From 610bbee245e8e6acc6eb6d6e3a5ba7209e16fff3 Mon Sep 17 00:00:00 2001 From: Bjarke Berg Date: Tue, 7 Jul 2020 12:39:24 +0200 Subject: [PATCH] Added OverrideAuthorizationAttribute Signed-off-by: Bjarke Berg --- .../Controllers/ContentController.cs | 2 +- ...coBackOfficeServiceCollectionExtensions.cs | 3 ++ .../Filters/OverrideAuthorizationAttribute.cs | 24 +++++++++++++ .../OverrideAuthorizationFilterProvider.cs | 34 +++++++++++++++++++ .../Filters/UmbracoAuthorizeFilter.cs | 4 +-- src/Umbraco.Web/Umbraco.Web.csproj | 4 +-- 6 files changed, 66 insertions(+), 5 deletions(-) create mode 100644 src/Umbraco.Web.BackOffice/Filters/OverrideAuthorizationAttribute.cs create mode 100644 src/Umbraco.Web.BackOffice/Filters/OverrideAuthorizationFilterProvider.cs diff --git a/src/Umbraco.Web.BackOffice/Controllers/ContentController.cs b/src/Umbraco.Web.BackOffice/Controllers/ContentController.cs index 157df177e9..1335ee049d 100644 --- a/src/Umbraco.Web.BackOffice/Controllers/ContentController.cs +++ b/src/Umbraco.Web.BackOffice/Controllers/ContentController.cs @@ -130,7 +130,7 @@ namespace Umbraco.Web.Editors /// /// [HttpGet] - [UmbracoAuthorize] + [UmbracoAuthorize, OverrideAuthorization] public bool AllowsCultureVariation() { var contentTypes = _contentTypeService.GetAll(); diff --git a/src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs b/src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs index acd468191a..2c7db69b84 100644 --- a/src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs +++ b/src/Umbraco.Web.BackOffice/Extensions/UmbracoBackOfficeServiceCollectionExtensions.cs @@ -1,4 +1,5 @@ using Microsoft.AspNetCore.Identity; +using Microsoft.AspNetCore.Mvc.Filters; using Microsoft.Extensions.DependencyInjection; using Microsoft.Extensions.DependencyInjection.Extensions; using Umbraco.Core; @@ -7,6 +8,7 @@ using Umbraco.Core.Configuration; using Umbraco.Core.Security; using Umbraco.Core.Serialization; using Umbraco.Net; +using Umbraco.Web.BackOffice.Filters; using Umbraco.Web.BackOffice.Security; using Umbraco.Web.Common.AspNetCore; using Umbraco.Web.Common.Security; @@ -26,6 +28,7 @@ namespace Umbraco.Extensions // TODO: We had this check in v8 where we don't enable these unless we can run... //if (runtimeState.Level != RuntimeLevel.Upgrade && runtimeState.Level != RuntimeLevel.Run) return app; + services.AddSingleton(); services .AddAuthentication(Constants.Security.BackOfficeAuthenticationType) .AddCookie(Constants.Security.BackOfficeAuthenticationType); diff --git a/src/Umbraco.Web.BackOffice/Filters/OverrideAuthorizationAttribute.cs b/src/Umbraco.Web.BackOffice/Filters/OverrideAuthorizationAttribute.cs new file mode 100644 index 0000000000..ed05d831f4 --- /dev/null +++ b/src/Umbraco.Web.BackOffice/Filters/OverrideAuthorizationAttribute.cs @@ -0,0 +1,24 @@ +using System; +using Microsoft.AspNetCore.Mvc.Filters; + +namespace Umbraco.Web.BackOffice.Filters +{ + public class OverrideAuthorizationAttribute : ActionFilterAttribute + { + /// + /// Ensures a special type of authorization filter is ignored. Defaults to . + /// + /// The type of authorication filter to override. if null then is used. + /// + /// https://stackoverflow.com/questions/33558095/overrideauthorizationattribute-in-asp-net-5 + /// + public OverrideAuthorizationAttribute(Type filtersToOverride = null) + { + FiltersToOverride = filtersToOverride ?? typeof(IAuthorizationFilter); + } + + public Type FiltersToOverride { get;} + + + } +} diff --git a/src/Umbraco.Web.BackOffice/Filters/OverrideAuthorizationFilterProvider.cs b/src/Umbraco.Web.BackOffice/Filters/OverrideAuthorizationFilterProvider.cs new file mode 100644 index 0000000000..6dbf6d747a --- /dev/null +++ b/src/Umbraco.Web.BackOffice/Filters/OverrideAuthorizationFilterProvider.cs @@ -0,0 +1,34 @@ +using System.Linq; +using Microsoft.AspNetCore.Mvc.Filters; +using Umbraco.Core; + +namespace Umbraco.Web.BackOffice.Filters +{ + public class OverrideAuthorizationFilterProvider : IFilterProvider, IFilterMetadata + { + public void OnProvidersExecuted(FilterProviderContext context) + { + + } + + public void OnProvidersExecuting(FilterProviderContext context) + { + if (context.ActionContext.ActionDescriptor.FilterDescriptors != null) + { + //Does the action have any UmbracoAuthorizeFilter? + var overrideFilters = context.Results.Where(filterItem => filterItem.Filter is OverrideAuthorizationAttribute).ToArray(); + foreach (var overrideFilter in overrideFilters) + { + context.Results.RemoveAll(filterItem => + //Remove any filter for the type indicated in the UmbracoAuthorizeFilter attribute + filterItem.Descriptor.Filter.GetType() == ((OverrideAuthorizationAttribute)overrideFilter.Filter).FiltersToOverride && + //Remove filters with lower scope (ie controller) than the override filter (ie action method) + filterItem.Descriptor.Scope < overrideFilter.Descriptor.Scope); + } + } + } + + //all framework providers have negative orders, so ours will come later + public int Order => 1; + } +} diff --git a/src/Umbraco.Web.BackOffice/Filters/UmbracoAuthorizeFilter.cs b/src/Umbraco.Web.BackOffice/Filters/UmbracoAuthorizeFilter.cs index 16d4b7ba33..e166a0e7e7 100644 --- a/src/Umbraco.Web.BackOffice/Filters/UmbracoAuthorizeFilter.cs +++ b/src/Umbraco.Web.BackOffice/Filters/UmbracoAuthorizeFilter.cs @@ -1,5 +1,4 @@ -using Microsoft.AspNetCore.Hosting; -using Microsoft.AspNetCore.Mvc; +using Microsoft.AspNetCore.Mvc; using Microsoft.AspNetCore.Mvc.Filters; using Microsoft.AspNetCore.Routing; using System; @@ -46,6 +45,7 @@ namespace Umbraco.Web.BackOffice.Filters /// /// Default constructor /// + /// /// /// /// diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj index 95de02a38a..3f52c71366 100755 --- a/src/Umbraco.Web/Umbraco.Web.csproj +++ b/src/Umbraco.Web/Umbraco.Web.csproj @@ -159,6 +159,8 @@ + + @@ -314,9 +316,7 @@ - -