Updates more of WebSecurity to use the new user api.

2013-08-09 13:45:57 +10:00
parent 0228d745f9
commit 3169b52bf4
3 changed files with 18 additions and 9 deletions
--- a/src/Umbraco.Web/Security/WebSecurity.cs
+++ b/src/Umbraco.Web/Security/WebSecurity.cs
@@ -291,10 +291,10 @@ namespace Umbraco.Web.Security
            {
                if (ticket.Expired == false)
                {
-                    var user = User.GetUser(GetUserId());
+                    var user = CurrentUser;

                    // Check for console access
-                    if (user.Disabled || (user.NoConsole && GlobalSettings.RequestIsInUmbracoApplication(_httpContext) && GlobalSettings.RequestIsLiveEditRedirector(_httpContext) == false))
+                    if (user.IsLockedOut || (user.NoConsole && GlobalSettings.RequestIsInUmbracoApplication(_httpContext) && GlobalSettings.RequestIsLiveEditRedirector(_httpContext) == false))
                    {
                        if (throwExceptions) throw new ArgumentException("You have no priviledges to the umbraco console. Please contact your administrator");
                        return ValidateRequestAttempt.FailedNoPrivileges;
@@ -332,6 +332,13 @@ namespace Umbraco.Web.Security
        /// <param name="app"></param>
        /// <param name="user"></param>
        /// <returns></returns>
+        internal bool UserHasAppAccess(string app, IUser user)
+        {
+            var apps = _applicationContext.Services.UserService.GetUserSections(user);
+            return apps.Any(uApp => uApp.InvariantEquals(app));
+        }
+
+        [Obsolete("Do not use this method if you don't have to, use the overload with IUser instead")]
        internal bool UserHasAppAccess(string app, User user)
        {
            return user.Applications.Any(uApp => uApp.alias == app);
@@ -345,11 +352,12 @@ namespace Umbraco.Web.Security
        /// <returns></returns>
        internal bool UserHasAppAccess(string app, string username)
        {
-            var uid = User.getUserId(username);
-            if (uid < 0) return false;
-            var usr = User.GetUser(uid);
-            if (usr == null) return false;
-            return UserHasAppAccess(app, usr);
+            var user = _applicationContext.Services.UserService.GetUserByUserName(username);
+            if (user == null)
+            {
+                return false;
+            }
+            return UserHasAppAccess(app, user);
        }

        [Obsolete("This is no longer used at all, it will always return a new GUID though if a user is logged in")]
--- a/src/Umbraco.Web/WebApi/Filters/UmbracoApplicationAuthorizeAttribute.cs
+++ b/src/Umbraco.Web/WebApi/Filters/UmbracoApplicationAuthorizeAttribute.cs
@@ -27,8 +27,8 @@ namespace Umbraco.Web.WebApi.Filters
                return true;
            }

-            return UmbracoContext.Current.UmbracoUser != null 
-                && UmbracoContext.Current.Security.UserHasAppAccess(_appName, UmbracoContext.Current.UmbracoUser);
+            return UmbracoContext.Current.Security.CurrentUser != null 
+                && UmbracoContext.Current.Security.UserHasAppAccess(_appName, UmbracoContext.Current.Security.CurrentUser);
        }
    }
 }
--- a/src/umbraco.businesslogic/User.cs
+++ b/src/umbraco.businesslogic/User.cs
@@ -945,6 +945,7 @@ namespace umbraco.BusinessLogic
        /// </summary>
        /// <param name="id">The id.</param>
        /// <returns></returns>
+        [Obsolete("The legacy user object should no longer be used, use the WebSecurity class to access the current user or the UserService to retreive a user by id")]
        public static User GetUser(int id)
        {
            return ApplicationContext.Current.ApplicationCache.GetCacheItem(