diff --git a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/AdminUsersHandlerTests.cs b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/AdminUsersHandlerTests.cs index 059508d561..c05373f5fb 100644 --- a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/AdminUsersHandlerTests.cs +++ b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/AdminUsersHandlerTests.cs @@ -1,4 +1,7 @@ -using System.Collections.Generic; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using System.Collections.Generic; using System.Security.Claims; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; @@ -32,8 +35,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Missing_QueryString_Value_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(queryStringName: "xxx"); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + AdminUsersHandler sut = CreateHandler(queryStringName: "xxx"); await sut.HandleAsync(authHandlerContext); @@ -43,8 +46,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Non_Integer_QueryString_Value_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(queryStringValue: "xxx"); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + AdminUsersHandler sut = CreateHandler(queryStringValue: "xxx"); await sut.HandleAsync(authHandlerContext); @@ -54,8 +57,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Editing_Single_Admin_User_By_Admin_User_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(queryStringValue: Admin2UserId.ToString(), editingWithAdmin: true); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + AdminUsersHandler sut = CreateHandler(queryStringValue: Admin2UserId.ToString(), editingWithAdmin: true); await sut.HandleAsync(authHandlerContext); @@ -65,8 +68,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Editing_Single_Admin_User_By_Non_Admin_User_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(queryStringValue: Admin2UserId.ToString()); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + AdminUsersHandler sut = CreateHandler(queryStringValue: Admin2UserId.ToString()); await sut.HandleAsync(authHandlerContext); @@ -76,8 +79,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Editing_Single_Non_Admin_User_By_Non_Admin_User_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(queryStringValue: NonAdmin2UserId.ToString()); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + AdminUsersHandler sut = CreateHandler(queryStringValue: NonAdmin2UserId.ToString()); await sut.HandleAsync(authHandlerContext); @@ -87,8 +90,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Editing_Multiple_Users_Including_Admins_By_Admin_User_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(queryStringName: MultipleUserEditQueryStringName); - var sut = CreateHandler(queryStringName: MultipleUserEditQueryStringName, queryStringValue: $"{Admin2UserId},{NonAdmin2UserId}", editingWithAdmin: true); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(queryStringName: MultipleUserEditQueryStringName); + AdminUsersHandler sut = CreateHandler(queryStringName: MultipleUserEditQueryStringName, queryStringValue: $"{Admin2UserId},{NonAdmin2UserId}", editingWithAdmin: true); await sut.HandleAsync(authHandlerContext); @@ -98,8 +101,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Editing_Multiple_Users_Including_Admins_By_Non_Admin_User_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(queryStringName: MultipleUserEditQueryStringName); - var sut = CreateHandler(queryStringName: MultipleUserEditQueryStringName, queryStringValue: $"{Admin2UserId},{NonAdmin2UserId}"); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(queryStringName: MultipleUserEditQueryStringName); + AdminUsersHandler sut = CreateHandler(queryStringName: MultipleUserEditQueryStringName, queryStringValue: $"{Admin2UserId},{NonAdmin2UserId}"); await sut.HandleAsync(authHandlerContext); @@ -109,8 +112,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Editing_Multiple_Users_Not_Including_Admins_By_Non_Admin_User_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(queryStringName: MultipleUserEditQueryStringName); - var sut = CreateHandler(queryStringName: MultipleUserEditQueryStringName, queryStringValue: $"{NonAdmin2UserId},{NonAdmin3UserId}"); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(queryStringName: MultipleUserEditQueryStringName); + AdminUsersHandler sut = CreateHandler(queryStringName: MultipleUserEditQueryStringName, queryStringValue: $"{NonAdmin2UserId},{NonAdmin3UserId}"); await sut.HandleAsync(authHandlerContext); @@ -121,15 +124,15 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization { var requirement = new AdminUsersRequirement(queryStringName); var user = new ClaimsPrincipal(new ClaimsIdentity(new List())); - var resource = new object(); + object resource = new object(); return new AuthorizationHandlerContext(new List { requirement }, user, resource); } private AdminUsersHandler CreateHandler(string queryStringName = SingleUserEditQueryStringName, string queryStringValue = "", bool editingWithAdmin = false) { - var mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringName, queryStringValue); - CreateMockUserServiceAndSecurityAccessor(editingWithAdmin, out var mockUserService, out var mockBackOfficeSecurityAccessor); - var userEditorAuthorizationHelper = CreateUserEditorAuthorizationHelper(); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringName, queryStringValue); + CreateMockUserServiceAndSecurityAccessor(editingWithAdmin, out Mock mockUserService, out Mock mockBackOfficeSecurityAccessor); + UserEditorAuthorizationHelper userEditorAuthorizationHelper = CreateUserEditorAuthorizationHelper(); return new AdminUsersHandler(mockHttpContextAccessor.Object, mockUserService.Object, mockBackOfficeSecurityAccessor.Object, userEditorAuthorizationHelper); } @@ -152,11 +155,11 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization { mockUserService = new Mock(); var globalSettings = new GlobalSettings(); - var adminUser1 = CreateUser(Admin1UserId, mockUserService, true); - var adminUser2 = CreateUser(Admin2UserId, mockUserService, true); - var nonAdminUser1 = CreateUser(NonAdmin1UserId, mockUserService); - var nonAdminUser2 = CreateUser(NonAdmin2UserId, mockUserService); - var nonAdminUser3 = CreateUser(NonAdmin3UserId, mockUserService); + User adminUser1 = CreateUser(Admin1UserId, mockUserService, true); + User adminUser2 = CreateUser(Admin2UserId, mockUserService, true); + User nonAdminUser1 = CreateUser(NonAdmin1UserId, mockUserService); + User nonAdminUser2 = CreateUser(NonAdmin2UserId, mockUserService); + User nonAdminUser3 = CreateUser(NonAdmin3UserId, mockUserService); // Single user requests have been setup in the create user operations, but // we also need to mock the responses when multiple users are being editing. @@ -175,7 +178,7 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization private static User CreateUser(int id, Mock mockUserService, bool isAdmin = false) { - var user = new UserBuilder() + User user = new UserBuilder() .WithId(id) .AddUserGroup() .WithAlias(isAdmin ? Constants.Security.AdminGroupAlias : Constants.Security.EditorGroupAlias) diff --git a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/BackOfficeHandlerTests.cs b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/BackOfficeHandlerTests.cs index c959de86de..5cb59a7002 100644 --- a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/BackOfficeHandlerTests.cs +++ b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/BackOfficeHandlerTests.cs @@ -1,3 +1,6 @@ +// Copyright (c) Umbraco. +// See LICENSE for more details. + using System.Collections.Generic; using System.Security.Claims; using System.Threading.Tasks; @@ -17,8 +20,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Runtime_State_Install_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(runtimeLevel: RuntimeLevel.Install); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + BackOfficeHandler sut = CreateHandler(runtimeLevel: RuntimeLevel.Install); await sut.HandleAsync(authHandlerContext); @@ -28,8 +31,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Runtime_State_Upgrade_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(runtimeLevel: RuntimeLevel.Upgrade); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + BackOfficeHandler sut = CreateHandler(runtimeLevel: RuntimeLevel.Upgrade); await sut.HandleAsync(authHandlerContext); @@ -39,8 +42,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Unauthenticated_User_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + BackOfficeHandler sut = CreateHandler(); await sut.HandleAsync(authHandlerContext); @@ -50,8 +53,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Authenticated_User_Is_Not_Authorized_When_Not_Approved_And_Approval_Required() { - var authHandlerContext = CreateAuthorizationHandlerContext(requireApproval: true); - var sut = CreateHandler(currentUserIsAuthenticated: true); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(requireApproval: true); + BackOfficeHandler sut = CreateHandler(currentUserIsAuthenticated: true); await sut.HandleAsync(authHandlerContext); @@ -61,8 +64,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Authenticated_User_Is_Authorized_When_Not_Approved_And_Approval_Not_Required() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(currentUserIsAuthenticated: true); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + BackOfficeHandler sut = CreateHandler(currentUserIsAuthenticated: true); await sut.HandleAsync(authHandlerContext); @@ -72,8 +75,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Authenticated_User_Is_Authorized_When_Approved_And_Approval_Required() { - var authHandlerContext = CreateAuthorizationHandlerContext(requireApproval: true); - var sut = CreateHandler(currentUserIsAuthenticated: true, currentUserIsApproved: true); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(requireApproval: true); + BackOfficeHandler sut = CreateHandler(currentUserIsAuthenticated: true, currentUserIsApproved: true); await sut.HandleAsync(authHandlerContext); @@ -84,20 +87,20 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization { var requirement = new BackOfficeRequirement(requireApproval); var user = new ClaimsPrincipal(new ClaimsIdentity(new List())); - var resource = new object(); + object resource = new object(); return new AuthorizationHandlerContext(new List { requirement }, user, resource); } private BackOfficeHandler CreateHandler(RuntimeLevel runtimeLevel = RuntimeLevel.Run, bool currentUserIsAuthenticated = false, bool currentUserIsApproved = false) { - var mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor(currentUserIsAuthenticated, currentUserIsApproved); - var mockRuntimeState = CreateMockRuntimeState(runtimeLevel); + Mock mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor(currentUserIsAuthenticated, currentUserIsApproved); + Mock mockRuntimeState = CreateMockRuntimeState(runtimeLevel); return new BackOfficeHandler(mockBackOfficeSecurityAccessor.Object, mockRuntimeState.Object); } private static Mock CreateMockBackOfficeSecurityAccessor(bool currentUserIsAuthenticated, bool currentUserIsApproved) { - var user = new UserBuilder() + global::Umbraco.Core.Models.Membership.User user = new UserBuilder() .WithIsApproved(currentUserIsApproved) .Build(); var mockBackOfficeSecurityAccessor = new Mock(); diff --git a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/ContentPermissionsPublishBranchHandlerTests.cs b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/ContentPermissionsPublishBranchHandlerTests.cs index ca73f234b9..ce3a960b6f 100644 --- a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/ContentPermissionsPublishBranchHandlerTests.cs +++ b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/ContentPermissionsPublishBranchHandlerTests.cs @@ -1,4 +1,7 @@ -using System.Collections.Generic; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using System.Collections.Generic; using System.Security.Claims; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; @@ -25,13 +28,13 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task User_With_Access_To_All_Descendent_Nodes_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockUserService = CreateMockUserService(NodeId, new Dictionary + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockUserService = CreateMockUserService(NodeId, new Dictionary { { DescendentNodeId1, new string[] { "A" } }, { DescendentNodeId2, new string[] { "A" } } }); - var sut = CreateHandler(mockUserService.Object, NodeId); + ContentPermissionsPublishBranchHandler sut = CreateHandler(mockUserService.Object, NodeId); await sut.HandleAsync(authHandlerContext); @@ -42,13 +45,13 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task User_Without_Access_To_One_Descendent_Node_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockUserService = CreateMockUserService(NodeId, new Dictionary + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockUserService = CreateMockUserService(NodeId, new Dictionary { { DescendentNodeId1, new string[] { "A" } }, { DescendentNodeId2, new string[] { "B" } } }); - var sut = CreateHandler(mockUserService.Object, NodeId); + ContentPermissionsPublishBranchHandler