3..57710176af 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/DocumentBlueprint/Item/DocumentBlueprintItemControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/DocumentBlueprint/Item/DocumentBlueprintItemControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.DocumentBlueprint.Item; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Item}/{Constants.UdiEntityType.DocumentBlueprint}")] [ApiExplorerSettings(GroupName = "Document Blueprint")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessContent)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessContent)] public class DocumentBlueprintItemControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/DocumentBlueprint/Tree/DocumentBlueprintTreeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/DocumentBlueprint/Tree/DocumentBlueprintTreeControllerBase.cs index 85865b83b9..95c6975d5b 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/DocumentBlueprint/Tree/DocumentBlueprintTreeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/DocumentBlueprint/Tree/DocumentBlueprintTreeControllerBase.cs @@ -15,7 +15,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.DocumentBlueprint.Tree; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Tree}/{Constants.UdiEntityType.DocumentBlueprint}")] [ApiExplorerSettings(GroupName = "Document Blueprint")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessContent)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessContent)] public class DocumentBlueprintTreeControllerBase : NamedEntityTreeControllerBase { private readonly IDocumentPresentationFactory _documentPresentationFactory; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/AllowedAtRootDocumentTypeController.cs b/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/AllowedAtRootDocumentTypeController.cs index 82c2d1a0c8..d5f5a338bf 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/AllowedAtRootDocumentTypeController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/AllowedAtRootDocumentTypeController.cs @@ -12,7 +12,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.DocumentType; [ApiVersion("1.0")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessDocumentsOrDocumentTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessDocumentsOrDocumentTypes)] public class AllowedAtRootDocumentTypeController : DocumentTypeControllerBase { private readonly IContentTypeService _contentTypeService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/AllowedChildrenDocumentTypeController.cs b/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/AllowedChildrenDocumentTypeController.cs index ab59c55ff4..254bfdc680 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/AllowedChildrenDocumentTypeController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/AllowedChildrenDocumentTypeController.cs @@ -14,7 +14,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.DocumentType; [ApiVersion("1.0")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessDocumentsOrDocumentTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessDocumentsOrDocumentTypes)] public class AllowedChildrenDocumentTypeController : DocumentTypeControllerBase { private readonly IContentTypeService _contentTypeService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/DocumentTypeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/DocumentTypeControllerBase.cs index 9b624a3c45..17bef87e69 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/DocumentTypeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/DocumentTypeControllerBase.cs @@ -11,7 +11,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.DocumentType; [ApiController] [VersionedApiBackOfficeRoute(Constants.UdiEntityType.DocumentType)] [ApiExplorerSettings(GroupName = "Document Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessDocumentTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessDocumentTypes)] public abstract class DocumentTypeControllerBase : ManagementApiControllerBase { protected IActionResult OperationStatusResult(ContentTypeOperationStatus status) diff --git a/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/Folder/DocumentTypeFolderControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/Folder/DocumentTypeFolderControllerBase.cs index cbe7ceb4e2..31f0f2f869 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/Folder/DocumentTypeFolderControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/Folder/DocumentTypeFolderControllerBase.cs @@ -12,7 +12,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.DocumentType.Folder; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.UdiEntityType.DocumentType}/folder")] [ApiExplorerSettings(GroupName = "Document Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessDocumentTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessDocumentTypes)] public abstract class DocumentTypeFolderControllerBase : FolderManagementControllerBase { protected DocumentTypeFolderControllerBase( diff --git a/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/Item/DocumentTypeItemControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/Item/DocumentTypeItemControllerBase.cs index 46545bced5..c219a7b62b 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/Item/DocumentTypeItemControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/Item/DocumentTypeItemControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.DocumentType.Item; [ApiController] [VersionedApiBackOfficeRoute( $"{Constants.Web.RoutePath.Item}/{Constants.UdiEntityType.DocumentType}")] [ApiExplorerSettings(GroupName = "Document Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessDocumentTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessDocumentTypes)] public class DocumentTypeItemControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/Tree/DocumentTypeTreeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/Tree/DocumentTypeTreeControllerBase.cs index 6d6607ff15..c406775d88 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/Tree/DocumentTypeTreeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/DocumentType/Tree/DocumentTypeTreeControllerBase.cs @@ -14,7 +14,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.DocumentType.Tree; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Tree}/{Constants.UdiEntityType.DocumentType}")] [ApiExplorerSettings(GroupName = "Document Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessDocumentTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessDocumentTypes)] public class DocumentTypeTreeControllerBase : FolderTreeControllerBase { private readonly IContentTypeService _contentTypeService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/DynamicRoot/GetDynamicRootController.cs b/src/Umbraco.Cms.Api.Management/Controllers/DynamicRoot/GetDynamicRootController.cs index 37a1d681f2..3f887dd08c 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/DynamicRoot/GetDynamicRootController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/DynamicRoot/GetDynamicRootController.cs @@ -10,7 +10,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.DynamicRoot; -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessContent)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessContent)] [ApiVersion("1.0")] public class GetRootsController : DynamicRootControllerBase { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/DynamicRoot/GetQueryStepsController.cs b/src/Umbraco.Cms.Api.Management/Controllers/DynamicRoot/GetQueryStepsController.cs index 9b97a29b96..0e9b7803e2 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/DynamicRoot/GetQueryStepsController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/DynamicRoot/GetQueryStepsController.cs @@ -7,7 +7,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.DynamicRoot; -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessSettings)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessSettings)] [ApiVersion("1.0")] public class GetQueryStepsController : DynamicRootControllerBase { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/HealthCheck/Group/HealthCheckGroupControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/HealthCheck/Group/HealthCheckGroupControllerBase.cs index 2eda4b7939..8b2f7de2e7 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/HealthCheck/Group/HealthCheckGroupControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/HealthCheck/Group/HealthCheckGroupControllerBase.cs @@ -10,7 +10,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.HealthCheck.Group; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.HealthChecks.RoutePath.HealthCheck}-group")] [ApiExplorerSettings(GroupName = "Health Check")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessSettings)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessSettings)] public abstract class HealthCheckGroupControllerBase : ManagementApiControllerBase { protected IActionResult HealthCheckGroupNotFound() => NotFound(new ProblemDetailsBuilder() diff --git a/src/Umbraco.Cms.Api.Management/Controllers/HealthCheck/HealthCheckControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/HealthCheck/HealthCheckControllerBase.cs index 42e721db1d..1cd70b8fb2 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/HealthCheck/HealthCheckControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/HealthCheck/HealthCheckControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.HealthCheck; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.HealthChecks.RoutePath.HealthCheck}")] [ApiExplorerSettings(GroupName = "Health Check")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessSettings)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessSettings)] public abstract class HealthCheckControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Language/CreateLanguageController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Language/CreateLanguageController.cs index 680e6543a7..ae62476597 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Language/CreateLanguageController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Language/CreateLanguageController.cs @@ -14,7 +14,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.Language; [ApiVersion("1.0")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessLanguages)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessLanguages)] public class CreateLanguageController : LanguageControllerBase { private readonly ILanguageService _languageService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Language/DeleteLanguageController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Language/DeleteLanguageController.cs index f14256c567..a11f7a7bde 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Language/DeleteLanguageController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Language/DeleteLanguageController.cs @@ -12,7 +12,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.Language; [ApiVersion("1.0")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessLanguages)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessLanguages)] public class DeleteLanguageController : LanguageControllerBase { private readonly ILanguageService _languageService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Language/Item/LanguageEntityControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Language/Item/LanguageEntityControllerBase.cs index dabaec4f85..1f71086faa 