From 18258fe4878ed2e828150d92b149aaae367b7311 Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <kja@vertica.dk>
Date: Fri, 23 Nov 2018 16:16:06 +0100
Subject: [PATCH 01/21] Initial setup of public access dialog

---
 .../content/content.protect.controller.js     | 46 +++++++++++
 .../src/views/content/protect.html            | 82 +++++++++++++++++++
 src/Umbraco.Web.UI/Umbraco/config/lang/en.xml |  6 +-
 3 files changed, 131 insertions(+), 3 deletions(-)
 create mode 100644 src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
 create mode 100644 src/Umbraco.Web.UI.Client/src/views/content/protect.html

diff --git a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
new file mode 100644
index 0000000000..fc2da0ef75
--- /dev/null
+++ b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
@@ -0,0 +1,46 @@
+(function () {
+    "use strict";
+
+    function ContentProtectController($scope, $routeParams, contentResource, memberGroupResource, navigationService) {
+
+        var vm = this;
+        var id = $scope.currentNode.id;
+
+        vm.loading = false;
+        vm.saveButtonState = "init";
+
+        vm.next = next;
+        vm.save = save;
+        vm.close = close;
+
+        vm.type = null;
+
+        function onInit() {
+            vm.loading = true;
+            // Get all member groups
+            memberGroupResource.getGroups().then(function (groups) {                
+                vm.groups = groups;
+                vm.step = "type";
+                vm.loading = false;
+            });
+        }
+
+        function next() {
+            vm.step = vm.type;
+        }
+
+        function save() {
+            vm.saveButtonState = "busy";
+            console.log("TODO: SAVE!")
+        }
+
+        function close() {
+            navigationService.hideDialog();
+        }
+
+        onInit();
+
+    }
+
+    angular.module("umbraco").controller("Umbraco.Editors.Content.ProtectController", ContentProtectController);
+})();
diff --git a/src/Umbraco.Web.UI.Client/src/views/content/protect.html b/src/Umbraco.Web.UI.Client/src/views/content/protect.html
new file mode 100644
index 0000000000..3823d2bba1
--- /dev/null
+++ b/src/Umbraco.Web.UI.Client/src/views/content/protect.html
@@ -0,0 +1,82 @@
+<div ng-controller="Umbraco.Editors.Content.ProtectController as vm">
+    <div class="umb-dialog-body form-horizontal" ng-cloak>
+        <div class="umb-pane">
+
+            <div ng-show="error">
+                <div class="alert alert-error">
+                    <div><strong>{{error.errorMsg}}</strong></div>
+                    <div>{{error.data.message}}</div>
+                </div>
+            </div>
+
+            <umb-load-indicator ng-show="vm.loading">
+            </umb-load-indicator>
+
+            <umb-pane ng-show="vm.step === 'type'">
+                <p class="abstract" ng-hide="success">
+                    <localize key="publicAccess_paHowWould">Choose how to restrict access to the page</localize> <strong>{{currentNode.name}}</strong>
+                </p>
+
+                <div class="pa-select-type">
+                    <input id="protectionTypeUser" type="radio" name="protectionType" value="user" ng-model="vm.type">
+
+                    <label for="protectionTypeUser">
+                        <h5 class="pa-access-header"><localize key="publicAccess_paSimple">Single user protection</localize></h5>
+                        <p><localize key="publicAccess_paSimpleHelp">If you just want to setup simple protection using a single login and password.</localize></p>
+                    </label>
+                </div>
+
+                <div class="pa-select-type">
+                    <input id="protectionTypeRole" type="radio" name="protectionType" value="role" ng-model="vm.type">
+
+                    <label for="protectionTypeRole">
+                        <h5 class="pa-access-header"><localize key="publicAccess_paAdvanced">Role based protection</localize></h5>
+                        <p><localize key="publicAccess_paAdvancedHelp">If you wish to control access to the page using role-based authentication, using Umbraco's member groups.</localize></p>
+                    </label>
+                </div>
+            </umb-pane>
+
+            <umb-pane ng-show="vm.step === 'user'">
+                TODO: user config
+            </umb-pane>
+
+            <umb-pane ng-show="vm.step === 'role' && !vm.groups.length">
+                <p><localize key="publicAccess_paAdvancedNoGroups">You need to create a membergroup before you can use role-based authentication.</localize></p>
+            </umb-pane>
+
+            <umb-pane ng-show="vm.step === 'role' && vm.groups.length">
+                TODO: role config
+            </umb-pane>
+
+            <!--<pre>{{vm | json}}</pre>-->
+
+        </div>
+    </div>
+
+    <div class="umb-dialog-footer btn-toolbar umb-btn-toolbar" ng-hide="success">
+        <umb-button
+            type="button"
+            button-style="link"
+            action="vm.close()"
+            label-key="general_close">
+        </umb-button>
+
+        <umb-button
+            ng-hide="vm.step !== 'type'"
+            type="button" 
+            action="vm.next()"
+            button-style="success"
+            label-key="general_next">
+        </umb-button>
+
+        <umb-button
+            ng-show="vm.step !== 'type'"
+            type="button" 
+            action="vm.save()"
+            state="vm.saveButtonState"
+            button-style="success"
+            label-key="buttons_save"
+            disabled="vm.buttonState === 'busy' || !TODO">
+        </umb-button>
+    </div>
+</div>
diff --git a/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml b/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml
index 7c25782442..15c8c1c7d2 100644
--- a/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml
+++ b/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml
@@ -1126,10 +1126,10 @@ To manage your website, simply open the Umbraco back office and start adding con
   <area alias="publicAccess">
     <key alias="paAdvanced">Role based protection</key>
         <key alias="paAdvancedHelp">If you wish to control access to the page using role-based authentication, using Umbraco's member groups.</key>
-    <key alias="paAdvancedNoGroups">You need to create a membergroup before you can use role-based authentication</key>
+    <key alias="paAdvancedNoGroups">You need to create a membergroup before you can use role-based authentication.</key>
     <key alias="paErrorPage">Error Page</key>
     <key alias="paErrorPageHelp">Used when people are logged on, but do not have access</key>
-    <key alias="paHowWould">Choose how to restrict access to this page</key>
+    <key alias="paHowWould">Choose how to restrict access to the page</key>
     <key alias="paIsProtected">%0% is now protected</key>
     <key alias="paIsRemoved">Protection removed from %0%</key>
     <key alias="paLoginPage">Login Page</key>
@@ -1139,7 +1139,7 @@ To manage your website, simply open the Umbraco back office and start adding con
     <key alias="paSelectRoles">Pick the roles who have access to this page</key>
     <key alias="paSetLogin">Set the login and password for this page</key>
     <key alias="paSimple">Single user protection</key>
-    <key alias="paSimpleHelp">If you just want to setup simple protection using a single login and password</key>
+    <key alias="paSimpleHelp">If you just want to setup simple protection using a single login and password.</key>
   </area>
   <area alias="publish">
     <key alias="contentPublishedFailedAwaitingRelease"><![CDATA[

From 5026bc03e1c6cc5e48358b474019044b1a901bad Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <post@kennjacobsen.dk>
Date: Sat, 24 Nov 2018 19:39:15 +0100
Subject: [PATCH 02/21] A lot more implementation :)

---
 .../src/common/resources/content.resource.js  |  56 +++++
 .../content/content.protect.controller.js     | 128 ++++++++++-
 .../src/views/content/protect.html            | 209 ++++++++++++------
 src/Umbraco.Web.UI/Umbraco/config/lang/da.xml |  14 +-
 src/Umbraco.Web.UI/Umbraco/config/lang/en.xml |  20 +-
 src/Umbraco.Web/Actions/ActionProtect.cs      |   4 +-
 src/Umbraco.Web/Editors/ContentController.cs  | 121 ++++++++++
 .../Models/ContentEditing/PublicAccess.cs     |  20 ++
 src/Umbraco.Web/Umbraco.Web.csproj            |   1 +
 9 files changed, 479 insertions(+), 94 deletions(-)
 create mode 100644 src/Umbraco.Web/Models/ContentEditing/PublicAccess.cs

diff --git a/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js b/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
index 06ef8748a0..c056f70a92 100644
--- a/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
+++ b/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
@@ -940,6 +940,62 @@ function contentResource($q, $http, umbDataFormatter, umbRequestHelper) {
                 ),
                 "Failed to roll back content item with id " + contentId
             );
+        },
+
+        /**
+          * @ngdoc method
+          * @name umbraco.resources.contentResource#getPublicAccess
+          * @methodOf umbraco.resources.contentResource
+          *
+          * @description
+          * Returns the public access protection for a content item
+          *
+          * ##usage
+          * <pre>
+          * contentResource.getPublicAccess(contentId)
+          *    .then(function(publicAccess) {
+          *        // do your thing
+          *    });
+          * </pre>
+          *
+          * @param {Int} contentId The content Id
+          * @returns {Promise} resourcePromise object containing the public access protection
+          *
+          */
+        getPublicAccess: function (contentId) {
+            return umbRequestHelper.resourcePromise(
+                $http.get(
+                    umbRequestHelper.getApiUrl("contentApiBaseUrl", "GetPublicAccess", {
+                        contentId: contentId
+                    })
+                ),
+                "Failed to get public access for content item with id " + contentId
+            );
+        },
+
+        // TODO KJAC: ngdoc this
+        updatePublicAccess: function (contentId, userName, password, roles, loginPageId, errorPageId) {
+            var publicAccess = {
+                contentId: contentId,
+                loginPageId: loginPageId,
+                errorPageId: errorPageId
+            };
+            if (userName && password) {
+                publicAccess.userName = userName;
+                publicAccess.password = password;
+            }
+            else if (angular.isArray(roles) && roles.length) {
+                publicAccess.roles = roles;
+            }
+            else {
+                throw "must supply either userName/password or roles";
+            }
+            return umbRequestHelper.resourcePromise(
+                $http.post(
+                    umbRequestHelper.getApiUrl("contentApiBaseUrl", "PostPublicAccess", publicAccess)
+                ),
+                "Failed to update public access for content item with id " + contentId
+            );
         }
 
     };
diff --git a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
index fc2da0ef75..84d8619303 100644
--- a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
@@ -1,7 +1,7 @@
 (function () {
     "use strict";
 
-    function ContentProtectController($scope, $routeParams, contentResource, memberGroupResource, navigationService) {
+    function ContentProtectController($scope, $routeParams, contentResource, memberGroupResource, navigationService, editorService) {
 
         var vm = this;
         var id = $scope.currentNode.id;
@@ -9,35 +9,147 @@
         vm.loading = false;
         vm.saveButtonState = "init";
 
+        vm.isValid = isValid;
         vm.next = next;
         vm.save = save;
         vm.close = close;
+        vm.toggle = toggle;
+        vm.pickLoginPage = pickLoginPage;
+        vm.pickErrorPage = pickErrorPage;
+        vm.remove = remove;
+        vm.removeConfirm = removeConfirm;
 
         vm.type = null;
+        vm.step = null;
 
         function onInit() {
             vm.loading = true;
-            // Get all member groups
-            memberGroupResource.getGroups().then(function (groups) {                
-                vm.groups = groups;
-                vm.step = "type";
-                vm.loading = false;
+
+            // get the current public access protection
+            contentResource.getPublicAccess(id).then(function (publicAccess) {
+                // init the current settings for public access (if any)
+                vm.loginPage = publicAccess.loginPage;
+                vm.errorPage = publicAccess.errorPage;
+                vm.userName = publicAccess.userName;
+                vm.roles = publicAccess.roles;
+                vm.canRemove = true;
+
+                if (vm.userName) {
+                    vm.type = "user";
+                    next();
+                }
+                else if (vm.roles) {
+                    vm.type = "role";
+                    next();
+                }
+                else {
+                    vm.canRemove = false;
+                    vm.loading = false;
+                }
             });
         }
 
         function next() {
-            vm.step = vm.type;
+            if (vm.type === "role") {
+                vm.loading = true;
+                // Get all member groups
+                memberGroupResource.getGroups().then(function (groups) {
+                    vm.step = vm.type;
+                    vm.groups = groups;
+                    // set groups "selected" according to currently selected roles for public access
+                    _.each(groups, function(group) {
+                        group.selected = _.contains(vm.roles, group.name);
+                    });
+                    vm.loading = false;
+                });
+            }
+            else {
+                vm.step = vm.type;
+            }
+        }
+
+        function isValid() {
+            if (!vm.type) {
+                return false;
+            }
+            if (!vm.protectForm.$valid) {
+                return false;
+            }
+            if (!vm.loginPage || !vm.errorPage) {
+                return false;
+            }
+            if (vm.type === "role") {
+                return !!_.find(vm.groups, function(group) { return group.selected; });
+            }
+            return true;
         }
 
         function save() {
             vm.saveButtonState = "busy";
-            console.log("TODO: SAVE!")
+            var selectedGroups = _.filter(vm.groups, function(group) { return group.selected; });
+            var roles = _.map(selectedGroups, function(group) { return group.name; });
+            contentResource.updatePublicAccess(id, vm.userName, vm.password, roles, vm.loginPage.id, vm.errorPage.id).then(
+                function () {
+                    vm.saveButtonState = "success";
+                    navigationService.syncTree({ tree: "content", path: $scope.currentNode.path, forceReload: true });
+                }, function (error) {
+                    vm.error = error;
+                    vm.saveButtonState = "error";
+                }
+            );
         }
 
         function close() {
             navigationService.hideDialog();
         }
 
+        function toggle(group) {
+            group.selected = !group.selected;
+        }
+
+        function pickLoginPage() {
+            // TODO KJAC: temporary test values until we fix the content picker
+            if (!vm.loginPage) {
+                vm.loginPage = { id: 1092 };
+            }
+
+            //editorService.contentPicker({
+            //    submit: function(model) {
+            //        console.log("I picked", model)
+            //        editorService.close();
+            //    },
+            //    close: function () {
+            //        editorService.close();
+            //    }
+            //});
+        }
+
+        function pickErrorPage() {
+            // TODO KJAC: temporary test values until we fix the content picker
+            if (!vm.errorPage) {
+                vm.errorPage = { id: 1093 };
+            }
+
+            //editorService.contentPicker({
+            //    submit: function(model) {
+            //        console.log("I picked", model)
+            //        editorService.close();
+            //    },
+            //    close: function () {
+            //        editorService.close();
+            //    }
+            //});
+        }
+
+        function remove() {
+            vm.removing = true;
+        }
+
+        function removeConfirm() {
+            vm.saveButtonState = "busy";
+            // TODO KJAC: remove protection from the page
+        }
+
         onInit();
 
     }
diff --git a/src/Umbraco.Web.UI.Client/src/views/content/protect.html b/src/Umbraco.Web.UI.Client/src/views/content/protect.html
index 3823d2bba1..93381303d0 100644
--- a/src/Umbraco.Web.UI.Client/src/views/content/protect.html
+++ b/src/Umbraco.Web.UI.Client/src/views/content/protect.html
@@ -1,82 +1,151 @@
 <div ng-controller="Umbraco.Editors.Content.ProtectController as vm">
-    <div class="umb-dialog-body form-horizontal" ng-cloak>
-        <div class="umb-pane">
+    <form name="vm.protectForm" novalidate>
+        <div class="umb-dialog-body form-horizontal" ng-cloak>
+            <umb-pane>
 
-            <div ng-show="error">
-                <div class="alert alert-error">
-                    <div><strong>{{error.errorMsg}}</strong></div>
-                    <div>{{error.data.message}}</div>
-                </div>
-            </div>
-
-            <umb-load-indicator ng-show="vm.loading">
-            </umb-load-indicator>
-
-            <umb-pane ng-show="vm.step === 'type'">
-                <p class="abstract" ng-hide="success">
-                    <localize key="publicAccess_paHowWould">Choose how to restrict access to the page</localize> <strong>{{currentNode.name}}</strong>
-                </p>
-
-                <div class="pa-select-type">
-                    <input id="protectionTypeUser" type="radio" name="protectionType" value="user" ng-model="vm.type">
-
-                    <label for="protectionTypeUser">
-                        <h5 class="pa-access-header"><localize key="publicAccess_paSimple">Single user protection</localize></h5>
-                        <p><localize key="publicAccess_paSimpleHelp">If you just want to setup simple protection using a single login and password.</localize></p>
-                    </label>
+                <div ng-show="error">
+                    <div class="alert alert-error">
+                        <div><strong>{{error.errorMsg}}</strong></div>
+                        <div>{{error.data.message}}</div>
+                    </div>
                 </div>
 
-                <div class="pa-select-type">
-                    <input id="protectionTypeRole" type="radio" name="protectionType" value="role" ng-model="vm.type">
+                <umb-load-indicator ng-show="vm.loading">
+                </umb-load-indicator>
 
-                    <label for="protectionTypeRole">
-                        <h5 class="pa-access-header"><localize key="publicAccess_paAdvanced">Role based protection</localize></h5>
-                        <p><localize key="publicAccess_paAdvancedHelp">If you wish to control access to the page using role-based authentication, using Umbraco's member groups.</localize></p>
-                    </label>
+                <div ng-show="!vm.step && !vm.loading">
+                    <p class="abstract" ng-hide="success">
+                        <localize key="publicAccess_paHowWould" tokens="[currentNode.name]">Choose how to restrict access to this page</localize>
+                    </p>
+
+                    <div class="pa-select-type">
+                        <input id="protectionTypeUser" type="radio" name="protectionType" value="user" ng-model="vm.type">
+
+                        <label for="protectionTypeUser">
+                            <h5 class="pa-access-header"><localize key="publicAccess_paSimple">Single user protection</localize></h5>
+                            <p><localize key="publicAccess_paSimpleHelp">If you just want to setup simple protection using a single login and password</localize></p>
+                        </label>
+                    </div>
+
+                    <div class="pa-select-type">
+                        <input id="protectionTypeRole" type="radio" name="protectionType" value="role" ng-model="vm.type">
+
+                        <label for="protectionTypeRole">
+                            <h5 class="pa-access-header"><localize key="publicAccess_paAdvanced">Role based protection</localize></h5>
+                            <p><localize key="publicAccess_paAdvancedHelp">If you wish to control access to the page using role-based authentication, using Umbraco's member groups</localize></p>
+                        </label>
+                    </div>
                 </div>
+
+                <div ng-show="vm.step && !vm.loading && !vm.removing">
+                    <div ng-if="vm.step === 'user'">
+                        <p><localize key="publicAccess_paSetLogin" tokens="[currentNode.name]">Set the login and password for this page</localize></p>
+                        <umb-control-group label="@general_login">
+                            <input type="text" name="userName" ng-model="vm.userName" class="-full-width-input" required />
+                        </umb-control-group>
+                        <umb-control-group label="@general_password">
+                            <!-- TODO KJAC: get password regex from server -->
+                            <input type="password" name="password" ng-model="vm.password" class="-full-width-input" required pattern="^....$" />
+                        </umb-control-group>
+                    </div>
+
+                    <div ng-show="vm.step === 'role' && !vm.groups.length">
+                        <p><localize key="publicAccess_paAdvancedNoGroups">You need to create a membergroup before you can use role-based authentication</localize></p>
+                    </div>
+
+                    <div ng-show="vm.step === 'role' && vm.groups.length">
+                        <p><localize key="publicAccess_paSelectRoles" tokens="[currentNode.name]">Pick the roles who have access to this page</localize></p>
+                        <umb-control-group ng-repeat="group in vm.groups | orderBy:'name'" label="{{group.name}}">
+                            <umb-toggle checked="group.selected"
+                                        on-click="vm.toggle(group, $event)"
+                                        hide-icons="true">
+                            </umb-toggle>
+                        </umb-control-group>
+                    </div>
+
+                    <div ng-show="vm.step === 'user' || vm.groups.length">
+                        <p><localize key="publicAccess_paSelectPages">Select the pages that contain login form and error messages</localize></p>
+                        <umb-control-group label="@publicAccess_paLoginPage" description="@publicAccess_paLoginPageHelp">
+                            <a href ng-show="!vm.loginPage" ng-click="vm.pickLoginPage()" class="umb-node-preview-add" prevent-default>
+                                <localize key="general_add">Add</localize>
+                            </a>
+                            <umb-node-preview ng-show="vm.loginPage"
+                                              icon="vm.loginPage.icon"
+                                              name="vm.loginPage.name"
+                                              allow-remove="true"
+                                              on-remove="vm.loginPage = null">
+                            </umb-node-preview>
+                        </umb-control-group>
+                        <umb-control-group label="@publicAccess_paErrorPage" description="@publicAccess_paErrorPageHelp">
+                            <a href ng-show="!vm.errorPage" ng-click="vm.pickErrorPage()" class="umb-node-preview-add" prevent-default>
+                                <localize key="general_add">Add</localize>
+                            </a>
+                            <umb-node-preview ng-show="vm.errorPage"
+                                              icon="vm.errorPage.icon"
+                                              name="vm.errorPage.name"
+                                              allow-remove="true"
+                                              on-remove="vm.errorPage = null">
+                            </umb-node-preview>
+                        </umb-control-group>
+                    </div>
+                </div>
+
+                <div ng-show="vm.removing">
+                    <p><localize key="publicAccess_paRemoveProtectionConfirm" tokens="[currentNode.name]">Are you sure you want to remove the protection from this page?</localize></p>
+                </div>
+
+                <!--<pre>{{vm | json}}</pre>-->
+
             </umb-pane>
-
-            <umb-pane ng-show="vm.step === 'user'">
-                TODO: user config
-            </umb-pane>
-
-            <umb-pane ng-show="vm.step === 'role' && !vm.groups.length">
-                <p><localize key="publicAccess_paAdvancedNoGroups">You need to create a membergroup before you can use role-based authentication.</localize></p>
-            </umb-pane>
-
-            <umb-pane ng-show="vm.step === 'role' && vm.groups.length">
-                TODO: role config
-            </umb-pane>
-
-            <!--<pre>{{vm | json}}</pre>-->
-
         </div>
-    </div>
 
-    <div class="umb-dialog-footer btn-toolbar umb-btn-toolbar" ng-hide="success">
-        <umb-button
-            type="button"
-            button-style="link"
-            action="vm.close()"
-            label-key="general_close">
-        </umb-button>
+        <div class="umb-dialog-footer umb-btn-toolbar" ng-hide="vm.loading || vm.removing">
+            <umb-button type="button"
+                        button-style="link"
+                        action="vm.close()"
+                        label-key="general_close">
+            </umb-button>
 
-        <umb-button
-            ng-hide="vm.step !== 'type'"
-            type="button" 
-            action="vm.next()"
-            button-style="success"
-            label-key="general_next">
-        </umb-button>
+            <umb-button ng-hide="vm.step"
+                        type="button"
+                        action="vm.next()"
+                        button-style="success"
+                        label-key="general_next"
+                        disabled="vm.loading || !vm.type">
+            </umb-button>
 