sut = CreateHandler(mockUserService.Object, NodeId); await sut.HandleAsync(authHandlerContext); @@ -59,13 +62,13 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task User_Without_Access_To_First_Descendent_Node_Is_Not_Authorized_And_Checks_Exit_Early() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockUserService = CreateMockUserService(NodeId, new Dictionary + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockUserService = CreateMockUserService(NodeId, new Dictionary { { DescendentNodeId1, new string[] { "B" } }, { DescendentNodeId2, new string[] { "A" } } }); - var sut = CreateHandler(mockUserService.Object, NodeId); + ContentPermissionsPublishBranchHandler sut = CreateHandler(mockUserService.Object, NodeId); await sut.HandleAsync(authHandlerContext); @@ -77,7 +80,7 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization { var requirement = new ContentPermissionsPublishBranchRequirement('A'); var user = new ClaimsPrincipal(new ClaimsIdentity(new List())); - var resource = CreateContent(NodeId); + IContent resource = CreateContent(NodeId); return new AuthorizationHandlerContext(new List { requirement }, user, resource); } @@ -97,9 +100,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization private ContentPermissionsPublishBranchHandler CreateHandler(IUserService userService, int nodeId) { - var mockEntityService = CreateMockEntityService(); - var contentPermissions = CreateContentPermissions(mockEntityService.Object, userService, nodeId); - var mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor(); + Mock mockEntityService = CreateMockEntityService(); + ContentPermissions contentPermissions = CreateContentPermissions(mockEntityService.Object, userService, nodeId); + Mock mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor(); return new ContentPermissionsPublishBranchHandler(mockEntityService.Object, contentPermissions, mockBackOfficeSecurityAccessor.Object); } @@ -129,13 +132,13 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization private static IContent CreateContent(int nodeId) { - var contentType = ContentTypeBuilder.CreateBasicContentType(); + ContentType contentType = ContentTypeBuilder.CreateBasicContentType(); return ContentBuilder.CreateBasicContent(contentType, nodeId); } private static Mock CreateMockBackOfficeSecurityAccessor() { - var user = CreateUser(); + User user = CreateUser(); var mockBackOfficeSecurity = new Mock(); mockBackOfficeSecurity.SetupGet(x => x.CurrentUser).Returns(user); var mockBackOfficeSecurityAccessor = new Mock(); @@ -143,10 +146,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization return mockBackOfficeSecurityAccessor; } - private static User CreateUser() - { - return new UserBuilder() + private static User CreateUser() => + new UserBuilder() .Build(); - } } } diff --git a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/ContentPermissionsQueryStringHandlerTests.cs b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/ContentPermissionsQueryStringHandlerTests.cs index 10549a6d7d..6f1a4b9e73 100644 --- a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/ContentPermissionsQueryStringHandlerTests.cs +++ b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/ContentPermissionsQueryStringHandlerTests.cs @@ -1,4 +1,7 @@ -using System; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using System; using System.Collections.Generic; using System.Security.Claims; using System.Threading.Tasks; @@ -21,15 +24,15 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization { private const string QueryStringName = "id"; private const int NodeId = 1000; - private static readonly Guid NodeGuid = Guid.NewGuid(); - private static readonly Udi NodeUdi = UdiParser.Parse($"umb://document/{NodeGuid.ToString().ToLowerInvariant().Replace("-", string.Empty)}"); + private static readonly Guid s_nodeGuid = Guid.NewGuid(); + private static readonly Udi s_nodeUdi = UdiParser.Parse($"umb://document/{s_nodeGuid.ToString().ToLowerInvariant().Replace("-", string.Empty)}"); [Test] public async Task Node_Id_From_Requirement_With_Permission_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(NodeId); - var mockHttpContextAccessor = CreateMockHttpContextAccessor(); - var sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "A" }); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(NodeId); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(); + ContentPermissionsQueryStringHandler sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "A" }); await sut.HandleAsync(authHandlerContext); @@ -39,9 +42,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Node_Id_From_Requirement_Without_Permission_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(NodeId); - var mockHttpContextAccessor = CreateMockHttpContextAccessor(); - var sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "B" }); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(NodeId); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(); + ContentPermissionsQueryStringHandler sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "B" }); await sut.HandleAsync(authHandlerContext); @@ -52,9 +55,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Node_Id_Missing_From_Requirement_And_QueryString_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringName: "xxx"); - var sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "A" }); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringName: "xxx"); + ContentPermissionsQueryStringHandler sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "A" }); await sut.HandleAsync(authHandlerContext); @@ -64,9 +67,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Node_Integer_Id_From_QueryString_With_Permission_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: NodeId.ToString()); - var sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "A" }); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: NodeId.ToString()); + ContentPermissionsQueryStringHandler sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "A" }); await sut.HandleAsync(authHandlerContext); @@ -77,9 +80,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Node_Integer_Id_From_QueryString_Without_Permission_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: NodeId.ToString()); - var sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "B" }); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: NodeId.ToString()); + ContentPermissionsQueryStringHandler sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "B" }); await sut.HandleAsync(authHandlerContext); @@ -90,9 +93,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Node_Udi_Id_From_QueryString_With_Permission_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: NodeUdi.ToString()); - var sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "A" }); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: s_nodeUdi.ToString()); + ContentPermissionsQueryStringHandler sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "A" }); await sut.HandleAsync(authHandlerContext); @@ -103,9 +106,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Node_Udi_Id_From_QueryString_Without_Permission_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: NodeUdi.ToString()); - var sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "B" }); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: s_nodeUdi.ToString()); + ContentPermissionsQueryStringHandler sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "B" }); await sut.HandleAsync(authHandlerContext); @@ -116,9 +119,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Node_Guid_Id_From_QueryString_With_Permission_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: NodeGuid.ToString()); - var sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "A" }); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: s_nodeGuid.ToString()); + ContentPermissionsQueryStringHandler sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "A" }); await sut.HandleAsync(authHandlerContext); @@ -129,9 +132,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Node_Guid_Id_From_QueryString_Without_Permission_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: NodeGuid.ToString()); - var sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "B" }); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: s_nodeGuid.ToString()); + ContentPermissionsQueryStringHandler sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "B" }); await sut.HandleAsync(authHandlerContext); @@ -142,9 +145,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Node_Invalid_Id_From_QueryString_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: "invalid"); - var sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "A" }); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: "invalid"); + ContentPermissionsQueryStringHandler sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, new string[] { "A" }); await sut.HandleAsync(authHandlerContext); @@ -154,11 +157,11 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization private static AuthorizationHandlerContext CreateAuthorizationHandlerContext(int? nodeId = null) { const char Permission = 'A'; - var requirement = nodeId.HasValue + ContentPermissionsQueryStringRequirement requirement = nodeId.HasValue ? new ContentPermissionsQueryStringRequirement(nodeId.Value, Permission) : new ContentPermissionsQueryStringRequirement(Permission, QueryStringName); var user = new ClaimsPrincipal(new ClaimsIdentity(new List())); - var resource = new object(); + object resource = new object(); return new AuthorizationHandlerContext(new List { requirement }, user, resource); } @@ -180,9 +183,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization private ContentPermissionsQueryStringHandler CreateHandler(IHttpContextAccessor httpContextAccessor, int nodeId, string[] permissionsForPath) { - var mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor(); - var mockEntityService = CreateMockEntityService(); - var contentPermissions = CreateContentPermissions(mockEntityService.Object, nodeId, permissionsForPath); + Mock mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor(); + Mock mockEntityService = CreateMockEntityService(); + ContentPermissions contentPermissions = CreateContentPermissions(mockEntityService.Object, nodeId, permissionsForPath); return new ContentPermissionsQueryStringHandler(mockBackOfficeSecurityAccessor.Object, httpContextAccessor, mockEntityService.Object, contentPermissions); } @@ -190,17 +193,17 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization { var mockEntityService = new Mock(); mockEntityService - .Setup(x => x.GetId(It.Is(y => y == NodeUdi))) + .Setup(x => x.GetId(It.Is(y => y == s_nodeUdi))) .Returns(Attempt.Succeed(NodeId)); mockEntityService - .Setup(x => x.GetId(It.Is(y => y == NodeGuid), It.Is(y => y == UmbracoObjectTypes.Document))) + .Setup(x => x.GetId(It.Is(y => y == s_nodeGuid), It.Is(y => y == UmbracoObjectTypes.Document))) .Returns(Attempt.Succeed(NodeId)); return mockEntityService; } private static Mock CreateMockBackOfficeSecurityAccessor() { - var user = CreateUser(); + User user = CreateUser(); var mockBackOfficeSecurity = new Mock(); mockBackOfficeSecurity.SetupGet(x => x.CurrentUser).Returns(user); var mockBackOfficeSecurityAccessor = new Mock(); @@ -208,11 +211,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization return mockBackOfficeSecurityAccessor; } - private static User CreateUser() - { - return new UserBuilder() + private static User CreateUser() => + new UserBuilder() .Build(); - } private static ContentPermissions CreateContentPermissions(IEntityService entityService, int nodeId, string[] permissionsForPath) { @@ -232,13 +233,11 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization private static IContent CreateContent(int nodeId) { - var contentType = ContentTypeBuilder.CreateBasicContentType(); + ContentType contentType = ContentTypeBuilder.CreateBasicContentType(); return ContentBuilder.CreateBasicContent(contentType, nodeId); } - private static void AssertContentCached(Mock mockHttpContextAccessor) - { + private static void AssertContentCached(Mock mockHttpContextAccessor) => Assert.AreEqual(NodeId, ((IContent)mockHttpContextAccessor.Object.HttpContext.Items[typeof(IContent).ToString()]).Id); - } } } diff --git a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/ContentPermissionsResourceHandlerTests.cs b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/ContentPermissionsResourceHandlerTests.cs index ea6dd7f0bd..1ac74d99ba 100644 --- a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/ContentPermissionsResourceHandlerTests.cs +++ b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/ContentPermissionsResourceHandlerTests.cs @@ -1,4 +1,7 @@ -using System.Collections.Generic; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using System.Collections.Generic; using System.Security.Claims; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; @@ -21,8 +24,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Resource_With_Node_Id_With_Permission_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(NodeId, createWithNodeId: true); - var