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Language/Item/LanguageEntityControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Language/Item/LanguageEntityControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Language.Item; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Item}/{Constants.UdiEntityType.Language}")] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Language))] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessLanguages)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessLanguages)] public class LanguageEntityControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Language/UpdateLanguageController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Language/UpdateLanguageController.cs index e040ee8a1d..6238898d79 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Language/UpdateLanguageController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Language/UpdateLanguageController.cs @@ -14,7 +14,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.Language; [ApiVersion("1.0")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessLanguages)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessLanguages)] public class UpdateLanguageController : LanguageControllerBase { private readonly ILanguageService _languageService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/LogViewer/LogViewerControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/LogViewer/LogViewerControllerBase.cs index 3f6ed71952..00e9b0306a 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/LogViewer/LogViewerControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/LogViewer/LogViewerControllerBase.cs @@ -10,7 +10,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.LogViewer; [ApiController] [VersionedApiBackOfficeRoute("log-viewer")] [ApiExplorerSettings(GroupName = "Log Viewer")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessSettings)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessSettings)] public abstract class LogViewerControllerBase : ManagementApiControllerBase { protected IActionResult LogViewerOperationStatusResult(LogViewerOperationStatus status) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/ManagementApiControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/ManagementApiControllerBase.cs index fc25ab5c16..b86c422a3b 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/ManagementApiControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/ManagementApiControllerBase.cs @@ -16,8 +16,8 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers; -[Authorize(Policy = "New" + AuthorizationPolicies.BackOfficeAccess)] -[Authorize(Policy = "New" + AuthorizationPolicies.UmbracoFeatureEnabled)] +[Authorize(Policy = AuthorizationPolicies.BackOfficeAccess)] +[Authorize(Policy = AuthorizationPolicies.UmbracoFeatureEnabled)] [MapToApi(ManagementApiConfiguration.ApiName)] [JsonOptionsName(Constants.JsonOptionsNames.BackOffice)] [AppendEventMessages] diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Media/Collection/MediaCollectionControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Media/Collection/MediaCollectionControllerBase.cs index f96ea545ed..021857e6a1 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Media/Collection/MediaCollectionControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Media/Collection/MediaCollectionControllerBase.cs @@ -15,7 +15,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Media.Collection; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Collection}/{Constants.UdiEntityType.Media}")] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Media))] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessMedia)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessMedia)] public abstract class MediaCollectionControllerBase : ContentCollectionControllerBase { protected MediaCollectionControllerBase(IUmbracoMapper mapper) diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Media/DeleteMediaController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Media/DeleteMediaController.cs index 8d1a670034..9e1095ab8f 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Media/DeleteMediaController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Media/DeleteMediaController.cs @@ -38,7 +38,7 @@ public class DeleteMediaController : MediaControllerBase [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status404NotFound)] public async Task Delete(Guid id) { - AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( + AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, MediaPermissionResource.RecycleBin(), AuthorizationPolicies.MediaPermissionByResource); diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Media/Item/MediaItemControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Media/Item/MediaItemControllerBase.cs index c35f234115..c14751fef7 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Media/Item/MediaItemControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Media/Item/MediaItemControllerBase.cs @@ -11,7 +11,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Media.Item; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Item}/{Constants.UdiEntityType.Media}")] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Media))] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessForMediaTree)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessForMediaTree)] public class MediaItemControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Media/MediaControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Media/MediaControllerBase.cs index 96b2a62029..48fe196f78 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Media/MediaControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Media/MediaControllerBase.cs @@ -16,7 +16,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Media; [ApiController] [VersionedApiBackOfficeRoute(Constants.UdiEntityType.Media)] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Media))] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessMedia)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessMedia)] public class MediaControllerBase : ContentControllerBase { protected IActionResult MediaNotFound() diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/DeleteMediaRecycleBinController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/DeleteMediaRecycleBinController.cs index bd6c02fc33..97d2d84ee4 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/DeleteMediaRecycleBinController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/DeleteMediaRecycleBinController.cs @@ -42,7 +42,7 @@ public class DeleteMediaRecycleBinController : MediaRecycleBinControllerBase [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status404NotFound)] public async Task Delete(Guid id) { - AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( + AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, MediaPermissionResource.WithKeys(id), AuthorizationPolicies.MediaPermissionByResource); diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/MediaRecycleBinControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/MediaRecycleBinControllerBase.cs index d7971c2115..83a66f1fa7 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/MediaRecycleBinControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/MediaRecycleBinControllerBase.cs @@ -17,7 +17,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Media.RecycleBin; [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.RecycleBin}/{Constants.UdiEntityType.Media}")] [RequireMediaTreeRootAccess] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Media))] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessMedia)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessMedia)] public class MediaRecycleBinControllerBase : RecycleBinControllerBase { private readonly IMediaPresentationFactory _mediaPresentationFactory; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Media/Tree/MediaTreeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Media/Tree/MediaTreeControllerBase.cs index 83e04ae971..a57688a074 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Media/Tree/MediaTreeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Media/Tree/MediaTreeControllerBase.cs @@ -18,7 +18,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Media.Tree; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Tree}/{Constants.UdiEntityType.Media}")] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Media))] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessForMediaTree)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessForMediaTree)] public class MediaTreeControllerBase : UserStartNodeTreeControllerBase { private readonly AppCaches _appCaches; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MediaType/AllowedAtRootMediaTypeController.cs b/src/Umbraco.Cms.Api.Management/Controllers/MediaType/AllowedAtRootMediaTypeController.cs index 9862412830..122510762a 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MediaType/AllowedAtRootMediaTypeController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MediaType/AllowedAtRootMediaTypeController.cs @@ -12,7 +12,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.MediaType; [ApiVersion("1.0")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessMediaOrMediaTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMediaOrMediaTypes)] public class AllowedAtRootMediaTypeController : MediaTypeControllerBase { private readonly IMediaTypeService _mediaTypeService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MediaType/AllowedChildrenMediaTypeController.cs b/src/Umbraco.Cms.Api.Management/Controllers/MediaType/AllowedChildrenMediaTypeController.cs index a3f217a2af..8ca59590bf 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MediaType/AllowedChildrenMediaTypeController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MediaType/AllowedChildrenMediaTypeController.cs @@ -15,7 +15,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.MediaType; [ApiVersion("1.0")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessMediaOrMediaTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMediaOrMediaTypes)] public class AllowedChildrenMediaTypeController : MediaTypeControllerBase { private readonly IMediaTypeService _mediaTypeService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MediaType/Folder/MediaTypeFolderControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/MediaType/Folder/MediaTypeFolderControllerBase.cs index f1e3be8be7..a59e583ce9 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MediaType/Folder/MediaTypeFolderControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MediaType/Folder/MediaTypeFolderControllerBase.cs @@ -12,7 +12,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.MediaType.Folder; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.UdiEntityType.MediaType}/folder")] [ApiExplorerSettings(GroupName = "Media Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessMediaTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMediaTypes)] public abstract class MediaTypeFolderControllerBase : FolderManagementControllerBase { protected MediaTypeFolderControllerBase( diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MediaType/Item/MediaTypeItemControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/MediaType/Item/MediaTypeItemControllerBase.cs index 