From b0ae03b2201aafac6a46a61e36292d320790ceda Mon Sep 17 00:00:00 2001
From: Shannon Deminick <sdeminick@gmail.com>
Date: Wed, 27 Feb 2013 00:33:59 +0600
Subject: [PATCH] publicly exposes the UmbracoAuthorizeAttribute for MVC and
 creates one for web api too.

---
 .../Mvc/UmbracoAuthorizeAttribute.cs          |  7 ++-
 .../WebApi/UmbracoAuthorizeAttribute.cs       | 43 +++++++++++++++++++
 2 files changed, 46 insertions(+), 4 deletions(-)
 create mode 100644 src/Umbraco.Web/WebApi/UmbracoAuthorizeAttribute.cs

diff --git a/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs b/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs
index b7c57e2b7d..7746ef7c0c 100644
--- a/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs
+++ b/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs
@@ -7,11 +7,10 @@ using umbraco.BasePages;
 
 namespace Umbraco.Web.Mvc
 {
-	/// <summary>
-	/// Ensures authorization occurs for the installer if it has already completed. If install has not yet occured
-	/// then the authorization is successful
+	/// <summary>	
+	/// Ensures authorization is successful for a back office user
 	/// </summary>
-	internal class UmbracoAuthorizeAttribute : AuthorizeAttribute
+	public sealed class UmbracoAuthorizeAttribute : AuthorizeAttribute
 	{
 		private readonly ApplicationContext _applicationContext;
 
diff --git a/src/Umbraco.Web/WebApi/UmbracoAuthorizeAttribute.cs b/src/Umbraco.Web/WebApi/UmbracoAuthorizeAttribute.cs
new file mode 100644
index 0000000000..f1c5633ed5
--- /dev/null
+++ b/src/Umbraco.Web/WebApi/UmbracoAuthorizeAttribute.cs
@@ -0,0 +1,43 @@
+using System;
+using System.Web.Http;
+using Umbraco.Core;
+using Umbraco.Web.Security;
+
+namespace Umbraco.Web.WebApi
+{
+    /// <summary>
+    /// Ensures authorization is successful for a back office user
+    /// </summary>
+    public sealed class UmbracoAuthorizeAttribute : AuthorizeAttribute
+    {
+        private readonly ApplicationContext _applicationContext;
+
+        public UmbracoAuthorizeAttribute(ApplicationContext appContext)
+        {
+            if (appContext == null) throw new ArgumentNullException("appContext");
+            _applicationContext = appContext;
+        }
+
+        public UmbracoAuthorizeAttribute()
+            : this(ApplicationContext.Current)
+        {
+
+        }
+
+        protected override bool IsAuthorized(System.Web.Http.Controllers.HttpActionContext actionContext)
+        {
+            try
+            {
+                //we need to that the app is configured and that a user is logged in
+                if (!_applicationContext.IsConfigured)
+                    return false;
+                var isLoggedIn = WebSecurity.ValidateUserContextId(WebSecurity.UmbracoUserContextId);
+                return isLoggedIn;
+            }
+            catch (Exception)
+            {
+                return false;
+            }
+        }
+    }
+}
\ No newline at end of file