publicly exposes the UmbracoAuthorizeAttribute for MVC and creates one for web api too.

2013-02-27 00:33:59 +06:00
parent ffb9849745
commit b0ae03b220
2 changed files with 46 additions and 4 deletions
--- a/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs
+++ b/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs
@@ -7,11 +7,10 @@ using umbraco.BasePages;

 namespace Umbraco.Web.Mvc
 {
-	/// <summary>
-	/// Ensures authorization occurs for the installer if it has already completed. If install has not yet occured
-	/// then the authorization is successful
+	/// <summary>	
+	/// Ensures authorization is successful for a back office user
 	/// </summary>
-	internal class UmbracoAuthorizeAttribute : AuthorizeAttribute
+	public sealed class UmbracoAuthorizeAttribute : AuthorizeAttribute
 	{
 		private readonly ApplicationContext _applicationContext;

--- a/src/Umbraco.Web/WebApi/UmbracoAuthorizeAttribute.cs
+++ b/src/Umbraco.Web/WebApi/UmbracoAuthorizeAttribute.cs
@@ -0,0 +1,43 @@
+using System;
+using System.Web.Http;
+using Umbraco.Core;
+using Umbraco.Web.Security;
+
+namespace Umbraco.Web.WebApi
+{
+    /// <summary>
+    /// Ensures authorization is successful for a back office user
+    /// </summary>
+    public sealed class UmbracoAuthorizeAttribute : AuthorizeAttribute
+    {
+        private readonly ApplicationContext _applicationContext;
+
+        public UmbracoAuthorizeAttribute(ApplicationContext appContext)
+        {
+            if (appContext == null) throw new ArgumentNullException("appContext");
+            _applicationContext = appContext;
+        }
+
+        public UmbracoAuthorizeAttribute()
+            : this(ApplicationContext.Current)
+        {
+
+        }
+
+        protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)
+        {
+            try
+            {
+                //we need to that the app is configured and that a user is logged in
+                if (!_applicationContext.IsConfigured)
+                    return false;
+                var isLoggedIn = WebSecurity.ValidateUserContextId(WebSecurity.UmbracoUserContextId);
+                return isLoggedIn;
+            }
+            catch (Exception)
+            {
+                return false;
+            }
+        }
+    }
+}