From 42fba97af9b1a88d5b95005f969079d6a6f20276 Mon Sep 17 00:00:00 2001 From: Elitsa Marinovska Date: Thu, 4 Jun 2020 13:53:06 +0200 Subject: [PATCH] Removing the need of requesting umbracoContext to get the web security service --- .../Mapping/MemberTabsAndPropertiesMapper.cs | 17 ++++++------- .../Controllers/AuthenticationController.cs | 12 ++++------ .../Controllers/LogController.cs | 18 ++++---------- .../Controllers/PackageController.cs | 12 ++++------ .../Controllers/PackageInstallController.cs | 24 +++++++------------ .../RedirectUrlManagementController.cs | 13 +++++----- .../AppendUserModifiedHeaderAttribute.cs | 5 ++-- .../UmbracoApplicationAuthorizeAttribute.cs | 20 +++++++--------- .../Filters/UmbracoTreeAuthorizeAttribute.cs | 21 ++++++++-------- 9 files changed, 59 insertions(+), 83 deletions(-) diff --git a/src/Umbraco.Infrastructure/Models/Mapping/MemberTabsAndPropertiesMapper.cs b/src/Umbraco.Infrastructure/Models/Mapping/MemberTabsAndPropertiesMapper.cs index 2cb226bec2..9045be20aa 100644 --- a/src/Umbraco.Infrastructure/Models/Mapping/MemberTabsAndPropertiesMapper.cs +++ b/src/Umbraco.Infrastructure/Models/Mapping/MemberTabsAndPropertiesMapper.cs @@ -9,6 +9,7 @@ using Umbraco.Web.Models.ContentEditing; using Umbraco.Core.Dictionary; using Umbraco.Core.Configuration; using Umbraco.Core.PropertyEditors; +using Umbraco.Web.Security; namespace Umbraco.Web.Models.Mapping { @@ -22,7 +23,7 @@ namespace Umbraco.Web.Models.Mapping /// public class MemberTabsAndPropertiesMapper : TabsAndPropertiesMapper { - private readonly IUmbracoContextAccessor _umbracoContextAccessor; + private readonly IWebSecurity _webSecurity; private readonly ILocalizedTextService _localizedTextService; private readonly IMemberTypeService _memberTypeService; private readonly IMemberService _memberService; @@ -31,7 +32,7 @@ namespace Umbraco.Web.Models.Mapping private readonly PropertyEditorCollection _propertyEditorCollection; public MemberTabsAndPropertiesMapper(ICultureDictionary cultureDictionary, - IUmbracoContextAccessor umbracoContextAccessor, + IWebSecurity webSecurity, ILocalizedTextService localizedTextService, IMemberTypeService memberTypeService, IMemberService memberService, @@ -41,7 +42,7 @@ namespace Umbraco.Web.Models.Mapping PropertyEditorCollection propertyEditorCollection) : base(cultureDictionary, localizedTextService, contentTypeBaseServiceProvider) { - _umbracoContextAccessor = umbracoContextAccessor ?? throw new ArgumentNullException(nameof(umbracoContextAccessor)); + _webSecurity = webSecurity ?? throw new ArgumentNullException(nameof(webSecurity)); _localizedTextService = localizedTextService ?? throw new ArgumentNullException(nameof(localizedTextService)); _memberTypeService = memberTypeService ?? throw new ArgumentNullException(nameof(memberTypeService)); _memberService = memberService ?? throw new ArgumentNullException(nameof(memberService)); @@ -74,10 +75,8 @@ namespace Umbraco.Web.Models.Mapping isLockedOutProperty.Value = _localizedTextService.Localize("general/no"); } - var umbracoContext = _umbracoContextAccessor.UmbracoContext; - if (umbracoContext != null - && umbracoContext.Security.CurrentUser != null - && umbracoContext.Security.CurrentUser.AllowedSections.Any(x => x.Equals(Constants.Applications.Settings))) + if (_webSecurity.CurrentUser != null + && _webSecurity.CurrentUser.AllowedSections.Any(x => x.Equals(Constants.Applications.Settings))) { var memberTypeLink = string.Format("#/member/memberTypes/edit/{0}", source.ContentTypeId); @@ -185,15 +184,13 @@ namespace