diff --git a/src/Umbraco.Web.BackOffice/Filters/OutgoingEditorModelEventAttribute.cs b/src/Umbraco.Web.BackOffice/Filters/OutgoingEditorModelEventAttribute.cs
index 5c9e646ba0..d433ba9886 100644
--- a/src/Umbraco.Web.BackOffice/Filters/OutgoingEditorModelEventAttribute.cs
+++ b/src/Umbraco.Web.BackOffice/Filters/OutgoingEditorModelEventAttribute.cs
@@ -1,7 +1,9 @@
-using Microsoft.AspNetCore.Mvc;
+using System;
+using Microsoft.AspNetCore.Mvc;
using Microsoft.AspNetCore.Mvc.Filters;
using Umbraco.Core;
using Umbraco.Web.Editors;
+using Umbraco.Web.Security;
namespace Umbraco.Web.WebApi.Filters
{
@@ -11,10 +13,12 @@ namespace Umbraco.Web.WebApi.Filters
internal sealed class OutgoingEditorModelEventAttribute : ActionFilterAttribute
{
private readonly IUmbracoContextAccessor _umbracoContextAccessor;
+ private readonly IWebSecurity _webSecurity;
- public OutgoingEditorModelEventAttribute(IUmbracoContextAccessor umbracoContextAccessor)
+ public OutgoingEditorModelEventAttribute(IUmbracoContextAccessor umbracoContextAccessor, IWebSecurity webSecurity)
{
- _umbracoContextAccessor = umbracoContextAccessor;
+ _umbracoContextAccessor = umbracoContextAccessor ?? throw new ArgumentNullException(nameof(umbracoContextAccessor));
+ _webSecurity = webSecurity ?? throw new ArgumentNullException(nameof(webSecurity));
}
public override void OnActionExecuted(ActionExecutedContext context)
@@ -22,7 +26,7 @@ namespace Umbraco.Web.WebApi.Filters
if (context.Result == null) return;
var umbracoContext = _umbracoContextAccessor.GetRequiredUmbracoContext();
- var user = umbracoContext.Security.CurrentUser;
+ var user = _webSecurity.CurrentUser;
if (user == null) return;
if (context.Result is ObjectResult objectContent)
@@ -41,6 +45,5 @@ namespace Umbraco.Web.WebApi.Filters
base.OnActionExecuted(context);
}
-
}
}
diff --git a/src/Umbraco.Web/Editors/Filters/ContentModelValidator.cs b/src/Umbraco.Web/Editors/Filters/ContentModelValidator.cs
index bd27a872d0..7841e547aa 100644
--- a/src/Umbraco.Web/Editors/Filters/ContentModelValidator.cs
+++ b/src/Umbraco.Web/Editors/Filters/ContentModelValidator.cs
@@ -10,6 +10,7 @@ using Umbraco.Core.Models;
using Umbraco.Core.PropertyEditors;
using Umbraco.Core.Services;
using Umbraco.Web.Models.ContentEditing;
+using Umbraco.Web.Security;
namespace Umbraco.Web.Editors.Filters
{
@@ -18,13 +19,13 @@ namespace Umbraco.Web.Editors.Filters
///
internal abstract class ContentModelValidator
{
- protected IUmbracoContextAccessor UmbracoContextAccessor { get; }
+ protected IWebSecurity WebSecurity { get; }
protected ILogger Logger { get; }
- protected ContentModelValidator(ILogger logger, IUmbracoContextAccessor umbracoContextAccessor)
+ protected ContentModelValidator(ILogger logger, IWebSecurity webSecurity)
{
Logger = logger ?? throw new ArgumentNullException(nameof(logger));
- UmbracoContextAccessor = umbracoContextAccessor ?? throw new ArgumentNullException(nameof(umbracoContextAccessor));
+ WebSecurity = webSecurity ?? throw new ArgumentNullException(nameof(webSecurity));
}
}
@@ -45,7 +46,7 @@ namespace Umbraco.Web.Editors.Filters
{
private readonly ILocalizedTextService _textService;
- protected ContentModelValidator(ILogger logger, IUmbracoContextAccessor umbracoContextAccessor, ILocalizedTextService textService) : base(logger, umbracoContextAccessor)
+ protected ContentModelValidator(ILogger logger, IWebSecurity webSecurity, ILocalizedTextService textService) : base(logger, webSecurity)
{
_textService = textService ?? throw new ArgumentNullException(nameof(textService));
}
diff --git a/src/Umbraco.Web/Editors/Filters/MemberSaveModelValidator.cs b/src/Umbraco.Web/Editors/Filters/MemberSaveModelValidator.cs
index 1b2ddf2ace..77dc1a1c27 100644
--- a/src/Umbraco.Web/Editors/Filters/MemberSaveModelValidator.cs
+++ b/src/Umbraco.Web/Editors/Filters/MemberSaveModelValidator.cs
@@ -11,6 +11,7 @@ using Umbraco.Core.Models;
using Umbraco.Core.Services;
using Umbraco.Core.Strings;
using Umbraco.Web.Models.ContentEditing;
+using Umbraco.Web.Security;
namespace Umbraco.Web.Editors.Filters
{
@@ -25,12 +26,12 @@ namespace Umbraco.Web.Editors.Filters
public MemberSaveModelValidator(
ILogger logger,
- IUmbracoContextAccessor umbracoContextAccessor,
+ IWebSecurity webSecurity,
ILocalizedTextService textService,
IMemberTypeService memberTypeService,
IMemberService memberService,
IShortStringHelper shortStringHelper)
- : base(logger, umbracoContextAccessor, textService)
+ : base(logger, webSecurity, textService)
{
_memberTypeService = memberTypeService ?? throw new ArgumentNullException(nameof(memberTypeService));
_memberService = memberService ?? throw new ArgumentNullException(nameof(memberService));
@@ -101,7 +102,7 @@ namespace Umbraco.Web.Editors.Filters
//if the user doesn't have access to sensitive values, then we need to validate the incoming properties to check
//if a sensitive value is being submitted.
