diff --git a/src/Umbraco.Web/Security/WebSecurity.cs b/src/Umbraco.Web/Security/WebSecurity.cs
index 4f2dbded74..8680f75db6 100644
--- a/src/Umbraco.Web/Security/WebSecurity.cs
+++ b/src/Umbraco.Web/Security/WebSecurity.cs
@@ -291,10 +291,10 @@ namespace Umbraco.Web.Security
{
if (ticket.Expired == false)
{
- var user = User.GetUser(GetUserId());
+ var user = CurrentUser;
// Check for console access
- if (user.Disabled || (user.NoConsole && GlobalSettings.RequestIsInUmbracoApplication(_httpContext) && GlobalSettings.RequestIsLiveEditRedirector(_httpContext) == false))
+ if (user.IsLockedOut || (user.NoConsole && GlobalSettings.RequestIsInUmbracoApplication(_httpContext) && GlobalSettings.RequestIsLiveEditRedirector(_httpContext) == false))
{
if (throwExceptions) throw new ArgumentException("You have no priviledges to the umbraco console. Please contact your administrator");
return ValidateRequestAttempt.FailedNoPrivileges;
@@ -332,6 +332,13 @@ namespace Umbraco.Web.Security
///
///
///
+ internal bool UserHasAppAccess(string app, IUser user)
+ {
+ var apps = _applicationContext.Services.UserService.GetUserSections(user);
+ return apps.Any(uApp => uApp.InvariantEquals(app));
+ }
+
+ [Obsolete("Do not use this method if you don't have to, use the overload with IUser instead")]
internal bool UserHasAppAccess(string app, User user)
{
return user.Applications.Any(uApp => uApp.alias == app);
@@ -345,11 +352,12 @@ namespace Umbraco.Web.Security
///
internal bool UserHasAppAccess(string app, string username)
{
- var uid = User.getUserId(username);
- if (uid < 0) return false;
- var usr = User.GetUser(uid);
- if (usr == null) return false;
- return UserHasAppAccess(app, usr);
+ var user = _applicationContext.Services.UserService.GetUserByUserName(username);
+ if (user == null)
+ {
+ return false;
+ }
+ return UserHasAppAccess(app, user);
}
[Obsolete("This is no longer used at all, it will always return a new GUID though if a user is logged in")]
diff --git a/src/Umbraco.Web/WebApi/Filters/UmbracoApplicationAuthorizeAttribute.cs b/src/Umbraco.Web/WebApi/Filters/UmbracoApplicationAuthorizeAttribute.cs
index 77a4fe523e..504d2c4a5a 100644
--- a/src/Umbraco.Web/WebApi/Filters/UmbracoApplicationAuthorizeAttribute.cs
+++ b/src/Umbraco.Web/WebApi/Filters/UmbracoApplicationAuthorizeAttribute.cs
@@ -27,8 +27,8 @@ namespace Umbraco.Web.WebApi.Filters
return true;
}
- return UmbracoContext.Current.UmbracoUser != null
- && UmbracoContext.Current.Security.UserHasAppAccess(_appName, UmbracoContext.Current.UmbracoUser);
+ return UmbracoContext.Current.Security.CurrentUser != null
+ && UmbracoContext.Current.Security.UserHasAppAccess(_appName, UmbracoContext.Current.Security.CurrentUser);
}
}
}
\ No newline at end of file
diff --git a/src/umbraco.businesslogic/User.cs b/src/umbraco.businesslogic/User.cs
index f49af6ff1d..331df00e48 100644
--- a/src/umbraco.businesslogic/User.cs
+++ b/src/umbraco.businesslogic/User.cs
@@ -945,6 +945,7 @@ namespace umbraco.BusinessLogic
///
/// The id.
///
+ [Obsolete("The legacy user object should no longer be used, use the WebSecurity class to access the current user or the UserService to retreive a user by id")]
public static User GetUser(int id)
{
return ApplicationContext.Current.ApplicationCache.GetCacheItem(