Umbraco.Web.Models.Mapping var member = (IMember)content; var memberType = _memberTypeService.Get(member.ContentTypeId); - var umbracoContext = _umbracoContextAccessor.UmbracoContext; - // now update the IsSensitive value foreach (var prop in result) { // check if this property is flagged as sensitive var isSensitiveProperty = memberType.IsSensitiveProperty(prop.Alias); // check permissions for viewing sensitive data - if (isSensitiveProperty && (umbracoContext == null || umbracoContext.Security.CurrentUser.HasAccessToSensitiveData() == false)) + if (isSensitiveProperty && (_webSecurity.CurrentUser.HasAccessToSensitiveData() == false)) { // mark this property as sensitive prop.IsSensitive = true; diff --git a/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs b/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs index 3a3c936cbe..3b2d51bfdf 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/AuthenticationController.cs @@ -1,10 +1,7 @@ using Microsoft.AspNetCore.Mvc; using System; using System.Net; -using System.Security.Claims; -using System.Security.Principal; using System.Threading.Tasks; -using Umbraco.Core; using Umbraco.Core.BackOffice; using Umbraco.Core.Configuration; using Umbraco.Core.Mapping; @@ -29,7 +26,7 @@ namespace Umbraco.Web.BackOffice.Controllers [IsBackOffice] // TODO: This could be applied with our Application Model conventions public class AuthenticationController : UmbracoApiControllerBase { - private readonly IUmbracoContextAccessor _umbracoContextAccessor; + private readonly IWebSecurity _webSecurity; private readonly BackOfficeUserManager _userManager; private readonly BackOfficeSignInManager _signInManager; private readonly IUserService _userService; @@ -40,14 +37,14 @@ namespace Umbraco.Web.BackOffice.Controllers // TODO: We need to review all _userManager.Raise calls since many/most should be on the usermanager or signinmanager, very few should be here public AuthenticationController( - IUmbracoContextAccessor umbracoContextAccessor, + IWebSecurity webSecurity, BackOfficeUserManager backOfficeUserManager, BackOfficeSignInManager signInManager, IUserService userService, UmbracoMapper umbracoMapper, IGlobalSettings globalSettings) { - _umbracoContextAccessor = umbracoContextAccessor; + _webSecurity = webSecurity; _userManager = backOfficeUserManager; _signInManager = signInManager; _userService = userService; @@ -62,8 +59,7 @@ namespace Umbraco.Web.BackOffice.Controllers [HttpGet] public bool IsAuthenticated() { - var umbracoContext = _umbracoContextAccessor.GetRequiredUmbracoContext(); - var attempt = umbracoContext.Security.AuthorizeRequest(); + var attempt = _webSecurity.AuthorizeRequest(); if (attempt == ValidateRequestAttempt.Success) { return true; diff --git a/src/Umbraco.Web.BackOffice/Controllers/LogController.cs b/src/Umbraco.Web.BackOffice/Controllers/LogController.cs index 9bc2be8a39..97dc74ac31 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/LogController.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/LogController.cs @@ -1,25 +1,18 @@ using System; using System.Collections.Generic; using System.Linq; -using Microsoft.AspNetCore.Mvc; using Umbraco.Core; using Umbraco.Core.Cache; -using Umbraco.Core.Configuration; using Umbraco.Core.IO; -using Umbraco.Core.Logging; using Umbraco.Core.Mapping; using Umbraco.Core.Media; using Umbraco.Core.Models; using Umbraco.Core.Persistence; using Umbraco.Core.Services; -using Umbraco.Core.Strings; using Umbraco.Web.BackOffice.Filters; using Umbraco.Web.Common.Attributes; -using Umbraco.Web.Editors; using