From 6e892020024cbbbbeabbf556dcea55604fd7d645 Mon Sep 17 00:00:00 2001 From: Shannon Date: Thu, 13 Jul 2017 14:32:43 +1000 Subject: [PATCH] Fixes usages of IUserService.GetPermission since before it was doing a FirstOrDefault() since that's just how the old APIs worked, now we need to get all permissions based on groups. Also updated the usages of ToString for char for the permissions to be culture invariant everywhere. --- src/Umbraco.Web/Editors/ContentController.cs | 6 +++--- .../Models/ContentEditing/ContentItemDisplay.cs | 2 +- .../Models/Mapping/ContentModelMapper.cs | 17 +++++++---------- .../FilterAllowedOutgoingContentAttribute.cs | 2 +- .../umbraco/Trees/BaseContentTree.cs | 2 +- .../umbraco/dialogs/moveOrCopy.aspx.cs | 4 ++-- .../umbraco/dialogs/notifications.aspx.cs | 3 ++- .../umbraco/templateControls/Item.cs | 3 ++- src/umbraco.cms/Actions/Action.cs | 3 ++- 9 files changed, 21 insertions(+), 21 deletions(-) diff --git a/src/Umbraco.Web/Editors/ContentController.cs b/src/Umbraco.Web/Editors/ContentController.cs index f935673317..b624041992 100644 --- a/src/Umbraco.Web/Editors/ContentController.cs +++ b/src/Umbraco.Web/Editors/ContentController.cs @@ -242,7 +242,7 @@ namespace Umbraco.Web.Editors //set a custom path since the tree that renders this has the content type id as the parent content.Path = string.Format("-1,{0},{1}", persistedContent.ContentTypeId, content.Id); - content.AllowedActions = new[] {'A'}; + content.AllowedActions = new[] {"A"}; var excludeProps = new[] {"_umb_urls", "_umb_releasedate", "_umb_expiredate", "_umb_template"}; var propsTab = content.Tabs.Last(); @@ -440,8 +440,8 @@ namespace Umbraco.Web.Editors [HttpGet] public bool HasPermission(string permissionToCheck, int nodeId) { - var p = Services.UserService.GetPermissions(Security.CurrentUser, nodeId).FirstOrDefault(); - if (p != null && p.AssignedPermissions.Contains(permissionToCheck.ToString(CultureInfo.InvariantCulture))) + var p = Services.UserService.GetPermissions(Security.CurrentUser, nodeId).GetAllPermissions(); + if (p.Contains(permissionToCheck.ToString(CultureInfo.InvariantCulture))) { return true; } diff --git a/src/Umbraco.Web/Models/ContentEditing/ContentItemDisplay.cs b/src/Umbraco.Web/Models/ContentEditing/ContentItemDisplay.cs index 2615c8774d..c416f30a48 100644 --- a/src/Umbraco.Web/Models/ContentEditing/ContentItemDisplay.cs +++ b/src/Umbraco.Web/Models/ContentEditing/ContentItemDisplay.cs @@ -56,7 +56,7 @@ namespace Umbraco.Web.Models.ContentEditing /// Each char represents a button which we can then map on the front-end to the correct actions /// [DataMember(Name = "allowedActions")] - public IEnumerable AllowedActions { get; set; } + public IEnumerable AllowedActions { get; set; } } } \ No newline at end of file diff --git a/src/Umbraco.Web/Models/Mapping/ContentModelMapper.cs b/src/Umbraco.Web/Models/Mapping/ContentModelMapper.cs index a33921b7b9..3b55def135 100644 --- a/src/Umbraco.Web/Models/Mapping/ContentModelMapper.cs +++ b/src/Umbraco.Web/Models/Mapping/ContentModelMapper.cs @@ -135,7 +135,7 @@ namespace Umbraco.Web.Models.Mapping Label = localizedText.Localize("content/releaseDate"), Value = display.ReleaseDate.HasValue ? display.ReleaseDate.Value.ToIsoString() : null, //Not editible for people without publish permission (U4-287) - View = display.AllowedActions.Contains(ActionPublish.Instance.Letter) ? "datepicker" : PropertyEditorResolver.Current.GetByAlias(Constants.PropertyEditors.NoEditAlias).ValueEditor.View, + View = display.AllowedActions.Contains(ActionPublish.Instance.Letter.ToString(CultureInfo.InvariantCulture)) ? "datepicker" : PropertyEditorResolver.Current.GetByAlias(Constants.PropertyEditors.NoEditAlias).ValueEditor.View, Config = new Dictionary { {"offsetTime", "1"} @@ -148,7 +148,7 @@ namespace Umbraco.Web.Models.Mapping Label = localizedText.Localize("content/unpublishDate"), Value = display.ExpireDate.HasValue ? display.ExpireDate.Value.ToIsoString() : null, //Not editible for people without publish permission (U4-287) - View = display.AllowedActions.Contains(ActionPublish.Instance.Letter) ? "datepicker" : PropertyEditorResolver.Current.GetByAlias(Constants.PropertyEditors.NoEditAlias).ValueEditor.View, + View = display.AllowedActions.Contains(ActionPublish.Instance.Letter.ToString(CultureInfo.InvariantCulture)) ? "datepicker" : PropertyEditorResolver.Current.GetByAlias(Constants.PropertyEditors.NoEditAlias).ValueEditor.View, Config = new Dictionary { {"offsetTime", "1"} @@ -213,10 +213,9 @@ namespace Umbraco.Web.Models.Mapping } /// - //TODO: This is horribly inneficient /// Creates the list of action buttons allowed for this user - Publish, Send to publish, save, unpublish returned as the button's 'letter' /// - private class ActionButtonsResolver : ValueResolver> + private class ActionButtonsResolver : ValueResolver> { private readonly Lazy _userService; @@ -225,12 +224,12 @@ namespace Umbraco.Web.Models.Mapping _userService = userService; } - protected override IEnumerable ResolveCore(IContent source) + protected override IEnumerable ResolveCore(IContent source) { if (UmbracoContext.Current == null) { //cannot check permissions without a context - return Enumerable.Empty(); + return Enumerable.Empty(); } var svc = _userService.Value; @@ -242,11 +241,9 @@ namespace Umbraco.Web.Models.Mapping // Here we need to do