Don't let the users empty the recycle bin without delete permissions (#3699)
This commit is contained in:
Kenn Jacobsen
committed by
Sebastiaan Janssen
Sebastiaan Janssen
parent
e252a0849b
commit
a8d5bd6d1f
@@ -847,7 +847,7 @@ namespace Umbraco.Web.Editors
|
||||
/// </remarks>
|
||||
[HttpDelete]
|
||||
[HttpPost]
|
||||
[EnsureUserPermissionForContent(Constants.System.RecycleBinContent)]
|
||||
[EnsureUserPermissionForContent(Constants.System.RecycleBinContent, 'D')]
|
||||
public HttpResponseMessage EmptyRecycleBin()
|
||||
{
|
||||
Services.ContentService.EmptyRecycleBin();
|
||||
|
||||
@@ -346,8 +346,15 @@ namespace Umbraco.Web.Trees
|
||||
{
|
||||
if (RecycleBinId.ToInvariantString() == id)
|
||||
{
|
||||
// get the default assigned permissions for this user
|
||||
var actions = ActionsResolver.Current.FromActionSymbols(Security.CurrentUser.GetPermissions(Constants.System.RecycleBinContentString, Services.UserService)).ToList();
|
||||
|
||||
var menu = new MenuItemCollection();
|
||||
menu.Items.Add<ActionEmptyTranscan>(ui.Text("actions", "emptyTrashcan"));
|
||||
// only add empty recycle bin if the current user is allowed to delete by default
|
||||
if (actions.Contains(ActionDelete.Instance))
|
||||
{
|
||||
menu.Items.Add<ActionEmptyTranscan>(ui.Text("actions", "emptyTrashcan"));
|
||||
}
|
||||
menu.Items.Add<ActionRefresh>(ui.Text("actions", ActionRefresh.Instance.Alias), true);
|
||||
return menu;
|
||||
}
|
||||
|
||||
@@ -40,6 +40,12 @@ namespace Umbraco.Web.WebApi.Filters
|
||||
_nodeId = nodeId;
|
||||
}
|
||||
|
||||
public EnsureUserPermissionForContentAttribute(int nodeId, char permissionToCheck)
|
||||
: this(nodeId)
|
||||
{
|
||||
_permissionToCheck = permissionToCheck;
|
||||
}
|
||||
|
||||
public EnsureUserPermissionForContentAttribute(string paramName)
|
||||
{
|
||||
if (string.IsNullOrWhiteSpace(paramName)) throw new ArgumentException("Value cannot be null or whitespace.", "paramName");
|
||||
|
||||
Reference in New Issue
Block a user