Added runtime compilation of views

src/Umbraco.Web.BackOffice/Controllers/MacrosController.cs

@@ -26,7 +26,7 @@ namespace Umbraco.Web.BackOffice.Controllers
     /// The API controller used for editing dictionary items
     /// </summary>
     [PluginController("UmbracoApi")]
-   // [UmbracoTreeAuthorize(Constants.Trees.Macros)]
+    [UmbracoTreeAuthorize(Constants.Trees.Macros)]
     public class MacrosController : BackOfficeNotificationsController
     {
         private readonly ParameterEditorCollection _parameterEditorCollection;

src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedApiController.cs

@@ -15,7 +15,7 @@ namespace Umbraco.Web.BackOffice.Controllers
     /// </remarks>
     [IsBackOffice]
     //[UmbracoUserTimeoutFilter] //TODO reintroduce
-    //[UmbracoAuthorize]
+    [UmbracoAuthorize]
     [DisableBrowserCache]
     [UmbracoWebApiRequireHttps]
     //[CheckIfUserTicketDataIsStale] //TODO reintroduce

src/Umbraco.Web.BackOffice/Controllers/UmbracoAuthorizedJsonController.cs

@@ -12,7 +12,7 @@ namespace Umbraco.Web.BackOffice.Controllers
     /// Inheriting from this controller means that ALL of your methods are JSON methods that are called by Angular,
     /// methods that are not called by Angular or don't contain a valid csrf header will NOT work.
     /// </remarks>
-    //[TypeFilter(typeof(ValidateAngularAntiForgeryTokenAttribute))]
+    [TypeFilter(typeof(ValidateAngularAntiForgeryTokenAttribute))]
     [TypeFilter(typeof(AngularJsonOnlyConfigurationAttribute))] // TODO: This could be applied with our Application Model conventions
     public abstract class UmbracoAuthorizedJsonController : UmbracoAuthorizedApiController
     {