Changes UserController to be CurrentUserController - and removes the other methods in there since that was an overlooked security issue. This controller is responsible solely for dealing with the currently logged in user. Changes over to be currentuser.resource as well.

2013-11-12 18:07:10 +11:00
parent a532b49485
commit 5f5f535f05
6 changed files with 146 additions and 231 deletions
--- a/src/Umbraco.Web.UI.Client/src/common/resources/currentuser.resource.js
+++ b/src/Umbraco.Web.UI.Client/src/common/resources/currentuser.resource.js
@@ -0,0 +1,53 @@
+/**
+    * @ngdoc service
+    * @name umbraco.resources.currentUserResource
+    * @description Used for read/updates for the currently logged in user
+    * 
+    *
+    **/
+function currentUserResource($q, $http, umbRequestHelper) {
+
+    //the factory object returned
+    return {
+     
+        /**
+         * @ngdoc method
+         * @name umbraco.resources.currentUserResource#changePassword
+         * @methodOf umbraco.resources.currentUserResource
+         *
+         * @description
+         * Changes the current users password
+         * 
+         * @returns {Promise} resourcePromise object containing the user array.
+         *
+         */
+        changePassword: function (changePasswordArgs) {
+            return umbRequestHelper.resourcePromise(
+               $http.post(
+                   umbRequestHelper.getApiUrl(
+                       "currentUserApiBaseUrl",
+                       "PostChangePassword"),
+                       changePasswordArgs),
+               'Failed to change password');
+        },
+        
+        /**
+         * @ngdoc method
+         * @name umbraco.resources.currentUserResource#getMembershipProviderConfig
+         * @methodOf umbraco.resources.currentUserResource
+         *
+         * @description
+         * Gets the configuration of the user membership provider which is used to configure the change password form         
+         */
+        getMembershipProviderConfig: function () {
+            return umbRequestHelper.resourcePromise(
+               $http.get(
+                   umbRequestHelper.getApiUrl(
+                       "currentUserApiBaseUrl",
+                       "GetMembershipProviderConfig")),
+               'Failed to retreive membership provider config');
+        },
+    };
+}
+
+angular.module('umbraco.resources').factory('currentUserResource', currentUserResource);
--- a/src/Umbraco.Web.UI.Client/src/common/resources/user.resource.js
+++ b/src/Umbraco.Web.UI.Client/src/common/resources/user.resource.js
@@ -1,113 +0,0 @@
-/**
-    * @ngdoc service
-    * @name umbraco.resources.userResource
-    * @description Retrives user data from the server, cannot be used for authentication, for this, use the user.service
-    * 
-    *
-    **/
-function userResource($q, $http, umbRequestHelper) {
-
-    //the factory object returned
-    return {
-        
-        /**
-         * @ngdoc method
-         * @name umbraco.resources.userResource#getById
-         * @methodOf umbraco.resources.userResource
-         *
-         * @description
-         * Gets a user with a given id
-         *
-         * ##usage
-         * <pre>
-         * userResource.getById(1234)
-         *    .then(function(ent) {
-         *        var myUser = ent; 
-         *        alert('im here!');
-         *    });
-         * </pre> 
-         * 
-         * @param {Int} id id of user to return        
-         * @returns {Promise} resourcePromise object containing the user.
-         *
-         */
-        getById: function (id) {            
-            return umbRequestHelper.resourcePromise(
-               $http.get(
-                   umbRequestHelper.getApiUrl(
-                       "userApiBaseUrl",
-                       "GetById",
-                       [{ id: id }])),
-               'Failed to retreive user data for id ' + id);
-        },
-        
-        /**
-         * @ngdoc method
-         * @name umbraco.resources.userResource#getAll
-         * @methodOf umbraco.resources.userResource
-         *
-         * @description
-         * Gets all users available on the system
-         *
-         * ##usage
-         * <pre>
-         * contentResource.getAll()
-         *    .then(function(userArray) {
-         *        var myUsers = userArray; 
-         *        alert('they are here!');
-         *    });
-         * </pre> 
-         * 
-         * @returns {Promise} resourcePromise object containing the user array.
-         *
-         */
-        getAll: function () {
-            return umbRequestHelper.resourcePromise(
-               $http.get(
-                   umbRequestHelper.getApiUrl(
-                       "userApiBaseUrl",
-                       "GetAll")),
-               'Failed to retreive all users');
-        },
-
-        /**
-         * @ngdoc method
-         * @name umbraco.resources.userResource#changePassword
-         * @methodOf umbraco.resources.userResource
-         *
-         * @description
-         * Changes the current users password
-         * 
-         * @returns {Promise} resourcePromise object containing the user array.
-         *
-         */
-        changePassword: function (changePasswordArgs) {
-            return umbRequestHelper.resourcePromise(
-               $http.post(
-                   umbRequestHelper.getApiUrl(
-                       "userApiBaseUrl",
-                       "PostChangePassword"),
-                       changePasswordArgs),
-               'Failed to change password');
-        },
-        
-        /**
-         * @ngdoc method
-         * @name umbraco.resources.userResource#getMembershipProviderConfig
-         * @methodOf umbraco.resources.userResource
-         *
-         * @description
-         * Gets the configuration of the user membership provider which is used to configure the change password form         
-         */
-        getMembershipProviderConfig: function () {
-            return umbRequestHelper.resourcePromise(
-               $http.get(
-                   umbRequestHelper.getApiUrl(
-                       "userApiBaseUrl",
-                       "GetMembershipProviderConfig")),
-               'Failed to retreive membership provider config');
-        },
-    };
-}
-
-angular.module('umbraco.resources').factory('userResource', userResource);
--- a/src/Umbraco.Web.UI.Client/src/views/dashboard/dashboard.tabs.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/dashboard/dashboard.tabs.controller.js
@@ -80,7 +80,7 @@ function MediaFolderBrowserDashboardController($rootScope, $scope, assetsService
 angular.module("umbraco").controller("Umbraco.Dashboard.MediaFolderBrowserDashboardController", MediaFolderBrowserDashboardController);


-function ChangePasswordDashboardController($scope, xmlhelper, $log, userResource, formHelper) {
+function ChangePasswordDashboardController($scope, xmlhelper, $log, currentUserResource, formHelper) {

    //create the initial model for change password property editor
    $scope.changePasswordModel = {
@@ -91,7 +91,7 @@ function ChangePasswordDashboardController($scope, xmlhelper, $log, userResource
    };

    //go get the config for the membership provider and add it to the model
-    userResource.getMembershipProviderConfig().then(function(data) {
+    currentUserResource.getMembershipProviderConfig().then(function(data) {
        $scope.changePasswordModel.config = data;
        //ensure the hasPassword config option is set to true (the user of course has a password already assigned)
        //this will ensure the oldPassword is shown so they can change it
@@ -105,7 +105,7 @@ function ChangePasswordDashboardController($scope, xmlhelper, $log, userResource
    $scope.changePassword = function() {

        if (formHelper.submitForm({ scope: $scope })) {
-            userResource.changePassword($scope.changePasswordModel.value).then(function(data) {
+            currentUserResource.changePassword($scope.changePasswordModel.value).then(function(data) {

                //if the password has been reset, then update our model
                if (data.value) {