In the spirit of DRY: centralized IsAdmin() check in an extension method

Made sure that non-admins can't trigger the enable/disable URL tracker endpoint
Renamed "admin" in GetEnableState to "isUserAdmin" for clarity

src/Umbraco.Core/Models/UserExtensions.cs

@@ -1,8 +1,5 @@
 using System;
 using System.Globalization;
-using System.Linq;
-using System.Threading;
-using Umbraco.Core.Models.Identity;
 using Umbraco.Core.Models.Membership;
 using Umbraco.Core.Services;
 
@@ -83,5 +80,19 @@ namespace Umbraco.Core.Models
             if (media == null) throw new ArgumentNullException("media");
             return HasPathAccess(media.Path, user.StartMediaId, Constants.System.RecycleBinMedia);
         }
+
+
+        /// <summary>
+        /// Determines whether this user is an admin.
+        /// </summary>
+        /// <param name="user"></param>
+        /// <returns>
+        /// 	<c>true</c> if this user is admin; otherwise, <c>false</c>.
+        /// </returns>
+        public static bool IsAdmin(this IUser user)
+        {
+            if (user == null) throw new ArgumentNullException("user");
+            return user.UserType.Alias == "admin";
+        }
     }
 }

src/Umbraco.Web.UI.Client/src/views/dashboard/developer/redirecturls.controller.js

@@ -15,7 +15,7 @@
             searchTerm: "",
             loading: false,
             urlTrackerDisabled: false,
-            admin: false
+            userIsAdmin: false
         };
 
         vm.pagination = {
@@ -43,7 +43,7 @@
             vm.dashboard.loading = true;
             return redirectUrlsResource.getEnableState().then(function (response) {
                 vm.dashboard.urlTrackerDisabled = response.enabled !== true;
-                vm.dashboard.admin = response.admin;
+                vm.dashboard.userIsAdmin = response.userIsAdmin;
                 vm.dashboard.loading = false;
             });
         }

src/Umbraco.Web.UI.Client/src/views/dashboard/developer/redirecturls.html

@@ -6,7 +6,7 @@
 
         <umb-editor-sub-header-content-right>
 
-            <umb-editor-sub-header-section ng-if="vm.dashboard.admin === true">
+            <umb-editor-sub-header-section ng-if="vm.dashboard.userIsAdmin === true">
 
                 <button
                     ng-if="vm.dashboard.urlTrackerDisabled === false"

src/Umbraco.Web/Editors/RedirectUrlManagementController.cs

@@ -4,7 +4,10 @@ using System.Xml;
 using System.Collections.Generic;
 using System.Linq;
 using AutoMapper;
+using umbraco.businesslogic.Exceptions;
 using Umbraco.Core.Configuration;
+using Umbraco.Core.Logging;
+using Umbraco.Core.Models;
 using Umbraco.Web.Models.ContentEditing;
 using Umbraco.Web.Mvc;
 using Umbraco.Web.WebApi;
@@ -24,8 +27,8 @@ namespace Umbraco.Web.Editors
         public IHttpActionResult GetEnableState()
         {
             var enabled = UmbracoConfig.For.UmbracoSettings().WebRouting.DisableRedirectUrlTracking == false;
-            var admin = Umbraco.UmbracoContext.Security.CurrentUser.UserType.Alias == "admin"; // assuming this is what qualifies admins
-            return Ok(new { enabled, admin });
+            var userIsAdmin = Umbraco.UmbracoContext.Security.CurrentUser.IsAdmin();
+            return Ok(new { enabled, userIsAdmin });
         }
 
         //add paging
@@ -66,6 +69,15 @@ namespace Umbraco.Web.Editors
         [HttpPost]
         public IHttpActionResult ToggleUrlTracker(bool disable)
         {
+            var userIsAdmin = Umbraco.UmbracoContext.Security.CurrentUser.IsAdmin();
+            if (userIsAdmin == false)
+            {
+                var errorMessage = string.Format("User of type {0} is not allowed to toggle the URL tracker", 
+                    Umbraco.UmbracoContext.Security.CurrentUser.UserType.Alias);
+                LogHelper.Debug<RedirectUrlManagementController>(errorMessage);
+                throw new UserAuthorizationException(errorMessage);
+            }
+
             var httpContext = TryGetHttpContext();
             if (httpContext.Success == false) throw new InvalidOperationException("Cannot acquire HttpContext");
             var configFilePath = httpContext.Result.Server.MapPath("~/config/umbracoSettings.config");

src/Umbraco.Web/Editors/UpdateCheckController.cs

@@ -1,12 +1,10 @@
 using System;
-using System.Collections.Generic;
 using System.Linq;
 using System.Net.Http;
 using System.Net.Http.Headers;
-using System.Text;
-using System.Threading.Tasks;
 using System.Web.Http.Filters;
 using Umbraco.Core.Configuration;
+using Umbraco.Core.Models;
 using Umbraco.Web.Models;
 using Umbraco.Web.Mvc;
 
@@ -20,7 +18,7 @@ namespace Umbraco.Web.Editors
         {
             var updChkCookie = Request.Headers.GetCookies("UMB_UPDCHK").FirstOrDefault();
             var updateCheckCookie = updChkCookie != null ? updChkCookie["UMB_UPDCHK"].Value : "";            
-            if (GlobalSettings.VersionCheckPeriod > 0 && string.IsNullOrEmpty(updateCheckCookie) && Security.CurrentUser.UserType.Alias == "admin")
+            if (GlobalSettings.VersionCheckPeriod > 0 && string.IsNullOrEmpty(updateCheckCookie) && Security.CurrentUser.IsAdmin())
             {
                 try
                 {

src/umbraco.businesslogic/User.cs

@@ -184,9 +184,10 @@ namespace umbraco.BusinessLogic
         /// <returns>
         /// 	<c>true</c> if this user is admin; otherwise, <c>false</c>.
         /// </returns>
+        [Obsolete("Use Umbraco.Core.Models.IsAdmin extension method instead", false)]
         public bool IsAdmin()
         {
-            return UserType.Alias == "admin";
+            return UserEntity.IsAdmin();
         }
 
         [Obsolete("Do not use this method to validate credentials, use the user's membership provider to do authentication. This method will not work if the password format is 'Encrypted'")]