yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed attribute filtering when no items should be filtered

Browse Source
This commit is contained in:
perploug
2013-11-20 10:24:35 +01:00
parent e1108ce65b
commit 26f79e1010
2 changed files with 43 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingContentAttribute.cs
View File

@@ -47,40 +47,44 @@ namespace Umbraco.Web.WebApi.Filters
internal void FilterBasedOnPermissions(IList items, IUser user, IUserService userService)
{
var length = items.Count;
var ids = new List<int>();
for (var i = 0; i < length; i++)
{
ids.Add(((dynamic)items[i]).Id);
}
//get all the permissions for these nodes in one call
var permissions = userService.GetPermissions(user, ids.ToArray()).ToArray();
var toRemove = new List<dynamic>();
foreach(dynamic item in items)
{
var nodePermission = permissions.Where(x => x.EntityId == Convert.ToInt32(item.Id)).ToArray();
//if there are no permissions for this id then we need to check what the user's default
// permissions are.
if (nodePermission.Any() == false)
{
//var defaultP = user.DefaultPermissions
toRemove.Add(item);
}
else
if (length > 0)
{
var ids = new List<int>();
for (var i = 0; i < length; i++)
{
foreach (var n in nodePermission)
ids.Add(((dynamic)items[i]).Id);
}
//get all the permissions for these nodes in one call
var permissions = userService.GetPermissions(user, ids.ToArray()).ToArray();
var toRemove = new List<dynamic>();
foreach (dynamic item in items)
{
var nodePermission = permissions.Where(x => x.EntityId == Convert.ToInt32(item.Id)).ToArray();
//if there are no permissions for this id then we need to check what the user's default
// permissions are.
if (nodePermission.Any() == false)
{
//if the permission being checked doesn't exist then remove the item
if (n.AssignedPermissions.Contains(_permissionToCheck.ToString(CultureInfo.InvariantCulture)) == false)
//var defaultP = user.DefaultPermissions
toRemove.Add(item);
}
else
{
foreach (var n in nodePermission)
{
toRemove.Add(item);
//if the permission being checked doesn't exist then remove the item
if (n.AssignedPermissions.Contains(_permissionToCheck.ToString(CultureInfo.InvariantCulture)) == false)
{
toRemove.Add(item);
}
}
}
}
}
foreach (var item in toRemove)
{
items.Remove(item);
foreach (var item in toRemove)
{
items.Remove(item);
}
}
}

21
src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingMediaAttribute.cs
View File

@@ -74,19 +74,22 @@ namespace Umbraco.Web.WebApi.Filters
internal void FilterBasedOnStartNode(IList items, IUser user)
{
var toRemove = new List<dynamic>();
foreach (dynamic item in items)
if (items.Count > 0)
{
var hasPathAccess = (item != null && UserExtensions.HasPathAccess(item.Path, user.StartContentId, Constants.System.RecycleBinContent));
if (!hasPathAccess)
var toRemove = new List<dynamic>();
foreach (dynamic item in items)
{
toRemove.Add(item);
var hasPathAccess = (item != null && UserExtensions.HasPathAccess(item.Path, user.StartContentId, Constants.System.RecycleBinContent));
if (!hasPathAccess)
{
toRemove.Add(item);
}
}
}
foreach (var item in toRemove)
{
items.Remove(item);
foreach (var item in toRemove)
{
items.Remove(item);
}
}
}