yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Added tests for MediaPermissionsQueryStringHandler.

Browse Source 
Introduced base class to share code between content and media query string related permissions handlers.
This commit is contained in:
Andy Butland
2020-12-03 10:01:46 +01:00
parent 6857a92460
commit 76dafcc413
6 changed files with 294 additions and 66 deletions
Download Patch File Download Diff File Expand all files Collapse all files

48
src/Umbraco.Web.BackOffice/Authorization/MediaPermissionsQueryStringHandler.cs
View File

@@ -1,71 +1,51 @@
using Microsoft.AspNetCore.Authorization;
using System.Threading.Tasks;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.Extensions.Primitives;
using System;
using System.Threading.Tasks;
using Umbraco.Core;
using Umbraco.Core.Models;
using Umbraco.Core.Security;
using Umbraco.Core.Services;
namespace Umbraco.Web.BackOffice.Authorization
{
public class MediaPermissionsQueryStringHandler : MustSatisfyRequirementAuthorizationHandler<MediaPermissionsQueryStringRequirement>
public class MediaPermissionsQueryStringHandler : PermissionsQueryStringHandler<MediaPermissionsQueryStringRequirement>
{
private readonly IBackOfficeSecurityAccessor _backofficeSecurityAccessor;
private readonly IHttpContextAccessor _httpContextAccessor;
private readonly MediaPermissions _mediaPermissions;
private readonly IEntityService _entityService;
public MediaPermissionsQueryStringHandler(
IBackOfficeSecurityAccessor backofficeSecurityAccessor,
IHttpContextAccessor httpContextAccessor,
IEntityService entityService,
MediaPermissions mediaPermissions)
: base(backofficeSecurityAccessor, httpContextAccessor, entityService)
{
_backofficeSecurityAccessor = backofficeSecurityAccessor;
_httpContextAccessor = httpContextAccessor;
_entityService = entityService;
_mediaPermissions = mediaPermissions;
}
protected override Task<bool> IsAuthorized(AuthorizationHandlerContext context, MediaPermissionsQueryStringRequirement requirement)
{
if (!_httpContextAccessor.HttpContext.Request.Query.TryGetValue(requirement.QueryStringName, out var routeVal))
if (!HttpContextAccessor.HttpContext.Request.Query.TryGetValue(requirement.QueryStringName, out var routeVal))
{
// must succeed this requirement since we cannot process it
// Must succeed this requirement since we cannot process it.
return Task.FromResult(true);
}
int nodeId;
var argument = routeVal.ToString();
// if the argument is an int, it will parse and can be assigned to nodeId
// if might be a udi, so check that next
// otherwise treat it as a guid - unlikely we ever get here
if (int.TryParse(argument, out int parsedId))
if (!TryParseNodeId(argument, out int nodeId))
{
nodeId = parsedId;
}
else if (UdiParser.TryParse(argument, true, out var udi))
{
nodeId = _entityService.GetId(udi).Result;
}
else
{
Guid.TryParse(argument, out Guid key);
nodeId = _entityService.GetId(key, UmbracoObjectTypes.Document).Result;
// Must succeed this requirement since we cannot process it.
return Task.FromResult(true);
}
var permissionResult = _mediaPermissions.CheckPermissions(
_backofficeSecurityAccessor.BackOfficeSecurity.CurrentUser,
BackofficeSecurityAccessor.BackOfficeSecurity.CurrentUser,
nodeId,
out var mediaItem);
if (mediaItem != null)
{
//store the content item in request cache so it can be resolved in the controller without re-looking it up
_httpContextAccessor.HttpContext.Items[typeof(IMedia).ToString()] = mediaItem;
// Store the media item in request cache so it can be resolved in the controller without re-looking it up.
HttpContextAccessor.HttpContext.Items[typeof(IMedia).ToString()] = mediaItem;
}
return permissionResult switch
@@ -73,6 +53,6 @@ namespace Umbraco.Web.BackOffice.Authorization
MediaPermissions.MediaAccess.Denied => Task.FromResult(false),
_ => Task.FromResult(true),
};
}
}
}
}