yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enforce passing tree alias to tree api requests (#12678)

Browse Source 
* Enforce passing tree alias to tree api proxy

* Update ApplicationTreeController.cs
This commit is contained in:
Matt Brailsford
2023-05-23 16:30:21 +01:00
committed by GitHub
parent df8f13d6b8
commit afddb3d781
1 changed files with 19 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/Umbraco.Web.BackOffice/Trees/ApplicationTreeController.cs
View File

@@ -26,14 +26,13 @@ namespace Umbraco.Cms.Web.BackOffice.Trees;
[PluginController(Constants.Web.Mvc.BackOfficeTreeArea)]
public class ApplicationTreeController : UmbracoAuthorizedApiController
{
private readonly IActionDescriptorCollectionProvider _actionDescriptorCollectionProvider;
private readonly IControllerFactory _controllerFactory;
private readonly ILocalizedTextService _localizedTextService;
private readonly ISectionService _sectionService;
private readonly ITreeService _treeService;
private readonly ISectionService _sectionService;
private readonly ILocalizedTextService _localizedTextService;
private readonly IControllerFactory _controllerFactory;
private readonly IActionDescriptorCollectionProvider _actionDescriptorCollectionProvider;
/// <summary>
/// Initializes a new instance of the <see cref="ApplicationTreeController" /> class.
/// Initializes a new instance of the <see cref="ApplicationTreeController"/> class.
/// </summary>
public ApplicationTreeController(
ITreeService treeService,
@@ -209,14 +208,19 @@ public class ApplicationTreeController : UmbracoAuthorizedApiController
throw new ArgumentNullException(nameof(tree));
}
ActionResult<TreeNodeCollection?>? childrenResult = await GetChildren(tree, id, querystring);
// Force tree querystring param
Dictionary<string, StringValues>? td = querystring?.ToDictionary(x => x.Key, x => x.Value) ?? new Dictionary<string, StringValues>();
td["tree"] = tree.TreeAlias;
var qs = new FormCollection(td);
ActionResult<TreeNodeCollection?>? childrenResult = await GetChildren(tree, id, qs);
if (!(childrenResult?.Result is null))
{
return new ActionResult<TreeRootNode>(childrenResult.Result);
}
TreeNodeCollection? children = childrenResult?.Value;
ActionResult<TreeNode?>? rootNodeResult = await GetRootNode(tree, querystring);
ActionResult<TreeNode?>? rootNodeResult = await GetRootNode(tree, qs);
if (!(rootNodeResult?.Result is null))
{
return rootNodeResult.Result;
@@ -224,7 +228,6 @@ public class ApplicationTreeController : UmbracoAuthorizedApiController
TreeNode? rootNode = rootNodeResult?.Value;
var sectionRoot = TreeRootNode.CreateSingleTreeRoot(
Constants.System.RootString,
rootNode!.ChildNodesUrl,
@@ -256,7 +259,12 @@ public class ApplicationTreeController : UmbracoAuthorizedApiController
throw new ArgumentNullException(nameof(tree));
}
ActionResult<object> result = await GetApiControllerProxy(tree.TreeControllerType, "GetRootNode", querystring);
// Force tree querystring param
Dictionary<string, StringValues>? td = querystring?.ToDictionary(x => x.Key, x => x.Value) ?? new Dictionary<string, StringValues>();
td["tree"] = tree.TreeAlias;
var qs = new FormCollection(td);
ActionResult<object> result = await GetApiControllerProxy(tree.TreeControllerType, "GetRootNode", qs);
// return null if the user isn't authorized to view that tree
if (!((ForbidResult?)result.Result is null))
@@ -268,7 +276,7 @@ public class ApplicationTreeController : UmbracoAuthorizedApiController
TreeNode? rootNode = null;
if (controller is not null)
{
ActionResult<TreeNode?> rootNodeResult = await controller.GetRootNode(querystring);
ActionResult<TreeNode?> rootNodeResult = await controller.GetRootNode(qs);
if (!(rootNodeResult.Result is null))
{
return rootNodeResult.Result;