yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/v7/dev' into v8/dev - Iniital commit (broken)

Browse Source 
# Conflicts:
#	build/NuSpecs/tools/Web.config.install.xdt
#	src/Umbraco.Core/Constants-DataTypes.cs
#	src/Umbraco.Core/Models/DataTypeDefinition.cs
#	src/Umbraco.Core/Models/DataTypeExtensions.cs
#	src/Umbraco.Core/Models/IDataTypeDefinition.cs
#	src/Umbraco.Core/Models/UmbracoEntity.cs
#	src/Umbraco.Core/Models/UserExtensions.cs
#	src/Umbraco.Core/Persistence/Factories/DataTypeDefinitionFactory.cs
#	src/Umbraco.Core/Persistence/Factories/UmbracoEntityFactory.cs
#	src/Umbraco.Core/Persistence/Migrations/Initial/BaseDataCreation.cs
#	src/Umbraco.Core/Persistence/Repositories/EntityRepository.cs
#	src/Umbraco.Core/Services/ContentService.cs
#	src/Umbraco.Core/Services/DataTypeService.cs
#	src/Umbraco.Core/Services/EntityService.cs
#	src/Umbraco.Core/Services/IContentService.cs
#	src/Umbraco.Core/Services/IDataTypeService.cs
#	src/Umbraco.Core/Services/IEntityService.cs
#	src/Umbraco.Core/Services/IRelationService.cs
#	src/Umbraco.Core/Services/Implement/RelationService.cs
#	src/Umbraco.Tests/Models/UmbracoEntityTests.cs
#	src/Umbraco.Tests/Plugins/PluginManagerTests.cs
#	src/Umbraco.Tests/Services/EntityServiceTests.cs
#	src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
#	src/Umbraco.Web.UI.Client/src/common/resources/entity.resource.js
#	src/Umbraco.Web.UI.Client/src/common/resources/media.resource.js
#	src/Umbraco.Web.UI.Client/src/common/services/mediahelper.service.js
#	src/Umbraco.Web.UI.Client/src/common/services/search.service.js
#	src/Umbraco.Web.UI.Client/src/common/services/tinymce.service.js
#	src/Umbraco.Web.UI.Client/src/views/common/dialogs/linkpicker.controller.js
#	src/Umbraco.Web.UI.Client/src/views/common/dialogs/linkpicker.html
#	src/Umbraco.Web.UI.Client/src/views/common/dialogs/mediapicker.controller.js
#	src/Umbraco.Web.UI.Client/src/views/common/dialogs/treepicker.controller.js
#	src/Umbraco.Web.UI.Client/src/views/common/infiniteeditors/mediapicker/mediapicker.controller.js
#	src/Umbraco.Web.UI.Client/src/views/common/overlays/contentpicker/contentpicker.html
#	src/Umbraco.Web.UI.Client/src/views/common/overlays/linkpicker/linkpicker.controller.js
#	src/Umbraco.Web.UI.Client/src/views/common/overlays/linkpicker/linkpicker.html
#	src/Umbraco.Web.UI.Client/src/views/common/overlays/treepicker/treepicker.controller.js
#	src/Umbraco.Web.UI.Client/src/views/common/overlays/treepicker/treepicker.html
#	src/Umbraco.Web.UI.Client/src/views/propertyeditors/contentpicker/contentpicker.controller.js
#	src/Umbraco.Web.UI.Client/src/views/propertyeditors/grid/editors/media.controller.js
#	src/Umbraco.Web.UI.Client/src/views/propertyeditors/grid/editors/rte.controller.js
#	src/Umbraco.Web.UI.Client/src/views/propertyeditors/mediapicker/mediapicker.controller.js
#	src/Umbraco.Web.UI.Client/src/views/propertyeditors/multiurlpicker/multiurlpicker.controller.js
#	src/Umbraco.Web.UI.Client/src/views/propertyeditors/relatedlinks/relatedlinks.controller.js
#	src/Umbraco.Web.UI.Client/src/views/propertyeditors/rte/rte.controller.js
#	src/Umbraco.Web.UI.Client/src/views/propertyeditors/rte/rte.prevalues.html
#	src/Umbraco.Web.UI/packages.config
#	src/Umbraco.Web.UI/web.Template.config
#	src/Umbraco.Web/Editors/ContentController.cs
