From 3fa0f89dd18358ebf4bac85fff932f76a1d7772d Mon Sep 17 00:00:00 2001
From: Shannon <sdeminick@gmail.com>
Date: Tue, 15 Dec 2015 14:42:48 +0100
Subject: [PATCH] U4-7134 New content type editor requires CRUD access to data
 types

---
 src/Umbraco.Web/Editors/DataTypeController.cs | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/Umbraco.Web/Editors/DataTypeController.cs b/src/Umbraco.Web/Editors/DataTypeController.cs
index f0554501b5..1336166c2c 100644
--- a/src/Umbraco.Web/Editors/DataTypeController.cs
+++ b/src/Umbraco.Web/Editors/DataTypeController.cs
@@ -27,11 +27,11 @@ namespace Umbraco.Web.Editors
     /// The API controller used for editing data types
     /// </summary>
     /// <remarks>
-    /// This controller is decorated with the UmbracoApplicationAuthorizeAttribute which means that any user requesting
-    /// access to ALL of the methods on this controller will need access to the developer application.
+    /// The security for this controller is defined to allow full CRUD access to data types if the user has access to either:
+    /// Content Types, Member Types or Media Types ... and of course to Data Types
     /// </remarks>
     [PluginController("UmbracoApi")]
-    [UmbracoTreeAuthorize(Constants.Trees.DataTypes)]
+    [UmbracoTreeAuthorize(Constants.Trees.DataTypes, Constants.Trees.DocumentTypes, Constants.Trees.MediaTypes, Constants.Trees.MemberTypes)]
     [EnableOverrideAuthorization]
     public class DataTypeController : UmbracoAuthorizedJsonController
     {
@@ -76,7 +76,7 @@ namespace Umbraco.Web.Editors
                 throw new HttpResponseException(HttpStatusCode.NotFound);
             }
             
-            Services.DataTypeService.Delete(foundType, UmbracoUser.Id);
+            Services.DataTypeService.Delete(foundType, Security.CurrentUser.Id);
 
             return Request.CreateResponse(HttpStatusCode.OK);
         }