From cf9b00bffcf4eb5eee21e94523b5773a93a3c7e0 Mon Sep 17 00:00:00 2001 From: Bjarke Berg Date: Thu, 29 Feb 2024 09:41:56 +0000 Subject: [PATCH] Refactor authorizers to be reusable from the core project (#15782) * Refactored the Authorizers to be reuseable from core by now knowing about principal but only the IUser. Also moved them to core * Fix multiple enumeration * Fix more multiple enumerations --------- Co-authored-by: Nikolaj --- .../Dictionary/CreateDictionaryController.cs | 2 +- .../Dictionary/UpdateDictionaryController.cs | 1 + .../Document/ByKeyDocumentController.cs | 1 + .../Document/CopyDocumentController.cs | 1 + .../Document/CreateDocumentControllerBase.cs | 1 + .../CreatePublicAccessDocumentController.cs | 1 + .../Document/DeleteDocumentController.cs | 1 + .../DeletePublicAccessDocumentController.cs | 1 + .../GetPublicAccessDocumentController.cs | 1 + .../Document/MoveDocumentController.cs | 1 + .../MoveToRecycleBinDocumentController.cs | 1 + .../Document/NotificationsController.cs | 1 + .../Document/PublishDocumentController.cs | 1 + ...ublishDocumentWithDescendantsController.cs | 1 + .../DeleteDocumentRecycleBinController.cs | 1 + .../EmptyDocumentRecycleBinController.cs | 1 + ...ginalParentDocumentRecycleBinController.cs | 1 + .../RestoreDocumentRecycleBinController.cs | 1 + .../Document/SortDocumentController.cs | 1 + .../Document/UnpublishDocumentController.cs | 1 + .../Document/UpdateDocumentControllerBase.cs | 1 + .../UpdatePublicAccessDocumentController.cs | 1 + .../Controllers/Media/ByKeyMediaController.cs | 1 + .../Media/CreateMediaControllerBase.cs | 1 + .../Media/DeleteMediaController.cs | 1 + .../Controllers/Media/MoveMediaController.cs | 1 + .../Media/MoveToRecycleBinMediaController.cs | 1 + .../DeleteMediaRecycleBinController.cs | 1 + .../EmptyMediaRecycleBinController.cs | 1 + ...OriginalParentMediaRecycleBinController.cs | 1 + .../RestoreMediaRecycleBinController.cs | 1 + .../Controllers/Media/SortMediaController.cs | 1 + .../Media/UpdateMediaControllerBase.cs | 1 + .../User/BulkDeleteUserController.cs | 1 + .../Controllers/User/ByKeyUserController.cs | 1 + .../User/ClearAvatarUserController.cs | 1 + .../User/Current/GetCurrentUserController.cs | 1 + .../Current/SetAvatarCurrentUserController.cs | 1 + .../Controllers/User/DeleteUserController.cs | 1 + .../DisableTwoFactorProviderUserController.cs | 1 + .../Controllers/User/DisableUserController.cs | 1 + .../Controllers/User/EnableUserController.cs | 1 + .../ListTwoFactorProvidersUserController.cs | 1 + .../User/SetAvatarUserController.cs | 1 + .../Controllers/User/UnlockUserController.cs | 1 + .../User/UpdateUserGroupsUserController.cs | 1 + .../AddUsersToUserGroupController.cs | 1 + .../BulkDeleteUserGroupsController.cs | 1 + .../UserGroup/ByKeyUserGroupController.cs | 1 + .../UserGroup/DeleteUserGroupController.cs | 1 + .../RemoveUsersFromUserGroupController.cs | 1 + .../BackOfficeAuthPolicyBuilderExtensions.cs | 8 -- .../AuthorizationServiceExtensions.cs | 1 + .../Content/ContentPermissionAuthorizer.cs | 79 ------------------- .../Content/ContentPermissionHandler.cs | 23 ++++-- .../DictionaryPermissionAuthorizer.cs | 25 ------ .../Dictionary/DictionaryPermissionHandler.cs | 19 ++++- .../IDictionaryPermissionAuthorizer.cs | 8 -- .../Feature/FeatureAuthorizeHandler.cs | 63 ++++++++++++++- .../Feature/FeatureAuthorizer.cs | 67 ---------------- .../Authorization/IPermissionResource.cs | 5 -- .../Media/MediaPermissionHandler.cs | 19 +++-- .../User/UserPermissionHandler.cs | 19 ++++- .../UserGroupPermissionAuthorizer.cs | 35 -------- .../UserGroup/UserGroupPermissionHandler.cs | 19 ++++- .../Umbraco.Cms.Api.Management.csproj | 4 + .../DependencyInjection/UmbracoBuilder.cs | 11 +++ .../Authorization/AuthorizationHelper.cs | 5 +- .../ContentPermissionAuthorizer.cs | 76 ++++++++++++++++++ .../ContentPermissionResource.cs | 43 +++++----- .../DictionaryPermissionAuthorizer.cs | 20 +++++ .../DictionaryPermissionResource.cs | 6 +- .../Authorization/FeatureAuthorizer.cs | 15 ++++ .../Authorization/IAuthorizationHelper.cs | 2 +- .../IContentPermissionAuthorizer.cs | 38 ++++----- .../IDictionaryPermissionAuthorizer.cs | 8 ++ .../Authorization}/IFeatureAuthorizer.cs | 8 +- .../IMediaPermissionAuthorizer.cs | 20 ++--- .../Authorization/IPermissionResource.cs | 5 ++ .../IUserGroupPermissionAuthorizer.cs | 12 +-- .../IUserPermissionAuthorizer.cs | 12 +-- .../MediaPermissionAuthorizer.cs | 27 ++----- .../Authorization}/MediaPermissionResource.cs | 13 +-- .../UserGroupPermissionAuthorizer.cs | 30 +++++++ .../UserGroupPermissionResource.cs | 2 +- .../UserPermissionAuthorizer.cs | 14 +--- .../Authorization}/UserPermissionResource.cs | 2 +- .../Implement/ContentListViewService.cs | 21 ++--- .../Implement/MediaListViewService.cs | 20 ++--- 89 files changed, 465 insertions(+), 391 deletions(-) delete mode 100644 src/Umbraco.Cms.Api.Management/Security/Authorization/Content/ContentPermissionAuthorizer.cs delete mode 100644 src/Umbraco.Cms.Api.Management/Security/Authorization/Dictionary/DictionaryPermissionAuthorizer.cs delete mode 100644 src/Umbraco.Cms.Api.Management/Security/Authorization/Dictionary/IDictionaryPermissionAuthorizer.cs delete mode 100644 src/Umbraco.Cms.Api.Management/Security/Authorization/Feature/FeatureAuthorizer.cs delete mode 100644 src/Umbraco.Cms.Api.Management/Security/Authorization/IPermissionResource.cs delete mode 100644 src/Umbraco.Cms.Api.Management/Security/Authorization/UserGroup/UserGroupPermissionAuthorizer.cs rename src/{Umbraco.Cms.Api.Management => Umbraco.Core}/Security/Authorization/AuthorizationHelper.cs (87%) create mode 100644 src/Umbraco.Core/Security/Authorization/ContentPermissionAuthorizer.cs rename src/{Umbraco.Cms.Api.Management/Security/Authorization/Content => Umbraco.Core/Security/Authorization}/ContentPermissionResource.cs (85%) create mode 100644 src/Umbraco.Core/Security/Authorization/DictionaryPermissionAuthorizer.cs rename src/{Umbraco.Cms.Api.Management/Security/Authorization/Dictionary => Umbraco.Core/Security/Authorization}/DictionaryPermissionResource.cs (79%) create mode 100644 src/Umbraco.Core/Security/Authorization/FeatureAuthorizer.cs rename src/{Umbraco.Cms.Api.Management => Umbraco.Core}/Security/Authorization/IAuthorizationHelper.cs (89%) rename src/{Umbraco.Cms.Api.Management/Security/Authorization/Content => Umbraco.Core/Security/Authorization}/IContentPermissionAuthorizer.cs (67%) create mode 100644 src/Umbraco.Core/Security/Authorization/IDictionaryPermissionAuthorizer.cs rename src/{Umbraco.Cms.Api.Management/Security/Authorization/Feature => Umbraco.Core/Security/Authorization}/IFeatureAuthorizer.cs (54%) rename src/{Umbraco.Cms.Api.Management/Security/Authorization/Media => Umbraco.Core/Security/Authorization}/IMediaPermissionAuthorizer.cs (64%) create mode 100644 src/Umbraco.Core/Security/Authorization/IPermissionResource.cs rename src/{Umbraco.Cms.Api.Management/Security/Authorization/UserGroup => Umbraco.Core/Security/Authorization}/IUserGroupPermissionAuthorizer.cs (67%) rename src/{Umbraco.Cms.Api.Management/Security/Authorization/User => Umbraco.Core/Security/Authorization}/IUserPermissionAuthorizer.cs (67%) rename src/{Umbraco.Cms.Api.Management/Security/Authorization/Media => Umbraco.Core/Security/Authorization}/MediaPermissionAuthorizer.cs (53%) rename src/{Umbraco.Cms.Api.Management/Security/Authorization/Media => Umbraco.Core/Security/Authorization}/MediaPermissionResource.cs (87%) create mode 100644 src/Umbraco.Core/Security/Authorization/UserGroupPermissionAuthorizer.cs rename src/{Umbraco.Cms.Api.Management/Security/Authorization/UserGroup => Umbraco.Core/Security/Authorization}/UserGroupPermissionResource.cs (95%) rename src/{Umbraco.Cms.Api.Management/Security/Authorization/User => Umbraco.Core/Security/Authorization}/UserPermissionAuthorizer.cs (52%) rename src/{Umbraco.Cms.Api.Management/Security/Authorization/User => Umbraco.Core/Security/Authorization}/UserPermissionResource.cs (95%) diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/CreateDictionaryController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/CreateDictionaryController.cs index 60613efa29..aa8a561ac5 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/CreateDictionaryController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/CreateDictionaryController.cs @@ -3,12 +3,12 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Factories; -using Umbraco.Cms.Api.Management.Security.Authorization.Dictionary; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Security; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Api.Management.ViewModels.Dictionary; using