From aa0fca5de9b8544f769f2dd1c4ba8f69a02920ff Mon Sep 17 00:00:00 2001
From: Shannon <sdeminick@gmail.com>
Date: Thu, 29 Aug 2013 20:15:08 +1000
Subject: [PATCH] Fixes small error with entityresouce, adds app based security
 to some of the entity controller methods, need to add diff sec checks to the
 other ones based on the type requested.

---
 .../src/common/resources/entity.resource.js        |  2 +-
 .../App_Plugins/MyPackage/Package.manifest         | 10 +++++++++-
 src/Umbraco.Web.UI/Umbraco.Web.UI.csproj           |  2 ++
 src/Umbraco.Web/Editors/EntityController.cs        | 14 ++++++++++++++
 4 files changed, 26 insertions(+), 2 deletions(-)

diff --git a/src/Umbraco.Web.UI.Client/src/common/resources/entity.resource.js b/src/Umbraco.Web.UI.Client/src/common/resources/entity.resource.js
index dca97d35ac..5e23495765 100644
--- a/src/Umbraco.Web.UI.Client/src/common/resources/entity.resource.js
+++ b/src/Umbraco.Web.UI.Client/src/common/resources/entity.resource.js
@@ -152,7 +152,7 @@ function entityResource($q, $http, umbRequestHelper) {
                        "entityApiBaseUrl",
                        "GetAll",
                        [{type: type }])),
-               'Failed to retreive entity data for id ' + id);
+               'Failed to retreive entity data for type ' + type);
         },
 
         /**
diff --git a/src/Umbraco.Web.UI/App_Plugins/MyPackage/Package.manifest b/src/Umbraco.Web.UI/App_Plugins/MyPackage/Package.manifest
index d706fc29ae..2997a1791b 100644
--- a/src/Umbraco.Web.UI/App_Plugins/MyPackage/Package.manifest
+++ b/src/Umbraco.Web.UI/App_Plugins/MyPackage/Package.manifest
@@ -49,12 +49,20 @@
 					},
 				]				
 			}
+		},
+		{
+			id: "48B0DA8C-3492-4693-96DB-5C5099C680F3",
+			name: "Custom editor",
+			editor: {
+				view: "~/App_Plugins/MyPackage/PropertyEditors/Views/CustomJson.html"				
+			}
 		}
 	],    
     javascript: [
         '~/App_Plugins/MyPackage/Common/Js/MyPackage.js',
 		'~/App_Plugins/MyPackage/PropertyEditors/Js/CsvEditor.js',
 		'~/App_Plugins/MyPackage/PropertyEditors/Js/PostcodeEditor.js',
-		'~/App_Plugins/MyPackage/PropertyEditors/Js/RegexEditor.js'
+		'~/App_Plugins/MyPackage/PropertyEditors/Js/RegexEditor.js',
+		'~/App_Plugins/MyPackage/PropertyEditors/Js/CustomJsonEditor.js'
     ]
 }
\ No newline at end of file
diff --git a/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj b/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
index c74c41d77e..55a997b1dd 100644
--- a/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
+++ b/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
@@ -578,9 +578,11 @@
       <DependentUpon>umbraco.aspx</DependentUpon>
     </Compile>
     <Content Include="App_Plugins\MyPackage\Common\Js\MyPackage.js" />
+    <Content Include="App_Plugins\MyPackage\PropertyEditors\Js\CustomJsonEditor.js" />
     <Content Include="App_Plugins\MyPackage\PropertyEditors\Js\CsvEditor.js" />
     <Content Include="App_Plugins\MyPackage\PropertyEditors\Js\PostcodeEditor.js" />
     <Content Include="App_Plugins\MyPackage\PropertyEditors\Js\RegexEditor.js" />
+    <Content Include="App_Plugins\MyPackage\PropertyEditors\Views\CustomJson.html" />
     <Content Include="App_Plugins\MyPackage\PropertyEditors\Views\CsvEditor.html" />
     <Content Include="App_Plugins\MyPackage\PropertyEditors\Views\PostcodeEditor.html" />
     <Content Include="App_Plugins\MyPackage\PropertyEditors\Views\RegexEditor.html" />
diff --git a/src/Umbraco.Web/Editors/EntityController.cs b/src/Umbraco.Web/Editors/EntityController.cs
index 828915ce44..741a714794 100644
--- a/src/Umbraco.Web/Editors/EntityController.cs
+++ b/src/Umbraco.Web/Editors/EntityController.cs
@@ -1,7 +1,10 @@
 using System;
 using System.Collections.Generic;
 using System.Web.Http;
+using System.Web.Http.Controllers;
+using System.Web.Http.ModelBinding;
 using AutoMapper;
+using Newtonsoft.Json;
 using Umbraco.Core.Logging;
 using Umbraco.Core.Services;
 using Umbraco.Web.Models.ContentEditing;
@@ -10,6 +13,8 @@ using Umbraco.Web.WebApi;
 using System.Linq;
 using Umbraco.Core.Models.EntityBase;
 using Umbraco.Core.Models;
+using Umbraco.Web.WebApi.Filters;
+using Constants = Umbraco.Core.Constants;
 
 namespace Umbraco.Web.Editors
 {
@@ -19,38 +24,47 @@ namespace Umbraco.Web.Editors
     [PluginController("UmbracoApi")]
     public class EntityController : UmbracoAuthorizedJsonController
     {
+
+        [UmbracoApplicationAuthorize(Constants.Applications.Content)]
         public EntityBasic GetDocumentById(int id)
         {
             return Mapper.Map<EntityBasic>(Services.EntityService.Get(id, UmbracoObjectTypes.Document));
         }
 
+        [UmbracoApplicationAuthorizeAttribute(Constants.Applications.Content)]
         public IEnumerable<EntityBasic> GetDocumentChildren(int id)
         {
             return GetChildren(id, UmbracoObjectTypes.Document);
         }
 
+        [UmbracoApplicationAuthorizeAttribute(Constants.Applications.Content)]
         public IEnumerable<EntityBasic> GetDocumentsByIds([FromUri]int[] ids)
         {
             if (ids == null) throw new ArgumentNullException("ids");
             return GetEntitiesById(ids, UmbracoObjectTypes.Document);
         }
 
+        [UmbracoApplicationAuthorizeAttribute(Constants.Applications.Media)]
         public EntityBasic GetMediaById(int id)
         {
             return GetEntityById(id, UmbracoObjectTypes.Media);
         }
 
+        [UmbracoApplicationAuthorizeAttribute(Constants.Applications.Media)]
         public IEnumerable<EntityBasic> GetMediaChildren(int id)
         {
             return GetChildren(id, UmbracoObjectTypes.Media);
         }
 
+        [UmbracoApplicationAuthorizeAttribute(Constants.Applications.Media)]
         public IEnumerable<EntityBasic> GetMediaByIds([FromUri]int[] ids)
         {
             if (ids == null) throw new ArgumentNullException("ids");
             return GetEntitiesById(ids, UmbracoObjectTypes.Media);
         }
 
+        //TODO: Need to add app level security for all of this below
+
         public EntityBasic GetById(int id, UmbracoObjectTypes? type = null)
         {
             return type == null