yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Change webhook permissions to require webhook tree access for all endpoints

Browse Source
This commit is contained in:
Bjarke Berg
2024-10-01 07:58:41 +02:00
parent 3a9ae03fde
commit 8e5ee61008
4 changed files with 3 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Umbraco.Cms.Api.Management/Controllers/Webhook/CreateWebhookController.cs
View File

@@ -1,5 +1,4 @@
using Asp.Versioning;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Umbraco.Cms.Api.Management.Factories;
@@ -8,12 +7,10 @@ using Umbraco.Cms.Core;
using Umbraco.Cms.Core.Models;
using Umbraco.Cms.Core.Services;
using Umbraco.Cms.Core.Services.OperationStatus;
using Umbraco.Cms.Web.Common.Authorization;
namespace Umbraco.Cms.Api.Management.Controllers.Webhook;
[ApiVersion("1.0")]
[Authorize(Policy = AuthorizationPolicies.TreeAccessWebhooks)]
public class CreateWebhookController : WebhookControllerBase
{
private readonly IWebhookService _webhookService;

3
src/Umbraco.Cms.Api.Management/Controllers/Webhook/DeleteWebhookController.cs
View File

@@ -1,5 +1,4 @@
using Asp.Versioning;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Umbraco.Cms.Core;
@@ -7,12 +6,10 @@ using Umbraco.Cms.Core.Models;
using Umbraco.Cms.Core.Security;
using Umbraco.Cms.Core.Services;
using Umbraco.Cms.Core.Services.OperationStatus;
using Umbraco.Cms.Web.Common.Authorization;
namespace Umbraco.Cms.Api.Management.Controllers.Webhook;
[ApiVersion("1.0")]
[Authorize(Policy = AuthorizationPolicies.TreeAccessWebhooks)]
public class DeleteWebhookController : WebhookControllerBase
{
private readonly IWebhookService _webhookService;

3
src/Umbraco.Cms.Api.Management/Controllers/Webhook/UpdateWebhookController.cs
View File

@@ -1,5 +1,4 @@
using Asp.Versioning;
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Umbraco.Cms.Api.Management.Factories;
@@ -8,12 +7,10 @@ using Umbraco.Cms.Core;
using Umbraco.Cms.Core.Models;
using Umbraco.Cms.Core.Services;
using Umbraco.Cms.Core.Services.OperationStatus;
using Umbraco.Cms.Web.Common.Authorization;
namespace Umbraco.Cms.Api.Management.Controllers.Webhook;
[ApiVersion("1.0")]
[Authorize(Policy = AuthorizationPolicies.TreeAccessWebhooks)]
public class UpdateWebhookController : WebhookControllerBase
{
private readonly IWebhookService _webhookService;

3
src/Umbraco.Cms.Api.Management/Controllers/Webhook/WebhookControllerBase.cs
View File

@@ -1,13 +1,16 @@
using Microsoft.AspNetCore.Authorization;
using Microsoft.AspNetCore.Http;
using Microsoft.AspNetCore.Mvc;
using Umbraco.Cms.Api.Common.Builders;
using Umbraco.Cms.Api.Management.Routing;
using Umbraco.Cms.Core.Services.OperationStatus;
using Umbraco.Cms.Web.Common.Authorization;
namespace Umbraco.Cms.Api.Management.Controllers.Webhook;
[VersionedApiBackOfficeRoute("webhook")]
[ApiExplorerSettings(GroupName = "Webhook")]
[Authorize(Policy = AuthorizationPolicies.TreeAccessWebhooks)]
public abstract class WebhookControllerBase : ManagementApiControllerBase
{
protected IActionResult WebhookOperationStatusResult(WebhookOperationStatus status) =>