Umbraco.Cms.Core; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; using Umbraco.Extensions; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/UpdateDictionaryController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/UpdateDictionaryController.cs index 4e9dc5bb4d..fa3990149d 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/UpdateDictionaryController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Dictionary/UpdateDictionaryController.cs @@ -9,6 +9,7 @@ using Umbraco.Cms.Core.Services; using Umbraco.Cms.Api.Management.ViewModels.Dictionary; using Umbraco.Cms.Core; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; using Umbraco.Extensions; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/ByKeyDocumentController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/ByKeyDocumentController.cs index 5a488a3cc3..2d562a7390 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/ByKeyDocumentController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/ByKeyDocumentController.cs @@ -7,6 +7,7 @@ using Umbraco.Cms.Api.Management.Security.Authorization.Content; using Umbraco.Cms.Api.Management.ViewModels.Document; using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Models; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Web.Common.Authorization; using Umbraco.Extensions; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/CopyDocumentController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/CopyDocumentController.cs index 055c082d7e..5fdc8c02f1 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/CopyDocumentController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/CopyDocumentController.cs @@ -8,6 +8,7 @@ using Umbraco.Cms.Core; using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/CreateDocumentControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/CreateDocumentControllerBase.cs index faa0de8bcb..d6983964c5 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/CreateDocumentControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/CreateDocumentControllerBase.cs @@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Security.Authorization.Content; using Umbraco.Cms.Api.Management.ViewModels.Document; using Umbraco.Cms.Core.Actions; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Web.Common.Authorization; using Umbraco.Extensions; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/CreatePublicAccessDocumentController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/CreatePublicAccessDocumentController.cs index 5901ea9ed5..e8623cc7df 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/CreatePublicAccessDocumentController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/CreatePublicAccessDocumentController.cs @@ -8,6 +8,7 @@ using Umbraco.Cms.Api.Management.ViewModels.PublicAccess; using Umbraco.Cms.Core; using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Models; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/DeleteDocumentController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/DeleteDocumentController.cs index b1e4caa1de..74e2a7463c 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/DeleteDocumentController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/DeleteDocumentController.cs @@ -7,6 +7,7 @@ using Umbraco.Cms.Core; using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/DeletePublicAccessDocumentController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/DeletePublicAccessDocumentController.cs index 55de3ed093..998d877f7e 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/DeletePublicAccessDocumentController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/DeletePublicAccessDocumentController.cs @@ -5,6 +5,7 @@ using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Security.Authorization.Content; using Umbraco.Cms.Core; using Umbraco.Cms.Core.Actions; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/GetPublicAccessDocumentController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/GetPublicAccessDocumentController.cs index c221ef3f01..3809cddae2 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/GetPublicAccessDocumentController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/GetPublicAccessDocumentController.cs @@ -8,6 +8,7 @@ using Umbraco.Cms.Api.Management.ViewModels.PublicAccess; using Umbraco.Cms.Core; using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Models; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/MoveDocumentController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/MoveDocumentController.cs index c7b5ead51a..74d77182e4 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/MoveDocumentController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/MoveDocumentController.cs @@ -8,6 +8,7 @@ using Umbraco.Cms.Core; using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/MoveToRecycleBinDocumentController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/MoveToRecycleBinDocumentController.cs index 3b974f176b..212761d2db 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/MoveToRecycleBinDocumentController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/MoveToRecycleBinDocumentController.cs @@ -7,6 +7,7 @@ using Umbraco.Cms.Core; using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/NotificationsController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/NotificationsController.cs index 48e318c50a..9ac152a6ad 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/NotificationsController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/NotificationsController.cs @@ -7,6 +7,7 @@ using Umbraco.Cms.Api.Management.Security.Authorization.Content; using Umbraco.Cms.Api.Management.ViewModels.Document; using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Models; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Web.Common.Authorization; using Umbraco.Extensions; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/PublishDocumentController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/PublishDocumentController.cs index 64a643c93b..13d9433721 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/PublishDocumentController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/PublishDocumentController.cs @@ -9,6 +9,7 @@ using Umbraco.Cms.Core; using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Models.ContentPublishing; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/PublishDocumentWithDescendantsController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/PublishDocumentWithDescendantsController.cs index 15cfc6daec..996855afe9 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/PublishDocumentWithDescendantsController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/PublishDocumentWithDescendantsController.cs @@ -8,6 +8,7 @@ using Umbraco.Cms.Core; using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Models.ContentPublishing; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/DeleteDocumentRecycleBinController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/DeleteDocumentRecycleBinController.cs index 9fff59c872..22beb9e93c 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/DeleteDocumentRecycleBinController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/DeleteDocumentRecycleBinController.cs @@ -8,6 +8,7 @@ using Umbraco.Cms.Core; using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/EmptyDocumentRecycleBinController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/EmptyDocumentRecycleBinController.cs index 1ce408e8d4..d58a71920b 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/EmptyDocumentRecycleBinController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/EmptyDocumentRecycleBinController.cs @@ -6,6 +6,7 @@ using Umbraco.Cms.Api.Management.Factories; using Umbraco.Cms.Api.Management.Security.Authorization.Content; using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Web.Common.Authorization; using Umbraco.Extensions; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/OriginalParentDocumentRecycleBinController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/OriginalParentDocumentRecycleBinController.cs index 7cb790f5ae..e691600e59 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/OriginalParentDocumentRecycleBinController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/OriginalParentDocumentRecycleBinController.cs @@ -9,6 +9,7 @@ using Umbraco.Cms.Api.Management.ViewModels.Document.Item; using Umbraco.Cms.Core; using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Models.Entities; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.Querying.RecycleBin; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/RestoreDocumentRecycleBinController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/RestoreDocumentRecycleBinController.cs