From c4e5ab54d236bcb8e0f1c6029edce19278bd6b14 Mon Sep 17 00:00:00 2001 From: Shannon Date: Thu, 22 Mar 2018 19:55:55 +1100 Subject: [PATCH] redirects preview to login when not authorized --- src/Umbraco.Web/Editors/PreviewController.cs | 4 +- .../Mvc/UmbracoAuthorizeAttribute.cs | 53 +++++++++++++++---- 2 files changed, 45 insertions(+), 12 deletions(-) diff --git a/src/Umbraco.Web/Editors/PreviewController.cs b/src/Umbraco.Web/Editors/PreviewController.cs index 488272153a..08de0f83ba 100644 --- a/src/Umbraco.Web/Editors/PreviewController.cs +++ b/src/Umbraco.Web/Editors/PreviewController.cs @@ -8,11 +8,10 @@ using Umbraco.Web.Mvc; namespace Umbraco.Web.Editors { - [UmbracoAuthorize] [DisableBrowserCache] public class PreviewController : Controller { - + [UmbracoAuthorize(redirectToUmbracoLogin: true)] public ActionResult Index() { var model = new BackOfficePreview @@ -33,7 +32,6 @@ namespace Umbraco.Web.Editors return View(GlobalSettings.Path.EnsureEndsWith('/') + "Views/Preview/" + "Index.cshtml", model); } - [AllowAnonymous] public ActionResult Editors(string editor) { if (string.IsNullOrEmpty(editor)) throw new ArgumentNullException("editor"); diff --git a/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs b/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs index c5ebf24626..fdcade45e2 100644 --- a/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs +++ b/src/Umbraco.Web/Mvc/UmbracoAuthorizeAttribute.cs @@ -4,6 +4,7 @@ using System.Web.Mvc; using Umbraco.Core; using Umbraco.Web.Security; using umbraco.BasePages; +using Umbraco.Core.Configuration; namespace Umbraco.Web.Mvc { @@ -14,6 +15,7 @@ namespace Umbraco.Web.Mvc { private readonly ApplicationContext _applicationContext; private readonly UmbracoContext _umbracoContext; + private readonly string _redirectUrl; private ApplicationContext GetApplicationContext() { @@ -36,16 +38,40 @@ namespace Umbraco.Web.Mvc _applicationContext = _umbracoContext.Application; } + /// + /// Default constructor + /// public UmbracoAuthorizeAttribute() { } - /// - /// Ensures that the user must be in the Administrator or the Install role - /// - /// - /// - protected override bool AuthorizeCore(HttpContextBase httpContext) + /// + /// Constructor specifying to redirect to the specified location if not authorized + /// + /// + public UmbracoAuthorizeAttribute(string redirectUrl) + { + _redirectUrl = redirectUrl ?? throw new ArgumentNullException(nameof(redirectUrl)); + } + + /// + /// Constructor specifying to redirect to the umbraco login page if not authorized + /// + /// + public UmbracoAuthorizeAttribute(bool redirectToUmbracoLogin) + { + if (redirectToUmbracoLogin) + { + _redirectUrl = GlobalSettings.Path.EnsureStartsWith("~"); + } + } + + /// + /// Ensures that the user must be in the Administrator or the Install role + /// + /// + /// + protected override bool AuthorizeCore(HttpContextBase httpContext) { if (httpContext == null) throw new ArgumentNullException("httpContext"); @@ -73,11 +99,20 @@ namespace Umbraco.Web.Mvc /// protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext) { - filterContext.Result = (ActionResult)new HttpUnauthorizedResult("You must login to view this resource."); - + if (_redirectUrl.IsNullOrWhiteSpace()) + { + filterContext.Result = (ActionResult)new HttpUnauthorizedResult("You must login to view this resource."); + + + } + else + { + filterContext.Result = new RedirectResult(_redirectUrl); + } + //DON'T do a FormsAuth redirect... argh!! thankfully we're running .Net 4.5 :) filterContext.RequestContext.HttpContext.Response.SuppressFormsAuthenticationRedirect = true; } } -} \ No newline at end of file +}