sut = CreateHandler(NodeId, new string[] { "A" }); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(NodeId, createWithNodeId: true); + ContentPermissionsResourceHandler sut = CreateHandler(NodeId, new string[] { "A" }); await sut.HandleAsync(authHandlerContext); @@ -32,8 +35,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Resource_With_Content_With_Permission_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(NodeId); - var sut = CreateHandler(NodeId, new string[] { "A" }); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(NodeId); + ContentPermissionsResourceHandler sut = CreateHandler(NodeId, new string[] { "A" }); await sut.HandleAsync(authHandlerContext); @@ -43,8 +46,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Resource_With_Node_Id_Withou_Permission_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(NodeId, createWithNodeId: true); - var sut = CreateHandler(NodeId, new string[] { "B" }); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(NodeId, createWithNodeId: true); + ContentPermissionsResourceHandler sut = CreateHandler(NodeId, new string[] { "B" }); await sut.HandleAsync(authHandlerContext); @@ -54,8 +57,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Resource_With_Content_Without_Permission_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(NodeId); - var sut = CreateHandler(NodeId, new string[] { "B" }); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(NodeId); + ContentPermissionsResourceHandler sut = CreateHandler(NodeId, new string[] { "B" }); await sut.HandleAsync(authHandlerContext); @@ -66,9 +69,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization { var requirement = new ContentPermissionsResourceRequirement(); var user = new ClaimsPrincipal(new ClaimsIdentity(new List())); - var content = CreateContent(nodeId); - var permissions = new List { 'A' }.AsReadOnly(); - var resource = createWithNodeId + IContent content = CreateContent(nodeId); + System.Collections.ObjectModel.ReadOnlyCollection permissions = new List { 'A' }.AsReadOnly(); + ContentPermissionsResource resource = createWithNodeId ? new ContentPermissionsResource(content, nodeId, permissions) : new ContentPermissionsResource(content, permissions); return new AuthorizationHandlerContext(new List { requirement }, user, resource); @@ -76,20 +79,20 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization private static IContent CreateContent(int nodeId) { - var contentType = ContentTypeBuilder.CreateBasicContentType(); + ContentType contentType = ContentTypeBuilder.CreateBasicContentType(); return ContentBuilder.CreateBasicContent(contentType, nodeId); } private ContentPermissionsResourceHandler CreateHandler(int nodeId, string[] permissionsForPath) { - var mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor(); - var contentPermissions = CreateContentPermissions(nodeId, permissionsForPath); + Mock mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor(); + ContentPermissions contentPermissions = CreateContentPermissions(nodeId, permissionsForPath); return new ContentPermissionsResourceHandler(mockBackOfficeSecurityAccessor.Object, contentPermissions); } private static Mock CreateMockBackOfficeSecurityAccessor() { - var user = CreateUser(); + User user = CreateUser(); var mockBackOfficeSecurity = new Mock(); mockBackOfficeSecurity.SetupGet(x => x.CurrentUser).Returns(user); var mockBackOfficeSecurityAccessor = new Mock(); @@ -97,11 +100,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization return mockBackOfficeSecurityAccessor; } - private static User CreateUser() - { - return new UserBuilder() + private static User CreateUser() => + new UserBuilder() .Build(); - } private static ContentPermissions CreateContentPermissions(int nodeId, string[] permissionsForPath) { diff --git a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/DenyLocalLoginHandlerTests.cs b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/DenyLocalLoginHandlerTests.cs index 602843b128..830954aaf6 100644 --- a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/DenyLocalLoginHandlerTests.cs +++ b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/DenyLocalLoginHandlerTests.cs @@ -1,4 +1,7 @@ -using System.Collections.Generic; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using System.Collections.Generic; using System.Security.Claims; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; @@ -6,7 +9,6 @@ using Moq; using NUnit.Framework; using Umbraco.Web.BackOffice.Authorization; using Umbraco.Web.BackOffice.Security; -using Umbraco.Web.Common.Security; namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization { @@ -15,8 +17,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task With_Deny_Local_Login_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(denyLocalLogin: true); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + DenyLocalLoginHandler sut = CreateHandler(denyLocalLogin: true); await sut.HandleAsync(authHandlerContext); @@ -26,8 +28,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Without_Deny_Local_Login_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + DenyLocalLoginHandler sut = CreateHandler(); await sut.HandleAsync(authHandlerContext); @@ -38,13 +40,13 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization { var requirement = new DenyLocalLoginRequirement(); var user = new ClaimsPrincipal(new ClaimsIdentity(new List())); - var resource = new object(); + object resource = new object(); return new AuthorizationHandlerContext(new List { requirement }, user, resource); } private DenyLocalLoginHandler CreateHandler(bool denyLocalLogin = false) { - var mockBackOfficeExternalLoginProviders = CreateMockBackOfficeExternalLoginProviders(denyLocalLogin); + Mock mockBackOfficeExternalLoginProviders = CreateMockBackOfficeExternalLoginProviders(denyLocalLogin); return new DenyLocalLoginHandler(mockBackOfficeExternalLoginProviders.Object); } diff --git a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/MediaPermissionsQueryStringHandlerTests.cs b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/MediaPermissionsQueryStringHandlerTests.cs index 80e2cddb75..fb2eec93c8 100644 --- a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/MediaPermissionsQueryStringHandlerTests.cs +++ b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/MediaPermissionsQueryStringHandlerTests.cs @@ -1,4 +1,7 @@ -using System; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using System; using System.Collections.Generic; using System.Security.Claims; using System.Threading.Tasks; @@ -21,15 +24,15 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization { private const string QueryStringName = "id"; private const int NodeId = 1000; - private static readonly Guid NodeGuid = Guid.NewGuid(); - private static readonly Udi NodeUdi = UdiParser.Parse($"umb://document/{NodeGuid.ToString().ToLowerInvariant().Replace("-", string.Empty)}"); + private static readonly Guid s_nodeGuid = Guid.NewGuid(); + private static readonly Udi s_nodeUdi = UdiParser.Parse($"umb://document/{s_nodeGuid.ToString().ToLowerInvariant().Replace("-", string.Empty)}"); [Test] public async Task Node_Id_Missing_From_QueryString_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringName: "xxx"); - var sut = CreateHandler(mockHttpContextAccessor.Object, NodeId); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringName: "xxx"); + MediaPermissionsQueryStringHandler sut = CreateHandler(mockHttpContextAccessor.Object, NodeId); await sut.HandleAsync(authHandlerContext); @@ -39,9 +42,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Node_Integer_Id_From_QueryString_With_Permission_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: NodeId.ToString()); - var sut = CreateHandler(mockHttpContextAccessor.Object, NodeId); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: NodeId.ToString()); + MediaPermissionsQueryStringHandler sut = CreateHandler(mockHttpContextAccessor.Object, NodeId); await sut.HandleAsync(authHandlerContext); @@ -52,9 +55,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Node_Integer_Id_From_QueryString_Without_Permission_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: NodeId.ToString()); - var sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, startMediaId: 1001); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: NodeId.ToString()); + MediaPermissionsQueryStringHandler sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, startMediaId: 1001); await sut.HandleAsync(authHandlerContext); @@ -65,9 +68,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Node_Udi_Id_From_QueryString_With_Permission_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: NodeUdi.ToString()); - var sut = CreateHandler(mockHttpContextAccessor.Object, NodeId); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: s_nodeUdi.ToString()); + MediaPermissionsQueryStringHandler sut = CreateHandler(mockHttpContextAccessor.Object, NodeId); await sut.HandleAsync(authHandlerContext); @@ -78,9 +81,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Node_Udi_Id_From_QueryString_Without_Permission_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: NodeUdi.ToString()); - var sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, startMediaId: 1001); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: s_nodeUdi.ToString()); + MediaPermissionsQueryStringHandler sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, startMediaId: 1001); await sut.HandleAsync(authHandlerContext); @@ -91,9 +94,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Node_Guid_Id_From_QueryString_With_Permission_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: NodeGuid.ToString()); - var sut = CreateHandler(mockHttpContextAccessor.Object, NodeId); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: s_nodeGuid.ToString()); + MediaPermissionsQueryStringHandler sut = CreateHandler(mockHttpContextAccessor.Object, NodeId); await sut.HandleAsync(authHandlerContext); @@ -104,9 +107,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Node_Guid_Id_From_QueryString_Without_Permission_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: NodeGuid.ToString()); - var sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, startMediaId: 1001); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: s_nodeGuid.ToString()); + MediaPermissionsQueryStringHandler sut = CreateHandler(mockHttpContextAccessor.Object, NodeId, startMediaId: 1001); await sut.HandleAsync(authHandlerContext); @@ -117,9 +120,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Node_Invalid_Id_From_QueryString_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: "invalid"); - var sut = CreateHandler(mockHttpContextAccessor.Object, NodeId); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue: "invalid"); + MediaPermissionsQueryStringHandler sut = CreateHandler(mockHttpContextAccessor.Object, NodeId); await sut.HandleAsync(authHandlerContext); @@ -130,7 +133,7 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization { var requirement = new MediaPermissionsQueryStringRequirement(QueryStringName); var user = new ClaimsPrincipal(new ClaimsIdentity(new List())); - var resource = new object(); + object resource = new object(); return new AuthorizationHandlerContext(new List { requirement }, user, resource); } @@ -152,9 +155,9 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization private MediaPermissionsQueryStringHandler CreateHandler(IHttpContextAccessor httpContextAccessor, int nodeId, int startMediaId = -1) { - var mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor(startMediaId); - var mockEntityService = CreateMockEntityService(); - var mediaPermissions = CreateMediaPermissions(mockEntityService.Object, nodeId); + Mock mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor(startMediaId); + Mock mockEntityService = CreateMockEntityService(); + MediaPermissions mediaPermissions = CreateMediaPermissions(mockEntityService.Object, nodeId); return new MediaPermissionsQueryStringHandler(mockBackOfficeSecurityAccessor.Object, httpContextAccessor, mockEntityService.Object, mediaPermissions); } @@ -162,17 +165,17 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization { var mockEntityService = new Mock(); mockEntityService - .Setup(x => x.GetId(It.Is(y => y == NodeUdi))) + .Setup(x => x.GetId(It.Is(y => y == s_nodeUdi))) .Returns(Attempt.Succeed(NodeId)); mockEntityService - .Setup(x => x.GetId(It.Is(y => y == NodeGuid), It.Is(y => y == UmbracoObjectTypes.Document))) + .Setup(x => x.GetId(It.Is(y => y == s_nodeGuid), It.Is(y => y == UmbracoObjectTypes.Document))) .Returns(Attempt.Succeed(NodeId)); return mockEntityService; } private static Mock CreateMockBackOfficeSecurityAccessor(int startMediaId) { - var user = CreateUser(startMediaId); + User user = CreateUser(startMediaId); var mockBackOfficeSecurity = new Mock(); mockBackOfficeSecurity.SetupGet(x => x.CurrentUser).Returns(user); var mockBackOfficeSecurityAccessor = new Mock(); @@ -180,12 +183,10 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization return mockBackOfficeSecurityAccessor; } - private static User CreateUser(int startMediaId) - { - return new UserBuilder() + private