yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Migrates UmbracoBackOfficeAuthorizeAttribute to authz policies and adds notes/questions

Browse Source
This commit is contained in:
Shannon
2020-11-20 15:32:36 +11:00
parent 84c2f75a27
commit 7757447244
16 changed files with 258 additions and 152 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
src/Umbraco.Web.BackOffice/Controllers/BackOfficeController.cs
View File

@@ -34,6 +34,8 @@ using Microsoft.AspNetCore.Identity;
using System.Security.Claims;
using Microsoft.AspNetCore.Http;
using Umbraco.Web.Security;
using Microsoft.AspNetCore.Authorization;
using Umbraco.Web.Common.Authorization;
namespace Umbraco.Web.BackOffice.Controllers
{
@@ -231,7 +233,7 @@ namespace Umbraco.Web.BackOffice.Controllers
return nestedDictionary;
}
[UmbracoBackOfficeAuthorize(Order = 0)]
[Authorize(Policy = AuthorizationPolicies.BackOfficeAccess)]
[HttpGet]
public IEnumerable<IGridEditorConfig> GetGridConfig()
{
@@ -242,7 +244,7 @@ namespace Umbraco.Web.BackOffice.Controllers
/// Returns the JavaScript object representing the static server variables javascript object
/// </summary>
/// <returns></returns>
[UmbracoBackOfficeAuthorize(Order = 0)]
[Authorize(Policy = AuthorizationPolicies.BackOfficeAccess)]
[MinifyJavaScriptResult(Order = 1)]
public async Task<JavaScriptResult> ServerVariables()
{
@@ -278,7 +280,7 @@ namespace Umbraco.Web.BackOffice.Controllers
/// </summary>
/// <param name="provider"></param>
/// <returns></returns>
[UmbracoBackOfficeAuthorize]
[Authorize(Policy = AuthorizationPolicies.BackOfficeAccess)]
[HttpPost]
public ActionResult LinkLogin(string provider)
{
@@ -314,7 +316,7 @@ namespace Umbraco.Web.BackOffice.Controllers
/// <summary>
/// Callback path when the user initiates a link login request from the back office to the external provider from the <see cref="LinkLogin(string)"/> action
/// </summary>
[UmbracoBackOfficeAuthorize]
[Authorize(Policy = AuthorizationPolicies.BackOfficeAccess)]
[HttpGet]
public async Task<IActionResult> ExternalLinkLoginCallback()
{