2285eb0090..76567ab3dd 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MediaType/Item/MediaTypeItemControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MediaType/Item/MediaTypeItemControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.MediaType.Item; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Item}/{Constants.UdiEntityType.MediaType}")] [ApiExplorerSettings(GroupName = "Media Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessMediaTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMediaTypes)] public class MediaTypeItemControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MediaType/MediaTypeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/MediaType/MediaTypeControllerBase.cs index a5d9fc56cd..ff5d680b01 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MediaType/MediaTypeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MediaType/MediaTypeControllerBase.cs @@ -11,7 +11,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.MediaType; [ApiController] [VersionedApiBackOfficeRoute(Constants.UdiEntityType.MediaType)] [ApiExplorerSettings(GroupName = "Media Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessMediaTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMediaTypes)] public abstract class MediaTypeControllerBase : ManagementApiControllerBase { protected IActionResult OperationStatusResult(ContentTypeOperationStatus status) diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MediaType/Tree/MediaTypeTreeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/MediaType/Tree/MediaTypeTreeControllerBase.cs index d5af2b21b2..e0c100cddc 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MediaType/Tree/MediaTypeTreeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MediaType/Tree/MediaTypeTreeControllerBase.cs @@ -14,7 +14,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.MediaType.Tree; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Tree}/{Constants.UdiEntityType.MediaType}")] [ApiExplorerSettings(GroupName = "Media Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessMediaTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMediaTypes)] public class MediaTypeTreeControllerBase : FolderTreeControllerBase { private readonly IMediaTypeService _mediaTypeService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Member/Filter/MemberFilterControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Member/Filter/MemberFilterControllerBase.cs index 80b1def4c6..11d4c31b3b 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Member/Filter/MemberFilterControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Member/Filter/MemberFilterControllerBase.cs @@ -10,7 +10,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Member.Filter; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Filter}/{Constants.UdiEntityType.Member}")] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Member))] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessForMemberTree)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessForMemberTree)] public abstract class MemberFilterControllerBase : ManagementApiControllerBase { protected IActionResult MemberTypeNotFound() diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Member/Item/MemberItemControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Member/Item/MemberItemControllerBase.cs index 639a104ef2..2a4ec7c9d6 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Member/Item/MemberItemControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Member/Item/MemberItemControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Member.Item; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Item}/{Constants.UdiEntityType.Member}")] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Member))] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessForMemberTree)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessForMemberTree)] public class MemberItemControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Member/MemberControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Member/MemberControllerBase.cs index 7b7a906a1a..0dc04f16f5 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Member/MemberControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Member/MemberControllerBase.cs @@ -15,7 +15,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Member; [VersionedApiBackOfficeRoute(Constants.UdiEntityType.Member)] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Member))] // FIXME: implement authorization -// [Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessMembers)] +// [Authorize(Policy = AuthorizationPolicies.SectionAccessMembers)] public class MemberControllerBase : ContentControllerBase { protected IActionResult MemberNotFound() => OperationStatusResult(MemberEditingOperationStatus.MemberNotFound, MemberNotFound); diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MemberGroup/Item/MemberGroupItemControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/MemberGroup/Item/MemberGroupItemControllerBase.cs index 9ee8a40c5b..f5d3f0517c 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MemberGroup/Item/MemberGroupItemControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MemberGroup/Item/MemberGroupItemControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.MemberGroup.Item; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Item}/{Constants.UdiEntityType.MemberGroup}")] [ApiExplorerSettings(GroupName = "Member Group")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessMemberGroups)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMemberGroups)] public class MemberGroupItemControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MemberGroup/MemberGroupControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/MemberGroup/MemberGroupControllerBase.cs index c1759cdb7f..22766c0f83 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MemberGroup/MemberGroupControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MemberGroup/MemberGroupControllerBase.cs @@ -12,7 +12,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.MemberGroup; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.UdiEntityType.MemberGroup}")] [ApiExplorerSettings(GroupName = "Member Group")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessMembers)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessMembers)] public class MemberGroupControllerBase : ManagementApiControllerBase { protected IActionResult MemberGroupOperationStatusResult(MemberGroupOperationStatus status) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MemberGroup/Tree/MemberGroupTreeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/MemberGroup/Tree/MemberGroupTreeControllerBase.cs index 29010e5a34..410f41575e 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MemberGroup/Tree/MemberGroupTreeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MemberGroup/Tree/MemberGroupTreeControllerBase.cs @@ -13,7 +13,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.MemberGroup.Tree; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Tree}/{Constants.UdiEntityType.MemberGroup}")] [ApiExplorerSettings(GroupName = "Member Group")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessMemberGroups)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMemberGroups)] public class MemberGroupTreeControllerBase : NamedEntityTreeControllerBase { public MemberGroupTreeControllerBase(IEntityService entityService) diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/Item/MemberTypeItemControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/Item/MemberTypeItemControllerBase.cs index 977e0d732a..fb6b8cd513 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/Item/MemberTypeItemControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/Item/MemberTypeItemControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.MemberType.Item; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Item}/{Constants.UdiEntityType.MemberType}")] [ApiExplorerSettings(GroupName = "Member Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessMemberTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMemberTypes)] public class MemberTypeItemControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/MemberTypeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/MemberTypeControllerBase.cs index a672f23ab8..c00550027c 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/MemberTypeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/MemberTypeControllerBase.cs @@ -11,7 +11,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.MemberType; [ApiController] [VersionedApiBackOfficeRoute(Constants.UdiEntityType.MemberType)] [ApiExplorerSettings(GroupName = "Member Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessMemberTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMemberTypes)] public abstract class MemberTypeControllerBase : ManagementApiControllerBase { protected IActionResult OperationStatusResult(ContentTypeOperationStatus status) diff --git a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/Tree/MemberTypeTreeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/Tree/MemberTypeTreeControllerBase.cs index 5e44e8dcf3..b798ad9fd4 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/MemberType/Tree/MemberTypeTreeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/MemberType/Tree/MemberTypeTreeControllerBase.cs @@ -13,7 +13,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.MemberType.Tree; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Tree}/{Constants.UdiEntityType.MemberType}")] [ApiExplorerSettings(GroupName = "Member Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessMemberTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessMemberTypes)] public class MemberTypeTreeControllerBase : NamedEntityTreeControllerBase { public MemberTypeTreeControllerBase(IEntityService entityService) diff --git a/src/Umbraco.Cms.Api.Management/Controllers/ModelsBuilder/ModelsBuilderControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/ModelsBuilder/ModelsBuilderControllerBase.cs index 114015361e..37068ced73 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/ModelsBuilder/ModelsBuilderControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/ModelsBuilder/ModelsBuilderControllerBase.cs @@ -8,7 +8,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.ModelsBuilder; [ApiController] [VersionedApiBackOfficeRoute("models-builder")] [ApiExplorerSettings(GroupName = "Models Builder")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessSettings)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessSettings)] public class ModelsBuilderControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Package/PackageControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Package/PackageControllerBase.cs index 007613be2c..0fdefb8f81 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Package/PackageControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Package/PackageControllerBase.cs @@ -10,7 +10,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Package; [ApiController] [VersionedApiBackOfficeRoute("package")] [ApiExplorerSettings(GroupName = "Package")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessPackages)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessPackages)] public abstract class PackageControllerBase : ManagementApiControllerBase { protected IActionResult