index 17965b2d11..e93ab73fad 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/RestoreDocumentRecycleBinController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/RecycleBin/RestoreDocumentRecycleBinController.cs @@ -9,6 +9,7 @@ using Umbraco.Cms.Core; using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/SortDocumentController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/SortDocumentController.cs index fe2dbfac53..4caffc0056 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/SortDocumentController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/SortDocumentController.cs @@ -7,6 +7,7 @@ using Umbraco.Cms.Api.Management.ViewModels.Sorting; using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Models.ContentEditing; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/UnpublishDocumentController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/UnpublishDocumentController.cs index 52515305e1..ee2d5763c7 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/UnpublishDocumentController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/UnpublishDocumentController.cs @@ -7,6 +7,7 @@ using Umbraco.Cms.Api.Management.ViewModels.Document; using Umbraco.Cms.Core; using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/UpdateDocumentControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/UpdateDocumentControllerBase.cs index 385d6f44cb..abd2707203 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/UpdateDocumentControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/UpdateDocumentControllerBase.cs @@ -4,6 +4,7 @@ using Umbraco.Cms.Api.Management.Security.Authorization.Content; using Umbraco.Cms.Api.Management.ViewModels.Document; using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Models; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Web.Common.Authorization; using Umbraco.Extensions; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Document/UpdatePublicAccessDocumentController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Document/UpdatePublicAccessDocumentController.cs index 790169995f..b0f1b56a46 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Document/UpdatePublicAccessDocumentController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Document/UpdatePublicAccessDocumentController.cs @@ -8,6 +8,7 @@ using Umbraco.Cms.Api.Management.ViewModels.PublicAccess; using Umbraco.Cms.Core; using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Models; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Media/ByKeyMediaController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Media/ByKeyMediaController.cs index 588554bccc..089ceb99fa 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Media/ByKeyMediaController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Media/ByKeyMediaController.cs @@ -6,6 +6,7 @@ using Umbraco.Cms.Api.Management.Factories; using Umbraco.Cms.Api.Management.Security.Authorization.Media; using Umbraco.Cms.Api.Management.ViewModels.Media; using Umbraco.Cms.Core.Models; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Web.Common.Authorization; using Umbraco.Extensions; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Media/CreateMediaControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Media/CreateMediaControllerBase.cs index 0f922cba0f..4853dc0975 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Media/CreateMediaControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Media/CreateMediaControllerBase.cs @@ -1,6 +1,7 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Security.Authorization.Media; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Web.Common.Authorization; using Umbraco.Extensions; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Media/DeleteMediaController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Media/DeleteMediaController.cs index 26e3b6f277..8d1a670034 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Media/DeleteMediaController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Media/DeleteMediaController.cs @@ -6,6 +6,7 @@ using Umbraco.Cms.Api.Management.Security.Authorization.Media; using Umbraco.Cms.Core; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Media/MoveMediaController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Media/MoveMediaController.cs index 29fb30a0db..257e6ff070 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Media/MoveMediaController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Media/MoveMediaController.cs @@ -7,6 +7,7 @@ using Umbraco.Cms.Api.Management.ViewModels.Media; using Umbraco.Cms.Core; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Media/MoveToRecycleBinMediaController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Media/MoveToRecycleBinMediaController.cs index 8c3d771e6f..81f87bc7cf 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Media/MoveToRecycleBinMediaController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Media/MoveToRecycleBinMediaController.cs @@ -6,6 +6,7 @@ using Umbraco.Cms.Api.Management.Security.Authorization.Media; using Umbraco.Cms.Core; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/DeleteMediaRecycleBinController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/DeleteMediaRecycleBinController.cs index 31e1cdad7d..bd6c02fc33 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/DeleteMediaRecycleBinController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/DeleteMediaRecycleBinController.cs @@ -7,6 +7,7 @@ using Umbraco.Cms.Api.Management.Security.Authorization.Media; using Umbraco.Cms.Core; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/EmptyMediaRecycleBinController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/EmptyMediaRecycleBinController.cs index bd7674f502..ff45e30d3a 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/EmptyMediaRecycleBinController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/EmptyMediaRecycleBinController.cs @@ -6,6 +6,7 @@ using Umbraco.Cms.Api.Management.Controllers.Media.RecycleBin; using Umbraco.Cms.Api.Management.Factories; using Umbraco.Cms.Api.Management.Security.Authorization.Media; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Web.Common.Authorization; using Umbraco.Extensions; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/OriginalParentMediaRecycleBinController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/OriginalParentMediaRecycleBinController.cs index a823ace431..5034c80dea 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/OriginalParentMediaRecycleBinController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/OriginalParentMediaRecycleBinController.cs @@ -8,6 +8,7 @@ using Umbraco.Cms.Api.Management.ViewModels; using Umbraco.Cms.Api.Management.ViewModels.Media.Item; using Umbraco.Cms.Core; using Umbraco.Cms.Core.Models.Entities; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.Querying.RecycleBin; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/RestoreMediaRecycleBinController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/RestoreMediaRecycleBinController.cs index f96075f0bc..a823535569 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/RestoreMediaRecycleBinController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Media/RecycleBin/RestoreMediaRecycleBinController.cs @@ -8,6 +8,7 @@ using Umbraco.Cms.Api.Management.ViewModels.Media; using Umbraco.Cms.Core; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Media/SortMediaController.cs b/src/Umbraco.Cms.Api.Management/Controllers/Media/SortMediaController.cs index 07c2b7d550..bb7662fd08 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Media/SortMediaController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Media/SortMediaController.cs @@ -6,6 +6,7 @@ using Umbraco.Cms.Api.Management.Security.Authorization.Media; using Umbraco.Cms.Api.Management.ViewModels.Sorting; using Umbraco.Cms.Core.Models.ContentEditing; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Media/UpdateMediaControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Media/UpdateMediaControllerBase.cs index 1986a8cc7f..f9d84acd2d 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Media/UpdateMediaControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Media/UpdateMediaControllerBase.cs @@ -2,6 +2,7 @@ using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Security.Authorization.Media; using Umbraco.Cms.Core.Models; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Web.Common.Authorization; using