static User CreateUser(int startMediaId) => + new UserBuilder() .WithStartMediaId(startMediaId) .Build(); - } private static MediaPermissions CreateMediaPermissions(IEntityService entityService, int nodeId) { @@ -199,13 +200,11 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization private static IMedia CreateMedia(int nodeId) { - var mediaType = MediaTypeBuilder.CreateSimpleMediaType("image", "Image"); + MediaType mediaType = MediaTypeBuilder.CreateSimpleMediaType("image", "Image"); return MediaBuilder.CreateSimpleMedia(mediaType, "Test image", -1, nodeId); } - private static void AssertMediaCached(Mock mockHttpContextAccessor) - { + private static void AssertMediaCached(Mock mockHttpContextAccessor) => Assert.AreEqual(NodeId, ((IMedia)mockHttpContextAccessor.Object.HttpContext.Items[typeof(IMedia).ToString()]).Id); - } } } diff --git a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/MediaPermissionsResourceHandlerTests.cs b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/MediaPermissionsResourceHandlerTests.cs index 19e2a6f06c..de4a7c0b52 100644 --- a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/MediaPermissionsResourceHandlerTests.cs +++ b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/MediaPermissionsResourceHandlerTests.cs @@ -1,4 +1,7 @@ -using System.Collections.Generic; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using System.Collections.Generic; using System.Security.Claims; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; @@ -20,8 +23,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Resource_With_Node_Id_With_Permission_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(NodeId, createWithNodeId: true); - var sut = CreateHandler(NodeId); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(NodeId, createWithNodeId: true); + MediaPermissionsResourceHandler sut = CreateHandler(NodeId); await sut.HandleAsync(authHandlerContext); @@ -31,8 +34,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Resource_With_Media_With_Permission_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(NodeId); - var sut = CreateHandler(NodeId); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(NodeId); + MediaPermissionsResourceHandler sut = CreateHandler(NodeId); await sut.HandleAsync(authHandlerContext); @@ -42,8 +45,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Resource_With_Node_Id_Withou_Permission_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(NodeId, createWithNodeId: true); - var sut = CreateHandler(NodeId, startMediaId: 1001); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(NodeId, createWithNodeId: true); + MediaPermissionsResourceHandler sut = CreateHandler(NodeId, startMediaId: 1001); await sut.HandleAsync(authHandlerContext); @@ -53,8 +56,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Resource_With_Media_Without_Permission_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(NodeId); - var sut = CreateHandler(NodeId, startMediaId: 1001); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(NodeId); + MediaPermissionsResourceHandler sut = CreateHandler(NodeId, startMediaId: 1001); await sut.HandleAsync(authHandlerContext); @@ -65,8 +68,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization { var requirement = new MediaPermissionsResourceRequirement(); var user = new ClaimsPrincipal(new ClaimsIdentity(new List())); - var media = CreateMedia(nodeId); - var resource = createWithNodeId + IMedia media = CreateMedia(nodeId); + MediaPermissionsResource resource = createWithNodeId ? new MediaPermissionsResource(nodeId) : new MediaPermissionsResource(media); return new AuthorizationHandlerContext(new List { requirement }, user, resource); @@ -74,20 +77,20 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization private static IMedia CreateMedia(int nodeId) { - var mediaType = MediaTypeBuilder.CreateSimpleMediaType("image", "Image"); + MediaType mediaType = MediaTypeBuilder.CreateSimpleMediaType("image", "Image"); return MediaBuilder.CreateSimpleMedia(mediaType, "Test image", -1, nodeId); } private MediaPermissionsResourceHandler CreateHandler(int nodeId, int startMediaId = -1) { - var mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor(startMediaId); - var contentPermissions = CreateMediaPermissions(nodeId, new string[0]); + Mock mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor(startMediaId); + MediaPermissions contentPermissions = CreateMediaPermissions(nodeId); return new MediaPermissionsResourceHandler(mockBackOfficeSecurityAccessor.Object, contentPermissions); } private static Mock CreateMockBackOfficeSecurityAccessor(int startMediaId) { - var user = CreateUser(startMediaId); + User user = CreateUser(startMediaId); var mockBackOfficeSecurity = new Mock(); mockBackOfficeSecurity.SetupGet(x => x.CurrentUser).Returns(user); var mockBackOfficeSecurityAccessor = new Mock(); @@ -95,14 +98,12 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization return mockBackOfficeSecurityAccessor; } - private static User CreateUser(int startMediaId) - { - return new UserBuilder() + private static User CreateUser(int startMediaId) => + new UserBuilder() .WithStartMediaId(startMediaId) .Build(); - } - private static MediaPermissions CreateMediaPermissions(int nodeId, string[] permissionsForPath) + private static MediaPermissions CreateMediaPermissions(int nodeId) { var mockMediaService = new Mock(); mockMediaService diff --git a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/SectionHandlerTests.cs b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/SectionHandlerTests.cs index fb4bb0192e..0435299081 100644 --- a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/SectionHandlerTests.cs +++ b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/SectionHandlerTests.cs @@ -1,4 +1,7 @@ -using System.Collections.Generic; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using System.Collections.Generic; using System.Security.Claims; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; @@ -17,8 +20,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Unauthorized_User_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + SectionHandler sut = CreateHandler(); await sut.HandleAsync(authHandlerContext); @@ -28,8 +31,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task User_With_Section_Access_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(userIsAuthorized: true, userCanAccessContentSection: true); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + SectionHandler sut = CreateHandler(userIsAuthorized: true, userCanAccessContentSection: true); await sut.HandleAsync(authHandlerContext); @@ -39,8 +42,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task User_Without_Section_Access_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(userIsAuthorized: true); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + SectionHandler sut = CreateHandler(userIsAuthorized: true); await sut.HandleAsync(authHandlerContext); @@ -51,20 +54,20 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization { var requirement = new SectionRequirement(Constants.Applications.Content, Constants.Applications.Media); var user = new ClaimsPrincipal(new ClaimsIdentity(new List())); - var resource = new object(); + object resource = new object(); return new AuthorizationHandlerContext(new List { requirement }, user, resource); } private SectionHandler CreateHandler(bool userIsAuthorized = false, bool userCanAccessContentSection = false) { - var mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor(userIsAuthorized, userCanAccessContentSection); + Mock mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor(userIsAuthorized, userCanAccessContentSection); return new SectionHandler(mockBackOfficeSecurityAccessor.Object); } - + private static Mock CreateMockBackOfficeSecurityAccessor(bool userIsAuthorized, bool userCanAccessContentSection) { - var user = CreateUser(); + User user = CreateUser(); var mockBackOfficeSecurity = new Mock(); mockBackOfficeSecurity.SetupGet(x => x.CurrentUser).Returns(userIsAuthorized ? user : null); mockBackOfficeSecurity @@ -78,10 +81,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization return mockBackOfficeSecurityAccessor; } - private static User CreateUser() - { - return new UserBuilder() + private static User CreateUser() => + new UserBuilder() .Build(); - } } } diff --git a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/TreeHandlerTests.cs b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/TreeHandlerTests.cs index 8c688d10d3..7d91469379 100644 --- a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/TreeHandlerTests.cs +++ b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/TreeHandlerTests.cs @@ -1,4 +1,7 @@ -using System.Collections.Generic; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using System.Collections.Generic; using System.Security.Claims; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; @@ -23,8 +26,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Unauthorized_User_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + TreeHandler sut = CreateHandler(); await sut.HandleAsync(authHandlerContext); @@ -34,8 +37,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task User_With_Access_To_Tree_Section_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(userIsAuthorized: true, userCanAccessContentSection: true); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + TreeHandler sut = CreateHandler(userIsAuthorized: true, userCanAccessContentSection: true); await sut.HandleAsync(authHandlerContext); @@ -45,8 +48,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task User_Without_Access_To_Tree_Section_Is_Not_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(userIsAuthorized: true); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + TreeHandler sut = CreateHandler(userIsAuthorized: true); await sut.HandleAsync(authHandlerContext); @@ -57,14 +60,14 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization { var requirement = new TreeRequirement(Tree1Alias, Tree2Alias); var user = new ClaimsPrincipal(new ClaimsIdentity(new List())); - var resource = new object(); + object resource = new object(); return new AuthorizationHandlerContext(new List { requirement }, user, resource); } private TreeHandler CreateHandler(bool userIsAuthorized = false, bool userCanAccessContentSection = false) { - var mockTreeService = CreateMockTreeService(); - var mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor(userIsAuthorized, userCanAccessContentSection); + Mock mockTreeService = CreateMockTreeService(); + Mock mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor(userIsAuthorized, userCanAccessContentSection); return new TreeHandler(mockTreeService.Object, mockBackOfficeSecurityAccessor.Object); } @@ -81,17 +84,15 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization return mockTreeService; } - private static Tree CreateTree(string alias, string sectionAlias) - { - return new TreeBuilder() + private static Tree CreateTree(string alias, string sectionAlias) => + new TreeBuilder() .WithAlias(alias) .WithSectionAlias(sectionAlias) .Build(); - } private static Mock CreateMockBackOfficeSecurityAccessor(bool userIsAuthorized, bool userCanAccessContentSection) { - var user = CreateUser(); + User user = CreateUser(); var mockBackOfficeSecurity = new Mock(); mockBackOfficeSecurity.SetupGet(x => x.CurrentUser).Returns(userIsAuthorized ? user : null); mockBackOfficeSecurity @@ -105,10 +106,7 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization return mockBackOfficeSecurityAccessor; } - private static User CreateUser() - { - return new UserBuilder() + private static User CreateUser() => new UserBuilder() .Build(); - } } } diff --git a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/UserGroupHandlerTests.cs b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/UserGroupHandlerTests.cs index e9416a3982..33f6dca02f 100644 --- a/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/UserGroupHandlerTests.cs +++ b/src/Umbraco.Tests.UnitTests/Umbraco.Web.BackOffice/Authorization/UserGroupHandlerTests.cs @@ -1,4 +1,7 @@ -using System.Collections.Generic; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using System.Collections.Generic; using System.Security.Claims; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; @@ -30,8 +33,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Missing_QueryString_Value_Is_Authorized() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + UserGroupHandler sut = CreateHandler(); await sut.HandleAsync(authHandlerContext); @@ -41,8 +44,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task Admin_User_Is_Authorised() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(queryStringValue: Group1Id.ToString(), userIsAdmin: true); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + UserGroupHandler sut = CreateHandler(queryStringValue: Group1Id.ToString(), userIsAdmin: true); await sut.HandleAsync(authHandlerContext); @@ -52,8 +55,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task User_Matching_Single_Requested_Group_Id_Is_Authorised() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(queryStringValue: Group1Id.ToString()); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + UserGroupHandler sut = CreateHandler(queryStringValue: Group1Id.ToString()); await sut.HandleAsync(authHandlerContext); @@ -63,8 +66,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task User_Matching_One_Of_Requested_Group_Ids_Is_Authorised() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(queryStringValue: $"{Group1Id},{Group2Id}"); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + UserGroupHandler sut = CreateHandler(queryStringValue: $"{Group1Id},{Group2Id}"); await sut.HandleAsync(authHandlerContext); @@ -74,8 +77,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task User_Not_Matching_Single_Requested_Group_Id_Is_Not_Authorised() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(queryStringValue: Group2Id.ToString()); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + UserGroupHandler sut = CreateHandler(queryStringValue: Group2Id.ToString()); await sut.HandleAsync(authHandlerContext); @@ -85,8 +88,8 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization [Test] public async Task User_Not_Matching_Any_Of_Requested_Group_Ids_Is_Not_Authorised() { - var authHandlerContext = CreateAuthorizationHandlerContext(); - var sut = CreateHandler(queryStringValue: $"{Group2Id},{Group3Id}"); + AuthorizationHandlerContext authHandlerContext = CreateAuthorizationHandlerContext(); + UserGroupHandler sut = CreateHandler(queryStringValue: $"{Group2Id},{Group3Id}"); await sut.HandleAsync(authHandlerContext); @@ -97,21 +100,21 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization { var requirement = new UserGroupRequirement(QueryStringName); var user = new ClaimsPrincipal(new ClaimsIdentity(new List())); - var resource = new object(); + object resource = new object(); return new AuthorizationHandlerContext(new List { requirement }, user, resource); } private UserGroupHandler CreateHandler(string queryStringValue = "", bool userIsAdmin = false) { - var mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue); + Mock mockHttpContextAccessor = CreateMockHttpContextAccessor(queryStringValue); - var mockUserService = CreateMockUserService(); + Mock mockUserService = CreateMockUserService(); var mockContentService = new Mock(); var mockMediaService = new Mock(); var mockEntityService = new Mock(); - var mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor(userIsAdmin); + Mock mockBackOfficeSecurityAccessor = CreateMockBackOfficeSecurityAccessor(userIsAdmin); return new UserGroupHandler(mockHttpContextAccessor.Object, mockUserService.Object, mockContentService.Object, mockMediaService.Object, mockEntityService.Object, mockBackOfficeSecurityAccessor.Object); } @@ -151,7 +154,7 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization private static Mock CreateMockBackOfficeSecurityAccessor(bool userIsAdmin) { - var user = CreateUser(userIsAdmin); + User user = CreateUser(userIsAdmin); var mockBackOfficeSecurity = new Mock(); mockBackOfficeSecurity.SetupGet(x => x.CurrentUser).Returns(user); var mockBackOfficeSecurityAccessor = new Mock(); @@ -159,21 +162,17 @@ namespace Umbraco.Tests.UnitTests.Umbraco.Web.BackOffice.Authorization return mockBackOfficeSecurityAccessor; } - private static User CreateUser(bool isAdmin = false) - { - return new UserBuilder() + private static User CreateUser(bool isAdmin = false) => + new UserBuilder() .AddUserGroup() .WithAlias(isAdmin ? Constants.Security.AdminGroupAlias : Group1Alias) .Done() .Build(); - } - private IUserGroup CreateUserGroup(int id, string alias) - { - return new UserGroupBuilder() + private IUserGroup CreateUserGroup(int id, string alias) => + new UserGroupBuilder() .WithId(id) .WithAlias(alias) .Build(); - } } } diff --git a/src/Umbraco.Web.BackOffice/Authorization/AdminUsersHandler.cs b/src/Umbraco.Web.BackOffice/Authorization/AdminUsersHandler.cs index 4d9f47c7dd..a7733b25bd 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/AdminUsersHandler.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/AdminUsersHandler.cs @@ -1,7 +1,12 @@ -using System.Linq; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using System.Collections.Generic; +using System.Linq; using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; +using Microsoft.Extensions.Primitives; using Umbraco.Core; using Umbraco.Core.Security; using Umbraco.Core.Services; @@ -14,25 +19,34 @@ namespace Umbraco.Web.BackOffice.Authorization /// public class AdminUsersHandler : MustSatisfyRequirementAuthorizationHandler { - private readonly IHttpContextAccessor _httpContextAcessor; + private readonly IHttpContextAccessor _httpContextAccessor; private readonly IUserService _userService; - private readonly IBackOfficeSecurityAccessor _backofficeSecurityAccessor; + private readonly IBackOfficeSecurityAccessor _backOfficeSecurityAccessor; private readonly UserEditorAuthorizationHelper _userEditorAuthorizationHelper; - public AdminUsersHandler(IHttpContextAccessor httpContextAcessor, - IUserService userService, - IBackOfficeSecurityAccessor backofficeSecurityAccessor, - UserEditorAuthorizationHelper userEditorAuthorizationHelper) + /// + /// Initializes a new instance of the class. + /// + /// Accessor for the HTTP context of the current request. + /// Service for user related operations. + /// Accessor for back-office security. + /// Helper for user authorization checks. + public AdminUsersHandler( + IHttpContextAccessor httpContextAccessor, + IUserService userService, + IBackOfficeSecurityAccessor backOfficeSecurityAccessor, + UserEditorAuthorizationHelper userEditorAuthorizationHelper) { - _httpContextAcessor = httpContextAcessor; + _httpContextAccessor = httpContextAccessor; _userService = userService; - _backofficeSecurityAccessor = backofficeSecurityAccessor; + _backOfficeSecurityAccessor = backOfficeSecurityAccessor; _userEditorAuthorizationHelper = userEditorAuthorizationHelper; } + /// protected override Task IsAuthorized(AuthorizationHandlerContext context, AdminUsersRequirement requirement) { - var queryString = _httpContextAcessor.HttpContext?.Request.Query[requirement.QueryStringName]; + StringValues? queryString = _httpContextAccessor.HttpContext?.Request.Query[requirement.QueryStringName]; if (!queryString.HasValue || !queryString.Value.Any()) { // Must succeed this requirement since we cannot process it. @@ -46,12 +60,13 @@ namespace Umbraco.Web.BackOffice.Authorization } else { - var ids = _httpContextAcessor.HttpContext.Request.Query.Where(x => x.Key == requirement.QueryStringName).ToList(); + var ids = _httpContextAccessor.HttpContext.Request.Query.Where(x => x.Key == requirement.QueryStringName).ToList(); if (ids.Count == 0) { // Must succeed this requirement since we cannot process it. return Task.FromResult(true); } + userIds = ids .Select(x => x.Value.ToString()) .Select(x => x.TryConvertTo()).Where(x => x.Success).Select(x => x.Result).ToArray(); @@ -63,8 +78,8 @@ namespace Umbraco.Web.BackOffice.Authorization return Task.FromResult(true); } - var users = _userService.GetUsersById(userIds); - var isAuth = users.All(user => _userEditorAuthorizationHelper.IsAuthorized(_backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser, user, null, null, null) != false); + IEnumerable users = _userService.GetUsersById(userIds); + var isAuth = users.All(user => _userEditorAuthorizationHelper.IsAuthorized(_backOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser, user, null, null, null) != false); return Task.FromResult(isAuth); } diff --git a/src/Umbraco.Web.BackOffice/Authorization/AdminUsersRequirement.cs b/src/Umbraco.Web.BackOffice/Authorization/AdminUsersRequirement.cs index d5cd5d80dc..e8a56ee8cb 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/AdminUsersRequirement.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/AdminUsersRequirement.cs @@ -1,4 +1,7 @@ -using Microsoft.AspNetCore.Authorization; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using Microsoft.AspNetCore.Authorization; namespace Umbraco.Web.BackOffice.Authorization { @@ -7,11 +10,15 @@ namespace Umbraco.Web.BackOffice.Authorization /// public class AdminUsersRequirement : IAuthorizationRequirement { - public AdminUsersRequirement(string queryStringName = "id") - { - QueryStringName = queryStringName; - } + /// + /// Initializes a new instance of the class. + /// + /// Query string name from which to authorize values. + public AdminUsersRequirement(string queryStringName = "id") => QueryStringName = queryStringName; + /// + /// Gets the query string name from which to authorize values. + /// public string QueryStringName { get; } } } diff --git a/src/Umbraco.Web.BackOffice/Authorization/BackOfficeHandler.cs b/src/Umbraco.Web.BackOffice/Authorization/BackOfficeHandler.cs index f536483921..0d7c28f314 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/BackOfficeHandler.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/BackOfficeHandler.cs @@ -1,3 +1,6 @@ +// Copyright (c) Umbraco. +// See LICENSE for more details. + using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Umbraco.Core; diff --git a/src/Umbraco.Web.BackOffice/Authorization/BackOfficeRequirement.cs b/src/Umbraco.Web.BackOffice/Authorization/BackOfficeRequirement.cs index d1b13efe2c..17c5f6e02a 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/BackOfficeRequirement.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/BackOfficeRequirement.cs @@ -1,4 +1,7 @@ -using Microsoft.AspNetCore.Authorization; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using Microsoft.AspNetCore.Authorization; namespace Umbraco.Web.BackOffice.Authorization { @@ -7,11 +10,15 @@ namespace Umbraco.Web.BackOffice.Authorization /// public class BackOfficeRequirement : IAuthorizationRequirement { - public BackOfficeRequirement(bool requireApproval = true) - { - RequireApproval = requireApproval; - } + /// + /// Initializes a new instance of the class. + /// + /// Flag for whether back-office user approval is required. + public BackOfficeRequirement(bool requireApproval = true) => RequireApproval = requireApproval; + /// + /// Gets a value indicating whether back-office user approval is required. + /// public bool RequireApproval { get; } } } diff --git a/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsPublishBranchHandler.cs b/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsPublishBranchHandler.cs index 32eebaa105..bb6dc919be 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsPublishBranchHandler.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsPublishBranchHandler.cs @@ -1,7 +1,10 @@ -using Microsoft.AspNetCore.Authorization; +// Copyright (c) Umbraco. +// See LICENSE for more details. + using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; +using Microsoft.AspNetCore.Authorization; using Umbraco.Core; using Umbraco.Core.Models; using Umbraco.Core.Models.Entities; @@ -11,7 +14,7 @@ using Umbraco.Core.Services; namespace Umbraco.Web.BackOffice.Authorization { /// - /// The user must have access to all descendant nodes of the content item in order to continue + /// The user must have access to all descendant nodes of the content item in order to continue. /// public class ContentPermissionsPublishBranchHandler : MustSatisfyRequirementAuthorizationHandler { @@ -19,6 +22,12 @@ namespace Umbraco.Web.BackOffice.Authorization private readonly ContentPermissions _contentPermissions; private readonly IBackOfficeSecurityAccessor _backOfficeSecurityAccessor; + /// + /// Initializes a new instance of the class. + /// + /// Service for entity operations. + /// per for user content authorization checks. + /// Accessor for back-office security. public ContentPermissionsPublishBranchHandler( IEntityService entityService, ContentPermissions contentPermissions, @@ -29,9 +38,10 @@ namespace Umbraco.Web.BackOffice.Authorization _backOfficeSecurityAccessor = backOfficeSecurityAccessor; } + /// protected override Task IsAuthorized(AuthorizationHandlerContext context, ContentPermissionsPublishBranchRequirement requirement, IContent resource) { - var currentUser = _backOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser; + Core.Models.Membership.IUser currentUser = _backOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser; var denied = new List(); var page = 0; @@ -40,16 +50,22 @@ namespace Umbraco.Web.BackOffice.Authorization while (page * pageSize < total) { - var descendants = _entityService.GetPagedDescendants(resource.Id, UmbracoObjectTypes.Document, page++, pageSize, out total, - // Order by shallowest to deepest, this allows us to check permissions from top to bottom so we can exit - // early if a permission higher up fails. - ordering: Ordering.By("path", Direction.Ascending)); + // Order descendents by shallowest to deepest, this allows us to check permissions from top to bottom so we can exit + // early if a permission higher up fails. + IEnumerable descendants = _entityService.GetPagedDescendants( + resource.Id, + UmbracoObjectTypes.Document, + page++, + pageSize, + out total, + ordering: Ordering.By("path", Direction.Ascending)); - foreach (var c in descendants) + foreach (IEntitySlim c in descendants) { // If this item's path has already been denied or if the user doesn't have access to it, add to the deny list. - if (denied.Any(x => c.Path.StartsWith($"{x.Path},")) - || (_contentPermissions.CheckPermissions(c, + if (denied.Any(x => c.Path.StartsWith($"{x.Path},")) || + (_contentPermissions.CheckPermissions( + c, currentUser, requirement.Permission) == ContentPermissions.ContentAccess.Denied)) { diff --git a/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsPublishBranchRequirement.cs b/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsPublishBranchRequirement.cs index 541f861f0d..cfa6f512a2 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsPublishBranchRequirement.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsPublishBranchRequirement.cs @@ -1,4 +1,7 @@ -using Microsoft.AspNetCore.Authorization; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using Microsoft.AspNetCore.Authorization; namespace Umbraco.Web.BackOffice.Authorization { @@ -7,11 +10,15 @@ namespace Umbraco.Web.BackOffice.Authorization /// public class ContentPermissionsPublishBranchRequirement : IAuthorizationRequirement { - public ContentPermissionsPublishBranchRequirement(char permission) - { - Permission = permission; - } + /// + /// Initializes a new instance of the class. + /// + /// Permission to check. + public ContentPermissionsPublishBranchRequirement(char permission) => Permission = permission; + /// + /// Gets a value for the permission to check. + /// public char Permission { get; } } } diff --git a/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsQueryStringHandler.cs b/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsQueryStringHandler.cs index 863cbdfc3c..caf94c1cec 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsQueryStringHandler.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsQueryStringHandler.cs @@ -1,8 +1,10 @@ -using System; +// Copyright (c) Umbraco. +// See LICENSE for more details. + using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; -using Umbraco.Core; +using Microsoft.Extensions.Primitives; using Umbraco.Core.Models; using Umbraco.Core.Security; using Umbraco.Core.Services; @@ -10,28 +12,33 @@ using Umbraco.Core.Services; namespace Umbraco.Web.BackOffice.Authorization { /// - /// Used to authorize if the user has the correct permission access to the content for the content id specified in a query string + /// Used to authorize if the user has the correct permission access to the content for the content id specified in a query string. /// public class ContentPermissionsQueryStringHandler : PermissionsQueryStringHandler { private readonly ContentPermissions _contentPermissions; + /// + /// Initializes a new instance of the class. + /// + /// Accessor for back-office security. + /// Accessor for the HTTP context of the current request. + /// Service for entity operations. + /// Helper for content authorization checks. public ContentPermissionsQueryStringHandler( - IBackOfficeSecurityAccessor backofficeSecurityAccessor, - IHttpContextAccessor httpContextAccessor, + IBackOfficeSecurityAccessor backOfficeSecurityAccessor, + IHttpContextAccessor httpContextAccessor, IEntityService entityService, ContentPermissions contentPermissions) - : base(backofficeSecurityAccessor, httpContextAccessor, entityService) - { - _contentPermissions = contentPermissions; - } + : base(backOfficeSecurityAccessor, httpContextAccessor, entityService) => _contentPermissions = contentPermissions; + /// protected override Task IsAuthorized(AuthorizationHandlerContext context, ContentPermissionsQueryStringRequirement requirement) { int nodeId; if (requirement.NodeId.HasValue == false) { - if (!HttpContextAccessor.HttpContext.Request.Query.TryGetValue(requirement.QueryStringName, out var routeVal)) + if (!HttpContextAccessor.HttpContext.Request.Query.TryGetValue(requirement.QueryStringName, out StringValues routeVal)) { // Must succeed this requirement since we cannot process it return Task.FromResult(true); @@ -52,8 +59,9 @@ namespace Umbraco.Web.BackOffice.Authorization nodeId = requirement.NodeId.Value; } - var permissionResult = _contentPermissions.CheckPermissions(nodeId, - BackofficeSecurityAccessor.BackOfficeSecurity.CurrentUser, + ContentPermissions.ContentAccess permissionResult = _contentPermissions.CheckPermissions( + nodeId, + BackOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser, out IContent contentItem, new[] { requirement.PermissionToCheck }); diff --git a/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsQueryStringRequirement.cs b/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsQueryStringRequirement.cs index 2d558c569c..ee386295c2 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsQueryStringRequirement.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsQueryStringRequirement.cs @@ -1,19 +1,20 @@ -using Microsoft.AspNetCore.Authorization; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using Microsoft.AspNetCore.Authorization; namespace Umbraco.Web.BackOffice.Authorization { - /// /// An authorization requirement for /// public class ContentPermissionsQueryStringRequirement : IAuthorizationRequirement { - /// - /// Create an authorization requirement for a specific node id + /// Initializes a new instance of the class for a specific node id. /// - /// - /// + /// The node Id. + /// The permission to authorize the current user against. public ContentPermissionsQueryStringRequirement(int nodeId, char permissionToCheck) { NodeId = nodeId; @@ -21,18 +22,30 @@ namespace Umbraco.Web.BackOffice.Authorization } /// - /// Create an authorization requirement for a node id based on a query string parameter + /// Initializes a new instance of the class for a + /// node id based on a query string parameter. /// - /// - /// + /// The querystring parameter name. + /// The permission to authorize the current user against. public ContentPermissionsQueryStringRequirement(char permissionToCheck, string paramName = "id") { QueryStringName = paramName; PermissionToCheck = permissionToCheck; } + /// + /// Gets the specific node Id. + /// public int? NodeId { get; } + + /// + /// Gets the querystring parameter name. + /// public string QueryStringName { get; } + + /// + /// Gets the permission to authorize the current user against. + /// public char PermissionToCheck { get; } } } diff --git a/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsResource.cs b/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsResource.cs index 0ec92c7af2..b544d28eb5 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsResource.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsResource.cs @@ -1,4 +1,7 @@ -using System.Collections.Generic; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using System.Collections.Generic; using Umbraco.Core.Models; namespace Umbraco.Web.BackOffice.Authorization @@ -8,27 +11,54 @@ namespace Umbraco.Web.BackOffice.Authorization /// public class ContentPermissionsResource { + /// + /// Initializes a new instance of the class. + /// + /// The content. + /// The permission to authorize. public ContentPermissionsResource(IContent content, char permissionToCheck) { PermissionsToCheck = new List { permissionToCheck }; Content = content; } - public ContentPermissionsResource(IContent content, IReadOnlyList permissionToCheck) + /// + /// Initializes a new instance of the class. + /// + /// The content. + /// The collection of permissions to authorize. + public ContentPermissionsResource(IContent content, IReadOnlyList permissionsToCheck) { Content = content; - PermissionsToCheck = permissionToCheck; + PermissionsToCheck = permissionsToCheck; } - public ContentPermissionsResource(IContent content, int nodeId, IReadOnlyList permissionToCheck) + /// + /// Initializes a new instance of the class. + /// + /// The content. + /// The node Id. + /// The collection of permissions to authorize. + public ContentPermissionsResource(IContent content, int nodeId, IReadOnlyList permissionsToCheck) { Content = content; NodeId = nodeId; - PermissionsToCheck = permissionToCheck; + PermissionsToCheck = permissionsToCheck; } - public int? NodeId { get; } + /// + /// Gets the node Id. + /// + public int? NodeId { get; } + + /// + /// Gets the collection of permissions to authorize. + /// public IReadOnlyList PermissionsToCheck { get; } + + /// + /// Gets the content. + /// public IContent Content { get; } } } diff --git a/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsResourceHandler.cs b/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsResourceHandler.cs index 3bade3c5fe..24e5e5b6ac 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsResourceHandler.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsResourceHandler.cs @@ -1,4 +1,7 @@ -using System.Threading.Tasks; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Umbraco.Core.Models; using Umbraco.Core.Security; @@ -10,28 +13,34 @@ namespace Umbraco.Web.BackOffice.Authorization /// public class ContentPermissionsResourceHandler : MustSatisfyRequirementAuthorizationHandler { - private readonly IBackOfficeSecurityAccessor _backofficeSecurityAccessor; + private readonly IBackOfficeSecurityAccessor _backOfficeSecurityAccessor; private readonly ContentPermissions _contentPermissions; + /// + /// Initializes a new instance of the class. + /// + /// Accessor for back-office security. + /// Helper for content authorization checks. public ContentPermissionsResourceHandler( - IBackOfficeSecurityAccessor backofficeSecurityAccessor, + IBackOfficeSecurityAccessor backOfficeSecurityAccessor, ContentPermissions contentPermissions) { - _backofficeSecurityAccessor = backofficeSecurityAccessor; + _backOfficeSecurityAccessor = backOfficeSecurityAccessor; _contentPermissions = contentPermissions; } + /// protected override Task IsAuthorized(AuthorizationHandlerContext context, ContentPermissionsResourceRequirement requirement, ContentPermissionsResource resource) { - var permissionResult = resource.NodeId.HasValue + ContentPermissions.ContentAccess permissionResult = resource.NodeId.HasValue ? _contentPermissions.CheckPermissions( resource.NodeId.Value, - _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser, + _backOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser, out IContent _, resource.PermissionsToCheck) : _contentPermissions.CheckPermissions( resource.Content, - _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser, + _backOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser, resource.PermissionsToCheck); return Task.FromResult(permissionResult != ContentPermissions.ContentAccess.Denied); diff --git a/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsResourceRequirement.cs b/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsResourceRequirement.cs index 22b69c93da..fcf2838f33 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsResourceRequirement.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/ContentPermissionsResourceRequirement.cs @@ -1,9 +1,10 @@ -using Microsoft.AspNetCore.Authorization; -using Umbraco.Web.Actions; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using Microsoft.AspNetCore.Authorization; namespace Umbraco.Web.BackOffice.Authorization { - /// /// An authorization requirement for /// diff --git a/src/Umbraco.Web.BackOffice/Authorization/DenyLocalLoginHandler.cs b/src/Umbraco.Web.BackOffice/Authorization/DenyLocalLoginHandler.cs index 96341c5b1f..6c09d00ef7 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/DenyLocalLoginHandler.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/DenyLocalLoginHandler.cs @@ -1,26 +1,27 @@ -using Microsoft.AspNetCore.Authorization; +// Copyright (c) Umbraco. +// See LICENSE for more details. + using System.Threading.Tasks; +using Microsoft.AspNetCore.Authorization; using Umbraco.Web.BackOffice.Security; -using Umbraco.Web.Common.Security; namespace Umbraco.Web.BackOffice.Authorization { - /// - /// Ensures the resource cannot be accessed if returns true + /// Ensures the resource cannot be accessed if returns true. /// public class DenyLocalLoginHandler : MustSatisfyRequirementAuthorizationHandler { private readonly IBackOfficeExternalLoginProviders _externalLogins; - public DenyLocalLoginHandler(IBackOfficeExternalLoginProviders externalLogins) - { - _externalLogins = externalLogins; - } + /// + /// Initializes a new instance of the class. + /// + /// Provides access to instances. + public DenyLocalLoginHandler(IBackOfficeExternalLoginProviders externalLogins) => _externalLogins = externalLogins; - protected override Task IsAuthorized(AuthorizationHandlerContext context, DenyLocalLoginRequirement requirement) - { - return Task.FromResult(!_externalLogins.HasDenyLocalLogin()); - } + /// + protected override Task IsAuthorized(AuthorizationHandlerContext context, DenyLocalLoginRequirement requirement) => + Task.FromResult(!_externalLogins.HasDenyLocalLogin()); } } diff --git a/src/Umbraco.Web.BackOffice/Authorization/DenyLocalLoginRequirement.cs b/src/Umbraco.Web.BackOffice/Authorization/DenyLocalLoginRequirement.cs index a4f3a7e306..b295c74621 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/DenyLocalLoginRequirement.