diff --git a/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingContentAttribute.cs b/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingContentAttribute.cs index fd3994a084..3feb3b682a 100644 --- a/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingContentAttribute.cs +++ b/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingContentAttribute.cs @@ -44,6 +44,16 @@ namespace Umbraco.Web.WebApi.Filters FilterBasedOnPermissions(items, user, ApplicationContext.Current.Services.UserService); } + protected override int GetUserStartNode(IUser user) + { + return user.StartContentId; + } + + protected override int RecycleBinId + { + get { return Constants.System.RecycleBinContent; } + } + internal void FilterBasedOnPermissions(IList items, IUser user, IUserService userService) { var length = items.Count; diff --git a/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingMediaAttribute.cs b/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingMediaAttribute.cs index 0e1563909c..bc67e46207 100644 --- a/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingMediaAttribute.cs +++ b/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingMediaAttribute.cs @@ -39,6 +39,16 @@ namespace Umbraco.Web.WebApi.Filters get { return true; } } + protected virtual int GetUserStartNode(IUser user) + { + return user.StartMediaId; + } + + protected virtual int RecycleBinId + { + get { return Constants.System.RecycleBinMedia; } + } + public override void OnActionExecuted(HttpActionExecutedContext actionExecutedContext) { var user = UmbracoContext.Current.Security.CurrentUser; @@ -77,7 +87,7 @@ namespace Umbraco.Web.WebApi.Filters var toRemove = new List(); foreach (dynamic item in items) { - var hasPathAccess = (item != null && UserExtensions.HasPathAccess(item.Path, user.StartMediaId, Constants.System.RecycleBinMedia)); + var hasPathAccess = (item != null && UserExtensions.HasPathAccess(item.Path, GetUserStartNode(user), RecycleBinId)); if (!hasPathAccess) { toRemove.Add(item);