PackageOperationStatusResult(PackageOperationStatus status) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/PartialView/Folder/PartialViewFolderControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/PartialView/Folder/PartialViewFolderControllerBase.cs index 868c69033b..9f1759ca4c 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/PartialView/Folder/PartialViewFolderControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/PartialView/Folder/PartialViewFolderControllerBase.cs @@ -11,7 +11,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.PartialView.Folder; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.UdiEntityType.PartialView}/folder")] [ApiExplorerSettings(GroupName = "Partial View")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessPartialViews)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessPartialViews)] public class PartialViewFolderControllerBase : FileSystemManagementControllerBase { protected IActionResult OperationStatusResult(PartialViewFolderOperationStatus status) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/PartialView/Item/PartialViewItemControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/PartialView/Item/PartialViewItemControllerBase.cs index 9cc03353e2..e8aa98ccf6 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/PartialView/Item/PartialViewItemControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/PartialView/Item/PartialViewItemControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.PartialView.Item; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Item}/{Constants.UdiEntityType.PartialView}")] [ApiExplorerSettings(GroupName = "Partial View")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessPartialViews)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessPartialViews)] public class PartialViewItemControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/PartialView/PartialViewControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/PartialView/PartialViewControllerBase.cs index b7676bd3c2..2b07a5666e 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/PartialView/PartialViewControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/PartialView/PartialViewControllerBase.cs @@ -11,7 +11,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.PartialView; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.UdiEntityType.PartialView}")] [ApiExplorerSettings(GroupName = "Partial View")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessPartialViews)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessPartialViews)] public class PartialViewControllerBase : FileSystemManagementControllerBase { protected IActionResult PartialViewOperationStatusResult(PartialViewOperationStatus status) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/PartialView/Tree/PartialViewTreeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/PartialView/Tree/PartialViewTreeControllerBase.cs index 0627302535..5116665c44 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/PartialView/Tree/PartialViewTreeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/PartialView/Tree/PartialViewTreeControllerBase.cs @@ -11,7 +11,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.PartialView.Tree; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Tree}/{Constants.UdiEntityType.PartialView}")] [ApiExplorerSettings(GroupName = "Partial View")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessPartialViews)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessPartialViews)] public class PartialViewTreeControllerBase : FileSystemTreeControllerBase { public PartialViewTreeControllerBase(FileSystems fileSystems) diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Profiling/ProfilingControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Profiling/ProfilingControllerBase.cs index 113f7600ae..447e1fc277 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Profiling/ProfilingControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Profiling/ProfilingControllerBase.cs @@ -10,7 +10,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Profiling; [ApiController] [VersionedApiBackOfficeRoute("profiling")] [ApiExplorerSettings(GroupName = "Profiling")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessSettings)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessSettings)] public class ProfilingControllerBase : ManagementApiControllerBase { protected IActionResult WebProfilerOperationStatusResult(WebProfilerOperationStatus status) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/PropertyType/PropertyTypeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/PropertyType/PropertyTypeControllerBase.cs index 787970ddbe..20658f5475 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/PropertyType/PropertyTypeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/PropertyType/PropertyTypeControllerBase.cs @@ -10,7 +10,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.PropertyType; [ApiController] [VersionedApiBackOfficeRoute("property-type")] [ApiExplorerSettings(GroupName = "Property Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessDocumentTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessDocumentTypes)] public abstract class PropertyTypeControllerBase : ManagementApiControllerBase { protected IActionResult PropertyTypeOperationStatusResult(PropertyTypeOperationStatus status) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/RedirectUrlManagement/RedirectUrlManagementControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/RedirectUrlManagement/RedirectUrlManagementControllerBase.cs index f1636b1830..229d4acb23 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/RedirectUrlManagement/RedirectUrlManagementControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/RedirectUrlManagement/RedirectUrlManagementControllerBase.cs @@ -8,7 +8,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.RedirectUrlManagement; [ApiController] [VersionedApiBackOfficeRoute("redirect-management")] [ApiExplorerSettings(GroupName = "Redirect Management")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessContent)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessContent)] public class RedirectUrlManagementControllerBase : ManagementApiControllerBase { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Relation/RelationControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Relation/RelationControllerBase.cs index f916a6072e..fa04997f7c 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Relation/RelationControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Relation/RelationControllerBase.cs @@ -10,7 +10,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Relation; [ApiController] [VersionedApiBackOfficeRoute("relation")] [ApiExplorerSettings(GroupName = "Relation")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessContent)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessContent)] public abstract class RelationControllerBase : ManagementApiControllerBase { protected IActionResult RelationOperationStatusResult(RelationOperationStatus status) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/RelationType/Item/RelationTypeItemControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/RelationType/Item/RelationTypeItemControllerBase.cs index b6efa387b0..0a798c25bd 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/RelationType/Item/RelationTypeItemControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/RelationType/Item/RelationTypeItemControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.RelationType.Item; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Item}/{Constants.UdiEntityType.RelationType}")] [ApiExplorerSettings(GroupName = "Relation Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessRelationTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessRelationTypes)] public class RelationTypeItemControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/RelationType/Query/RelationTypeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/RelationType/Query/RelationTypeControllerBase.cs index 3ecd3d51e8..2ae9fcde8d 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/RelationType/Query/RelationTypeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/RelationType/Query/RelationTypeControllerBase.cs @@ -12,7 +12,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.RelationType.Query; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.UdiEntityType.RelationType}")] [ApiExplorerSettings(GroupName = "Relation Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessRelationTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessRelationTypes)] public class RelationTypeControllerBase : ManagementApiControllerBase { protected IActionResult RelationTypeOperationStatusResult(RelationTypeOperationStatus status) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/RelationType/Tree/RelationTypeTreeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/RelationType/Tree/RelationTypeTreeControllerBase.cs index 8311ed6234..ea6cf3073c 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/RelationType/Tree/RelationTypeTreeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/RelationType/Tree/RelationTypeTreeControllerBase.cs @@ -14,7 +14,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.RelationType.Tree; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Tree}/{Constants.UdiEntityType.RelationType}")] [ApiExplorerSettings(GroupName = "Relation Type")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessRelationTypes)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessRelationTypes)] // NOTE: at the moment relation types aren't supported by EntityService, so we have little use of the // tree controller base. We'll keep it though, in the hope that we can mend EntityService. public class RelationTypeTreeControllerBase : NamedEntityTreeControllerBase diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Script/Folder/ScriptFolderControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Script/Folder/ScriptFolderControllerBase.cs index 9d088cb0da..94b1c9ec68 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Script/Folder/ScriptFolderControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Script/Folder/ScriptFolderControllerBase.cs @@ -11,7 +11,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Script.Folder; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.UdiEntityType.Script}/folder")] [ApiExplorerSettings(GroupName = "Script")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessScripts)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessScripts)] public class ScriptFolderControllerBase : FileSystemManagementControllerBase { protected IActionResult OperationStatusResult(ScriptFolderOperationStatus status) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Script/Item/ScriptItemControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Script/Item/ScriptItemControllerBase.cs index 5797e33e24..9acfd65a91 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Script/Item/ScriptItemControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Script/Item/ScriptItemControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Script.Item; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Item}/{Constants.UdiEntityType.Script}")] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Script))] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessScripts)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessScripts)] public class ScriptItemControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Script/ScriptControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Script/ScriptControllerBase.cs index 324c767d90..e3a974f82d 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Script/ScriptControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Script/ScriptControllerBase.cs @@ -12,7 +12,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Script; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.UdiEntityType.Script}")] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Script))] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessScripts)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessScripts)] public class ScriptControllerBase : FileSystemManagementControllerBase { protected IActionResult ScriptOperationStatusResult(ScriptOperationStatus status) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Script/Tree/ScriptTreeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Script/Tree/ScriptTreeControllerBase.cs index ea86b67b3b..5838ea3ef9 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Script/Tree/ScriptTreeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Script/Tree/ScriptTreeControllerBase.cs @@ -11,7 +11,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Script.Tree; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Tree}/{Constants.UdiEntityType.Script}")] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Script))] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessScripts)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessScripts)] public class ScriptTreeControllerBase : FileSystemTreeControllerBase { public ScriptTreeControllerBase(FileSystems fileSystems) diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Security/ConfigurationSecurityController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Security/ConfigurationSecurityController.cs index b60e5b085d..92823e5dc6 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Security/ConfigurationSecurityController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Security/ConfigurationSecurityController.cs @@ -9,7 +9,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.Security; [ApiVersion("1.0")] -[Authorize(Policy = "New" + AuthorizationPolicies.DenyLocalLoginIfConfigured)] +[Authorize(Policy = AuthorizationPolicies.DenyLocalLoginIfConfigured)] // FIXME: Add requiring password reset token policy when its implemented public class ConfigurationSecurityController : SecurityControllerBase { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Security/SecurityControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Security/SecurityControllerBase.cs index 8fcdb13561..2d5739bc0f 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Security/SecurityControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Security/SecurityControllerBase.cs @@ -11,7 +11,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Security; [ApiController] [VersionedApiBackOfficeRoute("security")] [ApiExplorerSettings(GroupName = "Security")] -[Authorize(Policy = "New" + AuthorizationPolicies.DenyLocalLoginIfConfigured)] +[Authorize(Policy = AuthorizationPolicies.DenyLocalLoginIfConfigured)] public abstract class SecurityControllerBase : ManagementApiControllerBase { protected IActionResult UserOperationStatusResult(UserOperationStatus status, ErrorMessageResult? errorMessageResult = null) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Stylesheet/Folder/StylesheetFolderControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Stylesheet/Folder/StylesheetFolderControllerBase.cs index cf52ea6f77..0409e926aa 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Stylesheet/Folder/StylesheetFolderControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Stylesheet/Folder/StylesheetFolderControllerBase.cs @@ -11,7 +11,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Stylesheet.Folder; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.UdiEntityType.Stylesheet}/folder")] [ApiExplorerSettings(GroupName = "Stylesheet")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessStylesheets)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessStylesheets)] public class StylesheetFolderControllerBase : FileSystemManagementControllerBase { protected IActionResult OperationStatusResult(StylesheetFolderOperationStatus status) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Stylesheet/Item/StylesheetItemControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Stylesheet/Item/StylesheetItemControllerBase.cs index d528852513..42ed403ae2 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Stylesheet/Item/StylesheetItemControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Stylesheet/Item/StylesheetItemControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Stylesheet.Item; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Item}/{Constants.UdiEntityType.Stylesheet}")] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Stylesheet))] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessStylesheets)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessStylesheets)] public class StylesheetItemControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Stylesheet/StylesheetControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Stylesheet/StylesheetControllerBase.cs index 6556212f10..0fc77d5bbd 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Stylesheet/StylesheetControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Stylesheet/StylesheetControllerBase.cs @@ -12,7 +12,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Stylesheet; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.UdiEntityType.Stylesheet}")] [ApiExplorerSettings(GroupName = "Stylesheet")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessStylesheets)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessStylesheets)] public class StylesheetControllerBase : FileSystemManagementControllerBase { protected IActionResult StylesheetOperationStatusResult(StylesheetOperationStatus status) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Stylesheet/Tree/StylesheetTreeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Stylesheet/Tree/StylesheetTreeControllerBase.cs index 9b58647c16..cc050c3a14 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Stylesheet/Tree/StylesheetTreeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Stylesheet/Tree/StylesheetTreeControllerBase.cs @@ -11,7 +11,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Stylesheet.Tree; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Tree}/{Constants.UdiEntityType.Stylesheet}")] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Stylesheet))] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessStylesheets)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessStylesheets)] public class StylesheetTreeControllerBase : FileSystemTreeControllerBase { public StylesheetTreeControllerBase(FileSystems fileSystems) diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Telemetry/TelemetryControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Telemetry/TelemetryControllerBase.cs index 4530e284c4..3c2236215e 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Telemetry/TelemetryControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Telemetry/TelemetryControllerBase.cs @@ -8,7 +8,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Telemetry; [ApiController] [VersionedApiBackOfficeRoute("telemetry")] [ApiExplorerSettings(GroupName = "Telemetry")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessSettings)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessSettings)] public abstract class TelemetryControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Template/Item/TemplateItemControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Template/Item/TemplateItemControllerBase.cs index c67181381b..8b32b458e7 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Template/Item/TemplateItemControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Template/Item/TemplateItemControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Template.Item; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Item}/{Constants.UdiEntityType.Template}")] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Template))] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessTemplates)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessTemplates)] public class TemplateItemControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Template/TemplateControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Template/TemplateControllerBase.cs index f771236ec5..ff593645ce 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Template/TemplateControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Template/TemplateControllerBase.cs @@ -12,7 +12,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Template; [ApiController] [VersionedApiBackOfficeRoute(Constants.UdiEntityType.Template)] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Template))] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessTemplates)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessTemplates)] public class TemplateControllerBase : ManagementApiControllerBase { protected IActionResult TemplateOperationStatusResult(TemplateOperationStatus status) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Template/Tree/TemplateTreeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Template/Tree/TemplateTreeControllerBase.cs index 95b69ca395..e749663356 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Template/Tree/TemplateTreeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Template/Tree/TemplateTreeControllerBase.cs @@ -13,7 +13,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Template.Tree; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Tree}/{Constants.UdiEntityType.Template}")] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Template))] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessTemplates)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessTemplates)] public class TemplateTreeControllerBase : NamedEntityTreeControllerBase { public TemplateTreeControllerBase(IEntityService entityService) diff --git a/src/Umbraco.Cms.Api.Management/Controllers/TrackedReference/TrackedReferencesControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/TrackedReference/TrackedReferencesControllerBase.cs index 1d8212637b..193f79bc81 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/TrackedReference/TrackedReferencesControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/TrackedReference/TrackedReferencesControllerBase.cs @@ -8,7 +8,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.TrackedReference; [ApiController] [VersionedApiBackOfficeRoute("tracked-reference")] [ApiExplorerSettings(GroupName = "Tracked Reference")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessContentOrMedia)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessContentOrMedia)] public abstract class TrackedReferenceControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Upgrade/UpgradeControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Upgrade/UpgradeControllerBase.cs index 219e17aa2e..a6944b99a7 