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/DenyLocalLoginRequirement.cs @@ -1,9 +1,12 @@ -using Microsoft.AspNetCore.Authorization; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using Microsoft.AspNetCore.Authorization; namespace Umbraco.Web.BackOffice.Authorization { /// - /// Marker requirement for the + /// Marker requirement for the . /// public class DenyLocalLoginRequirement : IAuthorizationRequirement { diff --git a/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsQueryStringHandler.cs b/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsQueryStringHandler.cs index d6ef44cef1..e55384ab15 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsQueryStringHandler.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsQueryStringHandler.cs @@ -1,29 +1,41 @@ -using System.Threading.Tasks; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using System.Threading.Tasks; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; +using Microsoft.Extensions.Primitives; using Umbraco.Core.Models; using Umbraco.Core.Security; using Umbraco.Core.Services; namespace Umbraco.Web.BackOffice.Authorization { + /// + /// Used to authorize if the user has the correct permission access to the media for the media id specified in a query string. + /// public class MediaPermissionsQueryStringHandler : PermissionsQueryStringHandler { private readonly MediaPermissions _mediaPermissions; + /// + /// Initializes a new instance of the class. + /// + /// Accessor for back-office security. + /// Accessor for the HTTP context of the current request. + /// Service for entity operations. + /// Helper for media authorization checks. public MediaPermissionsQueryStringHandler( - IBackOfficeSecurityAccessor backofficeSecurityAccessor, + IBackOfficeSecurityAccessor backOfficeSecurityAccessor, IHttpContextAccessor httpContextAccessor, IEntityService entityService, MediaPermissions mediaPermissions) - : base(backofficeSecurityAccessor, httpContextAccessor, entityService) - { - _mediaPermissions = mediaPermissions; - } + : base(backOfficeSecurityAccessor, httpContextAccessor, entityService) => _mediaPermissions = mediaPermissions; + /// protected override Task IsAuthorized(AuthorizationHandlerContext context, MediaPermissionsQueryStringRequirement requirement) { - if (!HttpContextAccessor.HttpContext.Request.Query.TryGetValue(requirement.QueryStringName, out var routeVal)) + if (!HttpContextAccessor.HttpContext.Request.Query.TryGetValue(requirement.QueryStringName, out StringValues routeVal)) { // Must succeed this requirement since we cannot process it. return Task.FromResult(true); @@ -37,10 +49,10 @@ namespace Umbraco.Web.BackOffice.Authorization return Task.FromResult(true); } - var permissionResult = _mediaPermissions.CheckPermissions( - BackofficeSecurityAccessor.BackOfficeSecurity.CurrentUser, + MediaPermissions.MediaAccess permissionResult = _mediaPermissions.CheckPermissions( + BackOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser, nodeId, - out var mediaItem); + out IMedia mediaItem); if (mediaItem != null) { @@ -53,6 +65,6 @@ namespace Umbraco.Web.BackOffice.Authorization MediaPermissions.MediaAccess.Denied => Task.FromResult(false), _ => Task.FromResult(true), }; - } + } } } diff --git a/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsQueryStringRequirement.cs b/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsQueryStringRequirement.cs index c7b62a570f..14d9d77834 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsQueryStringRequirement.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsQueryStringRequirement.cs @@ -1,14 +1,24 @@ -using Microsoft.AspNetCore.Authorization; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using Microsoft.AspNetCore.Authorization; namespace Umbraco.Web.BackOffice.Authorization { + /// + /// An authorization requirement for + /// public class MediaPermissionsQueryStringRequirement : IAuthorizationRequirement { - public MediaPermissionsQueryStringRequirement(string paramName) - { - QueryStringName = paramName; - } + /// + /// Initializes a new instance of the class. + /// + /// Querystring paramter name. + public MediaPermissionsQueryStringRequirement(string paramName) => QueryStringName = paramName; + /// + /// Gets the querystring paramter name. + /// public string QueryStringName { get; } } } diff --git a/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsResource.cs b/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsResource.cs index 5b1ed92f5f..267fbc2b90 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsResource.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsResource.cs @@ -1,4 +1,7 @@ -using Umbraco.Core.Models; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using Umbraco.Core.Models; namespace Umbraco.Web.BackOffice.Authorization { diff --git a/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsResourceHandler.cs b/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsResourceHandler.cs index 6c5280a19c..613aaaa8d5 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsResourceHandler.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsResourceHandler.cs @@ -1,36 +1,45 @@ -using Microsoft.AspNetCore.Authorization; +// Copyright (c) Umbraco. +// See LICENSE for more details. + using System.Threading.Tasks; +using Microsoft.AspNetCore.Authorization; using Umbraco.Core.Models; using Umbraco.Core.Security; namespace Umbraco.Web.BackOffice.Authorization { /// - /// Used to authorize if the user has the correct permission access to the content for the specified + /// Used to authorize if the user has the correct permission access to the content for the specified. /// public class MediaPermissionsResourceHandler : MustSatisfyRequirementAuthorizationHandler { - private readonly IBackOfficeSecurityAccessor _backofficeSecurityAccessor; + private readonly IBackOfficeSecurityAccessor _backOfficeSecurityAccessor; private readonly MediaPermissions _mediaPermissions; + /// + /// Initializes a new instance of the class. + /// + /// Accessor for back-office security. + /// Helper for media authorization checks. public MediaPermissionsResourceHandler( - IBackOfficeSecurityAccessor backofficeSecurityAccessor, + IBackOfficeSecurityAccessor backOfficeSecurityAccessor, MediaPermissions mediaPermissions) { - _backofficeSecurityAccessor = backofficeSecurityAccessor; + _backOfficeSecurityAccessor = backOfficeSecurityAccessor; _mediaPermissions = mediaPermissions; } + /// protected override Task IsAuthorized(AuthorizationHandlerContext context, MediaPermissionsResourceRequirement requirement, MediaPermissionsResource resource) { - var permissionResult = resource.NodeId.HasValue + MediaPermissions.MediaAccess permissionResult = resource.NodeId.HasValue ? _mediaPermissions.CheckPermissions( - _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser, + _backOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser, resource.NodeId.Value, out _) : _mediaPermissions.CheckPermissions( resource.Media, - _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser); + _backOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser); return Task.FromResult(permissionResult != MediaPermissions.MediaAccess.Denied); } diff --git a/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsResourceRequirement.cs b/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsResourceRequirement.cs index 3087e4b258..b615a81709 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsResourceRequirement.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsResourceRequirement.cs @@ -1,13 +1,14 @@ -using Microsoft.AspNetCore.Authorization; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using Microsoft.AspNetCore.Authorization; namespace Umbraco.Web.BackOffice.Authorization { - /// /// An authorization requirement for /// public class MediaPermissionsResourceRequirement : IAuthorizationRequirement { - } } diff --git a/src/Umbraco.Web.BackOffice/Authorization/MustSatisfyRequirementAuthorizationHandler.cs b/src/Umbraco.Web.BackOffice/Authorization/MustSatisfyRequirementAuthorizationHandler.cs index 98baacf5ee..b990906942 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/MustSatisfyRequirementAuthorizationHandler.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/MustSatisfyRequirementAuthorizationHandler.cs @@ -1,18 +1,23 @@ -using Microsoft.AspNetCore.Authorization; +// Copyright (c) Umbraco. +// See LICENSE for more details. + using System.Threading.Tasks; +using Microsoft.AspNetCore.Authorization; namespace Umbraco.Web.BackOffice.Authorization { /// - /// Abstract handler that must satisfy the requirement so Succeed or Fail will be called no matter what + /// Abstract handler that must satisfy the requirement so Succeed or Fail will be called no matter what. /// - /// + /// Authorization requirement. /// /// aspnetcore Authz handlers are not required to satisfy the requirement and generally don't explicitly call Fail when the requirement /// isn't satisfied, however in many simple cases explicitly calling Succeed or Fail is what we want which is what this class is used for. /// - public abstract class MustSatisfyRequirementAuthorizationHandler : AuthorizationHandler where T : IAuthorizationRequirement + public abstract class MustSatisfyRequirementAuthorizationHandler : AuthorizationHandler + where T : IAuthorizationRequirement { + /// protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, T requirement) { var isAuth = await IsAuthorized(context, requirement); @@ -29,23 +34,25 @@ namespace Umbraco.Web.BackOffice.Authorization /// /// Return true if the requirement is succeeded or ignored, return false if the requirement is explicitly not met /// - /// - /// - /// + /// The authorization context. + /// The authorization requirement. + /// True if request is authorized, false if not. protected abstract Task IsAuthorized(AuthorizationHandlerContext context, T requirement); } /// - /// Abstract handler that must satisfy the requirement so Succeed or Fail will be called no matter what + /// Abstract handler that must satisfy the requirement so Succeed or Fail will be called no matter what. /// - /// - /// + /// Authorization requirement. + /// Resource to authorize access to. /// /// aspnetcore Authz handlers are not required to satisfy the requirement and generally don't explicitly call Fail when the requirement /// isn't satisfied, however in many simple cases explicitly calling Succeed or Fail is what we want which is what this class is used for. /// - public abstract class MustSatisfyRequirementAuthorizationHandler : AuthorizationHandler where T : IAuthorizationRequirement + public abstract class MustSatisfyRequirementAuthorizationHandler : AuthorizationHandler + where T : IAuthorizationRequirement { + /// protected override async Task HandleRequirementAsync(AuthorizationHandlerContext context, T requirement, TResource resource) { var isAuth = await IsAuthorized(context, requirement, resource); @@ -62,9 +69,10 @@ namespace Umbraco.Web.BackOffice.Authorization /// /// Return true if the requirement is succeeded or ignored, return false if the requirement is explicitly not met /// - /// - /// - /// + /// The authorization context. + /// The authorization requirement. + /// The resource to authorize access to. + /// True if request is authorized, false if not. protected abstract Task IsAuthorized(AuthorizationHandlerContext context, T requirement, TResource resource); } } diff --git a/src/Umbraco.Web.BackOffice/Authorization/PermissionsQueryStringHandler.cs b/src/Umbraco.Web.BackOffice/Authorization/PermissionsQueryStringHandler.cs index 49f62dc2f9..47e7c6bb91 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/PermissionsQueryStringHandler.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/PermissionsQueryStringHandler.cs @@ -1,4 +1,7 @@ -using System; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using System; using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Umbraco.Core; @@ -8,25 +11,50 @@ using Umbraco.Core.Services; namespace Umbraco.Web.BackOffice.Authorization { + /// + /// Abstract base class providing common functionality for authorization checks based on querystrings. + /// + /// Authorization requirement public abstract class PermissionsQueryStringHandler : MustSatisfyRequirementAuthorizationHandler where T : IAuthorizationRequirement { + /// + /// Initializes a new instance of the class. + /// + /// Accessor for back-office security. + /// Accessor for the HTTP context of the current request. + /// Service for entity operations. public PermissionsQueryStringHandler( - IBackOfficeSecurityAccessor backofficeSecurityAccessor, + IBackOfficeSecurityAccessor backOfficeSecurityAccessor, IHttpContextAccessor httpContextAccessor, IEntityService entityService) { - BackofficeSecurityAccessor = backofficeSecurityAccessor; + BackOfficeSecurityAccessor = backOfficeSecurityAccessor; HttpContextAccessor = httpContextAccessor; EntityService = entityService; } - protected IBackOfficeSecurityAccessor BackofficeSecurityAccessor { get; set; } + /// + /// Gets or sets the instance. + /// + protected IBackOfficeSecurityAccessor BackOfficeSecurityAccessor { get; set; } + /// + /// Gets or sets the instance. + /// protected IHttpContextAccessor HttpContextAccessor { get; set; } + /// + /// Gets or sets the instance. + /// protected IEntityService EntityService { get; set; } + /// + /// Attempts to parse a node ID from a string representation found in a querystring value. + /// + /// Querystring value. + /// Output parsed Id. + /// True of node ID could be parased, false it not. protected bool TryParseNodeId(string argument, out int nodeId) { // If the argument is an int, it will parse and can be assigned to nodeId. @@ -38,12 +66,12 @@ namespace Umbraco.Web.BackOffice.Authorization nodeId = parsedId; return true; } - else if (UdiParser.TryParse(argument, true, out var udi)) + else if (UdiParser.TryParse(argument, true, out Udi udi)) { nodeId = EntityService.GetId(udi).Result; return true; } - else if (Guid.TryParse(argument, out var key)) + else if (Guid.TryParse(argument, out Guid key)) { nodeId = EntityService.GetId(key, UmbracoObjectTypes.Document).Result; return true; diff --git a/src/Umbraco.Web.BackOffice/Authorization/SectionHandler.cs b/src/Umbraco.Web.BackOffice/Authorization/SectionHandler.cs index ffa6db220f..4620422742 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/SectionHandler.