Umbraco.Extensions; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/BulkDeleteUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/BulkDeleteUserController.cs index cb5e26891c..8a10c6deea 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/BulkDeleteUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/BulkDeleteUserController.cs @@ -5,6 +5,7 @@ using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Security.Authorization.User; using Umbraco.Cms.Api.Management.ViewModels.User; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/ByKeyUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/ByKeyUserController.cs index d60a71a78e..8012386030 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/ByKeyUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/ByKeyUserController.cs @@ -6,6 +6,7 @@ using Umbraco.Cms.Api.Management.Factories; using Umbraco.Cms.Api.Management.Security.Authorization.User; using Umbraco.Cms.Api.Management.ViewModels.User; using Umbraco.Cms.Core.Models.Membership; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/ClearAvatarUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/ClearAvatarUserController.cs index d3f439adbe..12fe4325f8 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/ClearAvatarUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/ClearAvatarUserController.cs @@ -3,6 +3,7 @@ using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Security.Authorization.User; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/Current/GetCurrentUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/Current/GetCurrentUserController.cs index 46e3436787..2d4752cac1 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/Current/GetCurrentUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/Current/GetCurrentUserController.cs @@ -7,6 +7,7 @@ using Umbraco.Cms.Api.Management.Security.Authorization.User; using Umbraco.Cms.Api.Management.ViewModels.User.Current; using Umbraco.Cms.Core.Models.Membership; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Web.Common.Authorization; using Umbraco.Extensions; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/Current/SetAvatarCurrentUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/Current/SetAvatarCurrentUserController.cs index 531f1eb0f9..3558a903e1 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/Current/SetAvatarCurrentUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/Current/SetAvatarCurrentUserController.cs @@ -5,6 +5,7 @@ using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Security.Authorization.User; using Umbraco.Cms.Api.Management.ViewModels.User; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/DeleteUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/DeleteUserController.cs index b89dea3531..bf4de77f6f 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/DeleteUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/DeleteUserController.cs @@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Security.Authorization.User; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/DisableTwoFactorProviderUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/DisableTwoFactorProviderUserController.cs index 6ffd593aaf..5f2a0f5955 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/DisableTwoFactorProviderUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/DisableTwoFactorProviderUserController.cs @@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Security.Authorization.User; using Umbraco.Cms.Core; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/DisableUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/DisableUserController.cs index 485170b47b..a3f0facf5d 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/DisableUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/DisableUserController.cs @@ -5,6 +5,7 @@ using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Security.Authorization.User; using Umbraco.Cms.Api.Management.ViewModels.User; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/EnableUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/EnableUserController.cs index 3ed051d3c6..0490724959 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/EnableUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/EnableUserController.cs @@ -5,6 +5,7 @@ using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Security.Authorization.User; using Umbraco.Cms.Api.Management.ViewModels.User; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/ListTwoFactorProvidersUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/ListTwoFactorProvidersUserController.cs index 1963182f94..299ebd325a 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/ListTwoFactorProvidersUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/ListTwoFactorProvidersUserController.cs @@ -5,6 +5,7 @@ using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Security.Authorization.User; using Umbraco.Cms.Core; using Umbraco.Cms.Core.Models; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/SetAvatarUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/SetAvatarUserController.cs index 4ec1aa91ce..5086cc6b44 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/SetAvatarUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/SetAvatarUserController.cs @@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Security.Authorization.User; using Umbraco.Cms.Api.Management.ViewModels.User; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/UnlockUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/UnlockUserController.cs index 0b079dd0cc..d39718b894 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/UnlockUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/UnlockUserController.cs @@ -7,6 +7,7 @@ using Umbraco.Cms.Api.Management.ViewModels.User; using Umbraco.Cms.Core; using Umbraco.Cms.Core.Models.Membership; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/User/UpdateUserGroupsUserController.cs b/src/Umbraco.Cms.Api.Management/Controllers/User/UpdateUserGroupsUserController.cs index 9771032649..013a663e0b 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/User/UpdateUserGroupsUserController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/User/UpdateUserGroupsUserController.cs @@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Security.Authorization.User; using Umbraco.Cms.Api.Management.ViewModels.User; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Web.Common.Authorization; using Umbraco.Extensions; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/AddUsersToUserGroupController.cs b/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/AddUsersToUserGroupController.cs index 2b1cd64314..1668849a5d 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/AddUsersToUserGroupController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/AddUsersToUserGroupController.cs @@ -9,6 +9,7 @@ using Umbraco.Cms.Core; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Models.Membership; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/BulkDeleteUserGroupsController.cs b/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/BulkDeleteUserGroupsController.cs index 2059d7c327..d8ccd7cc70 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/BulkDeleteUserGroupsController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/BulkDeleteUserGroupsController.cs @@ -5,6 +5,7 @@ using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Security.Authorization.UserGroup; using Umbraco.Cms.Api.Management.ViewModels.UserGroup; using Umbraco.Cms.Core; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/ByKeyUserGroupController.cs b/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/ByKeyUserGroupController.cs index 9ae44ac9f0..1ef5ca4089 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/ByKeyUserGroupController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/ByKeyUserGroupController.cs @@ -6,6 +6,7 @@ using Umbraco.Cms.Api.Management.Factories; using Umbraco.Cms.Api.Management.Security.Authorization.UserGroup; using Umbraco.Cms.Api.Management.ViewModels.UserGroup; using Umbraco.Cms.Core.Models.Membership; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Web.Common.Authorization; using Umbraco.Extensions; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/DeleteUserGroupController.cs b/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/DeleteUserGroupController.cs index 5794ad8b29..3691eeea41 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/DeleteUserGroupController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/DeleteUserGroupController.cs @@ -4,6 +4,7 @@ using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Security.Authorization.UserGroup; using Umbraco.Cms.Core; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/RemoveUsersFromUserGroupController.cs b/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/RemoveUsersFromUserGroupController.cs index 04c68c7c39..fa4748b412 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/RemoveUsersFromUserGroupController.