- if (UmbracoContextAccessor.UmbracoContext.Security.CurrentUser.HasAccessToSensitiveData() == false)
+ if (WebSecurity.CurrentUser.HasAccessToSensitiveData() == false)
{
var contentType = _memberTypeService.Get(model.PersistedContent.ContentTypeId);
var sensitiveProperties = contentType
diff --git a/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs b/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs
index dc647a5fe3..b5c6185069 100644
--- a/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs
+++ b/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs
@@ -4,6 +4,7 @@ using System.Web.Mvc;
using Umbraco.Core;
using Umbraco.Web.Composing;
using Umbraco.Core.Configuration;
+using Umbraco.Web.Security;
namespace Umbraco.Web.Mvc
{
@@ -12,25 +13,23 @@ namespace Umbraco.Web.Mvc
public sealed class UmbracoAuthorizeAttribute : AuthorizeAttribute
{
// see note in HttpInstallAuthorizeAttribute
- private readonly IUmbracoContext _umbracoContext;
+ private readonly IWebSecurity _webSecurity;
private readonly IRuntimeState _runtimeState;
private readonly string _redirectUrl;
private IRuntimeState RuntimeState => _runtimeState ?? Current.RuntimeState;
- private IUmbracoContext UmbracoContext => _umbracoContext ?? Current.UmbracoContext;
+ private IWebSecurity WebSecurity => _webSecurity ?? Current.UmbracoContext.Security;
///
/// THIS SHOULD BE ONLY USED FOR UNIT TESTS
///
- ///
+ ///
///
- public UmbracoAuthorizeAttribute(IUmbracoContext umbracoContext, IRuntimeState runtimeState)
+ public UmbracoAuthorizeAttribute(IWebSecurity webSecurity, IRuntimeState runtimeState)
{
- if (umbracoContext == null) throw new ArgumentNullException(nameof(umbracoContext));
- if (runtimeState == null) throw new ArgumentNullException(nameof(runtimeState));
- _umbracoContext = umbracoContext;
- _runtimeState = runtimeState;
+ _webSecurity = webSecurity ?? throw new ArgumentNullException(nameof(webSecurity));
+ _runtimeState = runtimeState ?? throw new ArgumentNullException(nameof(runtimeState));
}
///
@@ -75,7 +74,7 @@ namespace Umbraco.Web.Mvc
// otherwise we need to ensure that a user is logged in
return RuntimeState.Level == RuntimeLevel.Install
|| RuntimeState.Level == RuntimeLevel.Upgrade
- || UmbracoContext.Security.ValidateCurrentUser();
+ || WebSecurity.ValidateCurrentUser();
}
catch (Exception)
{
diff --git a/src/Umbraco.Web/WebApi/UmbracoAuthorizeAttribute.cs b/src/Umbraco.Web/WebApi/UmbracoAuthorizeAttribute.cs
index 000c4860c6..69c697d0fc 100644
--- a/src/Umbraco.Web/WebApi/UmbracoAuthorizeAttribute.cs
+++ b/src/Umbraco.Web/WebApi/UmbracoAuthorizeAttribute.cs
@@ -19,24 +19,22 @@ namespace Umbraco.Web.WebApi
internal static bool Enable = true;
// TODO: inject!
- private readonly IUmbracoContext _umbracoContext;
+ private readonly IWebSecurity _webSecurity;
private readonly IRuntimeState _runtimeState;
private IRuntimeState RuntimeState => _runtimeState ?? Current.RuntimeState;
- private IUmbracoContext UmbracoContext => _umbracoContext ?? Current.UmbracoContext;
+ private IWebSecurity WebSecurity => _webSecurity ?? Current.UmbracoContext.Security;
///
/// THIS SHOULD BE ONLY USED FOR UNIT TESTS
///
- ///
+ ///
///
- public UmbracoAuthorizeAttribute(IUmbracoContext umbracoContext, IRuntimeState runtimeState)
+ public UmbracoAuthorizeAttribute(IWebSecurity webSecurity, IRuntimeState runtimeState)
{
- if (umbracoContext == null) throw new ArgumentNullException(nameof(umbracoContext));
- if (runtimeState == null) throw new ArgumentNullException(nameof(runtimeState));
- _umbracoContext = umbracoContext;
- _runtimeState = runtimeState;
+ _webSecurity = webSecurity ?? throw new ArgumentNullException(nameof(webSecurity));
+ _runtimeState = runtimeState ?? throw new ArgumentNullException(nameof(runtimeState));
}
public UmbracoAuthorizeAttribute() : this(true)
@@ -60,7 +58,7 @@ namespace Umbraco.Web.WebApi
// otherwise we need to ensure that a user is logged in
return RuntimeState.Level == RuntimeLevel.Install
|| RuntimeState.Level == RuntimeLevel.Upgrade
- || UmbracoContext.Security.ValidateCurrentUser(false, _requireApproval) == ValidateRequestAttempt.Success;
+ || WebSecurity.ValidateCurrentUser(false, _requireApproval) == ValidateRequestAttempt.Success;
}
catch (Exception)
{