-        <umb-button
-            ng-show="vm.step !== 'type'"
-            type="button" 
-            action="vm.save()"
-            state="vm.saveButtonState"
-            button-style="success"
-            label-key="buttons_save"
-            disabled="vm.buttonState === 'busy' || !TODO">
-        </umb-button>
-    </div>
+            <umb-button ng-show="vm.canRemove"
+                        type="button"
+                        action="vm.remove()"
+                        button-style="warning"
+                        label-key="publicAccess_paRemoveProtection"
+                        disabled="vm.loading">
+            </umb-button>
+
+            <umb-button ng-show="vm.step"
+                        type="button"
+                        action="vm.save()"
+                        state="vm.saveButtonState"
+                        button-style="success"
+                        label-key="buttons_save"
+                        disabled="vm.buttonState === 'busy' || !vm.isValid()">
+            </umb-button>
+        </div>
+
+        <div class="umb-dialog-footer umb-btn-toolbar" ng-show="vm.removing">
+            <umb-button type="button"
+                        button-style="link"
+                        action="vm.close()"
+                        label-key="buttons_confirmActionCancel">
+            </umb-button>
+
+            <umb-button type="button"
+                        action="vm.removeConfirm()"
+                        state="vm.saveButtonState"
+                        button-style="success"
+                        label-key="buttons_confirmActionConfirm"
+                        disabled="vm.buttonState === 'busy'">
+            </umb-button>
+        </div>
+    </form>
 </div>
diff --git a/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml b/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml
index 7864d3baae..9f6ca212d1 100644
--- a/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml
+++ b/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml
@@ -872,20 +872,22 @@ Mange hilsner fra Umbraco robotten
     <key alias="removeSpecialFormattering">Indsæt, men fjern formattering som ikke bør være på en webside (Anbefales)</key>
   </area>
   <area alias="publicAccess">
+    <!-- TODO KJAC: clean up unused translations -->
     <key alias="paAdvanced">Rollebaseret beskyttelse</key>
     <key alias="paAdvancedHelp">Hvis du ønsker at kontrollere adgang til siden ved hjælp af rollebaseret godkendelse via Umbracos medlemsgrupper.</key>
     <key alias="paAdvancedNoGroups">Du skal oprette en medlemsgruppe før du kan bruge rollebaseret godkendelse</key>
     <key alias="paErrorPage">Fejlside</key>
     <key alias="paErrorPageHelp">Brugt når folk er logget ind, men ingen adgang</key>
-    <key alias="paHowWould">Vælg hvordan siden skal beskyttes</key>
-    <key alias="paIsProtected">%0% er nu beskyttet</key>
-    <key alias="paIsRemoved">Beskyttelse fjernet fra %0%</key>
+    <key alias="paHowWould"><![CDATA[Vælg hvordan siden <strong>%0%</strong> skal beskyttes]]></key>
+    <!--<key alias="paIsProtected">%0% er nu beskyttet</key>
+    <key alias="paIsRemoved">Beskyttelse fjernet fra %0%</key>-->
     <key alias="paLoginPage">Log ind-side</key>
     <key alias="paLoginPageHelp">Vælg siden der indeholder log ind-formularen</key>
-    <key alias="paRemoveProtection">Fjern beskyttelse</key>
+    <key alias="paRemoveProtection">Fjern beskyttelse...</key>
+    <key alias="paRemoveProtectionConfirm"><![CDATA[Er du sikker på at du vil fjerne beskyttelsen fra siden <strong>%0%</strong>?]]></key>
     <key alias="paSelectPages">Vælg siderne der indeholder log ind-formularer og fejlmeddelelser</key>
-    <key alias="paSelectRoles">Vælg de roller der har adgang til denne side</key>
-    <key alias="paSetLogin">Indstil login og kodeord for denne side</key>
+    <key alias="paSelectRoles"><![CDATA[Vælg de roller der har adgang til siden <strong>%0%</strong>]]></key>
+    <key alias="paSetLogin"><![CDATA[Indstil login og kodeord for siden <strong>%0%</strong>]]></key>
     <key alias="paSimple">Enkel brugerbeskyttelse</key>
     <key alias="paSimpleHelp">Hvis du blot ønsker at opsætte simpel beskyttelse ved hjælp af et enkelt login og kodeord</key>
   </area>
diff --git a/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml b/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml
index 15c8c1c7d2..dff3d21ea4 100644
--- a/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml
+++ b/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml
@@ -1124,22 +1124,24 @@ To manage your website, simply open the Umbraco back office and start adding con
     <key alias="removeSpecialFormattering">Paste, but remove formatting (Recommended)</key>
   </area>
   <area alias="publicAccess">
+    <!-- TODO KJAC: clean up unused translations -->
     <key alias="paAdvanced">Role based protection</key>
-        <key alias="paAdvancedHelp">If you wish to control access to the page using role-based authentication, using Umbraco's member groups.</key>
-    <key alias="paAdvancedNoGroups">You need to create a membergroup before you can use role-based authentication.</key>
+    <key alias="paAdvancedHelp">If you wish to control access to the page using role-based authentication, using Umbraco's member groups</key>
+    <key alias="paAdvancedNoGroups">You need to create a membergroup before you can use role-based authentication</key>
     <key alias="paErrorPage">Error Page</key>
     <key alias="paErrorPageHelp">Used when people are logged on, but do not have access</key>
-    <key alias="paHowWould">Choose how to restrict access to the page</key>
-    <key alias="paIsProtected">%0% is now protected</key>
-    <key alias="paIsRemoved">Protection removed from %0%</key>
+    <key alias="paHowWould"><![CDATA[Choose how to restrict access to the page <strong>%0%</strong>]]></key>
+    <!--<key alias="paIsProtected">%0% is now protected</key>
+    <key alias="paIsRemoved">Protection removed from %0%</key>-->
     <key alias="paLoginPage">Login Page</key>
     <key alias="paLoginPageHelp">Choose the page that contains the login form</key>
-    <key alias="paRemoveProtection">Remove Protection</key>
+    <key alias="paRemoveProtection">Remove protection...</key>
+    <key alias="paRemoveProtectionConfirm"><![CDATA[Are you sure you want to remove the protection from the page <strong>%0%</strong>?]]></key>
     <key alias="paSelectPages">Select the pages that contain login form and error messages</key>
-    <key alias="paSelectRoles">Pick the roles who have access to this page</key>
-    <key alias="paSetLogin">Set the login and password for this page</key>
+    <key alias="paSelectRoles"><![CDATA[Pick the roles who have access to the page <strong>%0%</strong>]]></key>
+    <key alias="paSetLogin"><![CDATA[Set the login and password for the page <strong>%0%</strong>]]></key>
     <key alias="paSimple">Single user protection</key>
-    <key alias="paSimpleHelp">If you just want to setup simple protection using a single login and password.</key>
+    <key alias="paSimpleHelp">If you just want to setup simple protection using a single login and password</key>
   </area>
   <area alias="publish">
     <key alias="contentPublishedFailedAwaitingRelease"><![CDATA[
diff --git a/src/Umbraco.Web/Actions/ActionProtect.cs b/src/Umbraco.Web/Actions/ActionProtect.cs
index 0e5f9f8433..cd8b883ca8 100644
--- a/src/Umbraco.Web/Actions/ActionProtect.cs
+++ b/src/Umbraco.Web/Actions/ActionProtect.cs
@@ -10,7 +10,9 @@ namespace Umbraco.Web.Actions
     /// </summary>
     public class ActionProtect : IAction
     {
-        public char Letter => 'P';
+        public const char ActionLetter = 'P';
+
+        public char Letter => ActionLetter;
         public string Alias => "protect";
         public string Category => Constants.Conventions.PermissionCategories.AdministrationCategory;
         public string Icon => "lock";
diff --git a/src/Umbraco.Web/Editors/ContentController.cs b/src/Umbraco.Web/Editors/ContentController.cs
index 53ecddd015..55bbe0be18 100644
--- a/src/Umbraco.Web/Editors/ContentController.cs
+++ b/src/Umbraco.Web/Editors/ContentController.cs
@@ -2153,5 +2153,126 @@ namespace Umbraco.Web.Editors
 
             return Request.CreateValidationErrorResponse(notificationModel);
         }
+
+        [EnsureUserPermissionForContent("contentId", ActionProtect.ActionLetter)]
+        [HttpGet]
+        public HttpResponseMessage GetPublicAccess(int contentId)
+        {
+            var content = Services.ContentService.GetById(contentId);
+            if (content == null)
+            {
+                throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound));
+            }
+
+            var entry = Services.PublicAccessService.GetEntryForContent(content);
+            if (entry == null)
+            {
+                return Request.CreateResponse(HttpStatusCode.OK);
+            }
+
+            var loginPageEntity = Services.EntityService.Get(entry.LoginNodeId, UmbracoObjectTypes.Document);
+            var errorPageEntity = Services.EntityService.Get(entry.NoAccessNodeId, UmbracoObjectTypes.Document);
+
+            // unwrap the current public access setup for the client
+            // - this API method is the single point of entry for both "modes" of public access (single user and role based)
+            var userName = entry.Rules
+                .FirstOrDefault(rule => rule.RuleType == Constants.Conventions.PublicAccess.MemberUsernameRuleType)
+                ?.RuleValue;
+            var roles = entry.Rules
+                .Where(rule => rule.RuleType == Constants.Conventions.PublicAccess.MemberRoleRuleType)
+                .Select(rule => rule.RuleValue)
+                .ToArray();
+
+            return Request.CreateResponse(HttpStatusCode.OK, new PublicAccess
+            {
+                UserName = userName,
+                Roles = roles,
+                LoginPage = loginPageEntity != null ? Mapper.Map<EntityBasic>(loginPageEntity) : null,
+                ErrorPage = errorPageEntity != null ? Mapper.Map<EntityBasic>(errorPageEntity) : null
+            });
+        }
+
+        // set up public access using role based access
+        [EnsureUserPermissionForContent("contentId", ActionProtect.ActionLetter)]
+        [HttpPost]
+        public HttpResponseMessage PostPublicAccess(int contentId, [FromUri]string[] roles, int loginPageId, int errorPageId)
+        {
+            if (roles == null || roles.Any() == false)
+            {
+                throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest));
+            }
+
+            var content = Services.ContentService.GetById(contentId);
+            var loginPage = Services.ContentService.GetById(loginPageId);
+            var errorPage = Services.ContentService.GetById(errorPageId);
+            if (content == null || loginPage == null || errorPage == null)
+            {
+                throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest));
+            }
+
+            var entry = Services.PublicAccessService.GetEntryForContent(content);
+
+            if (entry == null)
+            {
+                entry = new PublicAccessEntry(content, loginPage, errorPage, new List<PublicAccessRule>());
+                foreach (var role in roles)
+                {
+                    entry.AddRule(role, Constants.Conventions.PublicAccess.MemberRoleRuleType);
+                }
+            }
+            else
+            {
+                entry.LoginNodeId = loginPage.Id;
+                entry.NoAccessNodeId = errorPage.Id;
+
+                var currentRules = entry.Rules.ToArray();
+                var obsoleteRules = currentRules.Where(rule =>
+                    rule.RuleType != Constants.Conventions.PublicAccess.MemberRoleRuleType
+                    || roles.Contains(rule.RuleValue) == false
+                );
+                var newRoles = roles.Where(group =>
+                    currentRules.Any(rule =>
+                        rule.RuleType == Constants.Conventions.PublicAccess.MemberRoleRuleType
+                        && rule.RuleValue == group
+                    ) == false
+                );
+                foreach (var rule in obsoleteRules)
+                {
+                    entry.RemoveRule(rule);
+                }
+                foreach (var role in newRoles)
+                {
+                    entry.AddRule(Constants.Conventions.PublicAccess.MemberRoleRuleType, role);
+                }
+            }
+
+            Services.PublicAccessService.Save(entry);
+
+            return Request.CreateResponse(HttpStatusCode.OK);
+        }
+
+        // set up public access using username and password
+        [EnsureUserPermissionForContent("contentId", ActionProtect.ActionLetter)]
+        [HttpPost]
+        public HttpResponseMessage PostPublicAccess(int contentId, string userName, string password, int loginPageId, int errorPageId)
+        {
+            // TODO KJAC: validate password regex
+            if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(password))
+            {
+                throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest));
+            }
+
+            var content = Services.ContentService.GetById(contentId);
+            var loginPage = Services.ContentService.GetById(loginPageId);
+            var errorPage = Services.ContentService.GetById(errorPageId);
+            if (content == null || loginPage == null || errorPage == null)
+            {
+                throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest));
+            }
+
+            // TODO KJAC: implement
+
+            return Request.CreateResponse(HttpStatusCode.OK);
+        }
     }
 }
diff --git a/src/Umbraco.Web/Models/ContentEditing/PublicAccess.cs b/src/Umbraco.Web/Models/ContentEditing/PublicAccess.cs
new file mode 100644
index 0000000000..68236d5934
--- /dev/null
+++ b/src/Umbraco.Web/Models/ContentEditing/PublicAccess.cs
@@ -0,0 +1,20 @@
+using System.Runtime.Serialization;
+
+namespace Umbraco.Web.Models.ContentEditing
+{
+    [DataContract(Name = "publicAccess", Namespace = "")]
+    public class PublicAccess
+    {
+        [DataMember(Name = "userName")]
+        public string UserName { get; set; }
+
+        [DataMember(Name = "roles")]
+        public string[] Roles { get; set; }
+
+        [DataMember(Name = "loginPage")]
+        public EntityBasic LoginPage { get; set; }
+
+        [DataMember(Name = "errorPage")]
+        public EntityBasic ErrorPage { get; set; }
+    }
+}
diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj
index 32134e7a45..ef70df6c7d 100755
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -150,6 +150,7 @@
     <Compile Include="Media\TypeDetector\SvgDetector.cs" />
     <Compile Include="Media\TypeDetector\TIFFDetector.cs" />
     <Compile Include="Media\UploadAutoFillProperties.cs" />
+    <Compile Include="Models\ContentEditing\PublicAccess.cs" />
     <Compile Include="Models\ContentEditing\RollbackVersion.cs" />
     <Compile Include="Models\ContentEditing\UnpublishContent.cs" />
     <Compile Include="Models\Mapping\MappingOperationOptionsExtensions.cs" />

From ed56845bc1d4e6891cb3372eb5a9fc5323c1b30e Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <post@kennjacobsen.dk>
Date: Sun, 25 Nov 2018 09:17:04 +0100
Subject: [PATCH 03/21] Implement remove protection + add success messages

---
 .../src/common/resources/content.resource.js  | 32 ++++++++++++++++-
 .../content/content.protect.controller.js     | 22 ++++++++++--
 .../src/views/content/protect.html            | 36 ++++++++++++-------
 src/Umbraco.Web.UI/Umbraco/config/lang/da.xml |  4 +--
 src/Umbraco.Web.UI/Umbraco/config/lang/en.xml |  4 +--
 src/Umbraco.Web/Editors/ContentController.cs  | 27 ++++++++++++--
 6 files changed, 101 insertions(+), 24 deletions(-)

diff --git a/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js b/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
index c056f70a92..a663d8e52c 100644
--- a/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
+++ b/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
@@ -996,8 +996,38 @@ function contentResource($q, $http, umbDataFormatter, umbRequestHelper) {
                 ),
                 "Failed to update public access for content item with id " + contentId
             );
-        }
+        },
 
+        /**
+          * @ngdoc method
+          * @name umbraco.resources.contentResource#removePublicAccess
+          * @methodOf umbraco.resources.contentResource
+          *
+          * @description
+          * Removes the public access protection for a content item
+          *
+          * ##usage
+          * <pre>
+          * contentResource.removePublicAccess(contentId)
+          *    .then(function() {
+          *        // do your thing
+          *    });
+          * </pre>
+          *
+          * @param {Int} contentId The content Id
+          * @returns {Promise} resourcePromise object that's resolved once the public access has been removed
+          *
+          */
+        removePublicAccess: function (contentId) {
+            return umbRequestHelper.resourcePromise(
+                $http.post(
+                    umbRequestHelper.getApiUrl("contentApiBaseUrl", "RemovePublicAccess", {
+                        contentId: contentId
+                    })
+                ),
+                "Failed to remove public access for content item with id " + contentId
+            );
+        }
     };
 }
 
diff --git a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
index 84d8619303..3ef930d7af 100644
--- a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
@@ -1,7 +1,7 @@
 (function () {
     "use strict";
 
-    function ContentProtectController($scope, $routeParams, contentResource, memberGroupResource, navigationService, editorService) {
+    function ContentProtectController($scope, $routeParams, contentResource, memberGroupResource, navigationService, localizationService) {
 
         var vm = this;
         var id = $scope.currentNode.id;
@@ -90,7 +90,11 @@
             var roles = _.map(selectedGroups, function(group) { return group.name; });
             contentResource.updatePublicAccess(id, vm.userName, vm.password, roles, vm.loginPage.id, vm.errorPage.id).then(
                 function () {
-                    vm.saveButtonState = "success";
+                    localizationService.localize("publicAccess_paIsProtected", [$scope.currentNode.name]).then(function (value) {
+                        vm.success = {
+                            message: value
+                        };
+                    });
                     navigationService.syncTree({ tree: "content", path: $scope.currentNode.path, forceReload: true });
                 }, function (error) {
                     vm.error = error;
@@ -147,7 +151,19 @@
 
         function removeConfirm() {
             vm.saveButtonState = "busy";
-            // TODO KJAC: remove protection from the page
+            contentResource.removePublicAccess(id).then(
+                function () {
+                    localizationService.localize("publicAccess_paIsRemoved", [$scope.currentNode.name]).then(function(value) {
+                        vm.success = {
+                            message: value
+                        };
+                    });
+                    navigationService.syncTree({ tree: "content", path: $scope.currentNode.path, forceReload: true });
+                }, function (error) {
+                    vm.error = error;
+                    vm.saveButtonState = "error";
+                }
+            );
         }
 
         onInit();
diff --git a/src/Umbraco.Web.UI.Client/src/views/content/protect.html b/src/Umbraco.Web.UI.Client/src/views/content/protect.html
index 93381303d0..8e1a8259cd 100644
--- a/src/Umbraco.Web.UI.Client/src/views/content/protect.html
+++ b/src/Umbraco.Web.UI.Client/src/views/content/protect.html
@@ -1,12 +1,12 @@
 <div ng-controller="Umbraco.Editors.Content.ProtectController as vm">
     <form name="vm.protectForm" novalidate>
         <div class="umb-dialog-body form-horizontal" ng-cloak>
-            <umb-pane>
+            <umb-pane ng-hide="vm.success">
 
-                <div ng-show="error">
+                <div ng-show="vm.error">
                     <div class="alert alert-error">
-                        <div><strong>{{error.errorMsg}}</strong></div>
-                        <div>{{error.data.message}}</div>
+                        <div><strong>{{vm.error.errorMsg}}</strong></div>
+                        <div>{{vm.error.data.message}}</div>
                     </div>
                 </div>
 
@@ -97,16 +97,26 @@
                 <!--<pre>{{vm | json}}</pre>-->
 
             </umb-pane>
+
+            <umb-pane ng-show="vm.success">
+                <div class="alert alert-success" ng-bind-html="vm.success.message"></div>
+                <umb-button type="button"
+                            action="vm.close()"
+                            button-style="success"
+                            label-key="general_ok">
+                </umb-button>
+            </umb-pane>
         </div>
 
-        <div class="umb-dialog-footer umb-btn-toolbar" ng-hide="vm.loading || vm.removing">
-            <umb-button type="button"
+        <div class="umb-dialog-footer umb-btn-toolbar" ng-hide="vm.loading || vm.success">
+            <umb-button ng-hide="vm.removing"
+                        type="button"
                         button-style="link"
                         action="vm.close()"
                         label-key="general_close">
             </umb-button>
 
-            <umb-button ng-hide="vm.step"
+            <umb-button ng-hide="vm.step  || vm.removing"
                         type="button"
                         action="vm.next()"
                         button-style="success"
@@ -114,7 +124,7 @@
                         disabled="vm.loading || !vm.type">
             </umb-button>
 
-            <umb-button ng-show="vm.canRemove"
+            <umb-button ng-show="vm.canRemove && !vm.removing"
                         type="button"
                         action="vm.remove()"
                         button-style="warning"
@@ -122,7 +132,7 @@
                         disabled="vm.loading">
             </umb-button>
 
-            <umb-button ng-show="vm.step"
+            <umb-button ng-show="vm.step && !vm.removing"
                         type="button"
                         action="vm.save()"
                         state="vm.saveButtonState"
@@ -130,16 +140,16 @@
                         label-key="buttons_save"
                         disabled="vm.buttonState === 'busy' || !vm.isValid()">
             </umb-button>
-        </div>
 
-        <div class="umb-dialog-footer umb-btn-toolbar" ng-show="vm.removing">
-            <umb-button type="button"
+            <umb-button ng-show="vm.removing"
+                        type="button"
                         button-style="link"
                         action="vm.close()"
                         label-key="buttons_confirmActionCancel">
             </umb-button>
 
-            <umb-button type="button"
+            <umb-button ng-show="vm.removing"
+                        type="button"
                         action="vm.removeConfirm()"
                         state="vm.saveButtonState"
                         button-style="success"
diff --git a/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml b/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml
index 9f6ca212d1..40718b508c 100644
--- a/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml
+++ b/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml
@@ -879,8 +879,8 @@ Mange hilsner fra Umbraco robotten
     <key alias="paErrorPage">Fejlside</key>
     <key alias="paErrorPageHelp">Brugt når folk er logget ind, men ingen adgang</key>
     <key alias="paHowWould"><![CDATA[Vælg hvordan siden <strong>%0%</strong> skal beskyttes]]></key>
-    <!--<key alias="paIsProtected">%0% er nu beskyttet</key>
-    <key alias="paIsRemoved">Beskyttelse fjernet fra %0%</key>-->
+    <key alias="paIsProtected"><![CDATA[<strong>%0%</strong> er nu beskyttet]]></key>
+    <key alias="paIsRemoved"><![CDATA[Beskyttelse fjernet fra <strong>%0%</strong>]]></key>
     <key alias="paLoginPage">Log ind-side</key>
     <key alias="paLoginPageHelp">Vælg siden der indeholder log ind-formularen</key>
     <key alias="paRemoveProtection">Fjern beskyttelse...</key>
diff --git a/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml b/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml
index dff3d21ea4..662eb705e1 100644
--- a/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml
+++ b/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml
@@ -1131,8 +1131,8 @@ To manage your website, simply open the Umbraco back office and start adding con
     <key alias="paErrorPage">Error Page</key>
     <key alias="paErrorPageHelp">Used when people are logged on, but do not have access</key>
     <key alias="paHowWould"><![CDATA[Choose how to restrict access to the page <strong>%0%</strong>]]></key>
-    <!--<key alias="paIsProtected">%0% is now protected</key>
-    <key alias="paIsRemoved">Protection removed from %0%</key>-->
+    <key alias="paIsProtected"><![CDATA[<strong>%0%</strong> is now protected]]></key>
+    <key alias="paIsRemoved"><![CDATA[Protection removed from <strong>%0%</strong>]]></key>
     <key alias="paLoginPage">Login Page</key>
     <key alias="paLoginPageHelp">Choose the page that contains the login form</key>
     <key alias="paRemoveProtection">Remove protection...</key>
diff --git a/src/Umbraco.Web/Editors/ContentController.cs b/src/Umbraco.Web/Editors/ContentController.cs
index 55bbe0be18..a2c9bea70b 100644
--- a/src/Umbraco.Web/Editors/ContentController.cs
+++ b/src/Umbraco.Web/Editors/ContentController.cs
@@ -2246,9 +2246,9 @@ namespace Umbraco.Web.Editors
                 }
             }
 
-            Services.PublicAccessService.Save(entry);
-
-            return Request.CreateResponse(HttpStatusCode.OK);
+            return Services.PublicAccessService.Save(entry).Success
+                ? Request.CreateResponse(HttpStatusCode.OK)
+                : Request.CreateResponse(HttpStatusCode.InternalServerError);
         }
 
         // set up public access using username and password
@@ -2274,5 +2274,26 @@ namespace Umbraco.Web.Editors
 
             return Request.CreateResponse(HttpStatusCode.OK);
         }
+
+        [EnsureUserPermissionForContent("contentId", ActionProtect.ActionLetter)]
+        [HttpPost]
+        public HttpResponseMessage RemovePublicAccess(int contentId)
+        {
+            var content = Services.ContentService.GetById(contentId);
+            if (content == null)
+            {
+                throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.NotFound));
+            }
+
+            var entry = Services.PublicAccessService.GetEntryForContent(content);
+            if (entry == null)
+            {
+                return Request.CreateResponse(HttpStatusCode.OK);
+            }
+
+            return Services.PublicAccessService.Delete(entry).Success
+                ? Request.CreateResponse(HttpStatusCode.OK)
+                : Request.CreateResponse(HttpStatusCode.InternalServerError);
+        }
     }
 }

From bbea0e3e4ca80248d19e504b269315e2f56358e8 Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <post@kennjacobsen.dk>
Date: Sun, 25 Nov 2018 10:48:56 +0100
Subject: [PATCH 04/21] Introduce an option to disallow hiding the current
 dialog

---
 .../umbcontextdialog.directive.js             |  4 ++--
 .../src/common/services/appstate.service.js   |  4 +++-
 .../src/common/services/navigation.service.js | 22 ++++++++++++++++++-
 3 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/src/Umbraco.Web.UI.Client/src/common/directives/components/tree/umbcontextdialog/umbcontextdialog.directive.js b/src/Umbraco.Web.UI.Client/src/common/directives/components/tree/umbcontextdialog/umbcontextdialog.directive.js
index 926c59144d..28e3a9f53c 100644
--- a/src/Umbraco.Web.UI.Client/src/common/directives/components/tree/umbcontextdialog/umbcontextdialog.directive.js
+++ b/src/Umbraco.Web.UI.Client/src/common/directives/components/tree/umbcontextdialog/umbcontextdialog.directive.js
@@ -6,11 +6,11 @@
         function link($scope) {
             
             $scope.outSideClick = function() {
-                navigationService.hideNavigation();
+                navigationService.hideDialog();
             }
 
             keyboardService.bind("esc", function() {
-                navigationService.hideNavigation();
+                navigationService.hideDialog();
             });
 
             //ensure to unregister from all events!
diff --git a/src/Umbraco.Web.UI.Client/src/common/services/appstate.service.js b/src/Umbraco.Web.UI.Client/src/common/services/appstate.service.js
index de53f7ecea..86d5510ca4 100644
--- a/src/Umbraco.Web.UI.Client/src/common/services/appstate.service.js
+++ b/src/Umbraco.Web.UI.Client/src/common/services/appstate.service.js
@@ -70,6 +70,8 @@ function appState(eventsService) {
         currentNode: null,
         //Whether the menu's dialog is being shown or not
         showMenuDialog: null,
+        //Whether the menu's dialog can be hidden or not
+        allowHideMenuDialog: true,
         // The dialogs template
         dialogTemplateUrl: null,
         //Whether the context menu is being shown or not
@@ -369,4 +371,4 @@ angular.module('umbraco.services').factory("editorState", function() {
     });
 
     return state;
-});
\ No newline at end of file
+});
diff --git a/src/Umbraco.Web.UI.Client/src/common/services/navigation.service.js b/src/Umbraco.Web.UI.Client/src/common/services/navigation.service.js
index 0ecfa375d4..024be4afc3 100644
--- a/src/Umbraco.Web.UI.Client/src/common/services/navigation.service.js
+++ b/src/Umbraco.Web.UI.Client/src/common/services/navigation.service.js
@@ -61,6 +61,7 @@ function navigationService($routeParams, $location, $q, $timeout, $injector, eve
             appState.setGlobalState("showNavigation", true);
             appState.setMenuState("showMenu", false);
             appState.setMenuState("showMenuDialog", true);
+            appState.setMenuState("allowHideMenuDialog", true);
             break;
         case 'search':
             appState.setGlobalState("navMode", "search");
@@ -80,6 +81,7 @@ function navigationService($routeParams, $location, $q, $timeout, $injector, eve
             appState.setGlobalState("navMode", "default");
             appState.setMenuState("showMenu", false);
             appState.setMenuState("showMenuDialog", false);
+            appState.setMenuState("allowHideMenuDialog", true);
             appState.setSectionState("showSearchResults", false);
             appState.setGlobalState("stickyNavigation", false);
             appState.setGlobalState("showTray", false);
@@ -584,6 +586,22 @@ function navigationService($routeParams, $location, $q, $timeout, $injector, eve
             
         },
 
+        /**
+          * @ngdoc method
+          * @name umbraco.services.navigationService#allowHideDialog
+          * @methodOf umbraco.services.navigationService
+          *
+          * @param {boolean} allow false if the navigation service should disregard instructions to hide the current dialog, true otherwise
+          * @description
+          * instructs the navigation service whether it's allowed to hide the current dialog
+          */
+        allowHideDialog: function (allow) {
+            if (appState.getGlobalState("navMode") !== "dialog") {
+                return;
+            }
+            appState.setMenuState("allowHideMenuDialog", allow);
+        },
+
         /**
 	     * @ngdoc method
 	     * @name umbraco.services.navigationService#hideDialog
@@ -593,7 +611,9 @@ function navigationService($routeParams, $location, $q, $timeout, $injector, eve
 	     * hides the currently open dialog
 	     */
         hideDialog: function (showMenu) {
-
+            if (appState.getMenuState("allowHideMenuDialog") === false) {
+                return;
+            }
             if (showMenu) {
                 this.showMenu({ skipDefault: true, node: appState.getMenuState("currentNode") });
             } else {

From aa581feebb84e17e7eab05bb651afc053bec3799 Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <post@kennjacobsen.dk>
Date: Sun, 25 Nov 2018 10:49:19 +0100
Subject: [PATCH 05/21] Pick pages for login and error

---
 .../content/content.protect.controller.js     | 51 ++++++++-----------
 1 file changed, 22 insertions(+), 29 deletions(-)

diff --git a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
index 3ef930d7af..e8a6a54622 100644
--- a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
@@ -1,7 +1,7 @@
 (function () {
     "use strict";
 