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/UserGroup/RemoveUsersFromUserGroupController.cs @@ -9,6 +9,7 @@ using Umbraco.Cms.Core; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Models.Membership; using Umbraco.Cms.Core.Security; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.OperationStatus; using Umbraco.Cms.Web.Common.Authorization; diff --git a/src/Umbraco.Cms.Api.Management/DependencyInjection/BackOfficeAuthPolicyBuilderExtensions.cs b/src/Umbraco.Cms.Api.Management/DependencyInjection/BackOfficeAuthPolicyBuilderExtensions.cs index 601bc7f8a1..bffdb43db1 100644 --- a/src/Umbraco.Cms.Api.Management/DependencyInjection/BackOfficeAuthPolicyBuilderExtensions.cs +++ b/src/Umbraco.Cms.Api.Management/DependencyInjection/BackOfficeAuthPolicyBuilderExtensions.cs @@ -31,14 +31,6 @@ internal static class BackOfficeAuthPolicyBuilderExtensions builder.Services.AddSingleton(); builder.Services.AddSingleton(); - builder.Services.AddSingleton(); - builder.Services.AddSingleton(); - builder.Services.AddSingleton(); - builder.Services.AddSingleton(); - builder.Services.AddSingleton(); - builder.Services.AddSingleton(); - builder.Services.AddSingleton(); - builder.Services.AddAuthorization(CreatePolicies); return builder; } diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/AuthorizationServiceExtensions.cs b/src/Umbraco.Cms.Api.Management/Security/Authorization/AuthorizationServiceExtensions.cs index c5dae101ce..4011bf4234 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/AuthorizationServiceExtensions.cs +++ b/src/Umbraco.Cms.Api.Management/Security/Authorization/AuthorizationServiceExtensions.cs @@ -1,6 +1,7 @@ using System.Security.Claims; using Microsoft.AspNetCore.Authorization; using Umbraco.Cms.Api.Management.Security.Authorization; +using Umbraco.Cms.Core.Security.Authorization; namespace Umbraco.Extensions; diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/Content/ContentPermissionAuthorizer.cs b/src/Umbraco.Cms.Api.Management/Security/Authorization/Content/ContentPermissionAuthorizer.cs deleted file mode 100644 index 5a7e55d153..0000000000 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/Content/ContentPermissionAuthorizer.cs +++ /dev/null @@ -1,79 +0,0 @@ -using System.Security.Principal; -using Umbraco.Cms.Core.Models.Membership; -using Umbraco.Cms.Core.Services; -using Umbraco.Cms.Core.Services.AuthorizationStatus; - -namespace Umbraco.Cms.Api.Management.Security.Authorization.Content; - -/// -internal sealed class ContentPermissionAuthorizer : IContentPermissionAuthorizer -{ - private readonly IAuthorizationHelper _authorizationHelper; - private readonly IContentPermissionService _contentPermissionService; - - public ContentPermissionAuthorizer(IAuthorizationHelper authorizationHelper, IContentPermissionService contentPermissionService) - { - _authorizationHelper = authorizationHelper; - _contentPermissionService = contentPermissionService; - } - - /// - public async Task IsDeniedAsync(IPrincipal currentUser, IEnumerable contentKeys, ISet permissionsToCheck) - { - if (!contentKeys.Any()) - { - // Must succeed this requirement since we cannot process it. - return true; - } - - IUser user = _authorizationHelper.GetUmbracoUser(currentUser); - - var result = await _contentPermissionService.AuthorizeAccessAsync(user, contentKeys, permissionsToCheck); - - // If we can't find the content item(s) then we can't determine whether you are denied access. - return result is not (ContentAuthorizationStatus.Success or ContentAuthorizationStatus.NotFound); - } - - /// - public async Task IsDeniedWithDescendantsAsync(IPrincipal currentUser, Guid parentKey, ISet permissionsToCheck) - { - IUser user = _authorizationHelper.GetUmbracoUser(currentUser); - - var result = await _contentPermissionService.AuthorizeDescendantsAccessAsync(user, parentKey, permissionsToCheck); - - // If we can't find the content item(s) then we can't determine whether you are denied access. - return result is not (ContentAuthorizationStatus.Success or ContentAuthorizationStatus.NotFound); - } - - /// - public async Task IsDeniedAtRootLevelAsync(IPrincipal currentUser, ISet permissionsToCheck) - { - IUser user = _authorizationHelper.GetUmbracoUser(currentUser); - - var result = await _contentPermissionService.AuthorizeRootAccessAsync(user, permissionsToCheck); - - // If we can't find the content item(s) then we can't determine whether you are denied access. - return result is not (ContentAuthorizationStatus.Success or ContentAuthorizationStatus.NotFound); - } - - /// - public async Task IsDeniedAtRecycleBinLevelAsync(IPrincipal currentUser, ISet permissionsToCheck) - { - IUser user = _authorizationHelper.GetUmbracoUser(currentUser); - - var result = await _contentPermissionService.AuthorizeBinAccessAsync(user, permissionsToCheck); - - // If we can't find the content item(s) then we can't determine whether you are denied access. - return result is not (ContentAuthorizationStatus.Success or ContentAuthorizationStatus.NotFound); - } - - public async Task IsDeniedForCultures(IPrincipal currentUser, ISet culturesToCheck) - { - IUser user = _authorizationHelper.GetUmbracoUser(currentUser); - - ContentAuthorizationStatus result = await _contentPermissionService.AuthorizeCultureAccessAsync(user, culturesToCheck); - - // If we can't find the content item(s) then we can't determine whether you are denied access. - return result is not (ContentAuthorizationStatus.Success or ContentAuthorizationStatus.NotFound); - } -} diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/Content/ContentPermissionHandler.cs b/src/Umbraco.Cms.Api.Management/Security/Authorization/Content/ContentPermissionHandler.cs index b5692769d3..2d419b1e64 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/Content/ContentPermissionHandler.cs +++ b/src/Umbraco.Cms.Api.Management/Security/Authorization/Content/ContentPermissionHandler.cs @@ -1,4 +1,7 @@ using Microsoft.AspNetCore.Authorization; +using Umbraco.Cms.Core.Models.Membership; +using Umbraco.Cms.Core.Security.Authorization; +using Umbraco.Extensions; namespace Umbraco.Cms.Api.Management.Security.Authorization.Content; @@ -8,13 +11,18 @@ namespace Umbraco.Cms.Api.Management.Security.Authorization.Content; public class ContentPermissionHandler : MustSatisfyRequirementAuthorizationHandler { private readonly IContentPermissionAuthorizer _contentPermissionAuthorizer; + private readonly IAuthorizationHelper _authorizationHelper; /// /// Initializes a new instance of the class. /// /// Authorizer for content access. - public ContentPermissionHandler(IContentPermissionAuthorizer contentPermissionAuthorizer) - => _contentPermissionAuthorizer = contentPermissionAuthorizer; + /// The authorization helper. + public ContentPermissionHandler(IContentPermissionAuthorizer contentPermissionAuthorizer, IAuthorizationHelper authorizationHelper) + { + _contentPermissionAuthorizer = contentPermissionAuthorizer; + _authorizationHelper = authorizationHelper; + } /// protected override async Task IsAuthorized( @@ -24,29 +32,30 @@ public class ContentPermissionHandler : MustSatisfyRequirementAuthorizationHandl { var result = true; + IUser user = _authorizationHelper.GetUmbracoUser(context.User); if (resource.CheckRoot) { - result &= await _contentPermissionAuthorizer.IsDeniedAtRootLevelAsync(context.User, resource.PermissionsToCheck) is false; + result &= await _contentPermissionAuthorizer.IsDeniedAtRootLevelAsync(user, resource.PermissionsToCheck) is false; } if (resource.CheckRecycleBin) { - result &= await _contentPermissionAuthorizer.IsDeniedAtRecycleBinLevelAsync(context.User, resource.PermissionsToCheck) is false; + result &= await _contentPermissionAuthorizer.IsDeniedAtRecycleBinLevelAsync(user, resource.PermissionsToCheck) is false; } if (resource.ParentKeyForBranch is not null) { - result &= await _contentPermissionAuthorizer.IsDeniedWithDescendantsAsync(context.User, resource.ParentKeyForBranch.Value, resource.PermissionsToCheck) is false; + result &= await _contentPermissionAuthorizer.IsDeniedWithDescendantsAsync(user, resource.ParentKeyForBranch.Value, resource.PermissionsToCheck) is false; } if (resource.ContentKeys.Any()) { - result &= await _contentPermissionAuthorizer.IsDeniedAsync(context.User, resource.ContentKeys, resource.PermissionsToCheck) is