#	src/Umbraco.Web/Editors/EntityController.cs
#	src/Umbraco.Web/Editors/MediaController.cs
#	src/Umbraco.Web/HtmlHelperRenderExtensions.cs
#	src/Umbraco.Web/Models/ContentEditing/ContentPropertyBasic.cs
#	src/Umbraco.Web/Models/Mapping/ContentPropertyBasicConverter.cs
#	src/Umbraco.Web/Models/Mapping/ContentPropertyDisplayConverter.cs
#	src/Umbraco.Web/Models/Mapping/ContentPropertyDtoConverter.cs
#	src/Umbraco.Web/Models/Mapping/ContentPropertyModelMapper.cs
#	src/Umbraco.Web/Models/Mapping/PreValueDisplayResolver.cs
#	src/Umbraco.Web/Mvc/RenderRouteHandler.cs
#	src/Umbraco.Web/PropertyEditors/ContentPicker2PropertyEditor.cs
#	src/Umbraco.Web/PropertyEditors/GridPropertyEditor.cs
#	src/Umbraco.Web/PropertyEditors/MediaPicker2PropertyEditor.cs
#	src/Umbraco.Web/PropertyEditors/MultiNodeTreePicker2PropertyEditor.cs
#	src/Umbraco.Web/PropertyEditors/MultiUrlPickerPropertyEditor.cs
#	src/Umbraco.Web/PropertyEditors/RelatedLinks2PropertyEditor.cs
#	src/Umbraco.Web/PropertyEditors/RichTextPreValueEditor.cs
#	src/Umbraco.Web/Search/UmbracoTreeSearcher.cs
#	src/Umbraco.Web/Security/UmbracoAntiForgeryAdditionalDataProvider.cs
#	src/Umbraco.Web/Trees/ContentTreeController.cs
#	src/Umbraco.Web/Trees/ContentTreeControllerBase.cs
#	src/Umbraco.Web/Trees/MediaTreeController.cs
#	src/Umbraco.Web/Trees/TreeControllerBase.cs
#	src/Umbraco.Web/Trees/TreeQueryStringParameters.cs
#	src/Umbraco.Web/UmbracoHelper.cs
#	src/Umbraco.Web/WebApi/Filters/EnsureUserPermissionForContentAttribute.cs
#	src/Umbraco.Web/WebBootManager.cs
#	src/Umbraco.Web/umbraco.presentation/umbraco/Trees/BaseMediaTree.cs
#	src/Umbraco.Web/umbraco.presentation/umbraco/Trees/BaseTree.cs
#	src/umbraco.cms/businesslogic/web/Access.cs
This commit is contained in:
Shannon
2019-06-28 13:03:36 +10:00
parent 7b99e55148
commit 84aa861a5b
29 changed files with 1469 additions and 896 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
src/Umbraco.Web/Trees/ContentTreeControllerBase.cs
View File

@@ -69,7 +69,7 @@ namespace Umbraco.Web.Trees
{
var node = base.CreateRootNode(queryStrings);
if (IsDialog(queryStrings) && UserStartNodes.Contains(Constants.System.Root) == false)
if (IsDialog(queryStrings) && UserStartNodes.Contains(Constants.System.Root) == false && IgnoreUserStartNodes(queryStrings) == false)
{
node.AdditionalData["noAccess"] = true;
}
@@ -87,7 +87,8 @@ namespace Umbraco.Web.Trees
/// <param name="parentId"></param>
/// <param name="queryStrings"></param>
/// <returns></returns>
internal TreeNode GetSingleTreeNodeWithAccessCheck(IEntitySlim e, string parentId, FormDataCollection queryStrings)
internal TreeNode GetSingleTreeNodeWithAccessCheck(IEntitySlim e, string parentId, FormDataCollection queryStrings,
int[] startNodeIds, string[] startNodePaths, bool ignoreUserStartNodes)
{
var entityIsAncestorOfStartNodes = Security.CurrentUser.IsInBranchOfStartNode(e, Services.EntityService, RecycleBinId, out var hasPathAccess);
if (entityIsAncestorOfStartNodes == false)
@@ -101,6 +102,23 @@ namespace Umbraco.Web.Trees
return treeNode;
}
private void GetUserStartNodes(out int[] startNodeIds, out string[] startNodePaths)
{
switch (RecycleBinId)
{
case Constants.System.RecycleBinMedia:
startNodeIds = Security.CurrentUser.CalculateMediaStartNodeIds(Services.EntityService);