-    function ContentProtectController($scope, $routeParams, contentResource, memberGroupResource, navigationService, localizationService) {
+    function ContentProtectController($scope, $routeParams, contentResource, memberGroupResource, navigationService, localizationService, editorService) {
 
         var vm = this;
         var id = $scope.currentNode.id;
@@ -112,37 +112,31 @@
         }
 
         function pickLoginPage() {
-            // TODO KJAC: temporary test values until we fix the content picker
-            if (!vm.loginPage) {
-                vm.loginPage = { id: 1092 };
-            }
-
-            //editorService.contentPicker({
-            //    submit: function(model) {
-            //        console.log("I picked", model)
-            //        editorService.close();
-            //    },
-            //    close: function () {
-            //        editorService.close();
-            //    }
-            //});
+            pickPage(vm.loginPage);
         }
 
         function pickErrorPage() {
-            // TODO KJAC: temporary test values until we fix the content picker
-            if (!vm.errorPage) {
-                vm.errorPage = { id: 1093 };
-            }
+            pickPage(vm.errorPage);
+        }
 
-            //editorService.contentPicker({
-            //    submit: function(model) {
-            //        console.log("I picked", model)
-            //        editorService.close();
-            //    },
-            //    close: function () {
-            //        editorService.close();
-            //    }
-            //});
+        function pickPage(page) {
+            navigationService.allowHideDialog(false);
+            editorService.contentPicker({
+                submit: function (model) {
+                    if (page === vm.loginPage) {
+                        vm.loginPage = model.selection[0];
+                    }
+                    else {
+                        vm.errorPage = model.selection[0];
+                    }
+                    editorService.close();
+                    navigationService.allowHideDialog(true);
+                },
+                close: function () {
+                    editorService.close();
+                    navigationService.allowHideDialog(true);
+                }
+            });
         }
 
         function remove() {
@@ -167,7 +161,6 @@
         }
 
         onInit();
-
     }
 
     angular.module("umbraco").controller("Umbraco.Editors.Content.ProtectController", ContentProtectController);

From bf50aba5151b2ae76c7c9a7647f3230565dbfca1 Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <post@kennjacobsen.dk>
Date: Sun, 25 Nov 2018 10:54:26 +0100
Subject: [PATCH 06/21] A bit of styling

---
 src/Umbraco.Web.UI.Client/src/views/content/protect.html | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Umbraco.Web.UI.Client/src/views/content/protect.html b/src/Umbraco.Web.UI.Client/src/views/content/protect.html
index 8e1a8259cd..4f4c15a2d6 100644
--- a/src/Umbraco.Web.UI.Client/src/views/content/protect.html
+++ b/src/Umbraco.Web.UI.Client/src/views/content/protect.html
@@ -64,7 +64,7 @@
                     </div>
 
                     <div ng-show="vm.step === 'user' || vm.groups.length">
-                        <p><localize key="publicAccess_paSelectPages">Select the pages that contain login form and error messages</localize></p>
+                        <p class="mt4"><localize key="publicAccess_paSelectPages">Select the pages that contain login form and error messages</localize></p>
                         <umb-control-group label="@publicAccess_paLoginPage" description="@publicAccess_paLoginPageHelp">
                             <a href ng-show="!vm.loginPage" ng-click="vm.pickLoginPage()" class="umb-node-preview-add" prevent-default>
                                 <localize key="general_add">Add</localize>

From 4192a11de092987941aa02aa6e62f321e36cfae6 Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <post@kennjacobsen.dk>
Date: Sun, 25 Nov 2018 11:02:33 +0100
Subject: [PATCH 07/21] Update ngdoc and en-us translations

---
 .../src/common/resources/content.resource.js  | 26 ++++++++++++++++++-
 src/Umbraco.Web.UI/Umbraco/config/lang/da.xml |  1 -
 src/Umbraco.Web.UI/Umbraco/config/lang/en.xml |  1 -
 .../Umbraco/config/lang/en_us.xml             | 15 ++++++-----
 4 files changed, 33 insertions(+), 10 deletions(-)

diff --git a/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js b/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
index a663d8e52c..b7ea16ea19 100644
--- a/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
+++ b/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
@@ -973,7 +973,31 @@ function contentResource($q, $http, umbDataFormatter, umbRequestHelper) {
             );
         },
 
-        // TODO KJAC: ngdoc this
+        /**
+          * @ngdoc method
+          * @name umbraco.resources.contentResource#updatePublicAccess
+          * @methodOf umbraco.resources.contentResource
+          *
+          * @description
+          * Sets or updates the public access protection for a content item
+          *
+          * ##usage
+          * <pre>
+          * contentResource.updatePublicAccess(contentId, userName, password, roles, loginPageId, errorPageId)
+          *    .then(function() {
+          *        // do your thing
+          *    });
+          * </pre>
+          *
+          * @param {Int} contentId The content Id
+          * @param {String} userName The name of the user that should have access (if using specific user protection)
+          * @param {String} password The password for the user that should have access (if using specific user protection)
+          * @param {Array} roles The roles that should have access (if using role based protection)
+          * @param {Int} loginPageId The Id of the login page
+          * @param {Int} errorPageId The Id of the error page
+          * @returns {Promise} resourcePromise object containing the public access protection
+          *
+          */
         updatePublicAccess: function (contentId, userName, password, roles, loginPageId, errorPageId) {
             var publicAccess = {
                 contentId: contentId,
diff --git a/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml b/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml
index 40718b508c..f30b4aa7bc 100644
--- a/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml
+++ b/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml
@@ -872,7 +872,6 @@ Mange hilsner fra Umbraco robotten
     <key alias="removeSpecialFormattering">Indsæt, men fjern formattering som ikke bør være på en webside (Anbefales)</key>
   </area>
   <area alias="publicAccess">
-    <!-- TODO KJAC: clean up unused translations -->
     <key alias="paAdvanced">Rollebaseret beskyttelse</key>
     <key alias="paAdvancedHelp">Hvis du ønsker at kontrollere adgang til siden ved hjælp af rollebaseret godkendelse via Umbracos medlemsgrupper.</key>
     <key alias="paAdvancedNoGroups">Du skal oprette en medlemsgruppe før du kan bruge rollebaseret godkendelse</key>
diff --git a/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml b/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml
index 662eb705e1..0f3926adf2 100644
--- a/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml
+++ b/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml
@@ -1124,7 +1124,6 @@ To manage your website, simply open the Umbraco back office and start adding con
     <key alias="removeSpecialFormattering">Paste, but remove formatting (Recommended)</key>
   </area>
   <area alias="publicAccess">
-    <!-- TODO KJAC: clean up unused translations -->
     <key alias="paAdvanced">Role based protection</key>
     <key alias="paAdvancedHelp">If you wish to control access to the page using role-based authentication, using Umbraco's member groups</key>
     <key alias="paAdvancedNoGroups">You need to create a membergroup before you can use role-based authentication</key>
diff --git a/src/Umbraco.Web.UI/Umbraco/config/lang/en_us.xml b/src/Umbraco.Web.UI/Umbraco/config/lang/en_us.xml
index 5b39f3d25f..ba4156bf93 100644
--- a/src/Umbraco.Web.UI/Umbraco/config/lang/en_us.xml
+++ b/src/Umbraco.Web.UI/Umbraco/config/lang/en_us.xml
@@ -1146,19 +1146,20 @@ To manage your website, simply open the Umbraco back office and start adding con
   </area>
   <area alias="publicAccess">
     <key alias="paAdvanced">Role based protection</key>
-    <key alias="paAdvancedHelp">If you wish to control access to the page using role-based authentication, using Umbraco's member groups.</key>
+    <key alias="paAdvancedHelp">If you wish to control access to the page using role-based authentication, using Umbraco's member groups</key>
     <key alias="paAdvancedNoGroups">You need to create a membergroup before you can use role-based authentication</key>
     <key alias="paErrorPage">Error Page</key>
     <key alias="paErrorPageHelp">Used when people are logged on, but do not have access</key>
-    <key alias="paHowWould">Choose how to restrict access to this page</key>
-    <key alias="paIsProtected">%0% is now protected</key>
-    <key alias="paIsRemoved">Protection removed from %0%</key>
+    <key alias="paHowWould"><![CDATA[Choose how to restrict access to the page <strong>%0%</strong>]]></key>
+    <key alias="paIsProtected"><![CDATA[<strong>%0%</strong> is now protected]]></key>
+    <key alias="paIsRemoved"><![CDATA[Protection removed from <strong>%0%</strong>]]></key>
     <key alias="paLoginPage">Login Page</key>
     <key alias="paLoginPageHelp">Choose the page that contains the login form</key>
-    <key alias="paRemoveProtection">Remove Protection</key>
+    <key alias="paRemoveProtection">Remove protection...</key>
+    <key alias="paRemoveProtectionConfirm"><![CDATA[Are you sure you want to remove the protection from the page <strong>%0%</strong>?]]></key>
     <key alias="paSelectPages">Select the pages that contain login form and error messages</key>
-    <key alias="paSelectRoles">Pick the roles who have access to this page</key>
-    <key alias="paSetLogin">Set the login and password for this page</key>
+    <key alias="paSelectRoles"><![CDATA[Pick the roles who have access to the page <strong>%0%</strong>]]></key>
+    <key alias="paSetLogin"><![CDATA[Set the login and password for the page <strong>%0%</strong>]]></key>
     <key alias="paSimple">Single user protection</key>
     <key alias="paSimpleHelp">If you just want to setup simple protection using a single login and password</key>
   </area>

From 924419f403239f33c0f20051524ea92a30ef8f86 Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <post@kennjacobsen.dk>
Date: Sun, 25 Nov 2018 11:04:28 +0100
Subject: [PATCH 08/21] Ensure that the dialog always closes on close()

---
 .../src/views/content/content.protect.controller.js             | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
index e8a6a54622..69c73b5ec9 100644
--- a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
@@ -104,6 +104,8 @@
         }
 
         function close() {
+            // ensure that we haven't set a locked state on the dialog before closing it
+            navigationService.allowHideDialog(true);
             navigationService.hideDialog();
         }
 

From 34416d9c0a72f759a4f914f0f0e0c9eafeb5be06 Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <post@kennjacobsen.dk>
Date: Tue, 27 Nov 2018 22:11:18 +0100
Subject: [PATCH 09/21] Change role toggles to checkboxes and restyle the page
 pickers

---
 .../src/views/content/protect.html            | 67 +++++++++++--------
 1 file changed, 39 insertions(+), 28 deletions(-)

diff --git a/src/Umbraco.Web.UI.Client/src/views/content/protect.html b/src/Umbraco.Web.UI.Client/src/views/content/protect.html
index 4f4c15a2d6..a405a8e569 100644
--- a/src/Umbraco.Web.UI.Client/src/views/content/protect.html
+++ b/src/Umbraco.Web.UI.Client/src/views/content/protect.html
@@ -55,38 +55,49 @@
 
                     <div ng-show="vm.step === 'role' && vm.groups.length">
                         <p><localize key="publicAccess_paSelectRoles" tokens="[currentNode.name]">Pick the roles who have access to this page</localize></p>
-                        <umb-control-group ng-repeat="group in vm.groups | orderBy:'name'" label="{{group.name}}">
-                            <umb-toggle checked="group.selected"
-                                        on-click="vm.toggle(group, $event)"
-                                        hide-icons="true">
-                            </umb-toggle>
-                        </umb-control-group>
+                        <div ng-repeat="group in vm.groups | orderBy:'name'">
+                            <label class="checkbox">
+                                <input type="checkbox" ng-model="group.selected"/> {{group.name}}
+                            </label>
+                        </div>
                     </div>
 
                     <div ng-show="vm.step === 'user' || vm.groups.length">
                         <p class="mt4"><localize key="publicAccess_paSelectPages">Select the pages that contain login form and error messages</localize></p>
-                        <umb-control-group label="@publicAccess_paLoginPage" description="@publicAccess_paLoginPageHelp">
-                            <a href ng-show="!vm.loginPage" ng-click="vm.pickLoginPage()" class="umb-node-preview-add" prevent-default>
-                                <localize key="general_add">Add</localize>
-                            </a>
-                            <umb-node-preview ng-show="vm.loginPage"
-                                              icon="vm.loginPage.icon"
-                                              name="vm.loginPage.name"
-                                              allow-remove="true"
-                                              on-remove="vm.loginPage = null">
-                            </umb-node-preview>
-                        </umb-control-group>
-                        <umb-control-group label="@publicAccess_paErrorPage" description="@publicAccess_paErrorPageHelp">
-                            <a href ng-show="!vm.errorPage" ng-click="vm.pickErrorPage()" class="umb-node-preview-add" prevent-default>
-                                <localize key="general_add">Add</localize>
-                            </a>
-                            <umb-node-preview ng-show="vm.errorPage"
-                                              icon="vm.errorPage.icon"
-                                              name="vm.errorPage.name"
-                                              allow-remove="true"
-                                              on-remove="vm.errorPage = null">
-                            </umb-node-preview>
-                        </umb-control-group>
+                        <div class="control-group umb-control-group -no-border">
+                            <div class="umb-el-wrap">
+                                <label>
+                                    <strong><localize key="publicAccess_paLoginPage">Login Page</localize></strong>
+                                    <small><localize key="publicAccess_paLoginPageHelp">Choose the page that contains the login form</localize></small>
+                                </label>
+                                <a href ng-show="!vm.loginPage" ng-click="vm.pickLoginPage()" class="umb-node-preview-add" prevent-default>
+                                    <localize key="general_add">Add</localize>
+                                </a>
+                                <umb-node-preview ng-show="vm.loginPage"
+                                                  icon="vm.loginPage.icon"
+                                                  name="vm.loginPage.name"
+                                                  allow-remove="true"
+                                                  on-remove="vm.loginPage = null">
+                                </umb-node-preview>
+                            </div>
+                        </div>
+                        <div class="control-group umb-control-group">
+                            <div class="umb-el-wrap">
+                                <label>
+                                    <strong><localize key="publicAccess_paErrorPage">Error Page</localize></strong>
+                                    <small><localize key="publicAccess_paErrorPageHelp">Used when people are logged on, but do not have access</localize></small>
+                                </label>
+                                <a href ng-show="!vm.errorPage" ng-click="vm.pickErrorPage()" class="umb-node-preview-add" prevent-default>
+                                    <localize key="general_add">Add</localize>
+                                </a>
+                                <umb-node-preview ng-show="vm.errorPage"
+                                                  icon="vm.errorPage.icon"
+                                                  name="vm.errorPage.name"
+                                                  allow-remove="true"
+                                                  on-remove="vm.errorPage = null">
+                                </umb-node-preview>
+                            </div>
+                        </div>
                     </div>
                 </div>
 

From 9ac3b98acf54ba70aee9f4eb69e3936aad597d86 Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <kja@vertica.dk>
Date: Wed, 28 Nov 2018 07:39:48 +0100
Subject: [PATCH 10/21] Add some indents around the various sections of
 configuration

---
 .../src/views/content/protect.html            | 124 ++++++++++--------
 1 file changed, 66 insertions(+), 58 deletions(-)

diff --git a/src/Umbraco.Web.UI.Client/src/views/content/protect.html b/src/Umbraco.Web.UI.Client/src/views/content/protect.html
index a405a8e569..3746e46aa3 100644
--- a/src/Umbraco.Web.UI.Client/src/views/content/protect.html
+++ b/src/Umbraco.Web.UI.Client/src/views/content/protect.html
@@ -18,35 +18,39 @@
                         <localize key="publicAccess_paHowWould" tokens="[currentNode.name]">Choose how to restrict access to this page</localize>
                     </p>
 
-                    <div class="pa-select-type">
-                        <input id="protectionTypeUser" type="radio" name="protectionType" value="user" ng-model="vm.type">
+                    <umb-pane>
+                        <div class="pa-select-type">
+                            <input id="protectionTypeUser" type="radio" name="protectionType" value="user" ng-model="vm.type">
 
-                        <label for="protectionTypeUser">
-                            <h5 class="pa-access-header"><localize key="publicAccess_paSimple">Single user protection</localize></h5>
-                            <p><localize key="publicAccess_paSimpleHelp">If you just want to setup simple protection using a single login and password</localize></p>
-                        </label>
-                    </div>
+                            <label for="protectionTypeUser">
+                                <h5 class="pa-access-header"><localize key="publicAccess_paSimple">Single user protection</localize></h5>
+                                <p><localize key="publicAccess_paSimpleHelp">If you just want to setup simple protection using a single login and password</localize></p>
+                            </label>
+                        </div>
 
-                    <div class="pa-select-type">
-                        <input id="protectionTypeRole" type="radio" name="protectionType" value="role" ng-model="vm.type">
+                        <div class="pa-select-type">
+                            <input id="protectionTypeRole" type="radio" name="protectionType" value="role" ng-model="vm.type">
 
-                        <label for="protectionTypeRole">
-                            <h5 class="pa-access-header"><localize key="publicAccess_paAdvanced">Role based protection</localize></h5>
-                            <p><localize key="publicAccess_paAdvancedHelp">If you wish to control access to the page using role-based authentication, using Umbraco's member groups</localize></p>
-                        </label>
-                    </div>
+                            <label for="protectionTypeRole">
+                                <h5 class="pa-access-header"><localize key="publicAccess_paAdvanced">Role based protection</localize></h5>
+                                <p><localize key="publicAccess_paAdvancedHelp">If you wish to control access to the page using role-based authentication, using Umbraco's member groups</localize></p>
+                            </label>
+                        </div>
+                    </umb-pane>
                 </div>
 
                 <div ng-show="vm.step && !vm.loading && !vm.removing">
                     <div ng-if="vm.step === 'user'">
                         <p><localize key="publicAccess_paSetLogin" tokens="[currentNode.name]">Set the login and password for this page</localize></p>
-                        <umb-control-group label="@general_login">
-                            <input type="text" name="userName" ng-model="vm.userName" class="-full-width-input" required />
-                        </umb-control-group>
-                        <umb-control-group label="@general_password">
-                            <!-- TODO KJAC: get password regex from server -->
-                            <input type="password" name="password" ng-model="vm.password" class="-full-width-input" required pattern="^....$" />
-                        </umb-control-group>
+                        <umb-pane>
+                            <umb-control-group label="@general_login">
+                                <input type="text" name="userName" ng-model="vm.userName" class="-full-width-input" required />
+                            </umb-control-group>
+                            <umb-control-group label="@general_password">
+                                <!-- TODO KJAC: get password regex from server -->
+                                <input type="password" name="password" ng-model="vm.password" class="-full-width-input" required pattern="^....$" />
+                            </umb-control-group>
+                        </umb-pane>
                     </div>
 
                     <div ng-show="vm.step === 'role' && !vm.groups.length">
@@ -55,49 +59,53 @@
 
                     <div ng-show="vm.step === 'role' && vm.groups.length">
                         <p><localize key="publicAccess_paSelectRoles" tokens="[currentNode.name]">Pick the roles who have access to this page</localize></p>
-                        <div ng-repeat="group in vm.groups | orderBy:'name'">
-                            <label class="checkbox">
-                                <input type="checkbox" ng-model="group.selected"/> {{group.name}}
-                            </label>
-                        </div>
+                        <umb-pane>
+                            <div ng-repeat="group in vm.groups | orderBy:'name'">
+                                <label>
+                                    <input type="checkbox" ng-model="group.selected"/> {{group.name}}
+                                </label>
+                            </div>
+                        </umb-pane>
                     </div>
 
                     <div ng-show="vm.step === 'user' || vm.groups.length">
                         <p class="mt4"><localize key="publicAccess_paSelectPages">Select the pages that contain login form and error messages</localize></p>
-                        <div class="control-group umb-control-group -no-border">
-                            <div class="umb-el-wrap">
-                                <label>
-                                    <strong><localize key="publicAccess_paLoginPage">Login Page</localize></strong>
-                                    <small><localize key="publicAccess_paLoginPageHelp">Choose the page that contains the login form</localize></small>
-                                </label>
-                                <a href ng-show="!vm.loginPage" ng-click="vm.pickLoginPage()" class="umb-node-preview-add" prevent-default>
-                                    <localize key="general_add">Add</localize>
-                                </a>
-                                <umb-node-preview ng-show="vm.loginPage"
-                                                  icon="vm.loginPage.icon"
-                                                  name="vm.loginPage.name"
-                                                  allow-remove="true"
-                                                  on-remove="vm.loginPage = null">
-                                </umb-node-preview>
+                        <umb-pane>
+                            <div class="control-group umb-control-group -no-border">
+                                <div class="umb-el-wrap">
+                                    <label>
+                                        <strong><localize key="publicAccess_paLoginPage">Login Page</localize></strong>
+                                        <small><localize key="publicAccess_paLoginPageHelp">Choose the page that contains the login form</localize></small>
+                                    </label>
+                                    <a href ng-show="!vm.loginPage" ng-click="vm.pickLoginPage()" class="umb-node-preview-add" prevent-default>
+                                        <localize key="general_add">Add</localize>
+                                    </a>
+                                    <umb-node-preview ng-show="vm.loginPage"
+                                                      icon="vm.loginPage.icon"
+                                                      name="vm.loginPage.name"
+                                                      allow-remove="true"
+                                                      on-remove="vm.loginPage = null">
+                                    </umb-node-preview>
+                                </div>
                             </div>
-                        </div>
-                        <div class="control-group umb-control-group">
-                            <div class="umb-el-wrap">
-                                <label>
-                                    <strong><localize key="publicAccess_paErrorPage">Error Page</localize></strong>
-                                    <small><localize key="publicAccess_paErrorPageHelp">Used when people are logged on, but do not have access</localize></small>
-                                </label>
-                                <a href ng-show="!vm.errorPage" ng-click="vm.pickErrorPage()" class="umb-node-preview-add" prevent-default>
-                                    <localize key="general_add">Add</localize>
-                                </a>
-                                <umb-node-preview ng-show="vm.errorPage"
-                                                  icon="vm.errorPage.icon"
-                                                  name="vm.errorPage.name"
-                                                  allow-remove="true"
-                                                  on-remove="vm.errorPage = null">
-                                </umb-node-preview>
+                            <div class="control-group umb-control-group">
+                                <div class="umb-el-wrap">
+                                    <label>
+                                        <strong><localize key="publicAccess_paErrorPage">Error Page</localize></strong>
+                                        <small><localize key="publicAccess_paErrorPageHelp">Used when people are logged on, but do not have access</localize></small>
+                                    </label>
+                                    <a href ng-show="!vm.errorPage" ng-click="vm.pickErrorPage()" class="umb-node-preview-add" prevent-default>
+                                        <localize key="general_add">Add</localize>
+                                    </a>
+                                    <umb-node-preview ng-show="vm.errorPage"
+                                                      icon="vm.errorPage.icon"
+                                                      name="vm.errorPage.name"
+                                                      allow-remove="true"
+                                                      on-remove="vm.errorPage = null">
+                                    </umb-node-preview>
+                                </div>
                             </div>
-                        </div>
+                        </umb-pane>
                     </div>
                 </div>
 

From a795ed66e8e14eb0d6028c35b8698fc50bfa078e Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <post@kennjacobsen.dk>
Date: Sat, 8 Dec 2018 14:50:05 +0100
Subject: [PATCH 11/21] Use a member group picker instead of checkboxes

---
 .../content/content.protect.controller.js     | 62 ++++++++++++++-----
 .../src/views/content/protect.html            | 30 +++++----
 src/Umbraco.Web/Editors/ContentController.cs  |  2 +-
 3 files changed, 64 insertions(+), 30 deletions(-)

diff --git a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
index 69c73b5ec9..4504ebd372 100644
--- a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
@@ -7,7 +7,7 @@
         var id = $scope.currentNode.id;
 
         vm.loading = false;
-        vm.saveButtonState = "init";
+        vm.buttonState = "init";
 
         vm.isValid = isValid;
         vm.next = next;
@@ -16,8 +16,10 @@
         vm.toggle = toggle;
         vm.pickLoginPage = pickLoginPage;
         vm.pickErrorPage = pickErrorPage;
-        vm.remove = remove;
-        vm.removeConfirm = removeConfirm;
+        vm.pickGroup = pickGroup;
+        vm.removeGroup = removeGroup;
+        vm.removeProtection = removeProtection;
+        vm.removeProtectionConfirm = removeProtectionConfirm;
 
         vm.type = null;
         vm.step = null;
@@ -55,10 +57,10 @@
                 // Get all member groups
                 memberGroupResource.getGroups().then(function (groups) {
                     vm.step = vm.type;
-                    vm.groups = groups;
-                    // set groups "selected" according to currently selected roles for public access
-                    _.each(groups, function(group) {
-                        group.selected = _.contains(vm.roles, group.name);
+                    vm.allGroups = groups;
+                    vm.hasGroups = groups.length > 0;
+                    vm.groups = _.filter(groups, function(group) {
+                        return _.contains(vm.roles, group.name);
                     });
                     vm.loading = false;
                 });
@@ -79,15 +81,14 @@
                 return false;
             }
             if (vm.type === "role") {
-                return !!_.find(vm.groups, function(group) { return group.selected; });
+                return vm.groups && vm.groups.length > 0;
             }
             return true;
         }
 
         function save() {
-            vm.saveButtonState = "busy";
-            var selectedGroups = _.filter(vm.groups, function(group) { return group.selected; });
-            var roles = _.map(selectedGroups, function(group) { return group.name; });
+            vm.buttonState = "busy";
+            var roles = _.map(vm.groups, function (group) { return group.name; });
             contentResource.updatePublicAccess(id, vm.userName, vm.password, roles, vm.loginPage.id, vm.errorPage.id).then(
                 function () {
                     localizationService.localize("publicAccess_paIsProtected", [$scope.currentNode.name]).then(function (value) {
@@ -98,7 +99,7 @@
                     navigationService.syncTree({ tree: "content", path: $scope.currentNode.path, forceReload: true });
                 }, function (error) {
                     vm.error = error;
-                    vm.saveButtonState = "error";
+                    vm.buttonState = "error";
                 }
             );
         }
@@ -113,6 +114,35 @@
             group.selected = !group.selected;
         }
 
+        function pickGroup() {
+            navigationService.allowHideDialog(false);
+            editorService.memberGroupPicker({
+                multiPicker: true,
+                submit: function(model) {
+                    var selectedGroupIds = model.selectedMemberGroups
+                        ? model.selectedMemberGroups
+                        : [model.selectedMemberGroup];
+                    _.each(selectedGroupIds,
+                        function(groupId) {
+                            var group = _.find(vm.allGroups, function(g) { return g.id === parseInt(groupId); });
+                            if (group && !_.contains(vm.groups, group)) {
+                                vm.groups.push(group);
+                            }
+                        });
+                    editorService.close();
+                    navigationService.allowHideDialog(true);
+                },
+                close: function() {
+                    editorService.close();
+                    navigationService.allowHideDialog(true);
+                }
+            });
+        }
+
+        function removeGroup(group) {
+            vm.groups = _.without(vm.groups, group);
+        }
+
         function pickLoginPage() {
             pickPage(vm.loginPage);
         }
@@ -141,12 +171,12 @@
             });
         }
 
