Added tests for MediaPermissionsQueryStringHandler.
Introduced base class to share code between content and media query string related permissions handlers.
This commit is contained in:
Andy Butland
@@ -12,11 +12,8 @@ namespace Umbraco.Web.BackOffice.Authorization
|
||||
/// <summary>
|
||||
/// Used to authorize if the user has the correct permission access to the content for the content id specified in a query string
|
||||
/// </summary>
|
||||
public class ContentPermissionsQueryStringHandler : MustSatisfyRequirementAuthorizationHandler<ContentPermissionsQueryStringRequirement>
|
||||
public class ContentPermissionsQueryStringHandler : PermissionsQueryStringHandler<ContentPermissionsQueryStringRequirement>
|
||||
{
|
||||
private readonly IBackOfficeSecurityAccessor _backofficeSecurityAccessor;
|
||||
private readonly IHttpContextAccessor _httpContextAccessor;
|
||||
private readonly IEntityService _entityService;
|
||||
private readonly ContentPermissions _contentPermissions;
|
||||
|
||||
public ContentPermissionsQueryStringHandler(
|
||||
@@ -24,10 +21,8 @@ namespace Umbraco.Web.BackOffice.Authorization
|
||||
IHttpContextAccessor httpContextAccessor,
|
||||
IEntityService entityService,
|
||||
ContentPermissions contentPermissions)
|
||||
: base(backofficeSecurityAccessor, httpContextAccessor, entityService)
|
||||
{
|
||||
_backofficeSecurityAccessor = backofficeSecurityAccessor;
|
||||
_httpContextAccessor = httpContextAccessor;
|
||||
_entityService = entityService;
|
||||
_contentPermissions = contentPermissions;
|
||||
}
|
||||
|
||||
@@ -36,7 +31,7 @@ namespace Umbraco.Web.BackOffice.Authorization
|
||||
int nodeId;
|
||||
if (requirement.NodeId.HasValue == false)
|
||||
{
|
||||
if (!_httpContextAccessor.HttpContext.Request.Query.TryGetValue(requirement.QueryStringName, out var routeVal))
|
||||
if (!HttpContextAccessor.HttpContext.Request.Query.TryGetValue(requirement.QueryStringName, out var routeVal))
|
||||
{
|
||||
// Must succeed this requirement since we cannot process it
|
||||
return Task.FromResult(true);
|
||||
@@ -45,24 +40,9 @@ namespace Umbraco.Web.BackOffice.Authorization
|
||||
{
|
||||
var argument = routeVal.ToString();
|
||||
|
||||
// If the argument is an int, it will parse and can be assigned to nodeId.
|
||||
// It might be a udi, so check that next.
|
||||
// Otherwise treat it as a guid - unlikely we ever get here.
|
||||
// Failing that, we can't parse it so must succeed this requirement since we cannot process it.
|
||||
if (int.TryParse(argument, out int parsedId))
|
||||
{
|
||||
nodeId = parsedId;
|
||||
}
|
||||
else if (UdiParser.TryParse(argument, true, out var udi))
|
||||
{
|
||||
nodeId = _entityService.GetId(udi).Result;
|
||||
}
|
||||
else if (Guid.TryParse(argument, out var key))
|
||||
{
|
||||
nodeId = _entityService.GetId(key, UmbracoObjectTypes.Document).Result;
|
||||
}
|
||||
else
|
||||
if (!TryParseNodeId(argument, out nodeId))
|
||||
{
|
||||
// Must succeed this requirement since we cannot process it.
|
||||
return Task.FromResult(true);
|
||||
}
|
||||
}
|
||||
@@ -73,14 +53,14 @@ namespace Umbraco.Web.BackOffice.Authorization
|
||||
}
|
||||
|
||||
var permissionResult = _contentPermissions.CheckPermissions(nodeId,
|
||||
_backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser,
|
||||
BackofficeSecurityAccessor.BackOfficeSecurity.CurrentUser,
|
||||
out IContent contentItem,
|
||||
new[] { requirement.PermissionToCheck });
|
||||
|
||||
if (contentItem != null)
|
||||
{
|
||||
// Store the content item in request cache so it can be resolved in the controller without re-looking it up.
|
||||
_httpContextAccessor.HttpContext.Items[typeof(IContent).ToString()] = contentItem;
|
||||
HttpContextAccessor.HttpContext.Items[typeof(IContent).ToString()] = contentItem;
|
||||
}
|
||||
|
||||
return permissionResult switch
|
||||
|
||||
Reference in New Issue
Block a user