Another round of injecting webSecurity directly
This commit is contained in:
Elitsa Marinovska
@@ -10,6 +10,7 @@ using Umbraco.Core.Models;
|
||||
using Umbraco.Core.PropertyEditors;
|
||||
using Umbraco.Core.Services;
|
||||
using Umbraco.Web.Models.ContentEditing;
|
||||
using Umbraco.Web.Security;
|
||||
|
||||
namespace Umbraco.Web.Editors.Filters
|
||||
{
|
||||
@@ -18,13 +19,13 @@ namespace Umbraco.Web.Editors.Filters
|
||||
/// </summary>
|
||||
internal abstract class ContentModelValidator
|
||||
{
|
||||
protected IUmbracoContextAccessor UmbracoContextAccessor { get; }
|
||||
protected IWebSecurity WebSecurity { get; }
|
||||
protected ILogger Logger { get; }
|
||||
|
||||
protected ContentModelValidator(ILogger logger, IUmbracoContextAccessor umbracoContextAccessor)
|
||||
protected ContentModelValidator(ILogger logger, IWebSecurity webSecurity)
|
||||
{
|
||||
Logger = logger ?? throw new ArgumentNullException(nameof(logger));
|
||||
UmbracoContextAccessor = umbracoContextAccessor ?? throw new ArgumentNullException(nameof(umbracoContextAccessor));
|
||||
WebSecurity = webSecurity ?? throw new ArgumentNullException(nameof(webSecurity));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -45,7 +46,7 @@ namespace Umbraco.Web.Editors.Filters
|
||||
{
|
||||
private readonly ILocalizedTextService _textService;
|
||||
|
||||
protected ContentModelValidator(ILogger logger, IUmbracoContextAccessor umbracoContextAccessor, ILocalizedTextService textService) : base(logger, umbracoContextAccessor)
|
||||
protected ContentModelValidator(ILogger logger, IWebSecurity webSecurity, ILocalizedTextService textService) : base(logger, webSecurity)
|
||||
{
|
||||
_textService = textService ?? throw new ArgumentNullException(nameof(textService));
|
||||
}
|
||||
|
||||
@@ -11,6 +11,7 @@ using Umbraco.Core.Models;
|
||||
using Umbraco.Core.Services;
|
||||
using Umbraco.Core.Strings;
|
||||
using Umbraco.Web.Models.ContentEditing;
|
||||
using Umbraco.Web.Security;
|
||||
|
||||
namespace Umbraco.Web.Editors.Filters
|
||||
{
|
||||
@@ -25,12 +26,12 @@ namespace Umbraco.Web.Editors.Filters
|
||||
|
||||
public MemberSaveModelValidator(
|
||||
ILogger logger,
|
||||
IUmbracoContextAccessor umbracoContextAccessor,
|
||||
IWebSecurity webSecurity,
|
||||
ILocalizedTextService textService,
|
||||
IMemberTypeService memberTypeService,
|
||||
IMemberService memberService,
|
||||
IShortStringHelper shortStringHelper)
|
||||
: base(logger, umbracoContextAccessor, textService)
|
||||
: base(logger, webSecurity, textService)
|
||||
{
|
||||
_memberTypeService = memberTypeService ?? throw new ArgumentNullException(nameof(memberTypeService));
|
||||
_memberService = memberService ?? throw new ArgumentNullException(nameof(memberService));
|
||||
@@ -101,7 +102,7 @@ namespace Umbraco.Web.Editors.Filters
|
||||
|
||||
//if the user doesn't have access to sensitive values, then we need to validate the incoming properties to check
|
||||
//if a sensitive value is being submitted.