-        function remove() {
+        function removeProtection() {
             vm.removing = true;
         }
 
-        function removeConfirm() {
-            vm.saveButtonState = "busy";
+        function removeProtectionConfirm() {
+            vm.buttonState = "busy";
             contentResource.removePublicAccess(id).then(
                 function () {
                     localizationService.localize("publicAccess_paIsRemoved", [$scope.currentNode.name]).then(function(value) {
@@ -157,7 +187,7 @@
                     navigationService.syncTree({ tree: "content", path: $scope.currentNode.path, forceReload: true });
                 }, function (error) {
                     vm.error = error;
-                    vm.saveButtonState = "error";
+                    vm.buttonState = "error";
                 }
             );
         }
diff --git a/src/Umbraco.Web.UI.Client/src/views/content/protect.html b/src/Umbraco.Web.UI.Client/src/views/content/protect.html
index 3746e46aa3..4b2bf54b5c 100644
--- a/src/Umbraco.Web.UI.Client/src/views/content/protect.html
+++ b/src/Umbraco.Web.UI.Client/src/views/content/protect.html
@@ -53,22 +53,26 @@
                         </umb-pane>
                     </div>
 
-                    <div ng-show="vm.step === 'role' && !vm.groups.length">
+                    <div ng-show="vm.step === 'role' && !vm.hasGroups">
                         <p><localize key="publicAccess_paAdvancedNoGroups">You need to create a membergroup before you can use role-based authentication</localize></p>
                     </div>
 
-                    <div ng-show="vm.step === 'role' && vm.groups.length">
+                    <div ng-show="vm.step === 'role' && vm.hasGroups">
                         <p><localize key="publicAccess_paSelectRoles" tokens="[currentNode.name]">Pick the roles who have access to this page</localize></p>
                         <umb-pane>
-                            <div ng-repeat="group in vm.groups | orderBy:'name'">
-                                <label>
-                                    <input type="checkbox" ng-model="group.selected"/> {{group.name}}
-                                </label>
-                            </div>
+                            <umb-node-preview ng-repeat="group in vm.groups | orderBy:'name'"
+                                              icon="'icon-users'"
+                                              name="group.name"
+                                              allow-remove="true"
+                                              on-remove="vm.removeGroup(group)">
+                            </umb-node-preview>
+                            <a href ng-click="vm.pickGroup()" class="umb-node-preview-add" prevent-default>
+                                <localize key="general_add">Add</localize>
+                            </a>
                         </umb-pane>
                     </div>
 
-                    <div ng-show="vm.step === 'user' || vm.groups.length">
+                    <div ng-show="vm.step === 'user' || vm.hasGroups">
                         <p class="mt4"><localize key="publicAccess_paSelectPages">Select the pages that contain login form and error messages</localize></p>
                         <umb-pane>
                             <div class="control-group umb-control-group -no-border">
@@ -145,16 +149,16 @@
 
             <umb-button ng-show="vm.canRemove && !vm.removing"
                         type="button"
-                        action="vm.remove()"
+                        action="vm.removeProtection()"
                         button-style="warning"
                         label-key="publicAccess_paRemoveProtection"
-                        disabled="vm.loading">
+                        disabled="vm.buttonState === 'busy'">
             </umb-button>
 
             <umb-button ng-show="vm.step && !vm.removing"
                         type="button"
                         action="vm.save()"
-                        state="vm.saveButtonState"
+                        state="vm.buttonState"
                         button-style="success"
                         label-key="buttons_save"
                         disabled="vm.buttonState === 'busy' || !vm.isValid()">
@@ -169,8 +173,8 @@
 
             <umb-button ng-show="vm.removing"
                         type="button"
-                        action="vm.removeConfirm()"
-                        state="vm.saveButtonState"
+                        action="vm.removeProtectionConfirm()"
+                        state="vm.buttonState"
                         button-style="success"
                         label-key="buttons_confirmActionConfirm"
                         disabled="vm.buttonState === 'busy'">
diff --git a/src/Umbraco.Web/Editors/ContentController.cs b/src/Umbraco.Web/Editors/ContentController.cs
index a026977fc1..b7a33c3ab8 100644
--- a/src/Umbraco.Web/Editors/ContentController.cs
+++ b/src/Umbraco.Web/Editors/ContentController.cs
@@ -2240,7 +2240,7 @@ namespace Umbraco.Web.Editors
                 }
                 foreach (var role in newRoles)
                 {
-                    entry.AddRule(Constants.Conventions.PublicAccess.MemberRoleRuleType, role);
+                    entry.AddRule(role, Constants.Conventions.PublicAccess.MemberRoleRuleType);
                 }
             }
 

From c860a6b574123beb0a94b6c300c7cd07b2837773 Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <post@kennjacobsen.dk>
Date: Sun, 9 Dec 2018 14:58:52 +0100
Subject: [PATCH 12/21] Pick members instead of entering username and password

---
 .../src/common/resources/content.resource.js  | 14 ++--
 src/Umbraco.Web.UI.Client/src/less/hacks.less |  1 -
 .../content/content.protect.controller.js     | 53 +++++++++++++--
 .../src/views/content/protect.html            | 30 +++++----
 src/Umbraco.Web.UI/Umbraco/config/lang/da.xml |  6 +-
 src/Umbraco.Web.UI/Umbraco/config/lang/en.xml |  8 +--
 .../Umbraco/config/lang/en_us.xml             |  8 +--
 src/Umbraco.Web/Editors/ContentController.cs  | 64 ++++++++-----------
 .../Models/ContentEditing/PublicAccess.cs     |  7 +-
 9 files changed, 110 insertions(+), 81 deletions(-)

diff --git a/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js b/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
index b7ea16ea19..681a629ed0 100644
--- a/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
+++ b/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
@@ -990,27 +990,25 @@ function contentResource($q, $http, umbDataFormatter, umbRequestHelper) {
           * </pre>
           *
           * @param {Int} contentId The content Id
-          * @param {String} userName The name of the user that should have access (if using specific user protection)
-          * @param {String} password The password for the user that should have access (if using specific user protection)
           * @param {Array} roles The roles that should have access (if using role based protection)
+          * @param {Array} memberIds The IDs of the members that should have access (if using member based protection)
           * @param {Int} loginPageId The Id of the login page
           * @param {Int} errorPageId The Id of the error page
           * @returns {Promise} resourcePromise object containing the public access protection
           *
           */
-        updatePublicAccess: function (contentId, userName, password, roles, loginPageId, errorPageId) {
+        updatePublicAccess: function (contentId, roles, memberIds, loginPageId, errorPageId) {
             var publicAccess = {
                 contentId: contentId,
                 loginPageId: loginPageId,
                 errorPageId: errorPageId
             };
-            if (userName && password) {
-                publicAccess.userName = userName;
-                publicAccess.password = password;
-            }
-            else if (angular.isArray(roles) && roles.length) {
+            if (angular.isArray(roles) && roles.length) {
                 publicAccess.roles = roles;
             }
+            else if (angular.isArray(memberIds) && memberIds.length) {
+                publicAccess.memberIds = memberIds;
+            }
             else {
                 throw "must supply either userName/password or roles";
             }
diff --git a/src/Umbraco.Web.UI.Client/src/less/hacks.less b/src/Umbraco.Web.UI.Client/src/less/hacks.less
index cd32c64782..0bbb89a250 100644
--- a/src/Umbraco.Web.UI.Client/src/less/hacks.less
+++ b/src/Umbraco.Web.UI.Client/src/less/hacks.less
@@ -106,7 +106,6 @@ iframe, .content-column-body {
     display: flex;
     flex-wrap: nowrap;
     flex-direction: row;
-    justify-content: center;
     align-items: flex-start;
 
     margin-top: 15px;
diff --git a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
index 4504ebd372..ace37d4ac5 100644
--- a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
@@ -18,6 +18,8 @@
         vm.pickErrorPage = pickErrorPage;
         vm.pickGroup = pickGroup;
         vm.removeGroup = removeGroup;
+        vm.pickMember = pickMember;
+        vm.removeMember = removeMember;
         vm.removeProtection = removeProtection;
         vm.removeProtectionConfirm = removeProtectionConfirm;
 
@@ -29,24 +31,25 @@
 
             // get the current public access protection
             contentResource.getPublicAccess(id).then(function (publicAccess) {
+                vm.loading = false;
+
                 // init the current settings for public access (if any)
                 vm.loginPage = publicAccess.loginPage;
                 vm.errorPage = publicAccess.errorPage;
-                vm.userName = publicAccess.userName;
-                vm.roles = publicAccess.roles;
+                vm.roles = publicAccess.roles || [];
+                vm.members = publicAccess.members || [];
                 vm.canRemove = true;
 
-                if (vm.userName) {
-                    vm.type = "user";
+                if (vm.members.length) {
+                    vm.type = "member";
                     next();
                 }
-                else if (vm.roles) {
+                else if (vm.roles.length) {
                     vm.type = "role";
                     next();
                 }
                 else {
                     vm.canRemove = false;
-                    vm.loading = false;
                 }
             });
         }
@@ -89,7 +92,8 @@
         function save() {
             vm.buttonState = "busy";
             var roles = _.map(vm.groups, function (group) { return group.name; });
-            contentResource.updatePublicAccess(id, vm.userName, vm.password, roles, vm.loginPage.id, vm.errorPage.id).then(
+            var memberIds = _.map(vm.members, function (member) { return member.id; });
+            contentResource.updatePublicAccess(id, roles, memberIds, vm.loginPage.id, vm.errorPage.id).then(
                 function () {
                     localizationService.localize("publicAccess_paIsProtected", [$scope.currentNode.name]).then(function (value) {
                         vm.success = {
@@ -143,6 +147,41 @@
             vm.groups = _.without(vm.groups, group);
         }
 
+        function pickMember() {
+            navigationService.allowHideDialog(false);
+            // TODO: once editorService has a memberPicker method, use that instead
+            editorService.treePicker({
+                multiPicker: true,
+                entityType: "Member",
+                section: "member",
+                treeAlias: "member",
+                filter: function (i) {
+                    return i.metaData.isContainer;
+                },
+                filterCssClass: "not-allowed",
+                submit: function (model) {
+                    if (model.selection && model.selection.length) {
+                        _.each(model.selection,
+                            function (member) {
+                                if (!_.find(vm.members, function (m) { return m.id === member.id })) {
+                                    vm.members.push(member);
+                                }
+                            });
+                    }
+                    editorService.close();
+                    navigationService.allowHideDialog(true);
+                },
+                close: function () {
+                    editorService.close();
+                    navigationService.allowHideDialog(true);
+                }
+            });
+        }
+
+        function removeMember(member) {
+            vm.members = _.without(vm.members, member);
+        }
+
         function pickLoginPage() {
             pickPage(vm.loginPage);
         }
diff --git a/src/Umbraco.Web.UI.Client/src/views/content/protect.html b/src/Umbraco.Web.UI.Client/src/views/content/protect.html
index 4b2bf54b5c..f179f1c63c 100644
--- a/src/Umbraco.Web.UI.Client/src/views/content/protect.html
+++ b/src/Umbraco.Web.UI.Client/src/views/content/protect.html
@@ -20,11 +20,11 @@
 
                     <umb-pane>
                         <div class="pa-select-type">
-                            <input id="protectionTypeUser" type="radio" name="protectionType" value="user" ng-model="vm.type">
+                            <input id="protectionTypeMember" type="radio" name="protectionType" value="member" ng-model="vm.type">
 
-                            <label for="protectionTypeUser">
-                                <h5 class="pa-access-header"><localize key="publicAccess_paSimple">Single user protection</localize></h5>
-                                <p><localize key="publicAccess_paSimpleHelp">If you just want to setup simple protection using a single login and password</localize></p>
+                            <label for="protectionTypeMember">
+                                <h5 class="pa-access-header"><localize key="publicAccess_paMembers">Specific members protection</localize></h5>
+                                <p><localize key="publicAccess_paMembersHelp">If you want to grant access to specific members</localize></p>
                             </label>
                         </div>
 
@@ -40,16 +40,18 @@
                 </div>
 
                 <div ng-show="vm.step && !vm.loading && !vm.removing">
-                    <div ng-if="vm.step === 'user'">
-                        <p><localize key="publicAccess_paSetLogin" tokens="[currentNode.name]">Set the login and password for this page</localize></p>
+                    <div ng-if="vm.step === 'member'">
+                        <p><localize key="publicAccess_paSelectMembers" tokens="[currentNode.name]">Select the members that should have access to this page</localize></p>
                         <umb-pane>
-                            <umb-control-group label="@general_login">
-                                <input type="text" name="userName" ng-model="vm.userName" class="-full-width-input" required />
-                            </umb-control-group>
-                            <umb-control-group label="@general_password">
-                                <!-- TODO KJAC: get password regex from server -->
-                                <input type="password" name="password" ng-model="vm.password" class="-full-width-input" required pattern="^....$" />
-                            </umb-control-group>
+                            <umb-node-preview ng-repeat="member in vm.members | orderBy:'name'"
+                                              icon="'icon-user'"
+                                              name="member.name"
+                                              allow-remove="true"
+                                              on-remove="vm.removeMember(member)">
+                            </umb-node-preview>
+                            <a href ng-click="vm.pickMember()" class="umb-node-preview-add" prevent-default>
+                                <localize key="general_add">Add</localize>
+                            </a>
                         </umb-pane>
                     </div>
 
@@ -72,7 +74,7 @@
                         </umb-pane>
                     </div>
 
-                    <div ng-show="vm.step === 'user' || vm.hasGroups">
+                    <div ng-show="vm.step === 'member' || vm.hasGroups">
                         <p class="mt4"><localize key="publicAccess_paSelectPages">Select the pages that contain login form and error messages</localize></p>
                         <umb-pane>
                             <div class="control-group umb-control-group -no-border">
diff --git a/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml b/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml
index f30b4aa7bc..c0377e16ee 100644
--- a/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml
+++ b/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml
@@ -886,9 +886,9 @@ Mange hilsner fra Umbraco robotten
     <key alias="paRemoveProtectionConfirm"><![CDATA[Er du sikker på at du vil fjerne beskyttelsen fra siden <strong>%0%</strong>?]]></key>
     <key alias="paSelectPages">Vælg siderne der indeholder log ind-formularer og fejlmeddelelser</key>
     <key alias="paSelectRoles"><![CDATA[Vælg de roller der har adgang til siden <strong>%0%</strong>]]></key>
-    <key alias="paSetLogin"><![CDATA[Indstil login og kodeord for siden <strong>%0%</strong>]]></key>
-    <key alias="paSimple">Enkel brugerbeskyttelse</key>
-    <key alias="paSimpleHelp">Hvis du blot ønsker at opsætte simpel beskyttelse ved hjælp af et enkelt login og kodeord</key>
+    <key alias="paSelectMembers"><![CDATA[Vælg de medlemmer der har adgang til siden <strong>%0%</strong>]]></key>
+    <key alias="paMembers">Adgang til enkelte medlemmer</key>
+    <key alias="paMembersHelp">Hvis du ønsker at give adgang til enkelte medlemmer</key>
   </area>
   <area alias="publish">
     <key alias="contentPublishedFailedAwaitingRelease">Udgivelsen kunne ikke udgives da publiceringsdato er sat</key>
diff --git a/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml b/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml
index 49111e9eab..f61186a98f 100644
--- a/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml
+++ b/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml
@@ -1137,10 +1137,10 @@ To manage your website, simply open the Umbraco back office and start adding con
     <key alias="paRemoveProtection">Remove protection...</key>
     <key alias="paRemoveProtectionConfirm"><![CDATA[Are you sure you want to remove the protection from the page <strong>%0%</strong>?]]></key>
     <key alias="paSelectPages">Select the pages that contain login form and error messages</key>
-    <key alias="paSelectRoles"><![CDATA[Pick the roles who have access to the page <strong>%0%</strong>]]></key>
-    <key alias="paSetLogin"><![CDATA[Set the login and password for the page <strong>%0%</strong>]]></key>
-    <key alias="paSimple">Single user protection</key>
-    <key alias="paSimpleHelp">If you just want to setup simple protection using a single login and password</key>
+    <key alias="paSelectRoles"><![CDATA[Select the roles who have access to the page <strong>%0%</strong>]]></key>
+    <key alias="paSelectMembers"><![CDATA[Select the members who have access to the page <strong>%0%</strong>]]></key>
+    <key alias="paMembers">Specific members protection</key>
+    <key alias="paMembersHelp">If you wish to grant access to specific members</key>
   </area>
   <area alias="publish">
     <key alias="contentPublishedFailedAwaitingRelease"><![CDATA[
diff --git a/src/Umbraco.Web.UI/Umbraco/config/lang/en_us.xml b/src/Umbraco.Web.UI/Umbraco/config/lang/en_us.xml
index 37ea9f69f6..1953a351be 100644
--- a/src/Umbraco.Web.UI/Umbraco/config/lang/en_us.xml
+++ b/src/Umbraco.Web.UI/Umbraco/config/lang/en_us.xml
@@ -1159,10 +1159,10 @@ To manage your website, simply open the Umbraco back office and start adding con
     <key alias="paRemoveProtection">Remove protection...</key>
     <key alias="paRemoveProtectionConfirm"><![CDATA[Are you sure you want to remove the protection from the page <strong>%0%</strong>?]]></key>
     <key alias="paSelectPages">Select the pages that contain login form and error messages</key>
-    <key alias="paSelectRoles"><![CDATA[Pick the roles who have access to the page <strong>%0%</strong>]]></key>
-    <key alias="paSetLogin"><![CDATA[Set the login and password for the page <strong>%0%</strong>]]></key>
-    <key alias="paSimple">Single user protection</key>
-    <key alias="paSimpleHelp">If you just want to setup simple protection using a single login and password</key>
+    <key alias="paSelectRoles"><![CDATA[Select the roles who have access to the page <strong>%0%</strong>]]></key>
+    <key alias="paSelectMembers"><![CDATA[Select the members who have access to the page <strong>%0%</strong>]]></key>
+    <key alias="paMembers">Specific members protection</key>
+    <key alias="paMembersHelp">If you wish to grant access to specific members</key>
   </area>
   <area alias="publish">
     <key alias="invalidPublishBranchPermissions">Insufficient user permissions to publish all descendant documents</key>
diff --git a/src/Umbraco.Web/Editors/ContentController.cs b/src/Umbraco.Web/Editors/ContentController.cs
index b7a33c3ab8..015354f0c6 100644
--- a/src/Umbraco.Web/Editors/ContentController.cs
+++ b/src/Umbraco.Web/Editors/ContentController.cs
@@ -2173,9 +2173,12 @@ namespace Umbraco.Web.Editors
 
             // unwrap the current public access setup for the client
             // - this API method is the single point of entry for both "modes" of public access (single user and role based)
-            var userName = entry.Rules
-                .FirstOrDefault(rule => rule.RuleType == Constants.Conventions.PublicAccess.MemberUsernameRuleType)
-                ?.RuleValue;
+            var members = entry.Rules
+                .Where(rule => rule.RuleType == Constants.Conventions.PublicAccess.MemberUsernameRuleType)
+                .Select(rule => Services.MemberService.GetByUsername(rule.RuleValue))
+                .Where(member => member != null)
+                .Select(Mapper.Map<MemberDisplay>)
+                .ToArray();
             var roles = entry.Rules
                 .Where(rule => rule.RuleType == Constants.Conventions.PublicAccess.MemberRoleRuleType)
                 .Select(rule => rule.RuleValue)
@@ -2183,7 +2186,7 @@ namespace Umbraco.Web.Editors
 
             return Request.CreateResponse(HttpStatusCode.OK, new PublicAccess
             {
-                UserName = userName,
+                Members = members,
                 Roles = roles,
                 LoginPage = loginPageEntity != null ? Mapper.Map<EntityBasic>(loginPageEntity) : null,
                 ErrorPage = errorPageEntity != null ? Mapper.Map<EntityBasic>(errorPageEntity) : null
@@ -2193,9 +2196,9 @@ namespace Umbraco.Web.Editors
         // set up public access using role based access
         [EnsureUserPermissionForContent("contentId", ActionProtect.ActionLetter)]
         [HttpPost]
-        public HttpResponseMessage PostPublicAccess(int contentId, [FromUri]string[] roles, int loginPageId, int errorPageId)
+        public HttpResponseMessage PostPublicAccess(int contentId, [FromUri]string[] roles, [FromUri]int[] memberIds, int loginPageId, int errorPageId)
         {
-            if (roles == null || roles.Any() == false)
+            if ((roles == null || roles.Any() == false) && (userIds == null || userIds.Any() == false))
             {
                 throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest));
             }
@@ -2208,14 +2211,23 @@ namespace Umbraco.Web.Editors
                 throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest));
             }
 
+            var isRoleBased = roles != null && roles.Any();
+            var candidateRuleValues = isRoleBased
+                ? roles
+                : memberIds.Select(id => Services.MemberService.GetById(id)?.Username).Where(s => s != null).ToArray();
+            var newRuleType = isRoleBased
+                ? Constants.Conventions.PublicAccess.MemberRoleRuleType
+                : Constants.Conventions.PublicAccess.MemberUsernameRuleType;
+
             var entry = Services.PublicAccessService.GetEntryForContent(content);
 
             if (entry == null)
             {
                 entry = new PublicAccessEntry(content, loginPage, errorPage, new List<PublicAccessRule>());
-                foreach (var role in roles)
+
+                foreach (var role in candidateRuleValues)
                 {
-                    entry.AddRule(role, Constants.Conventions.PublicAccess.MemberRoleRuleType);
+                    entry.AddRule(role, newRuleType);
                 }
             }
             else
@@ -2225,12 +2237,12 @@ namespace Umbraco.Web.Editors
 
                 var currentRules = entry.Rules.ToArray();
                 var obsoleteRules = currentRules.Where(rule =>
-                    rule.RuleType != Constants.Conventions.PublicAccess.MemberRoleRuleType
-                    || roles.Contains(rule.RuleValue) == false
+                    rule.RuleType != newRuleType
+                    || candidateRuleValues.Contains(rule.RuleValue) == false
                 );
-                var newRoles = roles.Where(group =>
+                var newRuleValues = candidateRuleValues.Where(group =>
                     currentRules.Any(rule =>
-                        rule.RuleType == Constants.Conventions.PublicAccess.MemberRoleRuleType
+                        rule.RuleType == newRuleType
                         && rule.RuleValue == group
                     ) == false
                 );
@@ -2238,9 +2250,9 @@ namespace Umbraco.Web.Editors
                 {
                     entry.RemoveRule(rule);
                 }
-                foreach (var role in newRoles)
+                foreach (var role in newRuleValues)
                 {
-                    entry.AddRule(role, Constants.Conventions.PublicAccess.MemberRoleRuleType);
+                    entry.AddRule(role, newRuleType);
                 }
             }
 
@@ -2249,30 +2261,6 @@ namespace Umbraco.Web.Editors
                 : Request.CreateResponse(HttpStatusCode.InternalServerError);
         }
 
-        // set up public access using username and password
-        [EnsureUserPermissionForContent("contentId", ActionProtect.ActionLetter)]
-        [HttpPost]
-        public HttpResponseMessage PostPublicAccess(int contentId, string userName, string password, int loginPageId, int errorPageId)
-        {
-            // TODO KJAC: validate password regex
-            if (string.IsNullOrEmpty(userName) || string.IsNullOrEmpty(password))
-            {
-                throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest));
-            }
-
-            var content = Services.ContentService.GetById(contentId);
-            var loginPage = Services.ContentService.GetById(loginPageId);
-            var errorPage = Services.ContentService.GetById(errorPageId);
-            if (content == null || loginPage == null || errorPage == null)
-            {
-                throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest));
-            }
-
-            // TODO KJAC: implement
-
-            return Request.CreateResponse(HttpStatusCode.OK);
-        }
-
         [EnsureUserPermissionForContent("contentId", ActionProtect.ActionLetter)]
         [HttpPost]
         public HttpResponseMessage RemovePublicAccess(int contentId)
diff --git a/src/Umbraco.Web/Models/ContentEditing/PublicAccess.cs b/src/Umbraco.Web/Models/ContentEditing/PublicAccess.cs
index 68236d5934..b8035c9f25 100644
--- a/src/Umbraco.Web/Models/ContentEditing/PublicAccess.cs
+++ b/src/Umbraco.Web/Models/ContentEditing/PublicAccess.cs
@@ -5,8 +5,8 @@ namespace Umbraco.Web.Models.ContentEditing
     [DataContract(Name = "publicAccess", Namespace = "")]
     public class PublicAccess
     {
-        [DataMember(Name = "userName")]
-        public string UserName { get; set; }
+        //[DataMember(Name = "userName")]
+        //public string UserName { get; set; }
 
         [DataMember(Name = "roles")]
         public string[] Roles { get; set; }
@@ -16,5 +16,8 @@ namespace Umbraco.Web.Models.ContentEditing
 
         [DataMember(Name = "errorPage")]
         public EntityBasic ErrorPage { get; set; }
+
+        [DataMember(Name = "members")]
+        public MemberDisplay[] Members { get; set; }
     }
 }

From a8b0ede770a5d68fc44c7f593c86a94c2a2d41c7 Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <post@kennjacobsen.dk>
Date: Sun, 9 Dec 2018 15:03:35 +0100
Subject: [PATCH 13/21] Whoops forgot a file

---
 src/Umbraco.Web/Editors/ContentController.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Umbraco.Web/Editors/ContentController.cs b/src/Umbraco.Web/Editors/ContentController.cs
index 015354f0c6..e245883ed7 100644
--- a/src/Umbraco.Web/Editors/ContentController.cs
+++ b/src/Umbraco.Web/Editors/ContentController.cs
@@ -2198,7 +2198,7 @@ namespace Umbraco.Web.Editors
         [HttpPost]
         public HttpResponseMessage PostPublicAccess(int contentId, [FromUri]string[] roles, [FromUri]int[] memberIds, int loginPageId, int errorPageId)
         {
-            if ((roles == null || roles.Any() == false) && (userIds == null || userIds.Any() == false))
+            if ((roles == null || roles.Any() == false) && (memberIds == null || memberIds.Any() == false))
             {
                 throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest));
             }