a special check since this could be new content, in which case we need to get the permissions // from the parent, not the existing one otherwise permissions would be coming from the root since Id is 0. source.HasIdentity ? source.Id : source.ParentId) - .FirstOrDefault(); + .GetAllPermissions(); - return permissions == null - ? Enumerable.Empty() - : permissions.AssignedPermissions.Where(x => x.Length == 1).Select(x => x.ToUpperInvariant()[0]); + return permissions; } } } diff --git a/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingContentAttribute.cs b/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingContentAttribute.cs index ffd6bf362e..6091392321 100644 --- a/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingContentAttribute.cs +++ b/src/Umbraco.Web/WebApi/Filters/FilterAllowedOutgoingContentAttribute.cs @@ -74,7 +74,7 @@ namespace Umbraco.Web.WebApi.Filters var nodePermission = permissions.Where(x => x.EntityId == Convert.ToInt32(item.Id)).ToArray(); //if there are no permissions for this id then we need to check what the user's default // permissions are. - if (nodePermission.Any() == false) + if (nodePermission.Length == 0) { //var defaultP = user.DefaultPermissions diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/Trees/BaseContentTree.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/Trees/BaseContentTree.cs index 1eacc072bd..e448d9653a 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/Trees/BaseContentTree.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/Trees/BaseContentTree.cs @@ -360,7 +360,7 @@ function openContent(id) { } else if (!this.IsDialog || (this.DialogMode == TreeDialogModes.id)) { - if (CurrentUser.GetPermissions(dd.Path).Contains(ActionUpdate.Instance.Letter.ToString())) + if (CurrentUser.GetPermissions(dd.Path).Contains(ActionUpdate.Instance.Letter.ToString(CultureInfo.InvariantCulture))) { treeElement.Action = String.Format("javascript:openContent({0});", dd.Id); } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/moveOrCopy.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/moveOrCopy.aspx.cs index 9aed597702..f8fc1d3ea3 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/moveOrCopy.aspx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/moveOrCopy.aspx.cs @@ -137,8 +137,8 @@ namespace umbraco.dialogs private bool CheckPermissions(IContentBase node, IAction currentAction) { var userService = ApplicationContext.Current.Services.UserService; - var currUserPermissions = userService.GetPermissions(UmbracoContext.Current.Security.CurrentUser, node.Id).FirstOrDefault(); - return currUserPermissions != null && currUserPermissions.AssignedPermissions.Contains(currentAction.Letter.ToString()); + var currUserPermissions = userService.GetPermissions(UmbracoContext.Current.Security.CurrentUser, node.Id).GetAllPermissions(); + return currUserPermissions != null && currUserPermissions.Contains(currentAction.Letter.ToString(CultureInfo.InvariantCulture)); } private void HandleDocumentTypeCopy() diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs index 97dc8d84d3..70137da920 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/notifications.aspx.cs @@ -1,5 +1,6 @@ using System; using System.Collections; +using System.Globalization; using System.Web.UI; using System.Web.UI.HtmlControls; using System.Web.UI.WebControls; @@ -49,7 +50,7 @@ namespace umbraco.dialogs { CheckBox c = new CheckBox(); - c.ID = a.Letter.ToString(); + c.ID = a.Letter.ToString(CultureInfo.InvariantCulture); if (base.getUser().GetNotifications(node.Path).IndexOf(a.Letter) > -1) c.Checked = true; diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/templateControls/Item.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/templateControls/Item.cs index 6d0465f693..346008bda3 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/templateControls/Item.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/templateControls/Item.cs @@ -1,6 +1,7 @@ using System; using System.Collections; using System.ComponentModel; +using System.Globalization; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; @@ -304,7 +305,7 @@ namespace umbraco.presentation.templateControls protected virtual bool FieldEditableWithUserPermissions() { BusinessLogic.User u = helper.GetCurrentUmbracoUser(); - return u != null && u.GetPermissions(PageElements["path"].ToString()).Contains(ActionUpdate.Instance.Letter.ToString()); + return u != null && u.GetPermissions(PageElements["path"].ToString()).Contains(ActionUpdate.Instance.Letter.ToString(CultureInfo.InvariantCulture)); } #endregion diff --git a/src/umbraco.cms/Actions/Action.cs b/src/umbraco.cms/Actions/Action.cs index 3a5503d714..81c78ade1b 100644 --- a/src/umbraco.cms/Actions/Action.cs +++ b/src/umbraco.cms/Actions/Action.cs @@ -1,6 +1,7 @@ using System; using System.Collections; using System.Collections.Generic; +using System.Globalization; using System.Web; using System.Reflection; using Umbraco.Core; @@ -150,7 +151,7 @@ namespace umbraco.BusinessLogic.Actions /// public static string ToString(List actions) { - string[] strMenu = Array.ConvertAll(actions.ToArray(), delegate(IAction a) { return (a.Letter.ToString()); }); + string[] strMenu = Array.ConvertAll(actions.ToArray(), delegate(IAction a) { return (a.Letter.ToString(CultureInfo.InvariantCulture)); }); return string.Join("", strMenu); }