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/SectionHandler.cs @@ -1,11 +1,13 @@ -using Microsoft.AspNetCore.Authorization; +// Copyright (c) Umbraco. +// See LICENSE for more details. + using System.Linq; using System.Threading.Tasks; +using Microsoft.AspNetCore.Authorization; using Umbraco.Core.Security; namespace Umbraco.Web.BackOffice.Authorization { - /// /// Ensures that the current user has access to the section /// @@ -14,18 +16,21 @@ namespace Umbraco.Web.BackOffice.Authorization /// public class SectionHandler : MustSatisfyRequirementAuthorizationHandler { - private readonly IBackOfficeSecurityAccessor _backofficeSecurityAccessor; + private readonly IBackOfficeSecurityAccessor _backOfficeSecurityAccessor; - public SectionHandler(IBackOfficeSecurityAccessor backofficeSecurityAccessor) - { - _backofficeSecurityAccessor = backofficeSecurityAccessor; - } + /// + /// Initializes a new instance of the class. + /// + /// Accessor for back-office security. + public SectionHandler(IBackOfficeSecurityAccessor backOfficeSecurityAccessor) => _backOfficeSecurityAccessor = backOfficeSecurityAccessor; + /// protected override Task IsAuthorized(AuthorizationHandlerContext context, SectionRequirement requirement) { - var authorized = _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser != null - && requirement.SectionAliases.Any(app => _backofficeSecurityAccessor.BackOfficeSecurity.UserHasSectionAccess( - app, _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser)); + var authorized = _backOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser != null && + requirement.SectionAliases + .Any(app => _backOfficeSecurityAccessor.BackOfficeSecurity.UserHasSectionAccess( + app, _backOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser)); return Task.FromResult(authorized); } diff --git a/src/Umbraco.Web.BackOffice/Authorization/SectionRequirement.cs b/src/Umbraco.Web.BackOffice/Authorization/SectionRequirement.cs index 033eccdd18..a7e3aa5e2c 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/SectionRequirement.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/SectionRequirement.cs @@ -1,5 +1,8 @@ -using Microsoft.AspNetCore.Authorization; +// Copyright (c) Umbraco. +// See LICENSE for more details. + using System.Collections.Generic; +using Microsoft.AspNetCore.Authorization; namespace Umbraco.Web.BackOffice.Authorization { @@ -9,10 +12,14 @@ namespace Umbraco.Web.BackOffice.Authorization public class SectionRequirement : IAuthorizationRequirement { /// - /// The aliases for sections that the user will need access to + /// Initializes a new instance of the class. + /// + /// Aliases for sections that the user will need access to. + public SectionRequirement(params string[] aliases) => SectionAliases = aliases; + + /// + /// Gets the aliases for sections that the user will need access to. /// public IReadOnlyCollection SectionAliases { get; } - - public SectionRequirement(params string[] aliases) => SectionAliases = aliases; } } diff --git a/src/Umbraco.Web.BackOffice/Authorization/TreeHandler.cs b/src/Umbraco.Web.BackOffice/Authorization/TreeHandler.cs index f151247850..f847f0981d 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/TreeHandler.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/TreeHandler.cs @@ -1,14 +1,16 @@ -using Microsoft.AspNetCore.Authorization; +// Copyright (c) Umbraco. +// See LICENSE for more details. + using System; using System.Linq; -using Umbraco.Core; using System.Threading.Tasks; +using Microsoft.AspNetCore.Authorization; +using Umbraco.Core; using Umbraco.Core.Security; using Umbraco.Web.Services; namespace Umbraco.Web.BackOffice.Authorization { - /// /// Ensures that the current user has access to the section for which the specified tree(s) belongs /// @@ -18,40 +20,35 @@ namespace Umbraco.Web.BackOffice.Authorization /// public class TreeHandler : MustSatisfyRequirementAuthorizationHandler { - private readonly ITreeService _treeService; - private readonly IBackOfficeSecurityAccessor _backofficeSecurityAccessor; + private readonly IBackOfficeSecurityAccessor _backOfficeSecurityAccessor; /// - /// Constructor to set authorization to be based on a tree alias for which application security will be applied + /// Initializes a new instance of the class. /// - /// - /// - /// - /// If the user has access to the application that the treeAlias is specified in, they will be authorized. - /// Multiple trees may be specified. - /// - public TreeHandler(ITreeService treeService, IBackOfficeSecurityAccessor backofficeSecurityAccessor) + /// Service for section tree operations. + /// Accessor for back-office security. + public TreeHandler(ITreeService treeService, IBackOfficeSecurityAccessor backOfficeSecurityAccessor) { _treeService = treeService ?? throw new ArgumentNullException(nameof(treeService)); - _backofficeSecurityAccessor = backofficeSecurityAccessor ?? throw new ArgumentNullException(nameof(backofficeSecurityAccessor)); + _backOfficeSecurityAccessor = backOfficeSecurityAccessor ?? throw new ArgumentNullException(nameof(backOfficeSecurityAccessor)); } + /// protected override Task IsAuthorized(AuthorizationHandlerContext context, TreeRequirement requirement) { - var apps = requirement.TreeAliases.Select(x => _treeService - .GetByAlias(x)) + var apps = requirement.TreeAliases + .Select(x => _treeService.GetByAlias(x)) .WhereNotNull() .Select(x => x.SectionAlias) .Distinct() .ToArray(); - var isAuth = _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser != null - && apps.Any(app => _backofficeSecurityAccessor.BackOfficeSecurity.UserHasSectionAccess( - app, _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser)); + var isAuth = _backOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser != null && + apps.Any(app => _backOfficeSecurityAccessor.BackOfficeSecurity.UserHasSectionAccess( + app, _backOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser)); return Task.FromResult(isAuth); } - } } diff --git a/src/Umbraco.Web.BackOffice/Authorization/TreeRequirement.cs b/src/Umbraco.Web.BackOffice/Authorization/TreeRequirement.cs index 7261cee51b..1d8671d3c9 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/TreeRequirement.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/TreeRequirement.cs @@ -1,19 +1,25 @@ -using Microsoft.AspNetCore.Authorization; +// Copyright (c) Umbraco. +// See LICENSE for more details. + using System.Collections.Generic; +using Microsoft.AspNetCore.Authorization; namespace Umbraco.Web.BackOffice.Authorization { - /// /// Authorization requirements for /// public class TreeRequirement : IAuthorizationRequirement { /// - /// The aliases for trees that the user will need access to + /// Initializes a new instance of the class. + /// + /// The aliases for trees that the user will need access to. + public TreeRequirement(params string[] aliases) => TreeAliases = aliases; + + /// + /// Gets the aliases for trees that the user will need access to. /// public IReadOnlyCollection TreeAliases { get; } - - public TreeRequirement(params string[] aliases) => TreeAliases = aliases; } } diff --git a/src/Umbraco.Web.BackOffice/Authorization/UserGroupHandler.cs b/src/Umbraco.Web.BackOffice/Authorization/UserGroupHandler.cs index a693bc592b..92045fcdfb 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/UserGroupHandler.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/UserGroupHandler.cs @@ -1,8 +1,14 @@ -using Microsoft.AspNetCore.Authorization; -using Microsoft.AspNetCore.Http; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using System.Collections.Generic; using System.Linq; using System.Threading.Tasks; +using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Http; +using Microsoft.Extensions.Primitives; using Umbraco.Core; +using Umbraco.Core.Models.Membership; using Umbraco.Core.Security; using Umbraco.Core.Services; using Umbraco.Web.BackOffice.Controllers; @@ -14,40 +20,51 @@ namespace Umbraco.Web.BackOffice.Authorization /// public class UserGroupHandler : MustSatisfyRequirementAuthorizationHandler { - private readonly IHttpContextAccessor _httpContextAcessor; + private readonly IHttpContextAccessor _httpContextAccessor; private readonly IUserService _userService; private readonly IContentService _contentService; private readonly IMediaService _mediaService; private readonly IEntityService _entityService; - private readonly IBackOfficeSecurityAccessor _backofficeSecurityAccessor; + private readonly IBackOfficeSecurityAccessor _backOfficeSecurityAccessor; - public UserGroupHandler(IHttpContextAccessor httpContextAcessor, - IUserService userService, - IContentService contentService, - IMediaService mediaService, - IEntityService entityService, - IBackOfficeSecurityAccessor backofficeSecurityAccessor) + /// + /// Initializes a new instance of the class. + /// + /// Accessor for the HTTP context of the current request. + /// Service for user related operations. + /// Service for content related operations. + /// Service for media related operations. + /// Service for entity related operations. + /// Accessor for back-office security. + public UserGroupHandler( + IHttpContextAccessor httpContextAccessor, + IUserService userService, + IContentService contentService, + IMediaService mediaService, + IEntityService entityService, + IBackOfficeSecurityAccessor backOfficeSecurityAccessor) { - _httpContextAcessor = httpContextAcessor; + _httpContextAccessor = httpContextAccessor; _userService = userService; _contentService = contentService; _mediaService = mediaService; _entityService = entityService; - _backofficeSecurityAccessor = backofficeSecurityAccessor; + _backOfficeSecurityAccessor = backOfficeSecurityAccessor; } + /// protected override Task IsAuthorized(AuthorizationHandlerContext context, UserGroupRequirement requirement) { - var currentUser = _backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser; + IUser currentUser = _backOfficeSecurityAccessor.BackOfficeSecurity.CurrentUser; - var queryString = _httpContextAcessor.HttpContext?.Request.Query; + IQueryCollection queryString = _httpContextAccessor.HttpContext?.Request.Query; if (queryString == null) { // Must succeed this requirement since we cannot process it. return Task.FromResult(true); - } + } - var ids = queryString.Where(x => x.Key == requirement.QueryStringName).ToArray(); + KeyValuePair[] ids = queryString.Where(x => x.Key == requirement.QueryStringName).ToArray(); if (ids.Length == 0) { // Must succeed this requirement since we cannot process it. @@ -64,10 +81,9 @@ namespace Umbraco.Web.BackOffice.Authorization _mediaService, _entityService); - var isAuth = authHelper.AuthorizeGroupAccess(currentUser, intIds); + Attempt isAuth = authHelper.AuthorizeGroupAccess(currentUser, intIds); return Task.FromResult(isAuth.Success); } - } } diff --git a/src/Umbraco.Web.BackOffice/Authorization/UserGroupRequirement.cs b/src/Umbraco.Web.BackOffice/Authorization/UserGroupRequirement.cs index aae5733d96..2a14bb1a78 100644 --- a/src/Umbraco.Web.BackOffice/Authorization/UserGroupRequirement.cs +++ b/src/Umbraco.Web.BackOffice/Authorization/UserGroupRequirement.cs @@ -1,4 +1,7 @@ -using Microsoft.AspNetCore.Authorization; +// Copyright (c) Umbraco. +// See LICENSE for more details. + +using Microsoft.AspNetCore.Authorization; namespace Umbraco.Web.BackOffice.Authorization { @@ -7,11 +10,15 @@ namespace Umbraco.Web.BackOffice.Authorization /// public class UserGroupRequirement : IAuthorizationRequirement { - public UserGroupRequirement(string queryStringName = "id") - { - QueryStringName = queryStringName; - } + /// + /// Initializes a new instance of the class. + /// + /// Query string name from which to authorize values. + public UserGroupRequirement(string queryStringName = "id") => QueryStringName = queryStringName; + /// + /// Gets the query string name from which to authorize values. + /// public string QueryStringName { get; } } }