From efb9b37f5daac33ef753c46f0a708d0f0a930c53 Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <kja@vertica.dk>
Date: Wed, 12 Dec 2018 09:27:03 +0100
Subject: [PATCH 14/21] Change from member IDs to usernames in member
 selections

---
 .../src/common/resources/content.resource.js  |  8 ++---
 .../content/content.protect.controller.js     | 31 ++++++++++++++-----
 src/Umbraco.Web/Editors/ContentController.cs  |  7 +++--
 3 files changed, 31 insertions(+), 15 deletions(-)

diff --git a/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js b/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
index 681a629ed0..75e1877be8 100644
--- a/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
+++ b/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
@@ -991,13 +991,13 @@ function contentResource($q, $http, umbDataFormatter, umbRequestHelper) {
           *
           * @param {Int} contentId The content Id
           * @param {Array} roles The roles that should have access (if using role based protection)
-          * @param {Array} memberIds The IDs of the members that should have access (if using member based protection)
+          * @param {Array} usernames The usernames of the members that should have access (if using member based protection)
           * @param {Int} loginPageId The Id of the login page
           * @param {Int} errorPageId The Id of the error page
           * @returns {Promise} resourcePromise object containing the public access protection
           *
           */
-        updatePublicAccess: function (contentId, roles, memberIds, loginPageId, errorPageId) {
+        updatePublicAccess: function (contentId, roles, usernames, loginPageId, errorPageId) {
             var publicAccess = {
                 contentId: contentId,
                 loginPageId: loginPageId,
@@ -1006,8 +1006,8 @@ function contentResource($q, $http, umbDataFormatter, umbRequestHelper) {
             if (angular.isArray(roles) && roles.length) {
                 publicAccess.roles = roles;
             }
-            else if (angular.isArray(memberIds) && memberIds.length) {
-                publicAccess.memberIds = memberIds;
+            else if (angular.isArray(usernames) && usernames.length) {
+                publicAccess.usernames = usernames;
             }
             else {
                 throw "must supply either userName/password or roles";
diff --git a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
index ace37d4ac5..c6b6cecd5d 100644
--- a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
@@ -1,7 +1,7 @@
 (function () {
     "use strict";
 
-    function ContentProtectController($scope, $routeParams, contentResource, memberGroupResource, navigationService, localizationService, editorService) {
+    function ContentProtectController($scope, $q, contentResource, memberResource, memberGroupResource, navigationService, localizationService, editorService) {
 
         var vm = this;
         var id = $scope.currentNode.id;
@@ -92,8 +92,8 @@
         function save() {
             vm.buttonState = "busy";
             var roles = _.map(vm.groups, function (group) { return group.name; });
-            var memberIds = _.map(vm.members, function (member) { return member.id; });
-            contentResource.updatePublicAccess(id, roles, memberIds, vm.loginPage.id, vm.errorPage.id).then(
+            var usernames = _.map(vm.members, function (member) { return member.username; });
+            contentResource.updatePublicAccess(id, roles, usernames, vm.loginPage.id, vm.errorPage.id).then(
                 function () {
                     localizationService.localize("publicAccess_paIsProtected", [$scope.currentNode.name]).then(function (value) {
                         vm.success = {
@@ -161,15 +161,30 @@
                 filterCssClass: "not-allowed",
                 submit: function (model) {
                     if (model.selection && model.selection.length) {
+                        var promises = [];
+                        // get the selected member usernames
                         _.each(model.selection,
                             function (member) {
-                                if (!_.find(vm.members, function (m) { return m.id === member.id })) {
-                                    vm.members.push(member);
-                                }
+                                // TODO:
+                                // as-is we need to fetch all the picked members one at a time to get their usernames.
+                                // when editorService has a memberPicker method, see if this can't be avoided - otherwise
+                                // add a memberResource.getByKeys() method to do all this in one request
+                                promises.push(
+                                    memberResource.getByKey(member.key).then(function(newMember) {
+                                        if (!_.find(vm.members, function (currentMember) { return currentMember.username === newMember.username })) {
+                                            vm.members.push(newMember);
+                                        }
+                                    })
+                                );                                
                             });
+                        editorService.close();
+                        navigationService.allowHideDialog(true);
+                        // wait for all the member lookups to complete 
+                        vm.loading = true;
+                        $q.all(promises).then(function() {
+                            vm.loading = false;
+                        });
                     }
-                    editorService.close();
-                    navigationService.allowHideDialog(true);
                 },
                 close: function () {
                     editorService.close();
diff --git a/src/Umbraco.Web/Editors/ContentController.cs b/src/Umbraco.Web/Editors/ContentController.cs
index e245883ed7..423680fac5 100644
--- a/src/Umbraco.Web/Editors/ContentController.cs
+++ b/src/Umbraco.Web/Editors/ContentController.cs
@@ -2173,6 +2173,7 @@ namespace Umbraco.Web.Editors
 
             // unwrap the current public access setup for the client
             // - this API method is the single point of entry for both "modes" of public access (single user and role based)
+            // TODO: support custom membership providers here
             var members = entry.Rules
                 .Where(rule => rule.RuleType == Constants.Conventions.PublicAccess.MemberUsernameRuleType)
                 .Select(rule => Services.MemberService.GetByUsername(rule.RuleValue))
@@ -2196,9 +2197,9 @@ namespace Umbraco.Web.Editors
         // set up public access using role based access
         [EnsureUserPermissionForContent("contentId", ActionProtect.ActionLetter)]
         [HttpPost]
-        public HttpResponseMessage PostPublicAccess(int contentId, [FromUri]string[] roles, [FromUri]int[] memberIds, int loginPageId, int errorPageId)
+        public HttpResponseMessage PostPublicAccess(int contentId, [FromUri]string[] roles, [FromUri]string[] usernames, int loginPageId, int errorPageId)
         {
-            if ((roles == null || roles.Any() == false) && (memberIds == null || memberIds.Any() == false))
+            if ((roles == null || roles.Any() == false) && (usernames == null || usernames.Any() == false))
             {
                 throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest));
             }
@@ -2214,7 +2215,7 @@ namespace Umbraco.Web.Editors
             var isRoleBased = roles != null && roles.Any();
             var candidateRuleValues = isRoleBased
                 ? roles
-                : memberIds.Select(id => Services.MemberService.GetById(id)?.Username).Where(s => s != null).ToArray();
+                : usernames;
             var newRuleType = isRoleBased
                 ? Constants.Conventions.PublicAccess.MemberRoleRuleType
                 : Constants.Conventions.PublicAccess.MemberUsernameRuleType;

From 35f0bf92f2efde5d3cf436c07e3ae08c034b117a Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <kja@vertica.dk>
Date: Wed, 12 Dec 2018 09:55:35 +0100
Subject: [PATCH 15/21] Support custom membership providers (untested)

---
 src/Umbraco.Web/Editors/ContentController.cs | 33 ++++++++++++++++----
 1 file changed, 27 insertions(+), 6 deletions(-)

diff --git a/src/Umbraco.Web/Editors/ContentController.cs b/src/Umbraco.Web/Editors/ContentController.cs
index 423680fac5..3f595f9cbc 100644
--- a/src/Umbraco.Web/Editors/ContentController.cs
+++ b/src/Umbraco.Web/Editors/ContentController.cs
@@ -8,6 +8,7 @@ using System.Text;
 using System.Web.Http;
 using System.Web.Http.Controllers;
 using System.Web.Http.ModelBinding;
+using System.Web.Security;
 using AutoMapper;
 using Umbraco.Core;
 using Umbraco.Core.Logging;
@@ -2173,13 +2174,33 @@ namespace Umbraco.Web.Editors
 
             // unwrap the current public access setup for the client
             // - this API method is the single point of entry for both "modes" of public access (single user and role based)
-            // TODO: support custom membership providers here
-            var members = entry.Rules
+            var usernames = entry.Rules
                 .Where(rule => rule.RuleType == Constants.Conventions.PublicAccess.MemberUsernameRuleType)
-                .Select(rule => Services.MemberService.GetByUsername(rule.RuleValue))
-                .Where(member => member != null)
-                .Select(Mapper.Map<MemberDisplay>)
-                .ToArray();
+                .Select(rule => rule.RuleValue).ToArray();
+
+            MemberDisplay[] members;
+            switch (Services.MemberService.GetMembershipScenario())
+            {
+                case MembershipScenario.NativeUmbraco:
+                    members = usernames
+                        .Select(username => Services.MemberService.GetByUsername(username))
+                        .Where(member => member != null)
+                        .Select(Mapper.Map<MemberDisplay>)
+                        .ToArray();
+                    break;
+                // TODO: test support custom membership providers
+                case MembershipScenario.CustomProviderWithUmbracoLink:
+                case MembershipScenario.StandaloneCustomProvider:
+                default:
+                    var provider = Core.Security.MembershipProviderExtensions.GetMembersMembershipProvider();
+                    members = usernames
+                        .Select(username => provider.GetUser(username, false))
+                        .Where(membershipUser => membershipUser != null)
+                        .Select(Mapper.Map<MembershipUser, MemberDisplay>)
+                        .ToArray();
+                    break;
+            }
+
             var roles = entry.Rules
                 .Where(rule => rule.RuleType == Constants.Conventions.PublicAccess.MemberRoleRuleType)
                 .Select(rule => rule.RuleValue)

From 22b78ec617aaa404c385a70220ff0b0cd793bd52 Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <kja@vertica.dk>
Date: Wed, 12 Dec 2018 11:18:16 +0100
Subject: [PATCH 16/21] Make sure at least one member is selected

---
 .../src/views/content/content.protect.controller.js            | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
index c6b6cecd5d..988cd10739 100644
--- a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
@@ -86,6 +86,9 @@
             if (vm.type === "role") {
                 return vm.groups && vm.groups.length > 0;
             }
+            if (vm.type === "member") {
+                return vm.members && vm.members.length > 0;
+            }
             return true;
         }
 

From e4f9c2916d52028bd15061a0f5ba42a3bf6c58cd Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <kja@vertica.dk>
Date: Wed, 12 Dec 2018 14:27:20 +0100
Subject: [PATCH 17/21] Use "groups", not "roles" + return richer group models
 from API

---
 .../src/common/resources/content.resource.js  |  8 ++---
 .../content/content.protect.controller.js     | 27 +++++++++--------
 .../src/views/content/protect.html            | 16 +++++-----
 src/Umbraco.Web.UI/Umbraco/config/lang/da.xml |  8 ++---
 src/Umbraco.Web.UI/Umbraco/config/lang/en.xml |  8 ++---
 .../Umbraco/config/lang/en_us.xml             |  8 ++---
 src/Umbraco.Web/Editors/ContentController.cs  | 29 ++++++++++---------
 .../Models/ContentEditing/PublicAccess.cs     |  7 ++---
 8 files changed, 55 insertions(+), 56 deletions(-)

diff --git a/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js b/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
index 75e1877be8..b807a4dc31 100644
--- a/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
+++ b/src/Umbraco.Web.UI.Client/src/common/resources/content.resource.js
@@ -990,21 +990,21 @@ function contentResource($q, $http, umbDataFormatter, umbRequestHelper) {
           * </pre>
           *
           * @param {Int} contentId The content Id
-          * @param {Array} roles The roles that should have access (if using role based protection)
+          * @param {Array} groups The names of the groups that should have access (if using group based protection)
           * @param {Array} usernames The usernames of the members that should have access (if using member based protection)
           * @param {Int} loginPageId The Id of the login page
           * @param {Int} errorPageId The Id of the error page
           * @returns {Promise} resourcePromise object containing the public access protection
           *
           */
-        updatePublicAccess: function (contentId, roles, usernames, loginPageId, errorPageId) {
+        updatePublicAccess: function (contentId, groups, usernames, loginPageId, errorPageId) {
             var publicAccess = {
                 contentId: contentId,
                 loginPageId: loginPageId,
                 errorPageId: errorPageId
             };
-            if (angular.isArray(roles) && roles.length) {
-                publicAccess.roles = roles;
+            if (angular.isArray(groups) && groups.length) {
+                publicAccess.groups = groups;
             }
             else if (angular.isArray(usernames) && usernames.length) {
                 publicAccess.usernames = usernames;
diff --git a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
index 988cd10739..8d80f308ab 100644
--- a/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
+++ b/src/Umbraco.Web.UI.Client/src/views/content/content.protect.controller.js
@@ -36,7 +36,7 @@
                 // init the current settings for public access (if any)
                 vm.loginPage = publicAccess.loginPage;
                 vm.errorPage = publicAccess.errorPage;
-                vm.roles = publicAccess.roles || [];
+                vm.groups = publicAccess.groups || [];
                 vm.members = publicAccess.members || [];
                 vm.canRemove = true;
 
@@ -44,8 +44,8 @@
                     vm.type = "member";
                     next();
                 }
-                else if (vm.roles.length) {
-                    vm.type = "role";
+                else if (vm.groups.length) {
+                    vm.type = "group";
                     next();
                 }
                 else {
@@ -55,16 +55,14 @@
         }
 
         function next() {
-            if (vm.type === "role") {
+            if (vm.type === "group") {
                 vm.loading = true;
-                // Get all member groups
+                // get all existing member groups for lookup upon selection
+                // NOTE: if/when member groups support infinite editing, we can't rely on using a cached lookup list of valid groups anymore
                 memberGroupResource.getGroups().then(function (groups) {
                     vm.step = vm.type;
                     vm.allGroups = groups;
                     vm.hasGroups = groups.length > 0;
-                    vm.groups = _.filter(groups, function(group) {
-                        return _.contains(vm.roles, group.name);
-                    });
                     vm.loading = false;
                 });
             }
@@ -83,7 +81,7 @@
             if (!vm.loginPage || !vm.errorPage) {
                 return false;
             }
-            if (vm.type === "role") {
+            if (vm.type === "group") {
                 return vm.groups && vm.groups.length > 0;
             }
             if (vm.type === "member") {
@@ -94,9 +92,9 @@
 
         function save() {
             vm.buttonState = "busy";
-            var roles = _.map(vm.groups, function (group) { return group.name; });
+            var groups = _.map(vm.groups, function (group) { return group.name; });
             var usernames = _.map(vm.members, function (member) { return member.username; });
-            contentResource.updatePublicAccess(id, roles, usernames, vm.loginPage.id, vm.errorPage.id).then(
+            contentResource.updatePublicAccess(id, groups, usernames, vm.loginPage.id, vm.errorPage.id).then(
                 function () {
                     localizationService.localize("publicAccess_paIsProtected", [$scope.currentNode.name]).then(function (value) {
                         vm.success = {
@@ -130,9 +128,10 @@
                         ? model.selectedMemberGroups
                         : [model.selectedMemberGroup];
                     _.each(selectedGroupIds,
-                        function(groupId) {
+                        function (groupId) {
+                            // find the group in the lookup list and add it if it isn't already
                             var group = _.find(vm.allGroups, function(g) { return g.id === parseInt(groupId); });
-                            if (group && !_.contains(vm.groups, group)) {
+                            if (group && !_.find(vm.groups, function (g) { return g.id === group.id })) {
                                 vm.groups.push(group);
                             }
                         });
@@ -147,7 +146,7 @@
         }
 
         function removeGroup(group) {
-            vm.groups = _.without(vm.groups, group);
+            vm.groups = _.reject(vm.groups, function(g) { return g.id === group.id });
         }
 
         function pickMember() {
diff --git a/src/Umbraco.Web.UI.Client/src/views/content/protect.html b/src/Umbraco.Web.UI.Client/src/views/content/protect.html
index f179f1c63c..ae4a15e8c1 100644
--- a/src/Umbraco.Web.UI.Client/src/views/content/protect.html
+++ b/src/Umbraco.Web.UI.Client/src/views/content/protect.html
@@ -29,11 +29,11 @@
                         </div>
 
                         <div class="pa-select-type">
-                            <input id="protectionTypeRole" type="radio" name="protectionType" value="role" ng-model="vm.type">
+                            <input id="protectionTypeGroup" type="radio" name="protectionType" value="group" ng-model="vm.type">
 
-                            <label for="protectionTypeRole">
-                                <h5 class="pa-access-header"><localize key="publicAccess_paAdvanced">Role based protection</localize></h5>
-                                <p><localize key="publicAccess_paAdvancedHelp">If you wish to control access to the page using role-based authentication, using Umbraco's member groups</localize></p>
+                            <label for="protectionTypeGroup">
+                                <h5 class="pa-access-header"><localize key="publicAccess_paGroups">Group based protection</localize></h5>
+                                <p><localize key="publicAccess_paGroupsHelp">If you want to grant access to all members of specific member groups</localize></p>
                             </label>
                         </div>
                     </umb-pane>
@@ -55,12 +55,12 @@
                         </umb-pane>
                     </div>
 
-                    <div ng-show="vm.step === 'role' && !vm.hasGroups">
-                        <p><localize key="publicAccess_paAdvancedNoGroups">You need to create a membergroup before you can use role-based authentication</localize></p>
+                    <div ng-show="vm.step === 'group' && !vm.hasGroups">
+                        <p><localize key="publicAccess_paGroupsNoGroups">You need to create a member group before you can use group based authentication</localize></p>
                     </div>
 
-                    <div ng-show="vm.step === 'role' && vm.hasGroups">
-                        <p><localize key="publicAccess_paSelectRoles" tokens="[currentNode.name]">Pick the roles who have access to this page</localize></p>
+                    <div ng-show="vm.step === 'group' && vm.hasGroups">
+                        <p><localize key="publicAccess_paSelectGroups" tokens="[currentNode.name]">Select the groups that should have access to this page</localize></p>
                         <umb-pane>
                             <umb-node-preview ng-repeat="group in vm.groups | orderBy:'name'"
                                               icon="'icon-users'"
diff --git a/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml b/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml
index c0377e16ee..fef0d325ca 100644
--- a/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml
+++ b/src/Umbraco.Web.UI/Umbraco/config/lang/da.xml
@@ -872,9 +872,9 @@ Mange hilsner fra Umbraco robotten
     <key alias="removeSpecialFormattering">Indsæt, men fjern formattering som ikke bør være på en webside (Anbefales)</key>
   </area>
   <area alias="publicAccess">
-    <key alias="paAdvanced">Rollebaseret beskyttelse</key>
-    <key alias="paAdvancedHelp">Hvis du ønsker at kontrollere adgang til siden ved hjælp af rollebaseret godkendelse via Umbracos medlemsgrupper.</key>
-    <key alias="paAdvancedNoGroups">Du skal oprette en medlemsgruppe før du kan bruge rollebaseret godkendelse</key>
+    <key alias="paGroups">Gruppebaseret beskyttelse</key>
+    <key alias="paGroupsHelp">Hvis du ønsker at give adgang til alle medlemmer af specifikke medlemsgrupper</key>
+    <key alias="paGroupsNoGroups">Du skal oprette en medlemsgruppe før du kan bruge gruppebaseret beskyttelse</key>
     <key alias="paErrorPage">Fejlside</key>
     <key alias="paErrorPageHelp">Brugt når folk er logget ind, men ingen adgang</key>
     <key alias="paHowWould"><![CDATA[Vælg hvordan siden <strong>%0%</strong> skal beskyttes]]></key>
@@ -885,7 +885,7 @@ Mange hilsner fra Umbraco robotten
     <key alias="paRemoveProtection">Fjern beskyttelse...</key>
     <key alias="paRemoveProtectionConfirm"><![CDATA[Er du sikker på at du vil fjerne beskyttelsen fra siden <strong>%0%</strong>?]]></key>
     <key alias="paSelectPages">Vælg siderne der indeholder log ind-formularer og fejlmeddelelser</key>
-    <key alias="paSelectRoles"><![CDATA[Vælg de roller der har adgang til siden <strong>%0%</strong>]]></key>
+    <key alias="paSelectGroups"><![CDATA[Vælg de grupper der har adgang til siden <strong>%0%</strong>]]></key>
     <key alias="paSelectMembers"><![CDATA[Vælg de medlemmer der har adgang til siden <strong>%0%</strong>]]></key>
     <key alias="paMembers">Adgang til enkelte medlemmer</key>
     <key alias="paMembersHelp">Hvis du ønsker at give adgang til enkelte medlemmer</key>
diff --git a/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml b/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml
index f61186a98f..51ea51685f 100644
--- a/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml
+++ b/src/Umbraco.Web.UI/Umbraco/config/lang/en.xml
@@ -1124,9 +1124,9 @@ To manage your website, simply open the Umbraco back office and start adding con
     <key alias="removeSpecialFormattering">Paste, but remove formatting (Recommended)</key>
   </area>
   <area alias="publicAccess">
-    <key alias="paAdvanced">Role based protection</key>
-    <key alias="paAdvancedHelp">If you wish to control access to the page using role-based authentication, using Umbraco's member groups</key>
-    <key alias="paAdvancedNoGroups">You need to create a membergroup before you can use role-based authentication</key>
+    <key alias="paGroups">Group based protection</key>
+    <key alias="paGroupsHelp">If you want to grant access to all members of specific member groups</key>
+    <key alias="paGroupsNoGroups">You need to create a member group before you can use group based authentication</key>
     <key alias="paErrorPage">Error Page</key>
     <key alias="paErrorPageHelp">Used when people are logged on, but do not have access</key>
     <key alias="paHowWould"><![CDATA[Choose how to restrict access to the page <strong>%0%</strong>]]></key>
@@ -1137,7 +1137,7 @@ To manage your website, simply open the Umbraco back office and start adding con
     <key alias="paRemoveProtection">Remove protection...</key>
     <key alias="paRemoveProtectionConfirm"><![CDATA[Are you sure you want to remove the protection from the page <strong>%0%</strong>?]]></key>
     <key alias="paSelectPages">Select the pages that contain login form and error messages</key>
-    <key alias="paSelectRoles"><![CDATA[Select the roles who have access to the page <strong>%0%</strong>]]></key>
+    <key alias="paSelectGroups"><![CDATA[Select the groups who have access to the page <strong>%0%</strong>]]></key>
     <key alias="paSelectMembers"><![CDATA[Select the members who have access to the page <strong>%0%</strong>]]></key>
     <key alias="paMembers">Specific members protection</key>
     <key alias="paMembersHelp">If you wish to grant access to specific members</key>
diff --git a/src/Umbraco.Web.UI/Umbraco/config/lang/en_us.xml b/src/Umbraco.Web.UI/Umbraco/config/lang/en_us.xml
index 1953a351be..b5efba5a32 100644
--- a/src/Umbraco.Web.UI/Umbraco/config/lang/en_us.xml
+++ b/src/Umbraco.Web.UI/Umbraco/config/lang/en_us.xml
@@ -1146,9 +1146,9 @@ To manage your website, simply open the Umbraco back office and start adding con
     <key alias="removeSpecialFormattering">Paste, but remove formatting (Recommended)</key>
   </area>
   <area alias="publicAccess">
-    <key alias="paAdvanced">Role based protection</key>
-    <key alias="paAdvancedHelp">If you wish to control access to the page using role-based authentication, using Umbraco's member groups</key>
-    <key alias="paAdvancedNoGroups">You need to create a membergroup before you can use role-based authentication</key>
+    <key alias="paGroups">Group based protection</key>
+    <key alias="paGroupsHelp">If you want to grant access to all members of specific member groups</key>
+    <key alias="paGroupsNoGroups">You need to create a member group before you can use group based authentication</key>
     <key alias="paErrorPage">Error Page</key>
     <key alias="paErrorPageHelp">Used when people are logged on, but do not have access</key>
     <key alias="paHowWould"><![CDATA[Choose how to restrict access to the page <strong>%0%</strong>]]></key>
@@ -1159,7 +1159,7 @@ To manage your website, simply open the Umbraco back office and start adding con
     <key alias="paRemoveProtection">Remove protection...</key>
     <key alias="paRemoveProtectionConfirm"><![CDATA[Are you sure you want to remove the protection from the page <strong>%0%</strong>?]]></key>
     <key alias="paSelectPages">Select the pages that contain login form and error messages</key>
-    <key alias="paSelectRoles"><![CDATA[Select the roles who have access to the page <strong>%0%</strong>]]></key>
+    <key alias="paSelectGroups"><![CDATA[Select the groups who have access to the page <strong>%0%</strong>]]></key>
     <key alias="paSelectMembers"><![CDATA[Select the members who have access to the page <strong>%0%</strong>]]></key>
     <key alias="paMembers">Specific members protection</key>
     <key alias="paMembersHelp">If you wish to grant access to specific members</key>
diff --git a/src/Umbraco.Web/Editors/ContentController.cs b/src/Umbraco.Web/Editors/ContentController.cs
index 3f595f9cbc..d1cb15e76d 100644
--- a/src/Umbraco.Web/Editors/ContentController.cs
+++ b/src/Umbraco.Web/Editors/ContentController.cs
@@ -2201,15 +2201,18 @@ namespace Umbraco.Web.Editors
                     break;
             }
 
-            var roles = entry.Rules
+            var allGroups = Services.MemberGroupService.GetAll().ToArray();
+            var groups = entry.Rules
                 .Where(rule => rule.RuleType == Constants.Conventions.PublicAccess.MemberRoleRuleType)
-                .Select(rule => rule.RuleValue)
+                .Select(rule => allGroups.FirstOrDefault(g => g.Name == rule.RuleValue))
+                .Where(memberGroup => memberGroup != null)
+                .Select(Mapper.Map<MemberGroupDisplay>)
                 .ToArray();
 
             return Request.CreateResponse(HttpStatusCode.OK, new PublicAccess
             {
                 Members = members,
-                Roles = roles,
+                Groups = groups,
                 LoginPage = loginPageEntity != null ? Mapper.Map<EntityBasic>(loginPageEntity) : null,
                 ErrorPage = errorPageEntity != null ? Mapper.Map<EntityBasic>(errorPageEntity) : null
             });
@@ -2218,9 +2221,9 @@ namespace Umbraco.Web.Editors
         // set up public access using role based access
         [EnsureUserPermissionForContent("contentId", ActionProtect.ActionLetter)]
         [HttpPost]
-        public HttpResponseMessage PostPublicAccess(int contentId, [FromUri]string[] roles, [FromUri]string[] usernames, int loginPageId, int errorPageId)
+        public HttpResponseMessage PostPublicAccess(int contentId, [FromUri]string[] groups, [FromUri]string[] usernames, int loginPageId, int errorPageId)
         {
-            if ((roles == null || roles.Any() == false) && (usernames == null || usernames.Any() == false))
+            if ((groups == null || groups.Any() == false) && (usernames == null || usernames.Any() == false))
             {
                 throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest));
             }
@@ -2233,11 +2236,11 @@ namespace Umbraco.Web.Editors
                 throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.BadRequest));
             }
 