Umbraco.Web.Models.ContentEditing; -using Umbraco.Web.Mvc; -using Umbraco.Web.Routing; -using Umbraco.Web.WebApi.Filters; +using Umbraco.Web.Security; namespace Umbraco.Web.BackOffice.Controllers { @@ -33,7 +26,7 @@ namespace Umbraco.Web.BackOffice.Controllers private readonly IImageUrlGenerator _imageUrlGenerator; private readonly IAuditService _auditService; private readonly UmbracoMapper _umbracoMapper; - private readonly IUmbracoContextAccessor _umbracoContextAccessor; + private readonly IWebSecurity _webSecurity; private readonly IUserService _userService; private readonly AppCaches _appCaches; private readonly ISqlContext _sqlContext; @@ -43,7 +36,7 @@ namespace Umbraco.Web.BackOffice.Controllers IImageUrlGenerator imageUrlGenerator, IAuditService auditService, UmbracoMapper umbracoMapper, - IUmbracoContextAccessor umbracoContextAccessor, + IWebSecurity webSecurity, IUserService userService, AppCaches appCaches, ISqlContext sqlContext) @@ -52,7 +45,7 @@ namespace Umbraco.Web.BackOffice.Controllers _imageUrlGenerator = imageUrlGenerator ?? throw new ArgumentNullException(nameof(imageUrlGenerator)); _auditService = auditService ?? throw new ArgumentNullException(nameof(auditService)); _umbracoMapper = umbracoMapper ?? throw new ArgumentNullException(nameof(umbracoMapper)); - _umbracoContextAccessor = umbracoContextAccessor ?? throw new ArgumentNullException(nameof(umbracoContextAccessor)); + _webSecurity = webSecurity ?? throw new ArgumentNullException(nameof(webSecurity)); _userService = userService ?? throw new ArgumentNullException(nameof(userService)); _appCaches = appCaches ?? throw new ArgumentNullException(nameof(appCaches)); _sqlContext = sqlContext ?? throw new ArgumentNullException(nameof(sqlContext)); @@ -95,9 +88,8 @@ namespace Umbraco.Web.BackOffice.Controllers } long totalRecords; - var umbracoContext = _umbracoContextAccessor.GetRequiredUmbracoContext(); var dateQuery = sinceDate.HasValue ? _sqlContext.Query().Where(x => x.CreateDate >= sinceDate) : null; - var userId = umbracoContext.Security.GetUserId().ResultOr(0); + var userId = _webSecurity.GetUserId().ResultOr(0); var result = _auditService.GetPagedItemsByUser(userId, pageNumber - 1, pageSize, out totalRecords, orderDirection, customFilter:dateQuery); var mapped = _umbracoMapper.MapEnumerable(result); return new PagedResult(totalRecords, pageNumber, pageSize) diff --git a/src/Umbraco.Web.BackOffice/Controllers/PackageController.cs b/src/Umbraco.Web.BackOffice/Controllers/PackageController.cs index 23ba2e5771..8994046cb2 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/PackageController.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/PackageController.cs @@ -10,13 +10,12 @@ using Microsoft.Net.Http.Headers; using Semver; using Umbraco.Core; using Umbraco.Core.Hosting; -using Umbraco.Core.IO; using Umbraco.Core.Models.Packaging; using Umbraco.Core.Services; using Umbraco.Web.BackOffice.Filters; using Umbraco.Web.Common.Attributes; using Umbraco.Web.Common.Exceptions; -using Umbraco.Web.Editors; +using Umbraco.Web.Security; namespace Umbraco.Web.BackOffice.Controllers { @@ -29,16 +28,16 @@ namespace Umbraco.Web.BackOffice.Controllers { private readonly IHostingEnvironment _hostingEnvironment; private readonly IPackagingService _packagingService; - private readonly IUmbracoContextAccessor _umbracoContextAccessor; + private readonly IWebSecurity _webSecurity; public PackageController( IHostingEnvironment hostingEnvironment, IPackagingService packagingService, - IUmbracoContextAccessor umbracoContextAccessor) + IWebSecurity