Merge pull request #124 from AndyButland/wip-u4-2759

U4-2759 - member authorise attribute was not restricting for group
2013-09-01 05:22:51 -07:00
parent 5640daff32
commit 7765acb130
1 changed files with 3 additions and 3 deletions
--- a/src/Umbraco.Web/Security/WebSecurity.cs
+++ b/src/Umbraco.Web/Security/WebSecurity.cs
@@ -70,15 +70,15 @@ namespace Umbraco.Web.Security
                var allowGroupsList = allowGroups as IList<string> ?? allowGroups.ToList();
                if (allowAction && allowGroupsList.Any(allowGroup => allowGroup != string.Empty))
                {
-                    // Allow only if member's type is in list
+                    // Allow only if member is assigned to a group in the list
                    var groups = Roles.GetRolesForUser(member.LoginName);
-                    allowAction = groups.Select(s => s.ToLowerInvariant()).Intersect(groups.Select(myGroup => myGroup.ToLowerInvariant())).Any();
+                    allowAction = allowGroupsList.Select(s => s.ToLowerInvariant()).Intersect(groups.Select(myGroup => myGroup.ToLowerInvariant())).Any();
                }

                // If specific members defined, check member is of one of those
                if (allowAction && allowMembers.Any())
                {
-                    // Allow only if member's type is in list
+                    // Allow only if member's Id is in the list
                    allowAction = allowMembers.Contains(member.Id);
                }
            }