|
||||
if (UmbracoContextAccessor.UmbracoContext.Security.CurrentUser.HasAccessToSensitiveData() == false)
|
||||
if (WebSecurity.CurrentUser.HasAccessToSensitiveData() == false)
|
||||
{
|
||||
var contentType = _memberTypeService.Get(model.PersistedContent.ContentTypeId);
|
||||
var sensitiveProperties = contentType
|
||||
|
||||
@@ -4,6 +4,7 @@ using System.Web.Mvc;
|
||||
using Umbraco.Core;
|
||||
using Umbraco.Web.Composing;
|
||||
using Umbraco.Core.Configuration;
|
||||
using Umbraco.Web.Security;
|
||||
|
||||
namespace Umbraco.Web.Mvc
|
||||
{
|
||||
@@ -12,25 +13,23 @@ namespace Umbraco.Web.Mvc
|
||||
public sealed class UmbracoAuthorizeAttribute : AuthorizeAttribute
|
||||
{
|
||||
// see note in HttpInstallAuthorizeAttribute
|
||||
private readonly IUmbracoContext _umbracoContext;
|
||||
private readonly IWebSecurity _webSecurity;
|
||||
private readonly IRuntimeState _runtimeState;
|
||||
private readonly string _redirectUrl;
|
||||
|
||||
private IRuntimeState RuntimeState => _runtimeState ?? Current.RuntimeState;
|
||||
|
||||
private IUmbracoContext UmbracoContext => _umbracoContext ?? Current.UmbracoContext;
|
||||
private IWebSecurity WebSecurity => _webSecurity ?? Current.UmbracoContext.Security;
|
||||
|
||||
/// <summary>
|
||||
/// THIS SHOULD BE ONLY USED FOR UNIT TESTS
|
||||
/// </summary>
|
||||
/// <param name="umbracoContext"></param>
|
||||
/// <param name="webSecurity"></param>
|
||||
/// <param name="runtimeState"></param>
|
||||
public UmbracoAuthorizeAttribute(IUmbracoContext umbracoContext, IRuntimeState runtimeState)
|
||||
public UmbracoAuthorizeAttribute(IWebSecurity webSecurity, IRuntimeState runtimeState)
|
||||
{
|
||||
if (umbracoContext == null) throw new ArgumentNullException(nameof(umbracoContext));
|
||||
if (runtimeState == null) throw new ArgumentNullException(nameof(runtimeState));
|
||||
_umbracoContext = umbracoContext;
|
||||
_runtimeState = runtimeState;
|
||||
_webSecurity = webSecurity ?? throw new ArgumentNullException(nameof(webSecurity));
|
||||
_runtimeState = runtimeState ?? throw new ArgumentNullException(nameof(runtimeState));
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
@@ -75,7 +74,7 @@ namespace Umbraco.Web.Mvc
|
||||
// otherwise we need to ensure that a user is logged in
|
||||
return RuntimeState.Level == RuntimeLevel.Install
|
||||
|| RuntimeState.Level == RuntimeLevel.Upgrade
|
||||
|| UmbracoContext.Security.ValidateCurrentUser();
|
||||
|| WebSecurity.ValidateCurrentUser();
|
||||
}
|
||||
catch (Exception)
|
||||
{
|
||||
|
||||
@@ -19,24 +19,22 @@ namespace Umbraco.Web.WebApi
|
||||
internal static bool Enable = true;
|
||||
|
||||
// TODO: inject!
|
||||
private readonly IUmbracoContext _umbracoContext;
|
||||
private readonly IWebSecurity _webSecurity;
|
||||
private readonly IRuntimeState _runtimeState;
|
||||
|
||||
private IRuntimeState RuntimeState => _runtimeState ?? Current.RuntimeState;
|
||||
|
||||
private IUmbracoContext UmbracoContext => _umbracoContext ?? Current.UmbracoContext;
|
||||
private IWebSecurity WebSecurity => _webSecurity ?? Current.UmbracoContext.Security;
|
||||
|
||||
/// <summary>
|
||||
/// THIS SHOULD BE ONLY USED FOR UNIT TESTS
|
||||
/// </summary>
|
||||
/// <param name="umbracoContext"></param>
|
||||
/// <param name="webSecurity"></param>
|
||||
/// <param name="runtimeState"></param>
|
||||
public UmbracoAuthorizeAttribute(IUmbracoContext umbracoContext, IRuntimeState runtimeState)
|
||||
public UmbracoAuthorizeAttribute(IWebSecurity webSecurity, IRuntimeState runtimeState)
|
||||
{
|
||||
if (umbracoContext == null) throw new ArgumentNullException(nameof(umbracoContext));
|
||||
if (runtimeState == null) throw new ArgumentNullException(nameof(runtimeState));
|
||||
_umbracoContext = umbracoContext;
|
||||
_runtimeState = runtimeState;
|
||||
_webSecurity = webSecurity ?? throw new ArgumentNullException(nameof(webSecurity));
|
||||
_runtimeState = runtimeState ?? throw new ArgumentNullException(nameof(runtimeState));
|
||||
}
|
||||
|
||||
public UmbracoAuthorizeAttribute() : this(true)
|
||||
@@ -60,7 +58,7 @@ namespace Umbraco.Web.WebApi
|
||||
// otherwise we need to ensure that a user is logged in
|
||||
return RuntimeState.Level == RuntimeLevel.Install
|
||||
|| RuntimeState.Level == RuntimeLevel.Upgrade
|
||||
|| UmbracoContext.Security.ValidateCurrentUser(false, _requireApproval) == ValidateRequestAttempt.Success;
|
||||
|| WebSecurity.ValidateCurrentUser(false, _requireApproval) == ValidateRequestAttempt.Success;
|
||||
}
|
||||
catch (Exception)
|
||||
{
|
||||
|
||||
Reference in New Issue
Block a user