webSecurity) { _hostingEnvironment = hostingEnvironment ?? throw new ArgumentNullException(nameof(hostingEnvironment)); _packagingService = packagingService ?? throw new ArgumentNullException(nameof(packagingService)); - _umbracoContextAccessor = umbracoContextAccessor ?? throw new ArgumentNullException(nameof(umbracoContextAccessor)); + _webSecurity = webSecurity ?? throw new ArgumentNullException(nameof(webSecurity)); } public IEnumerable GetCreatedPackages() @@ -92,8 +91,7 @@ namespace Umbraco.Web.BackOffice.Controllers [HttpDelete] public IActionResult DeleteCreatedPackage(int packageId) { - var umbracoContext = _umbracoContextAccessor.GetRequiredUmbracoContext(); - _packagingService.DeleteCreatedPackage(packageId, umbracoContext.Security.GetUserId().ResultOr(0)); + _packagingService.DeleteCreatedPackage(packageId, _webSecurity.GetUserId().ResultOr(0)); return Ok(); } diff --git a/src/Umbraco.Web.BackOffice/Controllers/PackageInstallController.cs b/src/Umbraco.Web.BackOffice/Controllers/PackageInstallController.cs index 5330d4466f..0216e6f09d 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/PackageInstallController.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/PackageInstallController.cs @@ -2,7 +2,6 @@ using System.Collections.Generic; using System.IO; using System.Linq; -using System.Net; using System.Threading.Tasks; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; @@ -11,7 +10,6 @@ using Umbraco.Core; using Umbraco.Core.Configuration; using Umbraco.Core.Hosting; using Umbraco.Core.Logging; -using Umbraco.Core.Models.Editors; using Umbraco.Core.Models.Packaging; using Umbraco.Net; using Umbraco.Core.Packaging; @@ -20,9 +18,9 @@ using Umbraco.Core.WebAssets; using Umbraco.Web.BackOffice.Filters; using Umbraco.Web.Common.Attributes; using Umbraco.Web.Common.Exceptions; -using Umbraco.Web.Editors; using Umbraco.Web.Models; using Umbraco.Web.Models.ContentEditing; +using Umbraco.Web.Security; namespace Umbraco.Web.BackOffice.Controllers { @@ -40,7 +38,7 @@ namespace Umbraco.Web.BackOffice.Controllers private readonly IRuntimeMinifier _runtimeMinifier; private readonly IPackagingService _packagingService; private readonly ILogger _logger; - private readonly IUmbracoContextAccessor _umbracoContextAccessor; + private readonly IWebSecurity _webSecurity; private readonly ILocalizedTextService _localizedTextService; public PackageInstallController( @@ -50,7 +48,7 @@ namespace Umbraco.Web.BackOffice.Controllers IRuntimeMinifier runtimeMinifier, IPackagingService packagingService, ILogger logger, - IUmbracoContextAccessor umbracoContextAccessor, + IWebSecurity webSecurity, ILocalizedTextService localizedTextService) { _umbracoVersion = umbracoVersion ?? throw new ArgumentNullException(nameof(umbracoVersion)); @@ -59,7 +57,7 @@ namespace Umbraco.Web.BackOffice.Controllers _runtimeMinifier = runtimeMinifier ?? throw new ArgumentNullException(nameof(runtimeMinifier)); _packagingService = packagingService ?? throw new ArgumentNullException(nameof(packagingService)); _logger = logger ?? throw new ArgumentNullException(nameof(logger)); - _umbracoContextAccessor = umbracoContextAccessor ?? throw new ArgumentNullException(nameof(umbracoContextAccessor)); + _webSecurity = webSecurity ?? throw new ArgumentNullException(nameof(webSecurity)); _localizedTextService = localizedTextService ?? throw new ArgumentNullException(nameof(localizedTextService)); } @@ -89,15 +87,14 @@ namespace Umbraco.Web.BackOffice.Controllers var package = _packagingService.GetInstalledPackageById(packageId); if (package == null) return NotFound(); - var umbracoContext = _umbracoContextAccessor.GetRequiredUmbracoContext(); - var summary = _packagingService.UninstallPackage(package.Name, umbracoContext.Security.GetUserId().ResultOr(0)); + var summary = _packagingService.UninstallPackage(package.Name, _webSecurity.GetUserId().ResultOr(0)); //now get all other packages by this name since we'll uninstall all versions foreach (var installed in _packagingService.GetAllInstalledPackages() .Where(x => x.Name == package.Name && x.Id != package.Id)) { //remove from the xml - _packagingService.DeleteInstalledPackage(installed.Id, umbracoContext.Security.GetUserId().ResultOr(0)); + _packagingService.DeleteInstalledPackage(installed.Id, _webSecurity.GetUserId().ResultOr(0)); } } catch (Exception ex) @@ -223,11 +220,10 @@ namespace Umbraco.Web.BackOffice.Controllers string fileName = packageGuid + ".umb"; if (System.IO.File.Exists(Path.Combine(_hostingEnvironment.MapPathContentRoot(Constants.SystemDirectories.Packages), fileName)) == false) { - var umbracoContext = _umbracoContextAccessor.GetRequiredUmbracoContext(); var packageFile = await _packagingService.FetchPackageFileAsync( Guid.Parse(packageGuid), _umbracoVersion.Current, - umbracoContext.Security.GetUserId().ResultOr(0)); + _webSecurity.GetUserId().ResultOr(0)); fileName = packageFile.Name; } @@ -314,8 +310,7 @@ namespace Umbraco.Web.BackOffice.Controllers if (definition == null) throw new InvalidOperationException("Not package definition found with id " + model.Id); var zipFile = new FileInfo(definition.PackagePath); - var umbracoContext = _umbracoContextAccessor.GetRequiredUmbracoContext(); - var installedFiles = _packagingService.InstallCompiledPackageFiles(definition, zipFile, umbracoContext.Security.GetUserId().ResultOr(0)); + var installedFiles = _packagingService.InstallCompiledPackageFiles(definition, zipFile, _webSecurity.GetUserId().ResultOr(0)); //set a restarting marker and reset the app pool _umbracoApplicationLifetime.Restart(); @@ -347,8 +342,7 @@ namespace Umbraco.Web.BackOffice.Controllers if (definition == null) throw new InvalidOperationException("Not package definition found with id " + model.Id); var zipFile = new FileInfo(definition.PackagePath); - var umbracoContext = _umbracoContextAccessor.GetRequiredUmbracoContext(); - var installSummary = _packagingService.InstallCompiledPackageData(definition, zipFile, umbracoContext.Security.GetUserId().ResultOr(0)); + var installSummary = _packagingService.InstallCompiledPackageData(definition, zipFile, _webSecurity.GetUserId().ResultOr(0)); return model; } diff --git a/src/Umbraco.Web.BackOffice/Controllers/RedirectUrlManagementController.cs b/src/Umbraco.Web.BackOffice/Controllers/RedirectUrlManagementController.cs index c749e85839..bee20f58e7 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/RedirectUrlManagementController.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/RedirectUrlManagementController.cs @@ -11,6 +11,7 @@ using Umbraco.Core.Hosting; using Umbraco.Core.Mapping; using Umbraco.Core.Services; using Umbraco.Web.Common.Attributes; +using Umbraco.Web.Security; namespace Umbraco.Web.BackOffice.Controllers { @@ -19,21 +20,21 @@ namespace Umbraco.Web.BackOffice.Controllers { private readonly ILogger _logger; private readonly IWebRoutingSettings _webRoutingSettings; - private readonly IUmbracoContextAccessor _umbracoContextAccessor; + private readonly IWebSecurity _webSecurity; private readonly IRedirectUrlService _redirectUrlService; private readonly