-            var isRoleBased = roles != null && roles.Any();
-            var candidateRuleValues = isRoleBased
-                ? roles
+            var isGroupBased = groups != null && groups.Any();
+            var candidateRuleValues = isGroupBased
+                ? groups
                 : usernames;
-            var newRuleType = isRoleBased
+            var newRuleType = isGroupBased
                 ? Constants.Conventions.PublicAccess.MemberRoleRuleType
                 : Constants.Conventions.PublicAccess.MemberUsernameRuleType;
 
@@ -2247,9 +2250,9 @@ namespace Umbraco.Web.Editors
             {
                 entry = new PublicAccessEntry(content, loginPage, errorPage, new List<PublicAccessRule>());
 
-                foreach (var role in candidateRuleValues)
+                foreach (var ruleValue in candidateRuleValues)
                 {
-                    entry.AddRule(role, newRuleType);
+                    entry.AddRule(ruleValue, newRuleType);
                 }
             }
             else
@@ -2272,9 +2275,9 @@ namespace Umbraco.Web.Editors
                 {
                     entry.RemoveRule(rule);
                 }
-                foreach (var role in newRuleValues)
+                foreach (var ruleValue in newRuleValues)
                 {
-                    entry.AddRule(role, newRuleType);
+                    entry.AddRule(ruleValue, newRuleType);
                 }
             }
 
diff --git a/src/Umbraco.Web/Models/ContentEditing/PublicAccess.cs b/src/Umbraco.Web/Models/ContentEditing/PublicAccess.cs
index b8035c9f25..dcf2dcae92 100644
--- a/src/Umbraco.Web/Models/ContentEditing/PublicAccess.cs
+++ b/src/Umbraco.Web/Models/ContentEditing/PublicAccess.cs
@@ -5,11 +5,8 @@ namespace Umbraco.Web.Models.ContentEditing
     [DataContract(Name = "publicAccess", Namespace = "")]
     public class PublicAccess
     {
-        //[DataMember(Name = "userName")]
-        //public string UserName { get; set; }
-
-        [DataMember(Name = "roles")]
-        public string[] Roles { get; set; }
+        [DataMember(Name = "groups")]
+        public MemberGroupDisplay[] Groups { get; set; }
 
         [DataMember(Name = "loginPage")]
         public EntityBasic LoginPage { get; set; }

From 1ba41986d74ce3c4b7c9b2ba9a66e67bd0eec110 Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <kja@vertica.dk>
Date: Wed, 12 Dec 2018 15:35:34 +0100
Subject: [PATCH 18/21] Make sure the public access supports member based
 access

---
 .../Services/PublicAccessServiceExtensions.cs   | 17 ++++++++++++-----
 src/Umbraco.Web/Routing/PublishedRouter.cs      |  2 +-
 2 files changed, 13 insertions(+), 6 deletions(-)

diff --git a/src/Umbraco.Core/Services/PublicAccessServiceExtensions.cs b/src/Umbraco.Core/Services/PublicAccessServiceExtensions.cs
index 12db4daf40..b0dc979ebf 100644
--- a/src/Umbraco.Core/Services/PublicAccessServiceExtensions.cs
+++ b/src/Umbraco.Core/Services/PublicAccessServiceExtensions.cs
@@ -2,6 +2,7 @@
 using System.Collections.Generic;
 using System.Linq;
 using System.Web.Security;
+using Umbraco.Core.Models;
 
 namespace Umbraco.Core.Services
 {
@@ -41,7 +42,7 @@ namespace Umbraco.Core.Services
             return hasChange;
         }
 
-        public static bool HasAccess(this IPublicAccessService publicAccessService, int documentId, IContentService contentService, IEnumerable<string> currentMemberRoles)
+        public static bool HasAccess(this IPublicAccessService publicAccessService, int documentId, IContentService contentService, string username, IEnumerable<string> currentMemberRoles)
         {
             var content = contentService.GetById(documentId);
             if (content == null) return true;
@@ -49,8 +50,7 @@ namespace Umbraco.Core.Services
             var entry = publicAccessService.GetEntryForContent(content);
             if (entry == null) return true;
 
-            return entry.Rules.Any(x => x.RuleType == Constants.Conventions.PublicAccess.MemberRoleRuleType
-                                        && currentMemberRoles.Contains(x.RuleValue));
+            return HasAccess(entry, username, currentMemberRoles);
         }
 
         public static bool HasAccess(this IPublicAccessService publicAccessService, string path, MembershipUser member, RoleProvider roleProvider)
@@ -77,8 +77,15 @@ namespace Umbraco.Core.Services
 
             var roles = rolesCallback(username);
 
-            return entry.Rules.Any(x => x.RuleType == Constants.Conventions.PublicAccess.MemberRoleRuleType
-                                        && roles.Contains(x.RuleValue));
+            return HasAccess(entry, username, roles);
+        }
+
+        private static bool HasAccess(PublicAccessEntry entry, string username, IEnumerable<string> roles)
+        {
+            return entry.Rules.Any(x =>
+                (x.RuleType == Constants.Conventions.PublicAccess.MemberUsernameRuleType && username.Equals(x.RuleValue, StringComparison.OrdinalIgnoreCase))
+                || (x.RuleType == Constants.Conventions.PublicAccess.MemberRoleRuleType && roles.Contains(x.RuleValue))
+            );
         }
     }
 }
diff --git a/src/Umbraco.Web/Routing/PublishedRouter.cs b/src/Umbraco.Web/Routing/PublishedRouter.cs
index 06c23406ab..1122aaa11a 100644
--- a/src/Umbraco.Web/Routing/PublishedRouter.cs
+++ b/src/Umbraco.Web/Routing/PublishedRouter.cs
@@ -637,7 +637,7 @@ namespace Umbraco.Web.Routing
                     if (loginPageId != request.PublishedContent.Id)
                         request.PublishedContent = request.UmbracoContext.PublishedSnapshot.Content.GetById(loginPageId);
                 }
-                else if (_services.PublicAccessService.HasAccess(request.PublishedContent.Id, _services.ContentService, GetRolesForLogin(membershipHelper.CurrentUserName)) == false)
+                else if (_services.PublicAccessService.HasAccess(request.PublishedContent.Id, _services.ContentService, membershipHelper.CurrentUserName, GetRolesForLogin(membershipHelper.CurrentUserName)) == false)
                 {
                     _logger.Debug<PublishedRouter>("EnsurePublishedContentAccess: Current member has not access, redirect to error page");
                     var errorPageId = publicAccessAttempt.Result.NoAccessNodeId;

From 41624c8c16a6cdbfc6be9e038721316d7ed52c66 Mon Sep 17 00:00:00 2001
From: Kenn Jacobsen <post@kennjacobsen.dk>
Date: Wed, 12 Dec 2018 23:07:41 +0100
Subject: [PATCH 19/21] Remove the old aspx page

---
 src/Umbraco.Web.UI/Umbraco.Web.UI.csproj      |   9 +-
 .../Umbraco/dialogs/protectPage.aspx          | 201 -----
 .../Trees/LegacyTreeDataConverter.cs          |   5 -
 src/Umbraco.Web/Umbraco.Web.csproj            |   3 -
 .../umbraco/dialogs/protectPage.aspx.cs       | 745 ------------------
 5 files changed, 4 insertions(+), 959 deletions(-)
 delete mode 100644 src/Umbraco.Web.UI/Umbraco/dialogs/protectPage.aspx
 delete mode 100644 src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/protectPage.aspx.cs

diff --git a/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj b/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
index 2823908a92..963be029e5 100644
--- a/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
+++ b/src/Umbraco.Web.UI/Umbraco.Web.UI.csproj
@@ -336,7 +336,6 @@
     <Content Include="Umbraco\Dialogs\republish.aspx" />
     <Content Include="Umbraco\Developer\Packages\directoryBrowser.aspx" />
     <Content Include="Umbraco\Developer\Packages\editPackage.aspx" />
-    <Content Include="Umbraco\Dialogs\protectPage.aspx" />
     <Content Include="Umbraco\Config\Create\UI.xml" />
     <Content Include="Umbraco\Config\Lang\en.xml">
       <SubType>Designer</SubType>
@@ -452,10 +451,10 @@
     <WebPublishingTasks Condition="exists('$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v11.0\Web\Microsoft.Web.Publishing.Tasks.dll')">$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v11.0\Web\Microsoft.Web.Publishing.Tasks.dll</WebPublishingTasks>
     <WebPublishingTasks Condition="exists('$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v12.0\Web\Microsoft.Web.Publishing.Tasks.dll')">$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v12.0\Web\Microsoft.Web.Publishing.Tasks.dll</WebPublishingTasks>
     <WebPublishingTasks Condition="exists('$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v14.0\Web\Microsoft.Web.Publishing.Tasks.dll')">$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v14.0\Web\Microsoft.Web.Publishing.Tasks.dll</WebPublishingTasks>
-    <WebPublishingTasks Condition="exists('$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v15.0\Web\Microsoft.Web.Publishing.Tasks.dll')">$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v15.0\Web\Microsoft.Web.Publishing.Tasks.dll</WebPublishingTasks>    
-	<WebPublishingTasks Condition="exists('$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v16.0\Web\Microsoft.Web.Publishing.Tasks.dll')">$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v16.0\Web\Microsoft.Web.Publishing.Tasks.dll</WebPublishingTasks>
-	<!-- Temporary addition for the VS2019 preview - can be removed when VS2019 final is released, then v16 above will be used -->
-	<WebPublishingTasks Condition="exists('$(ProgramFiles32)\Microsoft Visual Studio\2019\Preview\MSBuild\Microsoft\VisualStudio\v16.0\Web\Microsoft.Web.Publishing.Tasks.dll')">$(ProgramFiles32)\Microsoft Visual Studio\2019\Preview\MSBuild\Microsoft\VisualStudio\v16.0\Web\Microsoft.Web.Publishing.Tasks.dll</WebPublishingTasks>
+    <WebPublishingTasks Condition="exists('$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v15.0\Web\Microsoft.Web.Publishing.Tasks.dll')">$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v15.0\Web\Microsoft.Web.Publishing.Tasks.dll</WebPublishingTasks>
+    <WebPublishingTasks Condition="exists('$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v16.0\Web\Microsoft.Web.Publishing.Tasks.dll')">$(MSBuildExtensionsPath)\Microsoft\VisualStudio\v16.0\Web\Microsoft.Web.Publishing.Tasks.dll</WebPublishingTasks>
+    <!-- Temporary addition for the VS2019 preview - can be removed when VS2019 final is released, then v16 above will be used -->
+    <WebPublishingTasks Condition="exists('$(ProgramFiles32)\Microsoft Visual Studio\2019\Preview\MSBuild\Microsoft\VisualStudio\v16.0\Web\Microsoft.Web.Publishing.Tasks.dll')">$(ProgramFiles32)\Microsoft Visual Studio\2019\Preview\MSBuild\Microsoft\VisualStudio\v16.0\Web\Microsoft.Web.Publishing.Tasks.dll</WebPublishingTasks>
   </PropertyGroup>
   <!-- get TransformXml task from WebPublishingtasks -->
   <UsingTask TaskName="TransformXml" AssemblyFile="$(WebPublishingTasks)" Condition="'$(WebPublishingTasks)' != ''" />
diff --git a/src/Umbraco.Web.UI/Umbraco/dialogs/protectPage.aspx b/src/Umbraco.Web.UI/Umbraco/dialogs/protectPage.aspx
deleted file mode 100644
index 5bcf97310f..0000000000
--- a/src/Umbraco.Web.UI/Umbraco/dialogs/protectPage.aspx
+++ /dev/null
@@ -1,201 +0,0 @@
-<%@ Page Language="c#" MasterPageFile="../masterpages/umbracoDialog.Master" AutoEventWireup="True" Inherits="umbraco.presentation.umbraco.dialogs.protectPage" %>
-<%@ Register TagPrefix="cc1" Namespace="Umbraco.Web._Legacy.Controls" Assembly="Umbraco.Web" %>
-
-<asp:Content ContentPlaceHolderID="head" runat="server">
-    <script type="text/javascript">
-        function updateLoginId() {
-            var treePicker = window.showModalDialog('<%=umbraco.cms.presentation.Trees.TreeService.GetPickerUrl("content","content")%>', 'treePicker', 'dialogWidth=350px;dialogHeight=300px;scrollbars=no;center=yes;border=thin;help=no;status=no')
-	    if (treePicker != undefined) {
-	        document.getElementById("loginId").value = treePicker;
-	        if (treePicker > 0) {
-	            umbraco.presentation.webservices.CMSNode.GetNodeName('<%=Security.CurrentUser.Id%>', treePicker, updateLoginTitle);
-					} else
-					    document.getElementById("loginTitle").innerHTML =  "<strong><%=Services.TextService.Localize("content")%></strong>";
-                }
-            }
-
-            function updateLoginTitle(result) {
-                document.getElementById("loginTitle").innerHTML = "<strong>" + result + "</strong> &nbsp;";
-            }
-
-            function updateErrorId() {
-                var treePicker = window.showModalDialog('<%=umbraco.cms.presentation.Trees.TreeService.GetPickerUrl("content","content")%>', 'treePicker', 'dialogWidth=350px;dialogHeight=300px;scrollbars=no;center=yes;border=thin;help=no;status=no')
-			    if (treePicker != undefined) {
-			        document.getElementById("errorId").value = treePicker;
-			        if (treePicker > 0) {
-			            umbraco.presentation.webservices.CMSNode.GetNodeName('<%=Security.CurrentUser.Id%>', treePicker, updateErrorTitle);
-					} else
-					    document.getElementById("errorTitle").innerHTML =  "<strong><%=Services.TextService.Localize("content")%></strong>";
-                }
-            }
-            function updateErrorTitle(result) {
-                document.getElementById("errorTitle").innerHTML = "<strong>" + result + "</strong> &nbsp;";
-            }
-
-
-            function toggleSimple() {
-                if (document.getElementById("advanced").style.display != "none") {
-                    document.getElementById("advanced").style.display = "none";
-                    document.getElementById("simple").style.display = "none";
-                    document.getElementById("simpleForm").style.display = "block";
-                    document.getElementById("buttonSimple").style.display = "block";
-                    togglePages();
-                } else {
-                    document.getElementById("advanced").style.display = "block";
-                    document.getElementById("advanced").style.display = "block";
-                    document.getElementById("simpleForm").style.display = "none";
-                    document.getElementById("buttonSimple").style.display = "none";
-                    document.getElementById("pagesForm").style.display = "none";
-                }
-            }
-
-            function togglePages() {
-                document.getElementById("pagesForm").style.display = "block";
-            }
-
-            function toggleAdvanced() {
-                if (document.getElementById("simple").style.display != "none") {
-                    document.getElementById("advanced").style.display = "none";
-                    document.getElementById("simple").style.display = "none";
-                    document.getElementById("advancedForm").style.display = "block";
-                    document.getElementById("buttonAdvanced").style.display = "block";
-                    togglePages();
-                } else {
-                    document.getElementById("simple").style.display = "block";
-                    document.getElementById("advanced").style.display = "block";
-                    document.getElementById("advancedForm").style.display = "none";
-                    document.getElementById("pagesForm").style.display = "none";
-                    document.getElementById("buttonAdvanced").style.display = "none";
-                }
-            }
-    </script>
-
-</asp:Content>
-
-
-<asp:Content ContentPlaceHolderID="body" runat="server">
-
-    <input id="tempFile" type="hidden" name="tempFile" runat="server" />
-
-    <asp:Panel ID="p_feedback" runat="server" Visible="False">
-        <div class="alert alert-success">
-            <asp:Literal runat="server" ID="feedback_text"></asp:Literal>
-        </div>
-        <button class="btn btn-primary" onclick="UmbClientMgr.closeModalWindow()"><%= umbraco.ui.Text("general", "ok")%></button>
-    </asp:Panel>
-
-    <asp:Panel ID="p_mode" runat="server" CssClass="pa-umb-overlay">
-
-        <div class="umb-dialog-body">
-
-            <cc1:Pane ID="pane_chooseMode" runat="server" Text="Choose how to restict access to this page">
-
-            <div class="pa-select-type">
-                <asp:RadioButton GroupName="mode" ID="rb_simple" runat="server" Checked="true" />
-
-                <label for="body_rb_simple">
-                    <h4 class="pa-access-header"><%= Services.TextService.Localize("publicAccess/paSimple")%></h4>
-                    <p class="pa-access-description"><%= Services.TextService.Localize("publicAccess/paSimpleHelp")%></p>
-                </label>
-            </div>
-
-
-            <div class="pa-select-type">
-                <asp:RadioButton GroupName="mode" ID="rb_advanced" runat="server"/>
-
-                <label for="body_rb_advanced">
-                    <h4 class="pa-access-header"><%= Services.TextService.Localize("publicAccess/paAdvanced")%></h4>
-                    <p class="pa-access-description"><%= Services.TextService.Localize("publicAccess/paAdvancedHelp")%></p>
-
-                    <asp:Panel runat="server" Visible="false" ID="p_noGroupsFound" CssClass="error">
-                        <p>
-                            <%= Services.TextService.Localize("publicAccess/paAdvancedNoGroups")%>
-                        </p>
-                    </asp:Panel>
-                </label>
-            </div>
-
-            </cc1:Pane>
-        </div>
-
-        <div class="umb-dialog-footer btn-toolbar umb-btn-toolbar">
-            <a href="#" class="btn btn-link" onclick="UmbClientMgr.closeModalWindow()"><%=Services.TextService.Localize("cancel")%></a>
-            <asp:Button ID="bt_selectMode" runat="server" CssClass="btn btn-primary" OnClick="selectMode" />
-        </div>
-    </asp:Panel>
-
-    <asp:Panel ID="p_setup" runat="server" Visible="false" CssClass="pa-umb-overlay">
-        <div class="umb-dialog-body">
-            <cc1:Pane ID="pane_simple" runat="server" Visible="false" Text="Set the login and password for this page" CssClass="pa-umb-overlay">
-
-                <div class="pa-form">
-                    <cc1:PropertyPanel Text="Login" ID="pp_login" runat="server">
-                        <asp:TextBox ID="simpleLogin" runat="server" Width="250px"></asp:TextBox>
-                        <asp:Label runat="server" ID="SimpleLoginLabel" Visible="False"></asp:Label>
-                    </cc1:PropertyPanel>
-                </div>
-
-                <div class="pa-form">
-                    <cc1:PropertyPanel Text="Password" ID="pp_pass" runat="server">
-                        <asp:TextBox ID="simplePassword" runat="server" Width="250px"></asp:TextBox>
-                    </cc1:PropertyPanel>
-                </div>
-
-                <asp:CustomValidator CssClass="pa-validation-message error" runat="server" ID="SimpleLoginNameValidator" Display="Dynamic" EnableViewState="False">
-                    <p class="alert">Member name already exists, click <asp:LinkButton runat="server" OnClick="ChangeOnClick" CssClass="btn btn-mini btn-warning">Change</asp:LinkButton> to use a different name or Update to continue</p>
-                </asp:CustomValidator>
-            </cc1:Pane>
-
-            <cc1:Pane ID="pane_advanced" runat="server" Visible="false" Text="Role based protection">
-                <cc1:PropertyPanel ID="PropertyPanel3" runat="server">
-                    <p><%= Services.TextService.Localize("publicAccess/paSelectRoles")%></p>
-                </cc1:PropertyPanel>
-                <cc1:PropertyPanel ID="PropertyPanel2" runat="server">
-                    <asp:PlaceHolder ID="groupsSelector" runat="server"></asp:PlaceHolder>
-                </cc1:PropertyPanel>
-            </cc1:Pane>
-
-            <cc1:Pane runat="server" ID="pane_pages" Text="Select the pages that contain login form and error messages">
-
-                <cc1:PropertyPanel runat="server" ID="pp_loginPage" CssClass="pa-select-pages">
-                    <small class="umb-detail">
-                        <%=Services.TextService.Localize("paLoginPageHelp")%>
-                    </small>
-                    <div class="pa-choose-page">
-                        <asp:PlaceHolder ID="ph_loginpage" runat="server" />
-                    </div>
-
-                    <asp:CustomValidator ErrorMessage="Please pick a login page" runat="server" ID="cv_loginPage" ForeColor="Red" />
-                </cc1:PropertyPanel>
-
-
-                <cc1:PropertyPanel runat="server" ID="pp_errorPage" CssClass="pa-select-pages">
-                    <small class="umb-detail">
-                        <%=Services.TextService.Localize("paErrorPageHelp")%>
-                    </small>
-                    <div class="pa-choose-page">
-                        <asp:PlaceHolder ID="ph_errorpage" runat="server" />
-                    </div>
-                    <asp:CustomValidator ErrorMessage="Please pick an error page" runat="server" ID="cv_errorPage"  ForeColor="Red" />
-                </cc1:PropertyPanel>
-
-            </cc1:Pane>
-        </div>
-        <div class="umb-dialog-footer btn-toolbar umb-btn-toolbar">
-            <a href="#" class="btn btn-link" onclick="UmbClientMgr.closeModalWindow()"><%=Services.TextService.Localize("cancel")%></a>
-            <asp:Button ID="bt_protect" CssClass="btn btn-primary" runat="server" OnCommand="protect_Click"></asp:Button>
-            <asp:Button ID="bt_buttonRemoveProtection" CssClass="btn btn-danger" runat="server" Visible="False" OnClick="buttonRemoveProtection_Click" />
-        </div>
-    </asp:Panel>
-
-    <input id="errorId" type="hidden" runat="server" /><input id="loginId" type="hidden" runat="server" />
-</asp:Content>
-
-
-<asp:Content ContentPlaceHolderID="footer" runat="server">
-    <asp:PlaceHolder ID="js" runat="server"></asp:PlaceHolder>
-
-    <script type="text/javascript">
-        <asp:Literal Runat="server" ID="jsShowWindow"></asp:Literal>
-    </script>
-</asp:Content>
diff --git a/src/Umbraco.Web/Trees/LegacyTreeDataConverter.cs b/src/Umbraco.Web/Trees/LegacyTreeDataConverter.cs
index 85cebdf3f5..1df9127b8e 100644
--- a/src/Umbraco.Web/Trees/LegacyTreeDataConverter.cs
+++ b/src/Umbraco.Web/Trees/LegacyTreeDataConverter.cs
@@ -55,11 +55,6 @@ namespace Umbraco.Web.Trees
                         new LegacyUrlAction(
                             "create.aspx?nodeId=" + nodeId + "&nodeType=" + nodeType + "&nodeName=" + nodeName + "&rnd=" + DateTime.UtcNow.Ticks,
                             Current.Services.TextService.Localize("actions/create")));
-                case ActionProtect actionProtect:
-                    return Attempt.Succeed(
-                        new LegacyUrlAction(
-                            "dialogs/protectPage.aspx?mode=cut&nodeId=" + nodeId + "&rnd=" + DateTime.UtcNow.Ticks,
-                            Current.Services.TextService.Localize("actions/protect")));
             }
             return Attempt<LegacyUrlAction>.Fail();
         }
diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj
index 132d65c520..79ee2dbbb5 100755
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -1012,9 +1012,6 @@
     <Compile Include="umbraco.presentation\umbraco\create\simple.ascx.cs">
       <SubType>ASPXCodeBehind</SubType>
     </Compile>
-    <Compile Include="umbraco.presentation\umbraco\dialogs\ProtectPage.aspx.cs">
-      <SubType>ASPXCodeBehind</SubType>
-    </Compile>
     <Compile Include="Controllers\UmbLoginController.cs" />
     <Compile Include="UrlHelperExtensions.cs" />
     <Compile Include="Editors\MediaController.cs" />
diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/protectPage.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/protectPage.aspx.cs
deleted file mode 100644
index 07d13230e5..0000000000
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/protectPage.aspx.cs
+++ /dev/null
@@ -1,745 +0,0 @@
-using Umbraco.Core.Services;
-using System;
-using System.Collections.Generic;
-using System.Globalization;
-using System.Linq;
-using System.Web;
-using System.Web.Security;
-using System.Web.UI.WebControls;
-using Umbraco.Core;
-using Umbraco.Core.Logging;
-using umbraco.controls;
-using Umbraco.Core.Models;
-using Umbraco.Core.Security;
-using Umbraco.Web;
-using Umbraco.Web.Composing;
-using Umbraco.Web.UI.Pages;
-using MembershipProviderExtensions = Umbraco.Core.Security.MembershipProviderExtensions;
-
-namespace umbraco.presentation.umbraco.dialogs
-{
-    /// <summary>
-    /// Summary description for protectPage.
-    /// </summary>
-    public partial class protectPage : UmbracoEnsuredPage
-    {
-        public protectPage()
-        {
-            CurrentApp = Constants.Applications.Content.ToString();
-        }
-
-        protected Literal jsShowWindow;
-        protected DualSelectbox _memberGroups = new DualSelectbox();
-        protected ContentPicker loginPagePicker = new ContentPicker();
-        protected ContentPicker errorPagePicker = new ContentPicker();
-
-        private const string MemberIdRuleType = "MemberId"; // moved from Constants-Conventions.cs
-
-
-        override protected void OnInit(EventArgs e)
-        {
-            base.OnInit(e);
-        }
-
-        protected void selectMode(object sender, EventArgs e)
-        {
-            p_mode.Visible = false;
-            p_setup.Visible = true;
-
-            if (rb_simple.Checked)
-            {
-                pane_advanced.Visible = false;
-                pane_simple.Visible = true;
-                bt_protect.CommandName = "simple";
-            }
-            else
-            {
-                pane_advanced.Visible = true;
-                pane_simple.Visible = false;
-                bt_protect.CommandName = "advanced";
-            }
-        }
-
-        private ProtectionType GetProtectionType(int documentId)
-        {
-            var content = Services.ContentService.GetById(documentId);
-            if (content == null) return ProtectionType.NotProtected;
-
-            var entry = Services.PublicAccessService.GetEntryForContent(content);
-            if (entry == null) return ProtectionType.NotProtected;
-
-            //legacy states that if it is protected by a member id then it is 'simple'
-            return entry.Rules.Any(x => x.RuleType == MemberIdRuleType)
-                ? ProtectionType.Simple
-                : ProtectionType.Advanced;
-        }
-
-        private enum ProtectionType
-        {
-            NotProtected,
-            Simple,
-            Advanced
-        }
-
-        private int GetErrorPage(string path)
-        {
-            var entry = Services.PublicAccessService.GetEntryForContent(path);
-            if (entry == null) return -1;
-            var entity = Services.EntityService.Get(entry.NoAccessNodeId, UmbracoObjectTypes.Document, false);
-            return entity.Id;
-        }
-
-        private int GetLoginPage(string path)
-        {
-            var entry = Services.PublicAccessService.GetEntryForContent(path);
-            if (entry == null) return -1;
-            var entity = Services.EntityService.Get(entry.LoginNodeId, UmbracoObjectTypes.Document, false);
-            return entity.Id;
-        }
-
-        private MembershipUser GetAccessingMembershipUser(int documentId)
-        {
-            var content = Services.ContentService.GetById(documentId);
-            if (content == null) return null;
-            var entry = Services.PublicAccessService.GetEntryForContent(content);
-            if (entry == null) return null;
-            //legacy would throw an exception here if it was not 'simple' and simple means based on a username
-            if (entry.Rules.All(x => x.RuleType != Constants.Conventions.PublicAccess.MemberUsernameRuleType))
-            {
-                throw new Exception("Document isn't protected using Simple mechanism. Use GetAccessingMemberGroups instead");
-            }
-            var provider = MembershipProviderExtensions.GetMembersMembershipProvider();
-            var usernameRule = entry.Rules.First(x => x.RuleType == Constants.Conventions.PublicAccess.MemberUsernameRuleType);
-            return provider.GetUser(usernameRule.RuleValue, false);
-        }
-
-        private bool IsProtectedByMembershipRole(int documentId, string role)
-        {
-            var content = Services.ContentService.GetById(documentId);
-            var entry = Services.PublicAccessService.GetEntryForContent(content);
-            if (entry == null) return false;
-            return entry.Rules
-                .Any(x => x.RuleType == Constants.Conventions.PublicAccess.MemberRoleRuleType
-                    && x.RuleValue == role);
-        }
-
-        private void ProtectPage(bool Simple, int DocumentId, int LoginDocumentId, int ErrorDocumentId)
-        {
-            var content = Current.Services.ContentService.GetById(DocumentId);
-            var loginContent = Services.ContentService.GetById(LoginDocumentId);
-            if (loginContent == null) throw new NullReferenceException("No content item found with id " + LoginDocumentId);
-            var noAccessContent = Services.ContentService.GetById(ErrorDocumentId);
-            if (noAccessContent == null) throw new NullReferenceException("No content item found with id " + ErrorDocumentId);
-
-            var entry = Services.PublicAccessService.GetEntryForContent(content.Id.ToString());
-            if (entry != null)
-            {
-                if (Simple)
-                {
-                    // if using simple mode, make sure that all existing groups are removed
-                    entry.ClearRules();
-                }
-
-                //ensure the correct ids are applied
-                entry.LoginNodeId = loginContent.Id;
-                entry.NoAccessNodeId = noAccessContent.Id;
-            }
-            else
-            {
-                entry = new PublicAccessEntry(content,
-                    Services.ContentService.GetById(LoginDocumentId),
-                    Services.ContentService.GetById(ErrorDocumentId),
-                    new List<PublicAccessRule>());
-            }
-            Services.PublicAccessService.Save(entry);
-        }
-
-        private void AddMembershipRoleToDocument(int documentId, string role)
-        {
-            //event
-            var content = Current.Services.ContentService.GetById(documentId);
-
-            var entry = Services.PublicAccessService.AddRule(
-                content,
-                Constants.Conventions.PublicAccess.MemberRoleRuleType,
-                role);
-
-            if (entry.Success == false && entry.Result.Entity == null)
-            {
-                throw new Exception("Document is not protected!");
-            }
-        }
-
-        private void AddMembershipUserToDocument(int documentId, string membershipUserName)
-        {
-            //event
-            var content = Current.Services.ContentService.GetById(documentId);
-            var entry = Services.PublicAccessService.AddRule(
-                content,
-                Constants.Conventions.PublicAccess.MemberUsernameRuleType,
-                membershipUserName);
-
-            if (entry.Success == false && entry.Result.Entity == null)
-            {
-                throw new Exception("Document is not protected!");
-            }
-        }
-
-        private void RemoveMembershipRoleFromDocument(int documentId, string role)
-        {
-            var content = Current.Services.ContentService.GetById(documentId);
-            Services.PublicAccessService.RemoveRule(
-                content,
-                Constants.Conventions.PublicAccess.MemberRoleRuleType,
-                role);
-        }
-
-        private void RemoveProtection(int documentId)
-        {
-            var content = Current.Services.ContentService.GetById(documentId);
-            var entry = Services.PublicAccessService.GetEntryForContent(content);
-            if (entry != null)
-            {
-                Services.PublicAccessService.Delete(entry);
-            }
-        }
-
-        protected void Page_Load(object sender, EventArgs e)
-        {
-            // Check for editing
-            int documentId = int.Parse(Request.GetItemAsString("nodeId"));
-            var content = Current.Services.ContentService.GetById(documentId);
-            jsShowWindow.Text = "";
-
-            ph_errorpage.Controls.Add(errorPagePicker);
-            ph_loginpage.Controls.Add(loginPagePicker);
-
-            pp_login.Text = Services.TextService.Localize("login");
-            pp_pass.Text = Services.TextService.Localize("password");
-            pp_loginPage.Text = Services.TextService.Localize("paLoginPage");
-            pp_errorPage.Text = Services.TextService.Localize("paErrorPage");
-
-            pane_chooseMode.Text = Services.TextService.Localize("publicAccess/paHowWould");
-            pane_pages.Text = Services.TextService.Localize("publicAccess/paSelectPages");
-            pane_simple.Text = Services.TextService.Localize("publicAccess/paSimple");
-            pane_advanced.Text = Services.TextService.Localize("publicAccess/paAdvanced");
-
-            if (IsPostBack == false)
-            {
-                if (Services.PublicAccessService.IsProtected(documentId.ToString())
-                    && GetProtectionType(documentId) != ProtectionType.NotProtected)
-                {
-                    bt_buttonRemoveProtection.Visible = true;
-                    bt_buttonRemoveProtection.Attributes.Add("onClick", "return confirm('" + Services.TextService.Localize("areyousure") + "')");
-
-                    // Get login and error pages
-                    int errorPage = GetErrorPage(content.Path);
-                    int loginPage = GetLoginPage(content.Path);
-                    try
-                    {
-                        var loginPageContent = Current.Services.ContentService.GetById(loginPage);
-                        if (loginPageContent != null)
-                        {
-                            loginPagePicker.Value = loginPage.ToString(CultureInfo.InvariantCulture);
-                        }
-                        var errorPageContent = Current.Services.ContentService.GetById(errorPage);
-                        errorPagePicker.Value = errorPage.ToString(CultureInfo.InvariantCulture);
-                    }
-                    catch (Exception ex)
-                    {
-                        Current.Logger.Error<protectPage>(ex, "An error occurred initializing the protect page editor");
-                    }
-
-                    if (GetProtectionType(documentId) == ProtectionType.Simple)
-                    {
-                        MembershipUser m = GetAccessingMembershipUser(documentId);
-                        if (m != null)
-                        {
-                            pane_simple.Visible = true;
-                            pp_pass.Visible = false;
-                            simpleLogin.Visible = false;
-                            SimpleLoginLabel.Visible = true;
-                            SimpleLoginLabel.Text = m.UserName;
-                            pane_advanced.Visible = false;
-                            bt_protect.CommandName = "simple";
-                        }
-
-                    }
-                    else if (GetProtectionType(documentId) == ProtectionType.Advanced)
-                    {
-                        pane_simple.Visible = false;
-                        pane_advanced.Visible = true;
-                        bt_protect.CommandName = "advanced";
-                    }
-
-                    p_mode.Visible = false;
-                    p_setup.Visible = true;
-                }
-            }
-
-            // Load up membergrouops
-            _memberGroups.ID = "Membergroups";
-            _memberGroups.Width = 175;
-            _memberGroups.Height = 165;
-            var selectedGroups = "";
-
-            // get roles from the membership provider
-            var roles = Roles.GetAllRoles().OrderBy(x => x).ToArray();
-
-            if (roles.Length > 0)
-            {
-                foreach (var role in roles)
-                {
-                    var listItem = new ListItem(role, role);
-                    _memberGroups.Items.Add(listItem);
-                    if (IsPostBack) continue;
-
-                    // first time, initialize selected roles
-                        if (IsProtectedByMembershipRole(documentId, role))
-                        selectedGroups += role + ",";
-                }
-            }
-            else
-            {
-                p_noGroupsFound.Visible = true;
-                rb_advanced.Enabled = false;
-            }
-
-            _memberGroups.Value = selectedGroups;
-            groupsSelector.Controls.Add(_memberGroups);
-
-
-            bt_protect.Text = Services.TextService.Localize("buttons", "select");
-            bt_buttonRemoveProtection.Text = Services.TextService.Localize("paRemoveProtection");
-
-            // Put user code to initialize the page here
-        }
-
-        protected void ChangeOnClick(object sender, EventArgs e)
-        {
-            SimpleLoginNameValidator.IsValid = true;
-            SimpleLoginLabel.Visible = false;
-            simpleLogin.Visible = true;
-            pp_pass.Visible = true;
-        }
-
-        protected void protect_Click(object sender, CommandEventArgs e)
-        {
-            if (string.IsNullOrEmpty(errorPagePicker.Value) || errorPagePicker.Value == "-1")
-                cv_errorPage.IsValid = false;
-
-            if (string.IsNullOrEmpty(loginPagePicker.Value) || loginPagePicker.Value == "-1")
-                cv_loginPage.IsValid = false;
-
-            //reset
-            SimpleLoginNameValidator.IsValid = true;
-
-            var provider = Umbraco.Core.Security.MembershipProviderExtensions.GetMembersMembershipProvider();
-            var pageId = int.Parse(Request.GetItemAsString("nodeId"));
-
-            if (e.CommandName == "simple")
-            {
-                var memberLogin = simpleLogin.Visible ? simpleLogin.Text : SimpleLoginLabel.Text;
-
-                var member = provider.GetUser(memberLogin, false);
-                if (member == null)
-                {
-                    var tempEmail = "u" + Guid.NewGuid().ToString("N") + "@example.com";
-
-                    // this needs to work differently depending on umbraco members or external membership provider
-                    if (provider.IsUmbracoMembershipProvider() == false)
-                    {
-                        member = provider.CreateUser(memberLogin, simplePassword.Text, tempEmail);
-                    }
-                    else
-                    {
-                        //if it's the umbraco membership provider, then we need to tell it what member type to create it with
-                        if (Current.Services.MemberTypeService.Get(Constants.Conventions.MemberTypes.SystemDefaultProtectType) == null)
-                        //if (MemberType.GetByAlias(Constants.Conventions.MemberTypes.SystemDefaultProtectType) == null)
-                        {
-                            var defm = new MemberType(null, Constants.Conventions.MemberTypes.SystemDefaultProtectType);
-                            Current.Services.MemberTypeService.Save(defm);
-                        }
-                        var castedProvider = provider.AsUmbracoMembershipProvider();
-                        MembershipCreateStatus status;
-                        member = castedProvider.CreateUser(Constants.Conventions.MemberTypes.SystemDefaultProtectType,
-                                            memberLogin, simplePassword.Text, tempEmail, null, null, true, null, out status);
-                        if (status != MembershipCreateStatus.Success)
-                        {
-                            SimpleLoginNameValidator.IsValid = false;
-                            SimpleLoginNameValidator.ErrorMessage = "Could not create user: " + status;
-                            SimpleLoginNameValidator.Text = "Could not create user: " + status;
-                            return;
-                        }
-                    }
-                }
-                else if (pp_pass.Visible)
-                {
-                    SimpleLoginNameValidator.IsValid = false;
-                    SimpleLoginLabel.Visible = true;
-                    SimpleLoginLabel.Text = memberLogin;
-                    simpleLogin.Visible = false;
-                    pp_pass.Visible = false;
-                    return;
-                }
-
-                // Create or find a memberGroup
-                var simpleRoleName = "__umbracoRole_" + member.UserName;
-                if (Roles.RoleExists(simpleRoleName) == false)
-                {
-                    Roles.CreateRole(simpleRoleName);
-                }
-                if (Roles.IsUserInRole(member.UserName, simpleRoleName) == false)
-                {
-                    Roles.AddUserToRole(member.UserName, simpleRoleName);
-                }
-
-                    ProtectPage(true, pageId, int.Parse(loginPagePicker.Value), int.Parse(errorPagePicker.Value));
-                    AddMembershipRoleToDocument(pageId, simpleRoleName);
-                    AddMembershipUserToDocument(pageId, member.UserName);
-            }
-            else if (e.CommandName == "advanced")
-            {
-                if (cv_errorPage.IsValid && cv_loginPage.IsValid)
-                {
-                    ProtectPage(false, pageId, int.Parse(loginPagePicker.Value), int.Parse(errorPagePicker.Value));
-
-                    foreach (ListItem li in _memberGroups.Items)
-                        if (("," + _memberGroups.Value + ",").IndexOf("," + li.Value + ",", StringComparison.Ordinal) > -1)
-                            AddMembershipRoleToDocument(pageId, li.Value);
-                        else
-                            RemoveMembershipRoleFromDocument(pageId, li.Value);
-                }
-                else
-                {
-                    return;
-                }
-            }
-
-            var content = Services.ContentService.GetById(pageId);
-            var text = content == null ? "" : content.Name;
-            feedback_text.Text = HttpUtility.HtmlEncode(Services.TextService.Localize("publicAccess/paIsProtected", new[] { text }));
-
-            p_setup.Visible = false;
-            p_feedback.Visible = true;
-
-            //reloads the current node in the tree
-            ClientTools.SyncTree(content.Path, true);
-            //reloads the current node's children in the tree
-            ClientTools.ReloadActionNode(false, true);
-        }
-
-
-        protected void buttonRemoveProtection_Click(object sender, System.EventArgs e)
-        {
-            int pageId = int.Parse(Request.GetItemAsString("nodeId"));
-            p_setup.Visible = false;
-
-            RemoveProtection(pageId);
-
-            var content = Services.ContentService.GetById(pageId);
-            var text = content == null ? "" : content.Name;
-            feedback_text.Text = HttpUtility.HtmlEncode(Services.TextService.Localize("publicAccess/paIsRemoved", new[] { text }));
-            p_feedback.Visible = true;
-
-
-            //reloads the current node in the tree
-            ClientTools.SyncTree(content.Path, true);
-            //reloads the current node's children in the tree
-            ClientTools.ReloadActionNode(false, true);
-        }
-
-        protected CustomValidator SimpleLoginNameValidator;
-        protected Label SimpleLoginLabel;
-
-        /// <summary>
-        /// tempFile control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.HtmlControls.HtmlInputHidden tempFile;
-
-        /// <summary>
-        /// p_feedback control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.Panel p_feedback;
-
-        /// <summary>
-        /// p_mode control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.Panel p_mode;
-
-        /// <summary>
-        /// p_setup control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.Panel p_setup;
-
-        /// <summary>
-        /// pane_chooseMode control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::Umbraco.Web._Legacy.Controls.Pane pane_chooseMode;
-
-        /// <summary>
-        /// rb_simple control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.RadioButton rb_simple;
-
-        /// <summary>
-        /// rb_advanced control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.RadioButton rb_advanced;
-
-        /// <summary>
-        /// p_noGroupsFound control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.Panel p_noGroupsFound;
-
-        /// <summary>
-        /// bt_selectMode control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.Button bt_selectMode;
-
-        /// <summary>
-        /// pane_simple control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::Umbraco.Web._Legacy.Controls.Pane pane_simple;
-
-        /// <summary>
-        /// PropertyPanel1 control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::Umbraco.Web._Legacy.Controls.PropertyPanel PropertyPanel1;
-
-        /// <summary>
-        /// pp_login control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::Umbraco.Web._Legacy.Controls.PropertyPanel pp_login;
-
-        /// <summary>
-        /// simpleLogin control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.TextBox simpleLogin;
-
-        /// <summary>
-        /// pp_pass control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::Umbraco.Web._Legacy.Controls.PropertyPanel pp_pass;
-
-        /// <summary>
-        /// simplePassword control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.TextBox simplePassword;
-
-        /// <summary>
-        /// pane_advanced control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::Umbraco.Web._Legacy.Controls.Pane pane_advanced;
-
-        /// <summary>
-        /// PropertyPanel3 control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::Umbraco.Web._Legacy.Controls.PropertyPanel PropertyPanel3;
-
-        /// <summary>
-        /// PropertyPanel2 control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::Umbraco.Web._Legacy.Controls.PropertyPanel PropertyPanel2;
-
-        /// <summary>
-        /// groupsSelector control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.PlaceHolder groupsSelector;
-
-        /// <summary>
-        /// pane_pages control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::Umbraco.Web._Legacy.Controls.Pane pane_pages;
-
-        /// <summary>
-        /// pp_loginPage control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::Umbraco.Web._Legacy.Controls.PropertyPanel pp_loginPage;
-
-        /// <summary>
-        /// ph_loginpage control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.PlaceHolder ph_loginpage;
-
-        /// <summary>
-        /// cv_loginPage control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.CustomValidator cv_loginPage;
-
-        /// <summary>
-        /// pp_errorPage control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::Umbraco.Web._Legacy.Controls.PropertyPanel pp_errorPage;
-
-        /// <summary>
-        /// ph_errorpage control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.PlaceHolder ph_errorpage;
-
-        /// <summary>
-        /// cv_errorPage control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.CustomValidator cv_errorPage;
-
-        /// <summary>
-        /// bt_protect control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.Button bt_protect;
-
-        /// <summary>
-        /// bt_buttonRemoveProtection control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.Button bt_buttonRemoveProtection;
-
-        /// <summary>
-        /// errorId control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.HtmlControls.HtmlInputHidden errorId;
-
-        /// <summary>
-        /// loginId control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.HtmlControls.HtmlInputHidden loginId;
-
-        /// <summary>
-        /// js control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.PlaceHolder js;
-
-        /// <summary>
-        /// feedback_text control.
-        /// </summary>
-        /// <remarks>
-        /// Auto-generated field.
-        /// To modify move field declaration from designer file to code-behind file.
-        /// </remarks>
-        protected global::System.Web.UI.WebControls.Literal feedback_text;
-
-
-    }
-}

