From 4ccebbc20902fe482a15ecf0d8b23ba6037f1d1c Mon Sep 17 00:00:00 2001
From: Warren Buckley <warren@umbraco.com>
Date: Thu, 12 Sep 2019 08:49:40 +0100
Subject: [PATCH] Reopen branch/PR for fixes * Reorder usings * Add an error
 response & log the reason if we can't move a file about * Add
 UmbracoApplicationAuthorize attribute for security so not any user can upload
 images

---
 src/Umbraco.Web/Editors/TinyMceController.cs | 38 ++++++++++++--------
 1 file changed, 24 insertions(+), 14 deletions(-)

diff --git a/src/Umbraco.Web/Editors/TinyMceController.cs b/src/Umbraco.Web/Editors/TinyMceController.cs
index 7ed71f0268..0951b88443 100644
--- a/src/Umbraco.Web/Editors/TinyMceController.cs
+++ b/src/Umbraco.Web/Editors/TinyMceController.cs
@@ -1,32 +1,41 @@
-using System.Net;
-using System.Net.Http;
-using System.Web.Http;
-using Umbraco.Core.Services;
-using Umbraco.Web.WebApi;
-using Umbraco.Core;
-using Umbraco.Web.Mvc;
-using Umbraco.Core.IO;
+using System;
 using System.IO;
-using System.Threading.Tasks;
-using Umbraco.Web.Composing;
-using Umbraco.Core.Configuration.UmbracoSettings;
 using System.Linq;
-using System;
+using System.Net;
+using System.Net.Http;
+using System.Threading.Tasks;
+using System.Web.Http;
+using Umbraco.Core;
+using Umbraco.Core.Configuration.UmbracoSettings;
+using Umbraco.Core.IO;
+using Umbraco.Core.Logging;
+using Umbraco.Core.Services;
+using Umbraco.Web.Composing;
+using Umbraco.Web.Mvc;
+using Umbraco.Web.WebApi;
+using Umbraco.Web.WebApi.Filters;
+using Constants = Umbraco.Core.Constants;
 
 namespace Umbraco.Web.Editors
 {
     [PluginController("UmbracoApi")]
+    [UmbracoApplicationAuthorize(
+        Constants.Applications.Content,
+        Constants.Applications.Media,
+        Constants.Applications.Members)]
     public class TinyMceController : UmbracoAuthorizedApiController
     {
         private IMediaService _mediaService;
         private IContentTypeBaseServiceProvider _contentTypeBaseServiceProvider;
 
+
         public TinyMceController(IMediaService mediaService, IContentTypeBaseServiceProvider contentTypeBaseServiceProvider)
         {
             _mediaService = mediaService;
             _contentTypeBaseServiceProvider = contentTypeBaseServiceProvider;
         }
 
+        [UmbracoApplicationAuthorize(Constants.Applications.Content)]
         [HttpPost]
         public async Task<HttpResponseMessage> UploadImage()
         {
@@ -91,8 +100,9 @@ namespace Umbraco.Web.Editors
             }
             catch (Exception ex)
             {
-                // Could be a file permission ex
-                throw;
+                // IOException, PathTooLong, DirectoryNotFound, UnathorizedAccess
+                Logger.Error<TinyMceController>(ex, "Error when trying to move {CurrentFilePath} to {NewFilePath}", currentFile, newFilePath);
+                return Request.CreateErrorResponse(HttpStatusCode.InternalServerError, $"Error when trying to move {currentFile} to {newFilePath}", ex);
             }            
 
             return Request.CreateResponse(HttpStatusCode.OK, new { tmpLocation = relativeNewFilePath });