UmbracoMapper _umbracoMapper; private readonly IHostingEnvironment _hostingEnvironment; public RedirectUrlManagementController(ILogger logger, IWebRoutingSettings webRoutingSettings, - IUmbracoContextAccessor umbracoContextAccessor, + IWebSecurity webSecurity, IRedirectUrlService redirectUrlService, UmbracoMapper umbracoMapper, IHostingEnvironment hostingEnvironment) { _logger = logger ?? throw new ArgumentNullException(nameof(logger)); _webRoutingSettings = webRoutingSettings ?? throw new ArgumentNullException(nameof(webRoutingSettings)); - _umbracoContextAccessor = umbracoContextAccessor ?? throw new ArgumentNullException(nameof(umbracoContextAccessor)); + _webSecurity = webSecurity ?? throw new ArgumentNullException(nameof(webSecurity)); _redirectUrlService = redirectUrlService ?? throw new ArgumentNullException(nameof(redirectUrlService)); _umbracoMapper = umbracoMapper ?? throw new ArgumentNullException(nameof(umbracoMapper)); _hostingEnvironment = hostingEnvironment ?? throw new ArgumentNullException(nameof(hostingEnvironment)); @@ -47,8 +48,7 @@ namespace Umbraco.Web.BackOffice.Controllers public IActionResult GetEnableState() { var enabled = _webRoutingSettings.DisableRedirectUrlTracking == false; - var umbracoContext = _umbracoContextAccessor.GetRequiredUmbracoContext(); - var userIsAdmin = umbracoContext.Security.CurrentUser.IsAdmin(); + var userIsAdmin = _webSecurity.CurrentUser.IsAdmin(); return Ok(new { enabled, userIsAdmin }); } @@ -104,8 +104,7 @@ namespace Umbraco.Web.BackOffice.Controllers [HttpPost] public IActionResult ToggleUrlTracker(bool disable) { - var umbracoContext = _umbracoContextAccessor.GetRequiredUmbracoContext(); - var userIsAdmin = umbracoContext.Security.CurrentUser.IsAdmin(); + var userIsAdmin = _webSecurity.CurrentUser.IsAdmin(); if (userIsAdmin == false) { var errorMessage = "User is not a member of the administrators group and so is not allowed to toggle the URL tracker"; diff --git a/src/Umbraco.Web.BackOffice/Filters/AppendUserModifiedHeaderAttribute.cs b/src/Umbraco.Web.BackOffice/Filters/AppendUserModifiedHeaderAttribute.cs index 50ef8cf906..6541d122ab 100644 --- a/src/Umbraco.Web.BackOffice/Filters/AppendUserModifiedHeaderAttribute.cs +++ b/src/Umbraco.Web.BackOffice/Filters/AppendUserModifiedHeaderAttribute.cs @@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Mvc.Filters; using Microsoft.Extensions.DependencyInjection; using Umbraco.Core; +using Umbraco.Web.Security; namespace Umbraco.Web.BackOffice.Filters { @@ -42,8 +43,8 @@ namespace Umbraco.Web.BackOffice.Filters throw new InvalidOperationException($"No argument found for the current action with the name: {_userIdParameter}"); } - var umbracoContextAccessor = context.HttpContext.RequestServices.GetService(); - var user = umbracoContextAccessor.UmbracoContext.Security.CurrentUser; + var webSecurity = context.HttpContext.RequestServices.GetService(); + var user = webSecurity.CurrentUser; if (user == null) { return; diff --git a/src/Umbraco.Web.BackOffice/Filters/UmbracoApplicationAuthorizeAttribute.cs b/src/Umbraco.Web.BackOffice/Filters/UmbracoApplicationAuthorizeAttribute.cs index 81e61af5bf..4465436e77 100644 --- a/src/Umbraco.Web.BackOffice/Filters/UmbracoApplicationAuthorizeAttribute.cs +++ b/src/Umbraco.Web.BackOffice/Filters/UmbracoApplicationAuthorizeAttribute.cs @@ -1,9 +1,7 @@ -using System; -using System.Linq; +using System.Linq; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.Filters; -using Microsoft.Extensions.DependencyInjection; -using Umbraco.Core; +using Umbraco.Web.Security; namespace