From ebf15b905280f7d542f89b528ba2a5b17e93f2b8 Mon Sep 17 00:00:00 2001
From: Stephan <stephane@umbraco.dk>
Date: Wed, 2 Jan 2019 15:24:05 +0100
Subject: [PATCH 20/21] Fix CacheRefresher and DistributedCache

---
 ...ests.cs => DistributedCacheBinderTests.cs} |  40 ++++-
 .../Integration/ContentEventsTests.cs         |  12 +-
 .../Scoping/ScopedNuCacheTests.cs             |  11 +-
 .../Scoping/ScopedRepositoryTests.cs          |  19 +--
 src/Umbraco.Tests/Scoping/ScopedXmlTests.cs   |  15 +-
 src/Umbraco.Tests/Umbraco.Tests.csproj        |   2 +-
 .../Cache/DistributedCacheBinder.cs           |  85 +++++++++++
 .../Cache/DistributedCacheBinderComponent.cs  |  24 +++
 ....cs => DistributedCacheBinder_Handlers.cs} | 138 +++++-------------
 .../Cache/IDistributedCacheBinder.cs          |  34 +++++
 src/Umbraco.Web/Services/SectionService.cs    |  12 +-
 src/Umbraco.Web/Umbraco.Web.csproj            |   5 +-
 12 files changed, 253 insertions(+), 144 deletions(-)
 rename src/Umbraco.Tests/Cache/{CacheRefresherComponentTests.cs => DistributedCacheBinderTests.cs} (87%)
 create mode 100644 src/Umbraco.Web/Cache/DistributedCacheBinder.cs
 create mode 100644 src/Umbraco.Web/Cache/DistributedCacheBinderComponent.cs
 rename src/Umbraco.Web/Cache/{CacheRefresherComponent.cs => DistributedCacheBinder_Handlers.cs} (86%)
 create mode 100644 src/Umbraco.Web/Cache/IDistributedCacheBinder.cs

diff --git a/src/Umbraco.Tests/Cache/CacheRefresherComponentTests.cs b/src/Umbraco.Tests/Cache/DistributedCacheBinderTests.cs
similarity index 87%
rename from src/Umbraco.Tests/Cache/CacheRefresherComponentTests.cs
rename to src/Umbraco.Tests/Cache/DistributedCacheBinderTests.cs
index 0616b4098f..3cc5e061a5 100644
--- a/src/Umbraco.Tests/Cache/CacheRefresherComponentTests.cs
+++ b/src/Umbraco.Tests/Cache/DistributedCacheBinderTests.cs
@@ -1,21 +1,23 @@
 using System;
-using System.Collections.Generic;
 using System.Linq;
+using System.Threading;
+using Moq;
 using NUnit.Framework;
 using Umbraco.Core.Composing;
 using Umbraco.Core.Events;
 using Umbraco.Core.Models;
 using Umbraco.Core.Models.Membership;
 using Umbraco.Core.Services;
-using Umbraco.Tests.TestHelpers;
 using Umbraco.Tests.Testing;
 using Umbraco.Web.Cache;
+using Umbraco.Web.PublishedCache;
+using Umbraco.Web.Routing;
 
 namespace Umbraco.Tests.Cache
 {
     [TestFixture]
     [UmbracoTest(WithApplication = true)]
-    public class CacheRefresherEventHandlerTests : UmbracoTestBase
+    public class DistributedCacheBinderTests : UmbracoTestBase
     {
         [Test]
         public void Can_Find_All_Event_Handlers()
@@ -114,7 +116,7 @@ namespace Umbraco.Tests.Cache
             var ok = true;
             foreach (var definition in definitions)
             {
-                var found = CacheRefresherComponent.FindHandler(definition);
+                var found = DistributedCacheBinder.FindHandler(definition);
                 if (found == null)
                 {
                     Console.WriteLine("Couldn't find method for " + definition.EventName + " on " + definition.Sender.GetType());
@@ -123,5 +125,35 @@ namespace Umbraco.Tests.Cache
             }
             Assert.IsTrue(ok, "see log for details");
         }
+
+        [Test]
+        public void CanHandleEvent()
+        {
+            // refreshers.HandleEvents wants a UmbracoContext
+            // which wants an HttpContext, which we build using a SimpleWorkerRequest
+            // which requires these to be non-null
+            var domain = Thread.GetDomain();
+            if (domain.GetData(".appPath") == null)
+                domain.SetData(".appPath", "");
+            if (domain.GetData(".appVPath") == null)
+                domain.SetData(".appVPath", "");
+
+            // refreshers.HandleEvents wants a UmbracoContext
+            // which wants these
+            Container.RegisterSingleton(_ => Mock.Of<IPublishedSnapshotService>());
+            Container.RegisterCollectionBuilder<UrlProviderCollectionBuilder>();
+
+            // create some event definitions
+            var definitions = new IEventDefinition[]
+            {
+                // works because that event definition maps to an empty handler
+                new EventDefinition<IContentTypeService, SaveEventArgs<IContentType>>(null, Current.Services.ContentTypeService, new SaveEventArgs<IContentType>(Enumerable.Empty<IContentType>()), "Saved"),
+
+            };
+
+            // just assert it does not throw
+            var refreshers = new DistributedCacheBinder(null, null);
+            refreshers.HandleEvents(definitions);
+        }
     }
 }
diff --git a/src/Umbraco.Tests/Integration/ContentEventsTests.cs b/src/Umbraco.Tests/Integration/ContentEventsTests.cs
index af188c6a09..2aee582acc 100644
--- a/src/Umbraco.Tests/Integration/ContentEventsTests.cs
+++ b/src/Umbraco.Tests/Integration/ContentEventsTests.cs
@@ -2,19 +2,17 @@
 using System.Collections.Generic;
 using System.Linq;
 using LightInject;
+using Moq;
 using NUnit.Framework;
 using Umbraco.Core;
 using Umbraco.Core.Cache;
 using Umbraco.Core.Composing;
 using Umbraco.Core.Logging;
 using Umbraco.Core.Models;
-using Umbraco.Core.Persistence.Repositories;
 using Umbraco.Core.Persistence.Repositories.Implement;
 using Umbraco.Core.Sync;
-using Umbraco.Tests.Cache.DistributedCache;
 using Umbraco.Tests.Services;
 using Umbraco.Tests.TestHelpers.Entities;
-using Umbraco.Tests.TestHelpers.Stubs;
 using Umbraco.Tests.Testing;
 using Umbraco.Web.Cache;
 using static Umbraco.Tests.Cache.DistributedCache.DistributedCacheTests;
@@ -34,8 +32,8 @@ namespace Umbraco.Tests.Integration
         {
             base.SetUp();
 
-            _h1 = new CacheRefresherComponent(true);
-            _h1.Initialize(new DistributedCache());
+            _h1 = new DistributedCacheBinder(new DistributedCache(), Mock.Of<ILogger>());
+            _h1.BindEvents(true);
 
             _events = new List<EventInstance>();
 
@@ -76,7 +74,7 @@ namespace Umbraco.Tests.Integration
         {
             base.TearDown();
 
-            _h1?.Unbind();
+            _h1?.UnbindEvents();
 
             // clear ALL events
 
@@ -86,7 +84,7 @@ namespace Umbraco.Tests.Integration
             ContentCacheRefresher.CacheUpdated -= ContentCacheUpdated;
         }
 
-        private CacheRefresherComponent _h1;
+        private DistributedCacheBinder _h1;
         private IList<EventInstance> _events;
         private int _msgCount;
         private IContentType _contentType;
diff --git a/src/Umbraco.Tests/Scoping/ScopedNuCacheTests.cs b/src/Umbraco.Tests/Scoping/ScopedNuCacheTests.cs
index cf3285cd7e..211bdc3cdb 100644
--- a/src/Umbraco.Tests/Scoping/ScopedNuCacheTests.cs
+++ b/src/Umbraco.Tests/Scoping/ScopedNuCacheTests.cs
@@ -11,6 +11,7 @@ using Umbraco.Core.Composing;
 using Umbraco.Core.Configuration;
 using Umbraco.Core.Configuration.UmbracoSettings;
 using Umbraco.Core.Events;
+using Umbraco.Core.Logging;
 using Umbraco.Core.Models;
 using Umbraco.Core.Models.PublishedContent;
 using Umbraco.Core.Persistence.Repositories;
@@ -36,7 +37,7 @@ namespace Umbraco.Tests.Scoping
     [UmbracoTest(Database = UmbracoTestOptions.Database.NewSchemaPerTest, PublishedRepositoryEvents = true)]
     public class ScopedNuCacheTests : TestWithDatabaseBase
     {
-        private CacheRefresherComponent _cacheRefresher;
+        private DistributedCacheBinder _distributedCacheBinder;
 
         protected override void Compose()
         {
@@ -56,8 +57,8 @@ namespace Umbraco.Tests.Scoping
         {
             base.TearDown();
 
