From 3169b52bf4af2c4c74155a5dd24283b6fcada4c3 Mon Sep 17 00:00:00 2001 From: Shannon Date: Fri, 9 Aug 2013 13:45:57 +1000 Subject: [PATCH] Updates more of WebSecurity to use the new user api. --- src/Umbraco.Web/Security/WebSecurity.cs | 22 +++++++++++++------ .../UmbracoApplicationAuthorizeAttribute.cs | 4 ++-- src/umbraco.businesslogic/User.cs | 1 + 3 files changed, 18 insertions(+), 9 deletions(-) diff --git a/src/Umbraco.Web/Security/WebSecurity.cs b/src/Umbraco.Web/Security/WebSecurity.cs index 4f2dbded74..8680f75db6 100644 --- a/src/Umbraco.Web/Security/WebSecurity.cs +++ b/src/Umbraco.Web/Security/WebSecurity.cs @@ -291,10 +291,10 @@ namespace Umbraco.Web.Security { if (ticket.Expired == false) { - var user = User.GetUser(GetUserId()); + var user = CurrentUser; // Check for console access - if (user.Disabled || (user.NoConsole && GlobalSettings.RequestIsInUmbracoApplication(_httpContext) && GlobalSettings.RequestIsLiveEditRedirector(_httpContext) == false)) + if (user.IsLockedOut || (user.NoConsole && GlobalSettings.RequestIsInUmbracoApplication(_httpContext) && GlobalSettings.RequestIsLiveEditRedirector(_httpContext) == false)) { if (throwExceptions) throw new ArgumentException("You have no priviledges to the umbraco console. Please contact your administrator"); return ValidateRequestAttempt.FailedNoPrivileges; @@ -332,6 +332,13 @@ namespace Umbraco.Web.Security /// /// /// + internal bool UserHasAppAccess(string app, IUser user) + { + var apps = _applicationContext.Services.UserService.GetUserSections(user); + return apps.Any(uApp => uApp.InvariantEquals(app)); + } + + [Obsolete("Do not use this method if you don't have to, use the overload with IUser instead")] internal bool UserHasAppAccess(string app, User user) { return user.Applications.Any(uApp => uApp.alias == app); @@ -345,11 +352,12 @@ namespace Umbraco.Web.Security /// internal bool UserHasAppAccess(string app, string username) { - var uid = User.getUserId(username); - if (uid < 0) return false; - var usr = User.GetUser(uid); - if (usr == null) return false; - return UserHasAppAccess(app, usr); + var user = _applicationContext.Services.UserService.GetUserByUserName(username); + if (user == null) + { + return false; + } + return UserHasAppAccess(app, user); } [Obsolete("This is no longer used at all, it will always return a new GUID though if a user is logged in")] diff --git a/src/Umbraco.Web/WebApi/Filters/UmbracoApplicationAuthorizeAttribute.cs b/src/Umbraco.Web/WebApi/Filters/UmbracoApplicationAuthorizeAttribute.cs index 77a4fe523e..504d2c4a5a 100644 --- a/src/Umbraco.Web/WebApi/Filters/UmbracoApplicationAuthorizeAttribute.cs +++ b/src/Umbraco.Web/WebApi/Filters/UmbracoApplicationAuthorizeAttribute.cs @@ -27,8 +27,8 @@ namespace Umbraco.Web.WebApi.Filters return true; } - return UmbracoContext.Current.UmbracoUser != null - && UmbracoContext.Current.Security.UserHasAppAccess(_appName, UmbracoContext.Current.UmbracoUser); + return UmbracoContext.Current.Security.CurrentUser != null + && UmbracoContext.Current.Security.UserHasAppAccess(_appName, UmbracoContext.Current.Security.CurrentUser); } } } \ No newline at end of file diff --git a/src/umbraco.businesslogic/User.cs b/src/umbraco.businesslogic/User.cs index f49af6ff1d..331df00e48 100644 --- a/src/umbraco.businesslogic/User.cs +++ b/src/umbraco.businesslogic/User.cs @@ -945,6 +945,7 @@ namespace umbraco.BusinessLogic /// /// The id. /// + [Obsolete("The legacy user object should no longer be used, use the WebSecurity class to access the current user or the UserService to retreive a user by id")] public static User GetUser(int id) { return ApplicationContext.Current.ApplicationCache.GetCacheItem(