Umbraco.Web.BackOffice.Filters { @@ -24,18 +22,19 @@ namespace Umbraco.Web.BackOffice.Filters /// internal static bool Enable = true; - private readonly IUmbracoContextAccessor _umbracoContextAccessor; + private readonly IWebSecurity _webSecurity; private readonly string[] _appNames; /// /// Constructor to set any number of applications that the user needs access to be authorized /// + /// /// /// If the user has access to any of the specified apps, they will be authorized. /// - public UmbracoApplicationAuthorizeFilter(IUmbracoContextAccessor umbracoContextAccessor, params string[] appName) + public UmbracoApplicationAuthorizeFilter(IWebSecurity webSecurity, params string[] appName) { - _umbracoContextAccessor = umbracoContextAccessor; + _webSecurity = webSecurity; _appNames = appName; } @@ -55,10 +54,9 @@ namespace Umbraco.Web.BackOffice.Filters return true; } - var umbracoContext = _umbracoContextAccessor.GetRequiredUmbracoContext(); - var authorized = umbracoContext.Security.CurrentUser != null - && _appNames.Any(app => umbracoContext.Security.UserHasSectionAccess( - app, umbracoContext.Security.CurrentUser)); + var authorized = _webSecurity.CurrentUser != null + && _appNames.Any(app => _webSecurity.UserHasSectionAccess( + app, _webSecurity.CurrentUser)); return authorized; } diff --git a/src/Umbraco.Web.BackOffice/Filters/UmbracoTreeAuthorizeAttribute.cs b/src/Umbraco.Web.BackOffice/Filters/UmbracoTreeAuthorizeAttribute.cs index 6db37d16f6..d6b18b4b29 100644 --- a/src/Umbraco.Web.BackOffice/Filters/UmbracoTreeAuthorizeAttribute.cs +++ b/src/Umbraco.Web.BackOffice/Filters/UmbracoTreeAuthorizeAttribute.cs @@ -1,7 +1,9 @@ -using System.Linq; +using System; +using System.Linq; using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.Filters; using Umbraco.Core; +using Umbraco.Web.Security; using Umbraco.Web.Services; namespace Umbraco.Web.BackOffice.Filters @@ -31,22 +33,22 @@ namespace Umbraco.Web.BackOffice.Filters internal static bool Enable = true; private readonly ITreeService _treeService; - private readonly IUmbracoContextAccessor _umbracoContextAccessor; + private readonly IWebSecurity _webSecurity; private readonly string[] _treeAliases; /// /// Constructor to set authorization to be based on a tree alias for which application security will be applied /// - /// + /// /// /// If the user has access to the application that the treeAlias is specified in, they will be authorized. /// Multiple trees may be specified. /// /// - public UmbracoTreeAuthorizeFilter(ITreeService treeService, IUmbracoContextAccessor umbracoContextAccessor, params string[] treeAliases) + public UmbracoTreeAuthorizeFilter(ITreeService treeService, IWebSecurity webSecurity, params string[] treeAliases) { - _treeService = treeService; - _umbracoContextAccessor = umbracoContextAccessor; + _treeService = treeService ?? throw new ArgumentNullException(nameof(treeService)); + _webSecurity = webSecurity ?? throw new ArgumentNullException(nameof(webSecurity)); _treeAliases = treeAliases; } @@ -64,10 +66,9 @@ namespace Umbraco.Web.BackOffice.Filters .Distinct() .ToArray(); - var umbracoContext = _umbracoContextAccessor.GetRequiredUmbracoContext(); - return umbracoContext.Security.CurrentUser != null - && apps.Any(app => umbracoContext.Security.UserHasSectionAccess( - app, umbracoContext.Security.CurrentUser)); + return _webSecurity.CurrentUser != null + && apps.Any(app => _webSecurity.UserHasSectionAccess( + app, _webSecurity.CurrentUser)); } public void OnAuthorization(AuthorizationFilterContext context)