Merge pull request #2532 from umbraco/temp-U4-11134
redirects preview to login when not authorized
This commit is contained in:
Claus
@@ -8,11 +8,10 @@ using Umbraco.Web.Mvc;
|
||||
|
||||
namespace Umbraco.Web.Editors
|
||||
{
|
||||
[UmbracoAuthorize]
|
||||
[DisableBrowserCache]
|
||||
public class PreviewController : Controller
|
||||
{
|
||||
|
||||
[UmbracoAuthorize(redirectToUmbracoLogin: true)]
|
||||
public ActionResult Index()
|
||||
{
|
||||
var model = new BackOfficePreview
|
||||
@@ -33,7 +32,6 @@ namespace Umbraco.Web.Editors
|
||||
return View(GlobalSettings.Path.EnsureEndsWith('/') + "Views/Preview/" + "Index.cshtml", model);
|
||||
}
|
||||
|
||||
[AllowAnonymous]
|
||||
public ActionResult Editors(string editor)
|
||||
{
|
||||
if (string.IsNullOrEmpty(editor)) throw new ArgumentNullException("editor");
|
||||
|
||||
@@ -4,6 +4,7 @@ using System.Web.Mvc;
|
||||
using Umbraco.Core;
|
||||
using Umbraco.Web.Security;
|
||||
using umbraco.BasePages;
|
||||
using Umbraco.Core.Configuration;
|
||||
|
||||
namespace Umbraco.Web.Mvc
|
||||
{
|
||||
@@ -14,6 +15,7 @@ namespace Umbraco.Web.Mvc
|
||||
{
|
||||
private readonly ApplicationContext _applicationContext;
|
||||
private readonly UmbracoContext _umbracoContext;
|
||||
private readonly string _redirectUrl;
|
||||
|
||||
private ApplicationContext GetApplicationContext()
|
||||
{
|
||||
@@ -36,16 +38,40 @@ namespace Umbraco.Web.Mvc
|
||||
_applicationContext = _umbracoContext.Application;
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Default constructor
|
||||
/// </summary>
|
||||
public UmbracoAuthorizeAttribute()
|
||||
{
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Ensures that the user must be in the Administrator or the Install role
|
||||
/// </summary>
|
||||
/// <param name="httpContext"></param>
|
||||
/// <returns></returns>
|
||||
protected override bool AuthorizeCore(HttpContextBase httpContext)
|
||||
/// <summary>
|
||||
/// Constructor specifying to redirect to the specified location if not authorized
|
||||
/// </summary>
|
||||
/// <param name="redirectUrl"></param>
|
||||
public UmbracoAuthorizeAttribute(string redirectUrl)
|
||||
{
|
||||
_redirectUrl = redirectUrl ?? throw new ArgumentNullException(nameof(redirectUrl));
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Constructor specifying to redirect to the umbraco login page if not authorized
|
||||
/// </summary>
|
||||
/// <param name="redirectToUmbracoLogin"></param>
|
||||
public UmbracoAuthorizeAttribute(bool redirectToUmbracoLogin)
|
||||
{
|
||||
if (redirectToUmbracoLogin)
|
||||
{
|
||||
_redirectUrl = GlobalSettings.Path.EnsureStartsWith("~");
|
||||
}
|
||||
}
|
||||
|
||||
/// <summary>
|
||||
/// Ensures that the user must be in the Administrator or the Install role
|
||||
/// </summary>
|
||||
/// <param name="httpContext"></param>
|
||||
/// <returns></returns>
|
||||
protected override bool AuthorizeCore(HttpContextBase httpContext)
|
||||
{
|
||||
if (httpContext == null) throw new ArgumentNullException("httpContext");
|
||||
|
||||
@@ -73,11 +99,20 @@ namespace Umbraco.Web.Mvc
|
||||
/// <param name="filterContext"></param>
|
||||
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
|
||||
{
|
||||
filterContext.Result = (ActionResult)new HttpUnauthorizedResult("You must login to view this resource.");
|
||||
|
||||
if (_redirectUrl.IsNullOrWhiteSpace())
|
||||
{
|
||||
filterContext.Result = (ActionResult)new HttpUnauthorizedResult("You must login to view this resource.");
|
||||
|
||||
|
||||
}
|
||||
else
|
||||
{
|
||||
filterContext.Result = new RedirectResult(_redirectUrl);
|
||||
}
|
||||
|
||||
//DON'T do a FormsAuth redirect... argh!! thankfully we're running .Net 4.5 :)
|
||||
filterContext.RequestContext.HttpContext.Response.SuppressFormsAuthenticationRedirect = true;
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user