-            _cacheRefresher?.Unbind();
-            _cacheRefresher = null;
+            _distributedCacheBinder?.UnbindEvents();
+            _distributedCacheBinder = null;
 
             _onPublishedAssertAction = null;
             ContentService.Published -= OnPublishedAssert;
@@ -129,8 +130,8 @@ namespace Umbraco.Tests.Scoping
             var umbracoContext = GetUmbracoContextNu("http://example.com/", setSingleton: true);
 
             // wire cache refresher
-            _cacheRefresher = new CacheRefresherComponent(true);
-            _cacheRefresher.Initialize(new DistributedCache());
+            _distributedCacheBinder = new DistributedCacheBinder(new DistributedCache(), Mock.Of<ILogger>());
+            _distributedCacheBinder.BindEvents(true);
 
             // create document type, document
             var contentType = new ContentType(-1) { Alias = "CustomDocument", Name = "Custom Document" };
diff --git a/src/Umbraco.Tests/Scoping/ScopedRepositoryTests.cs b/src/Umbraco.Tests/Scoping/ScopedRepositoryTests.cs
index 48bbdb1e22..9ace5860e1 100644
--- a/src/Umbraco.Tests/Scoping/ScopedRepositoryTests.cs
+++ b/src/Umbraco.Tests/Scoping/ScopedRepositoryTests.cs
@@ -13,6 +13,7 @@ using Umbraco.Web.Cache;
 using LightInject;
 using Moq;
 using Umbraco.Core.Events;
+using Umbraco.Core.Logging;
 using Umbraco.Core.Sync;
 
 namespace Umbraco.Tests.Scoping
@@ -21,7 +22,7 @@ namespace Umbraco.Tests.Scoping
     [UmbracoTest(Database = UmbracoTestOptions.Database.NewSchemaPerTest, WithApplication = true)]
     public class ScopedRepositoryTests : TestWithDatabaseBase
     {
-        private CacheRefresherComponent _cacheRefresher;
+        private DistributedCacheBinder _distributedCacheBinder;
 
         protected override void Compose()
         {
@@ -52,8 +53,8 @@ namespace Umbraco.Tests.Scoping
         [TearDown]
         public void Teardown()
         {
-            _cacheRefresher?.Unbind();
-            _cacheRefresher = null;
+            _distributedCacheBinder?.UnbindEvents();
+            _distributedCacheBinder = null;
         }
 
         [TestCase(true)]
@@ -76,8 +77,8 @@ namespace Umbraco.Tests.Scoping
             // get user again - else we'd modify the one that's in the cache
             user = service.GetUserById(user.Id);
 
-            _cacheRefresher = new CacheRefresherComponent(true);
-            _cacheRefresher.Initialize(new DistributedCache());
+            _distributedCacheBinder = new DistributedCacheBinder(new DistributedCache(), Mock.Of<ILogger>());
+            _distributedCacheBinder.BindEvents(true);
 
             Assert.IsNull(scopeProvider.AmbientScope);
             using (var scope = scopeProvider.CreateScope(repositoryCacheMode: RepositoryCacheMode.Scoped))
@@ -157,8 +158,8 @@ namespace Umbraco.Tests.Scoping
             Assert.AreEqual(lang.Id, globalCached.Id);
             Assert.AreEqual("fr-FR", globalCached.IsoCode);
 
-            _cacheRefresher = new CacheRefresherComponent(true);
-            _cacheRefresher.Initialize(new DistributedCache());
+            _distributedCacheBinder = new DistributedCacheBinder(new DistributedCache(), Mock.Of<ILogger>());
+            _distributedCacheBinder.BindEvents(true);
 
             Assert.IsNull(scopeProvider.AmbientScope);
             using (var scope = scopeProvider.CreateScope(repositoryCacheMode: RepositoryCacheMode.Scoped))
@@ -249,8 +250,8 @@ namespace Umbraco.Tests.Scoping
             Assert.AreEqual(item.Id, globalCached.Id);
             Assert.AreEqual("item-key", globalCached.ItemKey);
 
-            _cacheRefresher = new CacheRefresherComponent(true);
-            _cacheRefresher.Initialize(new DistributedCache());
+            _distributedCacheBinder = new DistributedCacheBinder(new DistributedCache(), Mock.Of<ILogger>());
+            _distributedCacheBinder.BindEvents(true);
 
             Assert.IsNull(scopeProvider.AmbientScope);
             using (var scope = scopeProvider.CreateScope(repositoryCacheMode: RepositoryCacheMode.Scoped))
diff --git a/src/Umbraco.Tests/Scoping/ScopedXmlTests.cs b/src/Umbraco.Tests/Scoping/ScopedXmlTests.cs
index 5f4e653735..1afbf5cb12 100644
--- a/src/Umbraco.Tests/Scoping/ScopedXmlTests.cs
+++ b/src/Umbraco.Tests/Scoping/ScopedXmlTests.cs
@@ -7,6 +7,7 @@ using LightInject;
 using Umbraco.Core.Cache;
 using Umbraco.Core.Composing;
 using Umbraco.Core.Events;
+using Umbraco.Core.Logging;
 using Umbraco.Core.Models;
 using Umbraco.Core.Services;
 using Umbraco.Core.Services.Implement;
@@ -23,7 +24,7 @@ namespace Umbraco.Tests.Scoping
     [UmbracoTest(Database = UmbracoTestOptions.Database.NewSchemaPerTest, PublishedRepositoryEvents = true)]
     public class ScopedXmlTests : TestWithDatabaseBase
     {
-        private CacheRefresherComponent _cacheRefresher;
+        private DistributedCacheBinder _distributedCacheBinder;
 
         protected override void Compose()
         {
@@ -42,8 +43,8 @@ namespace Umbraco.Tests.Scoping
         [TearDown]
         public void Teardown()
         {
-            _cacheRefresher?.Unbind();
-            _cacheRefresher = null;
+            _distributedCacheBinder?.UnbindEvents();
+            _distributedCacheBinder = null;
 
             _onPublishedAssertAction = null;
             ContentService.Published -= OnPublishedAssert;
@@ -90,8 +91,8 @@ namespace Umbraco.Tests.Scoping
             var item = new Content("name", -1, contentType);
 
             // wire cache refresher
-            _cacheRefresher = new CacheRefresherComponent(true);
-            _cacheRefresher.Initialize(new DistributedCache());
+            _distributedCacheBinder = new DistributedCacheBinder(new DistributedCache(), Mock.Of<ILogger>());
+            _distributedCacheBinder.BindEvents(true);
 
             // check xml in context = "before"
             var xml = XmlInContext;
@@ -209,8 +210,8 @@ namespace Umbraco.Tests.Scoping
             Current.Services.ContentTypeService.Save(contentType);
 
             // wire cache refresher
-            _cacheRefresher = new CacheRefresherComponent(true);
-            _cacheRefresher.Initialize(new DistributedCache());
+            _distributedCacheBinder = new DistributedCacheBinder(new DistributedCache(), Mock.Of<ILogger>());
+            _distributedCacheBinder.BindEvents(true);
 
             // check xml in context = "before"
             var xml = XmlInContext;
diff --git a/src/Umbraco.Tests/Umbraco.Tests.csproj b/src/Umbraco.Tests/Umbraco.Tests.csproj
index 7d1753a6b2..d58cf2a5b0 100644
--- a/src/Umbraco.Tests/Umbraco.Tests.csproj
+++ b/src/Umbraco.Tests/Umbraco.Tests.csproj
@@ -111,7 +111,7 @@
     <PackageReference Include="System.Threading.Tasks.Extensions" Version="4.4.0" />
   </ItemGroup>
   <ItemGroup>
-    <Compile Include="Cache\CacheRefresherComponentTests.cs" />
+    <Compile Include="Cache\DistributedCacheBinderTests.cs" />
     <Compile Include="Cache\RefresherTests.cs" />
     <Compile Include="Cache\SnapDictionaryTests.cs" />
     <Compile Include="Clr\ReflectionUtilitiesTests.cs" />
diff --git a/src/Umbraco.Web/Cache/DistributedCacheBinder.cs b/src/Umbraco.Web/Cache/DistributedCacheBinder.cs
new file mode 100644
index 0000000000..f7171a840a
--- /dev/null
+++ b/src/Umbraco.Web/Cache/DistributedCacheBinder.cs
@@ -0,0 +1,85 @@
+using System;
+using System.Collections.Concurrent;
+using System.Collections.Generic;
+using System.Linq;
+using System.Reflection;
+using Umbraco.Core;
+using Umbraco.Core.Events;
+using Umbraco.Core.Logging;
+
+namespace Umbraco.Web.Cache
+{
+    /// <summary>
+    /// Default <see cref="IDistributedCacheBinder"/> implementation.
+    /// </summary>
+    public partial class DistributedCacheBinder : IDistributedCacheBinder
+    {
+        private static readonly ConcurrentDictionary<string, MethodInfo> FoundHandlers = new ConcurrentDictionary<string, MethodInfo>();
+        private readonly DistributedCache _distributedCache;
+        private readonly ILogger _logger;
+
+        /// <summary>
+        /// Initializes a new instance of the <see cref="DistributedCacheBinder"/> class.
+        /// </summary>
+        /// <param name="distributedCache"></param>
+        /// <param name="logger"></param>
+        public DistributedCacheBinder(DistributedCache distributedCache, ILogger logger)
+        {
+            _distributedCache = distributedCache;
+            _logger = logger;
+        }
+
+        // internal for tests
+        internal static MethodInfo FindHandler(IEventDefinition eventDefinition)
+        {
+            var name = eventDefinition.Sender.GetType().Name + "_" + eventDefinition.EventName;
+
+            return FoundHandlers.GetOrAdd(name, n => CandidateHandlers.Value.FirstOrDefault(x => x.Name == n));
+        }
+
+        private static readonly Lazy<MethodInfo[]> CandidateHandlers = new Lazy<MethodInfo[]>(() =>
+        {
+            var underscore = new[] { '_' };
+
+            return typeof(DistributedCacheBinder)
+                .GetMethods(BindingFlags.Instance | BindingFlags.Public | BindingFlags.NonPublic)
+                .Select(x =>
+                {
+                    if (x.Name.Contains("_") == false) return null;
+
+                    var parts = x.Name.Split(underscore, StringSplitOptions.RemoveEmptyEntries).Length;
+                    if (parts != 2) return null;
+
+                    var parameters = x.GetParameters();
+                    if (parameters.Length != 2) return null;
+                    if (typeof(EventArgs).IsAssignableFrom(parameters[1].ParameterType) == false) return null;
+                    return x;
+                })
+                .WhereNotNull()
+                .ToArray();
+        });
+
+        /// <inheritdoc />
+        public void HandleEvents(IEnumerable<IEventDefinition> events)
+        {
+            // ensure we run with an UmbracoContext, because this may run in a background task,
+            // yet developers may be using the 'current' UmbracoContext in the event handlers
+            using (UmbracoContext.EnsureContext())
+            {
+                foreach (var e in events)
+                {
+                    var handler = FindHandler(e);
+                    if (handler == null)
+                    {
+                        // fixme - should this be fatal (ie, an exception)?
+                        var name = e.Sender.GetType().Name + "_" + e.EventName;
+                        _logger.Warn<DistributedCacheBinder>("Dropping event {EventName} because no corresponding handler was found.", name);
+                        continue;
+                    }
+
+                    handler.Invoke(this, new[] { e.Sender, e.Args });
+                }
+            }
+        }
+    }
+}
diff --git a/src/Umbraco.Web/Cache/DistributedCacheBinderComponent.cs b/src/Umbraco.Web/Cache/DistributedCacheBinderComponent.cs
new file mode 100644
index 0000000000..57b013a97c
--- /dev/null
+++ b/src/Umbraco.Web/Cache/DistributedCacheBinderComponent.cs
@@ -0,0 +1,24 @@
+using Umbraco.Core;
+using Umbraco.Core.Components;
+using Umbraco.Core.Composing;
+
+namespace Umbraco.Web.Cache
+{
+    /// <summary>
+    /// Installs listeners on service events in order to refresh our caches.
+    /// </summary>
+    [RuntimeLevel(MinLevel = RuntimeLevel.Run)]
+    [RequiredComponent(typeof(IUmbracoCoreComponent))] // runs before every other IUmbracoCoreComponent!
+    public class DistributedCacheBinderComponent : UmbracoComponentBase, IUmbracoCoreComponent
+    {
+        public override void Compose(Composition composition)
+        {
+            composition.Container.RegisterSingleton<IDistributedCacheBinder, DistributedCacheBinder>();
+        }
+
+        public void Initialize(IDistributedCacheBinder distributedCacheBinder)
+        {
+            distributedCacheBinder.BindEvents();
+        }
+    }
+}
diff --git a/src/Umbraco.Web/Cache/CacheRefresherComponent.cs b/src/Umbraco.Web/Cache/DistributedCacheBinder_Handlers.cs
similarity index 86%
rename from src/Umbraco.Web/Cache/CacheRefresherComponent.cs
rename to src/Umbraco.Web/Cache/DistributedCacheBinder_Handlers.cs
index a020b0d76f..81b133b9ef 100644
--- a/src/Umbraco.Web/Cache/CacheRefresherComponent.cs
+++ b/src/Umbraco.Web/Cache/DistributedCacheBinder_Handlers.cs
@@ -1,56 +1,50 @@
 using System;
-using System.Collections.Concurrent;
 using System.Collections.Generic;
-using System.IO;
-using Umbraco.Core;
+using System.Linq;
 using Umbraco.Core.Events;
+using Umbraco.Core.Logging;
 using Umbraco.Core.Models;
 using Umbraco.Core.Models.Membership;
 using Umbraco.Core.Services;
-using System.Linq;
-using System.Reflection;
-using System.Web;
-using System.Web.Hosting;
-using Umbraco.Core.Components;
-using Umbraco.Core.Configuration;
-using Umbraco.Core.Logging;
-using Umbraco.Core.Models.PublishedContent;
 using Umbraco.Core.Services.Changes;
 using Umbraco.Core.Services.Implement;
-using Umbraco.Web.Composing;
-using Umbraco.Web.Security;
 using Umbraco.Web.Services;
-using LightInject;
-using ApplicationTree = Umbraco.Core.Models.ApplicationTree;
 
 namespace Umbraco.Web.Cache
 {
     /// <summary>
-    /// Installs listeners on service events in order to refresh our caches.
+    /// Default <see cref="IDistributedCacheBinder"/> implementation.
     /// </summary>
-    [RuntimeLevel(MinLevel = RuntimeLevel.Run)]
-    [RequiredComponent(typeof(IUmbracoCoreComponent))] // runs before every other IUmbracoCoreComponent!
-    public class CacheRefresherComponent : UmbracoComponentBase, IUmbracoCoreComponent
+    public partial class DistributedCacheBinder
     {
-        private static readonly ConcurrentDictionary<string, MethodInfo> FoundHandlers = new ConcurrentDictionary<string, MethodInfo>();
-        private DistributedCache _distributedCache;
         private List<Action> _unbinders;
 
-        public CacheRefresherComponent()
-        { }
+        private void Bind(Action binder, Action unbinder)
+        {
+            // bind now
+            binder();
 
-        // for tests
-        public CacheRefresherComponent(bool supportUnbinding)
+            // and register unbinder for later, if needed
+            _unbinders?.Add(unbinder);
+        }
+
+        /// <inheritdoc />
+        public void UnbindEvents()
+        {
+            if (_unbinders == null)
+                throw new NotSupportedException();
+            foreach (var unbinder in _unbinders)
+                unbinder();
+            _unbinders = null;
+        }
+
+        /// <inheritdoc />
+        public void BindEvents(bool supportUnbinding = false)
         {
             if (supportUnbinding)
                 _unbinders = new List<Action>();
-        }
 
-        public void Initialize(DistributedCache distributedCache)
-        {
-            Current.Logger.Info<CacheRefresherComponent>("Initializing Umbraco internal event handlers for cache refreshing.");
-
-            _distributedCache = distributedCache;
+            _logger.Info<DistributedCacheBinderComponent>("Initializing Umbraco internal event handlers for cache refreshing.");
 
             // bind to application tree events
             Bind(() => ApplicationTreeService.Deleted += ApplicationTreeService_Deleted,
@@ -170,74 +164,6 @@ namespace Umbraco.Web.Cache
                 () => RelationService.DeletedRelationType -= RelationService_DeletedRelationType);
         }
 
-        #region Events binding and handling
-
-        private void Bind(Action binder, Action unbinder)
-        {
-            // bind now
-            binder();
-
-            // and register unbinder for later, if needed
-            _unbinders?.Add(unbinder);
-        }
-
-        // for tests
-        internal void Unbind()
-        {
-            if (_unbinders == null)
-                throw new NotSupportedException();
-            foreach (var unbinder in _unbinders)
-                unbinder();
-            _unbinders = null;
-        }
-
-        internal static MethodInfo FindHandler(IEventDefinition eventDefinition)
-        {
-            var name = eventDefinition.Sender.GetType().Name + "_" + eventDefinition.EventName;
-
-            return FoundHandlers.GetOrAdd(name, n => CandidateHandlers.Value.FirstOrDefault(x => x.Name == n));
-        }
-
-        private static readonly Lazy<MethodInfo[]> CandidateHandlers = new Lazy<MethodInfo[]>(() =>
-        {
-            var underscore = new[] { '_' };
-
-            return typeof(CacheRefresherComponent)
-                .GetMethods(BindingFlags.Instance | BindingFlags.Public | BindingFlags.NonPublic)
-                .Select(x =>
-                {
-                    if (x.Name.Contains("_") == false) return null;
-
-                    var parts = x.Name.Split(underscore, StringSplitOptions.RemoveEmptyEntries).Length;
-                    if (parts != 2) return null;
-
-                    var parameters = x.GetParameters();
-                    if (parameters.Length != 2) return null;
-                    if (typeof(EventArgs).IsAssignableFrom(parameters[1].ParameterType) == false) return null;
-                    return x;
-                })
-                .WhereNotNull()
-                .ToArray();
-        });
-
-        internal static void HandleEvents(IEnumerable<IEventDefinition> events)
-        {
-            // ensure we run with an UmbracoContext, because this may run in a background task,
-            // yet developers may be using the 'current' UmbracoContext in the event handlers
-            using (UmbracoContext.EnsureContext())
-            {
-                foreach (var e in events)
-                {
-                    var handler = FindHandler(e);
-                    if (handler == null) continue;
-
-                    handler.Invoke(null, new[] { e.Sender, e.Args });
-                }
-            }
-        }
-
-        #endregion
-
         #region PublicAccessService
 
         private void PublicAccessService_Saved(IPublicAccessService sender, SaveEventArgs<PublicAccessEntry> e)
@@ -264,7 +190,8 @@ namespace Umbraco.Web.Cache
         /// case then we need to clear all user permissions cache.
         /// </remarks>
         private void ContentService_Copied(IContentService sender, CopyEventArgs<IContent> e)
-        { }
+        {
+        }
 
         /// <summary>
         /// Handles cache refreshing for when content is saved (not published)
@@ -276,7 +203,8 @@ namespace Umbraco.Web.Cache
         /// stay up-to-date for unpublished content.
         /// </remarks>
         private void ContentService_Saved(IContentService sender, SaveEventArgs<IContent> e)
-        { }
+        {
+        }
 
         private void ContentService_Changed(IContentService sender, TreeChange<IContent>.EventArgs args)
         {
@@ -324,12 +252,12 @@ namespace Umbraco.Web.Cache
 
         #region Application event handlers
 
-        private void SectionService_New(Section sender, EventArgs e)
+        private void SectionService_New(ISectionService sender, EventArgs e)
         {
             _distributedCache.RefreshAllApplicationCache();
         }
 
-        private void SectionService_Deleted(Section sender, EventArgs e)
+        private void SectionService_Deleted(ISectionService sender, EventArgs e)
         {
             _distributedCache.RefreshAllApplicationCache();
         }
@@ -439,7 +367,8 @@ namespace Umbraco.Web.Cache
 
         #region UserService
 
-        static void UserService_UserGroupPermissionsAssigned(IUserService sender, SaveEventArgs<EntityPermission> e)
+        // fixme STATIC??
+        private void UserService_UserGroupPermissionsAssigned(IUserService sender, SaveEventArgs<EntityPermission> e)
         {
             //TODO: Not sure if we need this yet depends if we start caching permissions
             //var groupIds = e.SavedEntities.Select(x => x.UserGroupId).Distinct();
@@ -568,6 +497,7 @@ namespace Umbraco.Web.Cache
                 _distributedCache.RemoveMemberGroupCache(m.Id);
             }
         }
+
         #endregion
 
         #region RelationType
diff --git a/src/Umbraco.Web/Cache/IDistributedCacheBinder.cs b/src/Umbraco.Web/Cache/IDistributedCacheBinder.cs
new file mode 100644
index 0000000000..e4237fea94
--- /dev/null
+++ b/src/Umbraco.Web/Cache/IDistributedCacheBinder.cs
@@ -0,0 +1,34 @@
+using System.Collections.Generic;
+using Umbraco.Core.Events;
+using Umbraco.Core.Services.Implement;
+
+namespace Umbraco.Web.Cache
+{
+    /// <summary>
+    /// Binds events to the distributed cache.
+    /// </summary>
+    /// <remarks>
+    /// <para>Use <see cref="BindEvents"/> to bind actual events, eg <see cref="ContentService.Saved"/>, to
+    /// the distributed cache, so that the proper refresh operations are executed when these events trigger.</para>
+    /// <para>Use <see cref="HandleEvents"/> to handle events that have not actually triggered, but have
+    /// been queued, so that the proper refresh operations are also executed.</para>
+    /// </remarks>
+    public interface IDistributedCacheBinder
+    {
+        /// <summary>
+        /// Handles events from definitions.
+        /// </summary>
+        void HandleEvents(IEnumerable<IEventDefinition> events);
+
+        /// <summary>
+        /// Binds actual events to the distributed cache.
+        /// </summary>
+        /// <param name="enableUnbinding">A value indicating whether to support unbinding the events.</param>
+        void BindEvents(bool enableUnbinding = false);
+
+        /// <summary>
+        /// Unbinds bounded events.
+        /// </summary>
+        void UnbindEvents();
+    }
+}
diff --git a/src/Umbraco.Web/Services/SectionService.cs b/src/Umbraco.Web/Services/SectionService.cs
index ff8279a411..5d013d7e79 100644
--- a/src/Umbraco.Web/Services/SectionService.cs
+++ b/src/Umbraco.Web/Services/SectionService.cs
@@ -200,7 +200,7 @@ namespace Umbraco.Web.Services
                 }, true);
 
                 //raise event
-                OnNew(new Section(name, alias, sortOrder), new EventArgs());
+                OnNew(this /*new Section(name, alias, sortOrder)*/, new EventArgs());
             }
         }
 
@@ -235,7 +235,7 @@ namespace Umbraco.Web.Services
                 }, true);
 
                 //raise event
-                OnDeleted(section, new EventArgs());
+                OnDeleted(this, new EventArgs());
             }
         }
 
@@ -262,8 +262,8 @@ namespace Umbraco.Web.Services
             return tmp;
         }
 
-        internal static event TypedEventHandler<Section, EventArgs> Deleted;
-        private static void OnDeleted(Section app, EventArgs args)
+        internal static event TypedEventHandler<ISectionService, EventArgs> Deleted;
+        private static void OnDeleted(ISectionService app, EventArgs args)
         {
             if (Deleted != null)
             {
@@ -271,8 +271,8 @@ namespace Umbraco.Web.Services
             }
         }
 
-        internal static event TypedEventHandler<Section, EventArgs> New;
-        private static void OnNew(Section app, EventArgs args)
+        internal static event TypedEventHandler<ISectionService, EventArgs> New;
+        private static void OnNew(ISectionService app, EventArgs args)
         {
             if (New != null)
             {
diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj
index 6089e68325..17c2a54d81 100755
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -108,7 +108,10 @@
     <Compile Include="AppBuilderExtensions.cs" />
     <Compile Include="AreaRegistrationContextExtensions.cs" />
     <Compile Include="AspNetHttpContextAccessor.cs" />
+    <Compile Include="Cache\DistributedCacheBinder.cs" />
+    <Compile Include="Cache\DistributedCacheBinder_Handlers.cs" />
     <Compile Include="Cache\ContentCacheRefresher.cs" />
+    <Compile Include="Cache\IDistributedCacheBinder.cs" />
     <Compile Include="Cache\UserGroupCacheRefresher.cs" />
     <Compile Include="Components\BackOfficeUserAuditEventsComponent.cs" />
     <Compile Include="ContentApps\ListViewContentAppFactory.cs" />
@@ -652,7 +655,7 @@
     <Compile Include="Cache\DictionaryCacheRefresher.cs" />
     <Compile Include="Cache\DistributedCache.cs" />
     <Compile Include="Cache\DistributedCacheExtensions.cs" />
-    <Compile Include="Cache\CacheRefresherComponent.cs" />
+    <Compile Include="Cache\DistributedCacheBinderComponent.cs" />
     <Compile Include="Cache\DomainCacheRefresher.cs" />
     <Compile Include="Cache\LanguageCacheRefresher.cs" />
     <Compile Include="Cache\MacroCacheRefresher.cs" />

From 17d818b6049c79f2d0403c05bbe7bb13154c79b6 Mon Sep 17 00:00:00 2001
From: Stephan <stephane@umbraco.dk>
Date: Wed, 2 Jan 2019 15:29:22 +0100
Subject: [PATCH 21/21] Make Current.Container public for Deploy, wont last

---
 src/Umbraco.Core/Composing/Current.cs | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/Umbraco.Core/Composing/Current.cs b/src/Umbraco.Core/Composing/Current.cs
index e3bce53a3c..9515398236 100644
--- a/src/Umbraco.Core/Composing/Current.cs
+++ b/src/Umbraco.Core/Composing/Current.cs
@@ -38,7 +38,7 @@ namespace Umbraco.Core.Composing
         /// <summary>
         /// Gets or sets the DI container.
         /// </summary>
-        internal static IServiceContainer Container
+        public static IServiceContainer Container
         {
             get
             {