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Upgrade/UpgradeControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Upgrade/UpgradeControllerBase.cs @@ -14,7 +14,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Upgrade; [RequireRuntimeLevel(RuntimeLevel.Upgrade)] [VersionedApiBackOfficeRoute("upgrade")] [ApiExplorerSettings(GroupName = "Upgrade")] -[Authorize(Policy = "New" + AuthorizationPolicies.RequireAdminAccess)] +[Authorize(Policy = AuthorizationPolicies.RequireAdminAccess)] public abstract class UpgradeControllerBase : ManagementApiControllerBase { protected IActionResult UpgradeOperationResult(UpgradeOperationStatus status, InstallationResult? result = null) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/BulkDeleteUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/BulkDeleteUserController.cs index 8a10c6deea..e330dc6a58 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/BulkDeleteUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/BulkDeleteUserController.cs @@ -39,7 +39,7 @@ public class BulkDeleteUserController : UserControllerBase AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, UserPermissionResource.WithKeys(model.UserIds), - AuthorizationPolicies.AdminUserEditsRequireAdmin); + AuthorizationPolicies.UserPermissionByResource); if (!authorizationResult.Succeeded) { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/ByKeyUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/ByKeyUserController.cs index 8012386030..05c5a8fa96 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/ByKeyUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/ByKeyUserController.cs @@ -40,7 +40,7 @@ public class ByKeyUserController : UserControllerBase AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, UserPermissionResource.WithKeys(id), - AuthorizationPolicies.AdminUserEditsRequireAdmin); + AuthorizationPolicies.UserPermissionByResource); if (!authorizationResult.Succeeded) { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/ChangePasswordUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/ChangePasswordUserController.cs index 734a9ed714..614bde7f19 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/ChangePasswordUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/ChangePasswordUserController.cs @@ -42,7 +42,7 @@ public class ChangePasswordUserController : UserControllerBase AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, UserPermissionResource.WithKeys(id), - AuthorizationPolicies.AdminUserEditsRequireAdmin); + AuthorizationPolicies.UserPermissionByResource); if (!authorizationResult.Succeeded) { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/ClearAvatarUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/ClearAvatarUserController.cs index 12fe4325f8..5cc15fe35e 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/ClearAvatarUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/ClearAvatarUserController.cs @@ -33,7 +33,7 @@ public class ClearAvatarUserController : UserControllerBase AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, UserPermissionResource.WithKeys(id), - AuthorizationPolicies.AdminUserEditsRequireAdmin); + AuthorizationPolicies.UserPermissionByResource); if (!authorizationResult.Succeeded) { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/ConfigurationUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/ConfigurationUserController.cs index 46b2a3a328..9cc9298613 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/ConfigurationUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/ConfigurationUserController.cs @@ -9,7 +9,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.User; [ApiVersion("1.0")] -[Authorize(Policy = "New" + AuthorizationPolicies.RequireAdminAccess)] +[Authorize(Policy = AuthorizationPolicies.RequireAdminAccess)] public class ConfigurationUserController : UserControllerBase { private readonly IUserPresentationFactory _userPresentationFactory; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/CreateInitialPasswordUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/CreateInitialPasswordUserController.cs index 8753c327b8..e017b0c6a3 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/CreateInitialPasswordUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/CreateInitialPasswordUserController.cs @@ -12,7 +12,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.User; [ApiVersion("1.0")] -[Authorize(Policy = "New" + AuthorizationPolicies.DenyLocalLoginIfConfigured)] +[Authorize(Policy = AuthorizationPolicies.DenyLocalLoginIfConfigured)] public class CreateInitialPasswordUserController : UserControllerBase { private readonly IUserService _userService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/Current/ConfigurationCurrentUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/Current/ConfigurationCurrentUserController.cs index 9e29b10801..92d2dcd02d 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/Current/ConfigurationCurrentUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/Current/ConfigurationCurrentUserController.cs @@ -9,7 +9,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.User.Current; [ApiVersion("1.0")] -[Authorize(Policy = "New" + AuthorizationPolicies.BackOfficeAccess)] +[Authorize(Policy = AuthorizationPolicies.BackOfficeAccess)] public class ConfigurationCurrentUserController : CurrentUserControllerBase { private readonly IUserPresentationFactory _userPresentationFactory; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/Current/GetCurrentUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/Current/GetCurrentUserController.cs index 2d4752cac1..c0a7d26470 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/Current/GetCurrentUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/Current/GetCurrentUserController.cs @@ -44,7 +44,7 @@ public class GetCurrentUserController : CurrentUserControllerBase AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, UserPermissionResource.WithKeys(currentUserKey), - AuthorizationPolicies.AdminUserEditsRequireAdmin); + AuthorizationPolicies.UserPermissionByResource); if (!authorizationResult.Succeeded) { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/Current/SetAvatarCurrentUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/Current/SetAvatarCurrentUserController.cs index 3558a903e1..be714f9b3e 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/Current/SetAvatarCurrentUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/Current/SetAvatarCurrentUserController.cs @@ -41,7 +41,7 @@ public class SetAvatarCurrentUserController : CurrentUserControllerBase AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, UserPermissionResource.WithKeys(userKey), - AuthorizationPolicies.AdminUserEditsRequireAdmin); + AuthorizationPolicies.UserPermissionByResource); if (!authorizationResult.Succeeded) { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/DeleteUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/DeleteUserController.cs index bf4de77f6f..8043dbae5d 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/DeleteUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/DeleteUserController.cs @@ -39,7 +39,7 @@ public class DeleteUserController : UserControllerBase AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, UserPermissionResource.WithKeys(id), - AuthorizationPolicies.AdminUserEditsRequireAdmin); + AuthorizationPolicies.UserPermissionByResource); if (!authorizationResult.Succeeded) { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/DisableTwoFactorProviderUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/DisableTwoFactorProviderUserController.cs index 5f2a0f5955..99ce5d62d8 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/DisableTwoFactorProviderUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/DisableTwoFactorProviderUserController.cs @@ -36,7 +36,7 @@ public class DisableTwoFactorProviderUserController : UserControllerBase AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, UserPermissionResource.WithKeys(id), - AuthorizationPolicies.AdminUserEditsRequireAdmin); + AuthorizationPolicies.UserPermissionByResource); if (!authorizationResult.Succeeded) { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/DisableUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/DisableUserController.cs index a3f0facf5d..5b3eb98623 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/DisableUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/DisableUserController.cs @@ -40,7 +40,7 @@ public class DisableUserController : UserControllerBase AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, UserPermissionResource.WithKeys(model.UserIds), - AuthorizationPolicies.AdminUserEditsRequireAdmin); + AuthorizationPolicies.UserPermissionByResource); if (!authorizationResult.Succeeded) { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/EnableUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/EnableUserController.cs index 0490724959..8817626b9f 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/EnableUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/EnableUserController.cs @@ -40,7 +40,7 @@ public class EnableUserController : UserControllerBase AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, UserPermissionResource.WithKeys(model.UserIds), - AuthorizationPolicies.AdminUserEditsRequireAdmin); + AuthorizationPolicies.UserPermissionByResource); if (!authorizationResult.Succeeded) { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/Filter/UserFilterControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/Filter/UserFilterControllerBase.cs index 9b58d64567..4226d6935f 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/Filter/UserFilterControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/Filter/UserFilterControllerBase.cs @@ -8,7 +8,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.User.Filter; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Filter}/user")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessUsers)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessUsers)] public abstract class UserFilterControllerBase : UserOrCurrentUserControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/Item/UserItemControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/Item/UserItemControllerBase.cs index 8954621f9a..31bd4f429a 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/Item/UserItemControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/Item/UserItemControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.User.Item; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Item}/user")] [ApiExplorerSettings(GroupName = "User")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessUsers)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessUsers)] public class UserItemControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/ListTwoFactorProvidersUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/ListTwoFactorProvidersUserController.cs index 299ebd325a..6a5fe786f0 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/ListTwoFactorProvidersUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/ListTwoFactorProvidersUserController.cs @@ -36,7 +36,7 @@ public class ListTwoFactorProvidersUserController : UserControllerBase AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, UserPermissionResource.WithKeys(id), - AuthorizationPolicies.AdminUserEditsRequireAdmin); + AuthorizationPolicies.UserPermissionByResource); if (!authorizationResult.Succeeded) { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/ResetPasswordUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/ResetPasswordUserController.cs index b793eb76fd..2be4d9a6b5 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/ResetPasswordUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/ResetPasswordUserController.cs @@ -45,7 +45,7 @@ public class ResetPasswordUserController : UserControllerBase AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, UserPermissionResource.WithKeys(id), - AuthorizationPolicies.AdminUserEditsRequireAdmin); + AuthorizationPolicies.UserPermissionByResource); if (!authorizationResult.Succeeded) { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/SetAvatarUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/SetAvatarUserController.cs index 5086cc6b44..4bd92b9d0c 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/SetAvatarUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/SetAvatarUserController.cs @@ -34,7 +34,7 @@ public class SetAvatarUserController : UserControllerBase AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, UserPermissionResource.WithKeys(id), - AuthorizationPolicies.AdminUserEditsRequireAdmin); + AuthorizationPolicies.UserPermissionByResource); if (!authorizationResult.Succeeded) { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/UnlockUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/UnlockUserController.cs index d39718b894..8ebd3fe7bc 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/UnlockUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/UnlockUserController.cs @@ -41,7 +41,7 @@ public class UnlockUserController : UserControllerBase AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, UserPermissionResource.WithKeys(model.UserIds), - AuthorizationPolicies.AdminUserEditsRequireAdmin); + AuthorizationPolicies.UserPermissionByResource); if (!authorizationResult.Succeeded) { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/UpdateUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/UpdateUserController.cs index a5622f1bce..28c77a7ab1 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/UpdateUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/UpdateUserController.cs @@ -46,7 +46,7 @@ public class UpdateUserController : UserControllerBase AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, UserPermissionResource.WithKeys(id), - AuthorizationPolicies.AdminUserEditsRequireAdmin); + AuthorizationPolicies.UserPermissionByResource); if (!authorizationResult.Succeeded) { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/UpdateUserGroupsUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/UpdateUserGroupsUserController.cs index 013a663e0b..a9227d28e3 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/UpdateUserGroupsUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/UpdateUserGroupsUserController.cs @@ -31,7 +31,7 @@ public class UpdateUserGroupsUserController : UserControllerBase AuthorizationResult authorizationResult = await _authorizationService.AuthorizeResourceAsync( User, UserPermissionResource.WithKeys(requestModel.UserIds), - AuthorizationPolicies.AdminUserEditsRequireAdmin); + AuthorizationPolicies.UserPermissionByResource); if (!authorizationResult.Succeeded) { diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/UserControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/UserControllerBase.cs index 619cd812ef..69bb06bab3 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/UserControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/UserControllerBase.cs @@ -7,7 +7,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.User; [ApiController] [VersionedApiBackOfficeRoute("user")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessUsers)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessUsers)] public abstract class UserControllerBase : UserOrCurrentUserControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/VerifyInviteUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/VerifyInviteUserController.cs index 1c193e1780..0252712f4c 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/VerifyInviteUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/VerifyInviteUserController.cs @@ -11,7 +11,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.User; [ApiVersion("1.0")] -[Authorize(Policy = "New" + AuthorizationPolicies.DenyLocalLoginIfConfigured)] +[Authorize(Policy = AuthorizationPolicies.DenyLocalLoginIfConfigured)] public class VerifyInviteUserController : UserControllerBase { private readonly IUserService _userService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/Item/UserGroupItemControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/Item/UserGroupItemControllerBase.cs index 898524619a..942a1e9e8d 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/Item/UserGroupItemControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/Item/UserGroupItemControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.UserGroup.Item; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Item}/user-group")] [ApiExplorerSettings(GroupName = "User Group")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessUsers)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessUsers)] public class UserGroupItemControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/UserGroupsControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/UserGroupsControllerBase.cs index 6627e7f8e0..fe8a27995b 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/UserGroupsControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/UserGroupsControllerBase.cs @@ -11,7 +11,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.UserGroup; [ApiController] [VersionedApiBackOfficeRoute("user-group")] [ApiExplorerSettings(GroupName = "User Group")] -[Authorize(Policy = "New" + AuthorizationPolicies.SectionAccessUsers)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessUsers)] public class UserGroupControllerBase : ManagementApiControllerBase { protected IActionResult UserGroupOperationStatusResult(UserGroupOperationStatus status) => diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Webhook/CreateWebhookController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Webhook/CreateWebhookController.cs index 80c5418ff7..4dd8330272 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Webhook/CreateWebhookController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Webhook/CreateWebhookController.cs @@ -13,7 +13,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.Webhook; [ApiVersion("1.0")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessWebhooks)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessWebhooks)] public class CreateWebhookController : WebhookControllerBase { private readonly IWebhookService _webhookService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Webhook/DeleteWebhookController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Webhook/DeleteWebhookController.cs index 103bfe645c..d1475cde98 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Webhook/DeleteWebhookController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Webhook/DeleteWebhookController.cs @@ -12,7 +12,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.Webhook; [ApiVersion("1.0")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessWebhooks)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessWebhooks)] public class DeleteWebhookController : WebhookControllerBase { private readonly IWebhookService _webhookService; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Webhook/Item/WebhookEntityControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Webhook/Item/WebhookEntityControllerBase.cs index 1982cd898d..688f71a064 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Webhook/Item/WebhookEntityControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Webhook/Item/WebhookEntityControllerBase.cs @@ -9,7 +9,7 @@ namespace Umbraco.Cms.Api.Management.Controllers.Webhook.Item; [ApiController] [VersionedApiBackOfficeRoute($"{Constants.UdiEntityType.Webhook}")] [ApiExplorerSettings(GroupName = "Webhook")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessWebhooks)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessWebhooks)] public class WebhookEntityControllerBase : ManagementApiControllerBase { } diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Webhook/UpdateWebhookController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Webhook/UpdateWebhookController.cs index a74a4eb27a..3731dcadc0 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Webhook/UpdateWebhookController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Webhook/UpdateWebhookController.cs @@ -15,7 +15,7 @@ using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.Webhook; [ApiVersion("1.0")] -[Authorize(Policy = "New" + AuthorizationPolicies.TreeAccessWebhooks)] +[Authorize(Policy = AuthorizationPolicies.TreeAccessWebhooks)] public class UpdateWebhookController : WebhookControllerBase { private readonly IWebhookService _webhookService; diff --git a/src/Umbraco.Cms.Api.Management/DependencyInjection/BackOfficeAuthPolicyBuilderExtensions.cs b/src/Umbraco.Cms.Api.Management/DependencyInjection/BackOfficeAuthPolicyBuilderExtensions.cs index bffdb43db1..4714c54c74 100644 --- a/src/Umbraco.Cms.Api.Management/DependencyInjection/BackOfficeAuthPolicyBuilderExtensions.cs +++ b/src/Umbraco.Cms.Api.Management/DependencyInjection/BackOfficeAuthPolicyBuilderExtensions.cs @@ -1,11 +1,9 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.Extensions.DependencyInjection; using OpenIddict.Validation.AspNetCore; -using Umbraco.Cms.Api.Management.Security.Authorization; using Umbraco.Cms.Api.Management.Security.Authorization.Content; using Umbraco.Cms.Api.Management.Security.Authorization.DenyLocalLogin; using Umbraco.Cms.Api.Management.Security.Authorization.Dictionary; -using Umbraco.Cms.Api.Management.Security.Authorization.Feature; using Umbraco.Cms.Api.Management.Security.Authorization.Media; using Umbraco.Cms.Api.Management.Security.Authorization.User; using Umbraco.Cms.Api.Management.Security.Authorization.UserGroup; @@ -25,11 +23,11 @@ internal static class BackOfficeAuthPolicyBuilderExtensions // any auth defining a matching requirement and scheme. builder.Services.AddSingleton(); builder.Services.AddSingleton(); + builder.Services.AddSingleton(); builder.Services.AddSingleton(); builder.Services.AddSingleton(); builder.Services.AddSingleton(); builder.Services.AddSingleton(); - builder.Services.AddSingleton(); builder.Services.AddAuthorization(CreatePolicies); return builder; @@ -39,20 +37,20 @@ internal static class BackOfficeAuthPolicyBuilderExtensions { void AddPolicy(string policyName, string claimType, params string[] allowedClaimValues) { - options.AddPolicy($"New{policyName}", policy => + options.AddPolicy(policyName, policy => { policy.AuthenticationSchemes.Add(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); policy.RequireClaim(claimType, allowedClaimValues); }); } - options.AddPolicy($"New{AuthorizationPolicies.BackOfficeAccess}", policy => + options.AddPolicy(AuthorizationPolicies.BackOfficeAccess, policy => { policy.AuthenticationSchemes.Add(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); policy.RequireAuthenticatedUser(); }); - options.AddPolicy($"New{AuthorizationPolicies.RequireAdminAccess}", policy => + options.AddPolicy(AuthorizationPolicies.RequireAdminAccess, policy => { policy.AuthenticationSchemes.Add(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); policy.RequireRole(Constants.Security.AdminGroupAlias); @@ -93,47 +91,46 @@ internal static class BackOfficeAuthPolicyBuilderExtensions AddPolicy(AuthorizationPolicies.TreeAccessWebhooks, Constants.Security.AllowedApplicationsClaimType, Constants.Applications.Settings); // Contextual permissions - // TODO: Rename policies once we have the old ones removed - options.AddPolicy($"New{AuthorizationPolicies.AdminUserEditsRequireAdmin}", policy => - { - policy.AuthenticationSchemes.Add(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); - policy.Requirements.Add(new UserPermissionRequirement()); - }); - - options.AddPolicy($"New{AuthorizationPolicies.ContentPermissionByResource}", policy => + options.AddPolicy(AuthorizationPolicies.ContentPermissionByResource, policy => { policy.AuthenticationSchemes.Add(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); policy.Requirements.Add(new ContentPermissionRequirement()); }); - options.AddPolicy($"New{AuthorizationPolicies.DenyLocalLoginIfConfigured}", policy => + options.AddPolicy(AuthorizationPolicies.DenyLocalLoginIfConfigured, policy => { policy.AuthenticationSchemes.Add(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); policy.Requirements.Add(new DenyLocalLoginRequirement()); }); - options.AddPolicy($"New{AuthorizationPolicies.MediaPermissionByResource}", policy => + options.AddPolicy(AuthorizationPolicies.DictionaryPermissionByResource, policy => + { + policy.AuthenticationSchemes.Add(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); + policy.Requirements.Add(new DictionaryPermissionRequirement()); + }); + + options.AddPolicy(AuthorizationPolicies.MediaPermissionByResource, policy => { policy.AuthenticationSchemes.Add(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); policy.Requirements.Add(new MediaPermissionRequirement()); }); - options.AddPolicy($"New{AuthorizationPolicies.UmbracoFeatureEnabled}", policy => + options.AddPolicy(AuthorizationPolicies.UmbracoFeatureEnabled, policy => { policy.AuthenticationSchemes.Add(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); policy.Requirements.Add(new FeatureAuthorizeRequirement()); }); - options.AddPolicy($"New{AuthorizationPolicies.UserBelongsToUserGroupInRequest}", policy => + options.AddPolicy(AuthorizationPolicies.UserBelongsToUserGroupInRequest, policy => { policy.AuthenticationSchemes.Add(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); policy.Requirements.Add(new UserGroupPermissionRequirement()); }); - options.AddPolicy($"New{AuthorizationPolicies.DictionaryPermissionByResource}", policy => + options.AddPolicy(AuthorizationPolicies.UserPermissionByResource, policy => { policy.AuthenticationSchemes.Add(OpenIddictValidationAspNetCoreDefaults.AuthenticationScheme); - policy.Requirements.Add(new DictionaryPermissionRequirement()); + policy.Requirements.Add(new UserPermissionRequirement()); }); } } diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/AuthorizationServiceExtensions.cs b/src/Umbraco.Cms.Api.Management/Security/Authorization/AuthorizationServiceExtensions.cs index 4011bf4234..bfb370d332 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/AuthorizationServiceExtensions.cs +++ b/src/Umbraco.Cms.Api.Management/Security/Authorization/AuthorizationServiceExtensions.cs @@ -1,6 +1,5 @@ using System.Security.Claims; using Microsoft.AspNetCore.Authorization; -using Umbraco.Cms.Api.Management.Security.Authorization; using Umbraco.Cms.Core.Security.Authorization; namespace Umbraco.Extensions; @@ -8,5 +7,5 @@ namespace Umbraco.Extensions; public static class AuthorizationServiceExtensions { public static Task AuthorizeResourceAsync(this IAuthorizationService authorizationService, ClaimsPrincipal user, IPermissionResource resource, string policyName) - => authorizationService.AuthorizeAsync(user, resource, $"New{policyName}"); + => authorizationService.AuthorizeAsync(user, resource, policyName); } diff --git a/src/Umbraco.Web.Common/Authorization/AuthorizationPolicies.cs b/src/Umbraco.Web.Common/Authorization/AuthorizationPolicies.cs index b3cb194a11..4256f29c25 100644 --- a/src/Umbraco.Web.Common/Authorization/AuthorizationPolicies.cs +++ b/src/Umbraco.Web.Common/Authorization/AuthorizationPolicies.cs @@ -1,32 +1,22 @@ namespace Umbraco.Cms.Web.Common.Authorization; /// -/// A list of authorization policy names for use in the back office +/// A list of authorization policy names for use in the back office. /// public static class AuthorizationPolicies { public const string UmbracoFeatureEnabled = nameof(UmbracoFeatureEnabled); public const string BackOfficeAccess = nameof(BackOfficeAccess); - public const string BackOfficeAccessWithoutApproval = nameof(BackOfficeAccessWithoutApproval); - public const string UserBelongsToUserGroupInRequest = nameof(UserBelongsToUserGroupInRequest); - public const string AdminUserEditsRequireAdmin = nameof(AdminUserEditsRequireAdmin); public const string DenyLocalLoginIfConfigured = nameof(DenyLocalLoginIfConfigured); public const string RequireAdminAccess = nameof(RequireAdminAccess); + public const string UserBelongsToUserGroupInRequest = nameof(UserBelongsToUserGroupInRequest); + public const string UserPermissionByResource = nameof(UserPermissionByResource); // Content permission access public const string ContentPermissionByResource = nameof(ContentPermissionByResource); - public const string ContentPermissionEmptyRecycleBin = nameof(ContentPermissionEmptyRecycleBin); - public const string ContentPermissionAdministrationById = nameof(ContentPermissionAdministrationById); - public const string ContentPermissionPublishById = nameof(ContentPermissionPublishById); - public const string ContentPermissionRollbackById = nameof(ContentPermissionRollbackById); - public const string ContentPermissionProtectById = nameof(ContentPermissionProtectById); - public const string ContentPermissionBrowseById = nameof(ContentPermissionBrowseById); - public const string ContentPermissionDeleteById = nameof(ContentPermissionDeleteById); - public const string ContentPermissionCreateBlueprintFromId = nameof(ContentPermissionCreateBlueprintFromId); public const string MediaPermissionByResource = nameof(MediaPermissionByResource); - public const string MediaPermissionPathById = nameof(MediaPermissionPathById); // Single section access public const string SectionAccessContent = nameof(SectionAccessContent); @@ -38,19 +28,14 @@ public static class AuthorizationPolicies // Custom access based on multiple sections public const string SectionAccessContentOrMedia = nameof(SectionAccessContentOrMedia); - public const string SectionAccessForTinyMce = nameof(SectionAccessForTinyMce); public const string SectionAccessForMemberTree = nameof(SectionAccessForMemberTree); public const string SectionAccessForMediaTree = nameof(SectionAccessForMediaTree); public const string SectionAccessForContentTree = nameof(SectionAccessForContentTree); - public const string SectionAccessForDataTypeReading = nameof(SectionAccessForDataTypeReading); // Single tree access public const string TreeAccessDocuments = nameof(TreeAccessDocuments); - public const string TreeAccessUsers = nameof(TreeAccessUsers); public const string TreeAccessPartialViews = nameof(TreeAccessPartialViews); public const string TreeAccessDataTypes = nameof(TreeAccessDataTypes); - public const string TreeAccessPackages = nameof(TreeAccessPackages); - public const string TreeAccessLogs = nameof(TreeAccessLogs); public const string TreeAccessWebhooks = nameof(TreeAccessWebhooks); public const string TreeAccessTemplates = nameof(TreeAccessTemplates); public const string TreeAccessDictionary = nameof(TreeAccessDictionary); @@ -66,17 +51,8 @@ public static class AuthorizationPolicies // Custom access based on multiple trees public const string TreeAccessDocumentsOrDocumentTypes = nameof(TreeAccessDocumentsOrDocumentTypes); public const string TreeAccessMediaOrMediaTypes = nameof(TreeAccessMediaOrMediaTypes); - public const string TreeAccessMembersOrMemberTypes = nameof(TreeAccessMembersOrMemberTypes); - public const string TreeAccessAnySchemaTypes = nameof(TreeAccessAnySchemaTypes); public const string TreeAccessDictionaryOrTemplates = nameof(TreeAccessDictionaryOrTemplates); // other public const string DictionaryPermissionByResource = nameof(DictionaryPermissionByResource); - - /// - /// Defines access based on if the user has access to any tree's exposing any types of content (documents, media, - /// members) - /// or any content types (document types, media types, member types) - /// - public const string TreeAccessAnyContentOrTypes = nameof(TreeAccessAnyContentOrTypes); } diff --git a/tests/Umbraco.Tests.Integration/Umbraco.Web.Website/Security/MemberAuthorizeTests.cs b/tests/Umbraco.Tests.Integration/Umbraco.Web.Website/Security/MemberAuthorizeTests.cs index b9711bc997..35bea8bc0e 100644 --- a/tests/Umbraco.Tests.Integration/Umbraco.Web.Website/Security/MemberAuthorizeTests.cs +++ b/tests/Umbraco.Tests.Integration/Umbraco.Web.Website/Security/MemberAuthorizeTests.cs @@ -68,36 +68,35 @@ namespace Umbraco.Cms.Tests.Integration.Umbraco.Web.Website.Security Assert.AreEqual(cookieAuthenticationOptions.Value.AccessDeniedPath.ToString(), response.Headers.Location?.AbsolutePath); } - // FIXME: Uncomment these tests when policies are renamed back to the original names without "New" - // [Test] - // [LongRunning] - // public async Task Secure_ApiController_Should_Return_Unauthorized_WhenNotLoggedIn() - // { - // _memberManagerMock.Setup(x => x.IsLoggedIn()).Returns(false); - // var url = PrepareApiControllerUrl(x => x.Secure()); - // - // var response = await Client.GetAsync(url); - // - // Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode); - // } + [Test] + [LongRunning] + public async Task Secure_ApiController_Should_Return_Unauthorized_WhenNotLoggedIn() + { + _memberManagerMock.Setup(x => x.IsLoggedIn()).Returns(false); + var url = PrepareApiControllerUrl(x => x.Secure()); - // [Test] - // [LongRunning] - // public async Task Secure_ApiController_Should_Return_Forbidden_WhenNotAuthorized() - // { - // _memberManagerMock.Setup(x => x.IsLoggedIn()).Returns(true); - // _memberManagerMock.Setup(x => x.IsMemberAuthorizedAsync( - // It.IsAny>(), - // It.IsAny>(), - // It.IsAny>())) - // .ReturnsAsync(false); - // - // var url = PrepareApiControllerUrl(x => x.Secure()); - // - // var response = await Client.GetAsync(url); - // - // Assert.AreEqual(HttpStatusCode.Forbidden, response.StatusCode); - // } + var response = await Client.GetAsync(url); + + Assert.AreEqual(HttpStatusCode.Unauthorized, response.StatusCode); + } + + [Test] + [LongRunning] + public async Task Secure_ApiController_Should_Return_Forbidden_WhenNotAuthorized() + { + _memberManagerMock.Setup(x => x.IsLoggedIn()).Returns(true); + _memberManagerMock.Setup(x => x.IsMemberAuthorizedAsync( + It.IsAny>(), + It.IsAny>(), + It.IsAny>())) + .ReturnsAsync(false); + + var url = PrepareApiControllerUrl(x => x.Secure()); + + var response = await Client.GetAsync(url); + + Assert.AreEqual(HttpStatusCode.Forbidden, response.StatusCode); + } } public class TestSurfaceController : SurfaceController