yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removes UmbracoApplicationAuthorizeAttribute and migrates usages to authz policies

Browse Source
This commit is contained in:
Shannon
2020-11-19 22:17:42 +11:00
parent daaade185e
commit 63fceebca0
25 changed files with 233 additions and 172 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/Umbraco.Web.BackOffice/Trees/ContentTreeController.cs
View File

@@ -12,29 +12,20 @@ using Umbraco.Web.Actions;
using Umbraco.Web.Models.Trees;
using Umbraco.Web.Models.ContentEditing;
using Umbraco.Web.Search;
using Umbraco.Core.Configuration;
using Umbraco.Core.Security;
using Constants = Umbraco.Core.Constants;
using Umbraco.Web.BackOffice.Filters;
using Umbraco.Web.Common.Attributes;
using Umbraco.Web.Common.Exceptions;
using Umbraco.Web.Security;
using Umbraco.Web.WebApi;
using Umbraco.Core.Configuration.Models;
using Microsoft.Extensions.Options;
using Umbraco.Web.Trees;
using Microsoft.AspNetCore.Authorization;
using Umbraco.Web.BackOffice.Authorization;
namespace Umbraco.Web.BackOffice.Trees
{
//We will not allow the tree to render unless the user has access to any of the sections that the tree gets rendered
// this is not ideal but until we change permissions to be tree based (not section) there's not much else we can do here.
[UmbracoApplicationAuthorize(
Constants.Applications.Content,
Constants.Applications.Media,
Constants.Applications.Users,
Constants.Applications.Settings,
Constants.Applications.Packages,
Constants.Applications.Members)]
[Authorize(Policy = AuthorizationPolicies.SectionAccessForContentTree)]
[Tree(Constants.Applications.Content, Constants.Trees.Content)]
[PluginController(Constants.Web.Mvc.BackOfficeTreeArea)]
[CoreTree]