startNodePaths = Security.CurrentUser.GetMediaStartNodePaths(Services.EntityService);
break;
case Constants.System.RecycleBinContent:
startNodeIds = Security.CurrentUser.CalculateContentStartNodeIds(Services.EntityService);
startNodePaths = Security.CurrentUser.GetContentStartNodePaths(Services.EntityService);
break;
default:
throw new NotSupportedException("Path access is only determined on content or media");
}
}
/// <summary>
/// Returns the
/// </summary>
@@ -127,6 +145,8 @@ namespace Umbraco.Web.Trees
? queryStrings.GetValue<string>(TreeQueryStringParameters.StartNodeId)
: string.Empty;
var ignoreUserStartNodes = IgnoreUserStartNodes(queryStrings);
if (string.IsNullOrEmpty(startNodeId) == false && startNodeId != "undefined" && startNodeId != rootIdString)
{
// request has been made to render from a specific, non-root, start node
@@ -134,7 +154,7 @@ namespace Umbraco.Web.Trees
// ensure that the user has access to that node, otherwise return the empty tree nodes collection
// TODO: in the future we could return a validation statement so we can have some UI to notify the user they don't have access
if (HasPathAccess(id, queryStrings) == false)
if (ignoreUserStartNodes == false && HasPathAccess(id, queryStrings) == false)
{
Logger.Warn<ContentTreeControllerBase>("User {Username} does not have access to node with id {Id}", Security.CurrentUser.Username, id);
return nodes;
@@ -152,7 +172,11 @@ namespace Umbraco.Web.Trees
// get child entities - if id is root, but user's start nodes do not contain the
// root node, this returns the start nodes instead of root's children
var entities = GetChildEntities(id, queryStrings).ToList();
nodes.AddRange(entities.Select(x => GetSingleTreeNodeWithAccessCheck(x, id, queryStrings)).Where(x => x != null));
//get the current user start node/paths
GetUserStartNodes(out var userStartNodes, out var userStartNodePaths);
nodes.AddRange(entities.Select(x => GetSingleTreeNodeWithAccessCheck(x, id, queryStrings, userStartNodes, userStartNodePaths, ignoreUserStartNodes)).Where(x => x != null));
// if the user does not have access to the root node, what we have is the start nodes,
// but to provide some context we also need to add their topmost nodes when they are not
@@ -163,7 +187,7 @@ namespace Umbraco.Web.Trees
if (topNodeIds.Length > 0)
{
var topNodes = Services.EntityService.GetAll(UmbracoObjectType, topNodeIds.ToArray());
nodes.AddRange(topNodes.Select(x => GetSingleTreeNodeWithAccessCheck(x, id, queryStrings)).Where(x => x != null));
nodes.AddRange(topNodes.Select(x => GetSingleTreeNodeWithAccessCheck(x, id, queryStrings, userStartNodes, userStartNodePaths, ignoreUserStartNodes)).Where(x => x != null));
}
}
@@ -504,5 +528,21 @@ namespace Umbraco.Web.Trees
}
private readonly ConcurrentDictionary<string, IEntitySlim> _entityCache = new ConcurrentDictionary<string, IEntitySlim>();
/// <summary>
/// If the request should allows a user to choose nodes that they normally don't have access to
/// </summary>
/// <param name="queryStrings"></param>
/// <returns></returns>
internal bool IgnoreUserStartNodes(FormDataCollection queryStrings)
{
var dataTypeId = queryStrings.GetValue<Guid?>(TreeQueryStringParameters.DataTypeId);
if (dataTypeId.HasValue)
{
return Services.DataTypeService.IsDataTypeIgnoringUserStartNodes(dataTypeId.Value);
}
return false;
}
}
}