From 26f79e1010243eeb7ed82f67c930d7d0cb320eea Mon Sep 17 00:00:00 2001 From: perploug Date: Wed, 20 Nov 2013 10:24:35 +0100 Subject: [PATCH] Fixed attribute filtering when no items should be filtered --- .../FilterAllowedOutgoingContentAttribute.cs | 58 ++++++++++--------- .../FilterAllowedOutgoingMediaAttribute.cs | 21 ++++--- 2 files changed, 43 insertions(+), 36 deletions(-) diff --git a/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingContentAttribute.cs b/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingContentAttribute.cs index 354313517e..fd3994a084 100644 --- a/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingContentAttribute.cs +++ b/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingContentAttribute.cs @@ -47,40 +47,44 @@ namespace Umbraco.Web.WebApi.Filters internal void FilterBasedOnPermissions(IList items, IUser user, IUserService userService) { var length = items.Count; - var ids = new List(); - for (var i = 0; i < length; i++) - { - ids.Add(((dynamic)items[i]).Id); - } - //get all the permissions for these nodes in one call - var permissions = userService.GetPermissions(user, ids.ToArray()).ToArray(); - var toRemove = new List(); - foreach(dynamic item in items) - { - var nodePermission = permissions.Where(x => x.EntityId == Convert.ToInt32(item.Id)).ToArray(); - //if there are no permissions for this id then we need to check what the user's default - // permissions are. - if (nodePermission.Any() == false) - { - //var defaultP = user.DefaultPermissions - toRemove.Add(item); - } - else + if (length > 0) + { + var ids = new List(); + for (var i = 0; i < length; i++) { - foreach (var n in nodePermission) + ids.Add(((dynamic)items[i]).Id); + } + //get all the permissions for these nodes in one call + var permissions = userService.GetPermissions(user, ids.ToArray()).ToArray(); + var toRemove = new List(); + foreach (dynamic item in items) + { + var nodePermission = permissions.Where(x => x.EntityId == Convert.ToInt32(item.Id)).ToArray(); + //if there are no permissions for this id then we need to check what the user's default + // permissions are. + if (nodePermission.Any() == false) { - //if the permission being checked doesn't exist then remove the item - if (n.AssignedPermissions.Contains(_permissionToCheck.ToString(CultureInfo.InvariantCulture)) == false) + //var defaultP = user.DefaultPermissions + + toRemove.Add(item); + } + else + { + foreach (var n in nodePermission) { - toRemove.Add(item); + //if the permission being checked doesn't exist then remove the item + if (n.AssignedPermissions.Contains(_permissionToCheck.ToString(CultureInfo.InvariantCulture)) == false) + { + toRemove.Add(item); + } } } } - } - foreach (var item in toRemove) - { - items.Remove(item); + foreach (var item in toRemove) + { + items.Remove(item); + } } } diff --git a/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingMediaAttribute.cs b/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingMediaAttribute.cs index b72662e224..87947c54e1 100644 --- a/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingMediaAttribute.cs +++ b/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingMediaAttribute.cs @@ -74,19 +74,22 @@ namespace Umbraco.Web.WebApi.Filters internal void FilterBasedOnStartNode(IList items, IUser user) { - var toRemove = new List(); - foreach (dynamic item in items) + if (items.Count > 0) { - var hasPathAccess = (item != null && UserExtensions.HasPathAccess(item.Path, user.StartContentId, Constants.System.RecycleBinContent)); - if (!hasPathAccess) + var toRemove = new List(); + foreach (dynamic item in items) { - toRemove.Add(item); + var hasPathAccess = (item != null && UserExtensions.HasPathAccess(item.Path, user.StartContentId, Constants.System.RecycleBinContent)); + if (!hasPathAccess) + { + toRemove.Add(item); + } } - } - foreach (var item in toRemove) - { - items.Remove(item); + foreach (var item in toRemove) + { + items.Remove(item); + } } }