false; + result &= await _contentPermissionAuthorizer.IsDeniedAsync(user, resource.ContentKeys, resource.PermissionsToCheck) is false; } if (resource.CulturesToCheck is not null) { - result &= await _contentPermissionAuthorizer.IsDeniedForCultures(context.User, resource.CulturesToCheck) is false; + result &= await _contentPermissionAuthorizer.IsDeniedForCultures(user, resource.CulturesToCheck) is false; } return result; diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/Dictionary/DictionaryPermissionAuthorizer.cs b/src/Umbraco.Cms.Api.Management/Security/Authorization/Dictionary/DictionaryPermissionAuthorizer.cs deleted file mode 100644 index 5ce7d738a5..0000000000 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/Dictionary/DictionaryPermissionAuthorizer.cs +++ /dev/null @@ -1,25 +0,0 @@ -using System.Security.Principal; -using Umbraco.Cms.Core.Models.Membership; -using Umbraco.Cms.Core.Services; -using Umbraco.Cms.Core.Services.AuthorizationStatus; - -namespace Umbraco.Cms.Api.Management.Security.Authorization.Dictionary; - -public class DictionaryPermissionAuthorizer : IDictionaryPermissionAuthorizer -{ - private readonly IAuthorizationHelper _authorizationHelper; - private readonly IDictionaryPermissionService _dictionaryPermissionService; - - public DictionaryPermissionAuthorizer(IAuthorizationHelper authorizationHelper, IDictionaryPermissionService dictionaryPermissionService) - { - _authorizationHelper = authorizationHelper; - _dictionaryPermissionService = dictionaryPermissionService; - } - - public async Task IsAuthorizedForCultures(IPrincipal currentUser, ISet culturesToCheck) - { - IUser user = _authorizationHelper.GetUmbracoUser(currentUser); - DictionaryAuthorizationStatus result = await _dictionaryPermissionService.AuthorizeCultureAccessAsync(user, culturesToCheck); - return result is DictionaryAuthorizationStatus.Success; - } -} diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/Dictionary/DictionaryPermissionHandler.cs b/src/Umbraco.Cms.Api.Management/Security/Authorization/Dictionary/DictionaryPermissionHandler.cs index bc376635e6..cf5abf8b8a 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/Dictionary/DictionaryPermissionHandler.cs +++ b/src/Umbraco.Cms.Api.Management/Security/Authorization/Dictionary/DictionaryPermissionHandler.cs @@ -1,4 +1,6 @@ using Microsoft.AspNetCore.Authorization; +using Umbraco.Cms.Core.Models.Membership; +using Umbraco.Cms.Core.Security.Authorization; namespace Umbraco.Cms.Api.Management.Security.Authorization.Dictionary; @@ -7,20 +9,29 @@ namespace Umbraco.Cms.Api.Management.Security.Authorization.Dictionary; /// public class DictionaryPermissionHandler : MustSatisfyRequirementAuthorizationHandler { + private readonly IAuthorizationHelper _authorizationHelper; private readonly IDictionaryPermissionAuthorizer _dictionaryPermissionAuthorizer; /// /// Initializes a new instance of the class. /// /// Authorizer for content access. - public DictionaryPermissionHandler(IDictionaryPermissionAuthorizer dictionaryPermissionAuthorizer) - => _dictionaryPermissionAuthorizer = dictionaryPermissionAuthorizer; + /// The authorization helper. + public DictionaryPermissionHandler(IDictionaryPermissionAuthorizer dictionaryPermissionAuthorizer, IAuthorizationHelper authorizationHelper) + { + _dictionaryPermissionAuthorizer = dictionaryPermissionAuthorizer; + _authorizationHelper = authorizationHelper; + } - protected override async Task IsAuthorized(AuthorizationHandlerContext context, DictionaryPermissionRequirement requirement, + protected override async Task IsAuthorized( + AuthorizationHandlerContext context, + DictionaryPermissionRequirement requirement, DictionaryPermissionResource resource) { + IUser user = _authorizationHelper.GetUmbracoUser(context.User); + if (resource.CulturesToCheck.Any() - && await _dictionaryPermissionAuthorizer.IsAuthorizedForCultures(context.User, resource.CulturesToCheck) is false) + && await _dictionaryPermissionAuthorizer.IsAuthorizedForCultures(user, resource.CulturesToCheck) is false) { return false; } diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/Dictionary/IDictionaryPermissionAuthorizer.cs b/src/Umbraco.Cms.Api.Management/Security/Authorization/Dictionary/IDictionaryPermissionAuthorizer.cs deleted file mode 100644 index 94b814bce7..0000000000 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/Dictionary/IDictionaryPermissionAuthorizer.cs +++ /dev/null @@ -1,8 +0,0 @@ -using System.Security.Principal; - -namespace Umbraco.Cms.Api.Management.Security.Authorization.Dictionary; - -public interface IDictionaryPermissionAuthorizer -{ - Task IsAuthorizedForCultures(IPrincipal currentUser, ISet culturesToCheck); -} diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/Feature/FeatureAuthorizeHandler.cs b/src/Umbraco.Cms.Api.Management/Security/Authorization/Feature/FeatureAuthorizeHandler.cs index 6ba7903631..403c03a519 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/Feature/FeatureAuthorizeHandler.cs +++ b/src/Umbraco.Cms.Api.Management/Security/Authorization/Feature/FeatureAuthorizeHandler.cs @@ -1,4 +1,11 @@ using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Http.Features; +using Microsoft.AspNetCore.Mvc.Controllers; +using Microsoft.AspNetCore.Mvc.Filters; +using Umbraco.Cms.Core; +using Umbraco.Cms.Core.Security.Authorization; +using Umbraco.Cms.Core.Services; namespace Umbraco.Cms.Api.Management.Security.Authorization.Feature; @@ -8,15 +15,65 @@ namespace Umbraco.Cms.Api.Management.Security.Authorization.Feature; public class FeatureAuthorizeHandler : MustSatisfyRequirementAuthorizationHandler { private readonly IFeatureAuthorizer _featureAuthorizer; + private readonly IRuntimeState _runtimeState; /// /// Initializes a new instance of the class. /// /// Authorizer for Umbraco features. - public FeatureAuthorizeHandler(IFeatureAuthorizer featureAuthorizer) - => _featureAuthorizer = featureAuthorizer; + /// The runtime state. + public FeatureAuthorizeHandler(IFeatureAuthorizer featureAuthorizer, IRuntimeState runtimeState) + { + _featureAuthorizer = featureAuthorizer; + _runtimeState = runtimeState; + } /// protected override async Task IsAuthorized(AuthorizationHandlerContext context, FeatureAuthorizeRequirement requirement) - => await _featureAuthorizer.IsDeniedAsync(context) is false; + { + Endpoint? endpoint = null; + + if (_runtimeState.Level != RuntimeLevel.Run && _runtimeState.Level != RuntimeLevel.Upgrade) + { + return true; + } + + switch (context.Resource) + { + case DefaultHttpContext defaultHttpContext: + { + IEndpointFeature? endpointFeature = defaultHttpContext.Features.Get(); + endpoint = endpointFeature?.Endpoint; + break; + } + + case AuthorizationFilterContext authorizationFilterContext: + { + IEndpointFeature? endpointFeature = + authorizationFilterContext.HttpContext.Features.Get(); + endpoint = endpointFeature?.Endpoint; + break; + } + + case Endpoint resourceEndpoint: + { + endpoint = resourceEndpoint; + break; + } + } + + if (endpoint is null) + { + throw new InvalidOperationException("This authorization handler can only be applied to controllers routed with endpoint routing."); + } + + ControllerActionDescriptor? actionDescriptor = endpoint.Metadata.GetMetadata(); + Type? controllerType = actionDescriptor?.ControllerTypeInfo.AsType(); + if (controllerType is null) + { + return true; + } + + return await _featureAuthorizer.IsDeniedAsync(controllerType) is false; + } } diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/Feature/FeatureAuthorizer.cs b/src/Umbraco.Cms.Api.Management/Security/Authorization/Feature/FeatureAuthorizer.cs deleted file mode 100644 index a94ec9f220..0000000000 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/Feature/FeatureAuthorizer.cs +++ /dev/null @@ -1,67 +0,0 @@ -using Microsoft.AspNetCore.Authorization; -using Microsoft.AspNetCore.Http; -using Microsoft.AspNetCore.Http.Features; -using Microsoft.AspNetCore.Mvc.Controllers; -using Microsoft.AspNetCore.Mvc.Filters; -using Umbraco.Cms.Core; -using Umbraco.Cms.Core.Features; -using Umbraco.Cms.Core.Services; - -namespace Umbraco.Cms.Api.Management.Security.Authorization.Feature; - -/// -internal sealed class FeatureAuthorizer : IFeatureAuthorizer -{ - private readonly IRuntimeState _runtimeState; - private readonly UmbracoFeatures _umbracoFeatures; - - public FeatureAuthorizer(IRuntimeState runtimeState, UmbracoFeatures umbracoFeatures) - { - _runtimeState = runtimeState; - _umbracoFeatures = umbracoFeatures; - } - - /// - public async Task IsDeniedAsync(AuthorizationHandlerContext context) - { - Endpoint? endpoint = null; - - if (_runtimeState.Level != RuntimeLevel.Run && _runtimeState.Level != RuntimeLevel.Upgrade) - { - return true; - } - - switch (context.Resource) - { - case DefaultHttpContext defaultHttpContext: - { - IEndpointFeature? endpointFeature = defaultHttpContext.Features.Get(); - endpoint = endpointFeature?.Endpoint; - break; - } - - case AuthorizationFilterContext authorizationFilterContext: - { - IEndpointFeature? endpointFeature = - authorizationFilterContext.HttpContext.Features.Get(); - endpoint = endpointFeature?.Endpoint; - break; - } - - case Endpoint resourceEndpoint: - { - endpoint = resourceEndpoint; - break; - } - } - - if (endpoint is null) - { - throw new InvalidOperationException("This authorization handler can only be applied to controllers routed with endpoint routing."); - } - - ControllerActionDescriptor? actionDescriptor = endpoint.Metadata.GetMetadata(); - Type? controllerType = actionDescriptor?.ControllerTypeInfo.AsType(); - return await Task.FromResult(_umbracoFeatures.IsControllerEnabled(controllerType) is false); - } -} diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/IPermissionResource.cs b/src/Umbraco.Cms.Api.Management/Security/Authorization/IPermissionResource.cs deleted file mode 100644 index ada11db86f..0000000000 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/IPermissionResource.cs +++ /dev/null @@ -1,5 +0,0 @@ -namespace Umbraco.Cms.Api.Management.Security.Authorization; - -public interface IPermissionResource -{ -} diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/Media/MediaPermissionHandler.cs b/src/Umbraco.Cms.Api.Management/Security/Authorization/Media/MediaPermissionHandler.cs index d680669203..907558918a 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/Media/MediaPermissionHandler.cs +++ b/src/Umbraco.Cms.Api.Management/Security/Authorization/Media/MediaPermissionHandler.cs @@ -1,4 +1,6 @@ using Microsoft.AspNetCore.Authorization; +using Umbraco.Cms.Core.Models.Membership; +using Umbraco.Cms.Core.Security.Authorization; namespace Umbraco.Cms.Api.Management.Security.Authorization.Media; @@ -7,14 +9,19 @@ namespace Umbraco.Cms.Api.Management.Security.Authorization.Media; /// public class MediaPermissionHandler : MustSatisfyRequirementAuthorizationHandler { + private readonly IAuthorizationHelper _authorizationHelper; private readonly IMediaPermissionAuthorizer _mediaPermissionAuthorizer; /// /// Initializes a new instance of the class. /// /// Authorizer for media access. - public MediaPermissionHandler(IMediaPermissionAuthorizer mediaPermissionAuthorizer) - => _mediaPermissionAuthorizer = mediaPermissionAuthorizer; + /// The authorization helper. + public MediaPermissionHandler(IMediaPermissionAuthorizer mediaPermissionAuthorizer, IAuthorizationHelper authorizationHelper) + { + _mediaPermissionAuthorizer = mediaPermissionAuthorizer; + _authorizationHelper = authorizationHelper; + } /// protected override async Task IsAuthorized( @@ -24,19 +31,21 @@ public class MediaPermissionHandler : MustSatisfyRequirementAuthorizationHandler { var result = true; + IUser user = _authorizationHelper.GetUmbracoUser(context.User); + if (resource.CheckRoot) { - result &= await _mediaPermissionAuthorizer.IsDeniedAtRootLevelAsync(context.User) is false; + result &= await _mediaPermissionAuthorizer.IsDeniedAtRootLevelAsync(user) is false; } if (resource.CheckRecycleBin) { - result &= await _mediaPermissionAuthorizer.IsDeniedAtRecycleBinLevelAsync(context.User) is false; + result &= await _mediaPermissionAuthorizer.IsDeniedAtRecycleBinLevelAsync(user) is false; } if (resource.MediaKeys.Any()) { - result &= await _mediaPermissionAuthorizer.IsDeniedAsync(context.User, resource.MediaKeys) is false; + result &= await _mediaPermissionAuthorizer.IsDeniedAsync(user, resource.MediaKeys) is false; } return result; diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/User/UserPermissionHandler.cs b/src/Umbraco.Cms.Api.Management/Security/Authorization/User/UserPermissionHandler.cs index 777164784c..7aabf58ee8 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/User/UserPermissionHandler.cs +++ b/src/Umbraco.Cms.Api.Management/Security/Authorization/User/UserPermissionHandler.cs @@ -1,4 +1,6 @@ using Microsoft.AspNetCore.Authorization; +using Umbraco.Cms.Core.Models.Membership; +using Umbraco.Cms.Core.Security.Authorization; namespace Umbraco.Cms.Api.Management.Security.Authorization.User; @@ -7,19 +9,28 @@ namespace Umbraco.Cms.Api.Management.Security.Authorization.User; /// public class UserPermissionHandler : MustSatisfyRequirementAuthorizationHandler { + private readonly IAuthorizationHelper _authorizationHelper; private readonly IUserPermissionAuthorizer _userPermissionAuthorizer; /// /// Initializes a new instance of the class. /// /// Authorizer for user access. - public UserPermissionHandler(IUserPermissionAuthorizer userPermissionAuthorizer) - => _userPermissionAuthorizer = userPermissionAuthorizer; + /// The authorization helper. + public UserPermissionHandler(IUserPermissionAuthorizer userPermissionAuthorizer, IAuthorizationHelper authorizationHelper) + { + _userPermissionAuthorizer = userPermissionAuthorizer; + _authorizationHelper = authorizationHelper; + } /// protected override async Task IsAuthorized( AuthorizationHandlerContext context, UserPermissionRequirement requirement, - UserPermissionResource resource) => - await _userPermissionAuthorizer.IsDeniedAsync(context.User, resource.UserKeys) is false; + UserPermissionResource resource) + { + IUser user = _authorizationHelper.GetUmbracoUser(context.User); + + return await _userPermissionAuthorizer.IsDeniedAsync(user, resource.UserKeys) is false; + } } diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/UserGroup/UserGroupPermissionAuthorizer.cs b/src/Umbraco.Cms.Api.Management/Security/Authorization/UserGroup/UserGroupPermissionAuthorizer.cs deleted file mode 100644 index bd239952e1..0000000000 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/UserGroup/UserGroupPermissionAuthorizer.cs +++ /dev/null @@ -1,35 +0,0 @@ -using System.Security.Principal; -using Umbraco.Cms.Core.Models.Membership; -using Umbraco.Cms.Core.Services; -using Umbraco.Cms.Core.Services.AuthorizationStatus; - -namespace Umbraco.Cms.Api.Management.Security.Authorization.UserGroup; - -/// -internal sealed class UserGroupPermissionAuthorizer : IUserGroupPermissionAuthorizer -{ - private readonly IAuthorizationHelper _authorizationHelper; - private readonly IUserGroupPermissionService _userGroupPermissionService; - - public UserGroupPermissionAuthorizer(IAuthorizationHelper authorizationHelper, IUserGroupPermissionService userGroupPermissionService) - { - _authorizationHelper = authorizationHelper; - _userGroupPermissionService = userGroupPermissionService; - } - - /// - public async Task IsDeniedAsync(IPrincipal currentUser, IEnumerable userGroupKeys) - { - if (!userGroupKeys.Any()) - { - // We can't deny something that is not defined - return false; - } - - IUser user = _authorizationHelper.GetUmbracoUser(currentUser); - - UserGroupAuthorizationStatus result = await _userGroupPermissionService.AuthorizeAccessAsync(user, userGroupKeys); - - return result is not UserGroupAuthorizationStatus.Success; - } -} diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/UserGroup/UserGroupPermissionHandler.cs b/src/Umbraco.Cms.Api.Management/Security/Authorization/UserGroup/UserGroupPermissionHandler.cs index edad9d13a2..88485eee41 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/UserGroup/UserGroupPermissionHandler.cs +++ b/src/Umbraco.Cms.Api.Management/Security/Authorization/UserGroup/UserGroupPermissionHandler.cs @@ -1,4 +1,6 @@ using Microsoft.AspNetCore.Authorization; +using Umbraco.Cms.Core.Models.Membership; +using Umbraco.Cms.Core.Security.Authorization; namespace Umbraco.Cms.Api.Management.Security.Authorization.UserGroup; @@ -7,19 +9,28 @@ namespace Umbraco.Cms.Api.Management.Security.Authorization.UserGroup; /// public class UserGroupPermissionHandler : MustSatisfyRequirementAuthorizationHandler { + private readonly IAuthorizationHelper _authorizationHelper; private readonly IUserGroupPermissionAuthorizer _userGroupPermissionAuthorizer; /// /// Initializes a new instance of the class. /// /// Authorizer for user group access. - public UserGroupPermissionHandler(IUserGroupPermissionAuthorizer userGroupPermissionAuthorizer) - => _userGroupPermissionAuthorizer = userGroupPermissionAuthorizer; + /// The authorization helper. + public UserGroupPermissionHandler(IUserGroupPermissionAuthorizer userGroupPermissionAuthorizer, IAuthorizationHelper authorizationHelper) + { + _userGroupPermissionAuthorizer = userGroupPermissionAuthorizer; + _authorizationHelper = authorizationHelper; + } /// protected override async Task IsAuthorized( AuthorizationHandlerContext context, UserGroupPermissionRequirement requirement, - UserGroupPermissionResource resource) => - await _userGroupPermissionAuthorizer.IsDeniedAsync(context.User, resource.UserGroupKeys) is false; + UserGroupPermissionResource resource) + { + IUser user = _authorizationHelper.GetUmbracoUser(context.User); + + return await _userGroupPermissionAuthorizer.IsDeniedAsync(user, resource.UserGroupKeys) is false; + } } diff --git a/src/Umbraco.Cms.Api.Management/Umbraco.Cms.Api.Management.csproj b/src/Umbraco.Cms.Api.Management/Umbraco.Cms.Api.Management.csproj index 9ab9a839d3..37ab3611de 100644 --- a/src/Umbraco.Cms.Api.Management/Umbraco.Cms.Api.Management.csproj +++ b/src/Umbraco.Cms.Api.Management/Umbraco.Cms.Api.Management.csproj @@ -30,4 +30,8 @@ + + + + diff --git a/src/Umbraco.Core/DependencyInjection/UmbracoBuilder.cs b/src/Umbraco.Core/DependencyInjection/UmbracoBuilder.cs index 9bc065993e..b968e029d4 100644 --- a/src/Umbraco.Core/DependencyInjection/UmbracoBuilder.cs +++ b/src/Umbraco.Core/DependencyInjection/UmbracoBuilder.cs @@ -35,6 +35,7 @@ using Umbraco.Cms.Core.Security; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.ContentTypeEditing; using Umbraco.Cms.Core.DynamicRoot; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services.FileSystem; using Umbraco.Cms.Core.Services.Querying.RecycleBin; using Umbraco.Cms.Core.Sync; @@ -378,6 +379,16 @@ namespace Umbraco.Cms.Core.DependencyInjection // Add Query services Services.AddUnique(); Services.AddUnique(); + + // Authorizers + Services.AddSingleton(); + Services.AddSingleton(); + Services.AddSingleton(); + Services.AddSingleton(); + Services.AddSingleton(); + Services.AddSingleton(); + Services.AddSingleton(); + } } } diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/AuthorizationHelper.cs b/src/Umbraco.Core/Security/Authorization/AuthorizationHelper.cs similarity index 87% rename from src/Umbraco.Cms.Api.Management/Security/Authorization/AuthorizationHelper.cs rename to src/Umbraco.Core/Security/Authorization/AuthorizationHelper.cs index 7d5cf31008..c4b6b092de 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/AuthorizationHelper.cs +++ b/src/Umbraco.Core/Security/Authorization/AuthorizationHelper.cs @@ -4,7 +4,7 @@ using Umbraco.Cms.Core.Models.Membership; using Umbraco.Cms.Core.Services; using Umbraco.Extensions; -namespace Umbraco.Cms.Api.Management.Security.Authorization; +namespace Umbraco.Cms.Core.Security.Authorization; /// internal sealed class AuthorizationHelper : IAuthorizationHelper @@ -40,7 +40,8 @@ internal sealed class AuthorizationHelper : IAuthorizationHelper if (user is null) { - throw new InvalidOperationException($"Could not obtain an {nameof(IUser)} instance from {nameof(IPrincipal)}"); + throw new InvalidOperationException( + $"Could not obtain an {nameof(IUser)} instance from {nameof(IPrincipal)}"); } return user; diff --git a/src/Umbraco.Core/Security/Authorization/ContentPermissionAuthorizer.cs b/src/Umbraco.Core/Security/Authorization/ContentPermissionAuthorizer.cs new file mode 100644 index 0000000000..75c189d11e --- /dev/null +++ b/src/Umbraco.Core/Security/Authorization/ContentPermissionAuthorizer.cs @@ -0,0 +1,76 @@ +using Umbraco.Cms.Core.Models.Membership; +using Umbraco.Cms.Core.Services; +using Umbraco.Cms.Core.Services.AuthorizationStatus; + +namespace Umbraco.Cms.Core.Security.Authorization; + +/// +internal sealed class ContentPermissionAuthorizer : IContentPermissionAuthorizer +{ + private readonly IContentPermissionService _contentPermissionService; + + public ContentPermissionAuthorizer(IContentPermissionService contentPermissionService) => + _contentPermissionService = contentPermissionService; + + /// + public async Task IsDeniedAsync( + IUser currentUser, + IEnumerable contentKeys, + ISet permissionsToCheck) + { + var contentKeyList = contentKeys.ToList(); + if (contentKeyList.Count == 0) + { + // Must succeed this requirement since we cannot process it. + return true; + } + + ContentAuthorizationStatus result = + await _contentPermissionService.AuthorizeAccessAsync(currentUser, contentKeyList, permissionsToCheck); + + // If we can't find the content item(s) then we can't determine whether you are denied access. + return result is not (ContentAuthorizationStatus.Success or ContentAuthorizationStatus.NotFound); + } + + /// + public async Task IsDeniedWithDescendantsAsync( + IUser currentUser, + Guid parentKey, + ISet permissionsToCheck) + { + ContentAuthorizationStatus result = + await _contentPermissionService.AuthorizeDescendantsAccessAsync(currentUser, parentKey, permissionsToCheck); + + // If we can't find the content item(s) then we can't determine whether you are denied access. + return result is not (ContentAuthorizationStatus.Success or ContentAuthorizationStatus.NotFound); + } + + /// + public async Task IsDeniedAtRootLevelAsync(IUser currentUser, ISet permissionsToCheck) + { + ContentAuthorizationStatus result = + await _contentPermissionService.AuthorizeRootAccessAsync(currentUser, permissionsToCheck); + + // If we can't find the content item(s) then we can't determine whether you are denied access. + return result is not (ContentAuthorizationStatus.Success or ContentAuthorizationStatus.NotFound); + } + + /// + public async Task IsDeniedAtRecycleBinLevelAsync(IUser currentUser, ISet permissionsToCheck) + { + ContentAuthorizationStatus result = + await _contentPermissionService.AuthorizeBinAccessAsync(currentUser, permissionsToCheck); + + // If we can't find the content item(s) then we can't determine whether you are denied access. + return result is not (ContentAuthorizationStatus.Success or ContentAuthorizationStatus.NotFound); + } + + public async Task IsDeniedForCultures(IUser currentUser, ISet culturesToCheck) + { + ContentAuthorizationStatus result = + await _contentPermissionService.AuthorizeCultureAccessAsync(currentUser, culturesToCheck); + + // If we can't find the content item(s) then we can't determine whether you are denied access. + return result is not (ContentAuthorizationStatus.Success or ContentAuthorizationStatus.NotFound); + } +} diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/Content/ContentPermissionResource.cs b/src/Umbraco.Core/Security/Authorization/ContentPermissionResource.cs similarity index 85% rename from src/Umbraco.Cms.Api.Management/Security/Authorization/Content/ContentPermissionResource.cs rename to src/Umbraco.Core/Security/Authorization/ContentPermissionResource.cs index 6ee9cf3529..d7e87d295c 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/Content/ContentPermissionResource.cs +++ b/src/Umbraco.Core/Security/Authorization/ContentPermissionResource.cs @@ -1,6 +1,6 @@ using Umbraco.Extensions; -namespace Umbraco.Cms.Api.Management.Security.Authorization.Content; +namespace Umbraco.Cms.Core.Security.Authorization; /// /// A resource used for the . @@ -25,7 +25,8 @@ public class ContentPermissionResource : IPermissionResource /// The key of the content or null if root. /// The cultures to validate /// An instance of . - public static ContentPermissionResource WithKeys(string permissionToCheck, Guid? contentKey, IEnumerable cultures) => + public static ContentPermissionResource WithKeys(string permissionToCheck, Guid? contentKey, + IEnumerable cultures) => contentKey is null ? Root(permissionToCheck, cultures) : WithKeys(permissionToCheck, contentKey.Value.Yield(), cultures); @@ -50,7 +51,8 @@ public class ContentPermissionResource : IPermissionResource /// The permission to check for. /// The key of the content. /// An instance of . - public static ContentPermissionResource WithKeys(string permissionToCheck, Guid contentKey) => WithKeys(permissionToCheck, contentKey.Yield()); + public static ContentPermissionResource WithKeys(string permissionToCheck, Guid contentKey) => + WithKeys(permissionToCheck, contentKey.Yield()); /// /// Creates a with the specified permission and content key. @@ -59,7 +61,8 @@ public class ContentPermissionResource : IPermissionResource /// The key of the content. /// The required culture access /// An instance of . - public static ContentPermissionResource WithKeys(string permissionToCheck, Guid contentKey,IEnumerable cultures) => WithKeys(permissionToCheck, contentKey.Yield(),cultures); + public static ContentPermissionResource WithKeys(string permissionToCheck, Guid contentKey, + IEnumerable cultures) => WithKeys(permissionToCheck, contentKey.Yield(), cultures); /// /// Creates a with the specified permission and content keys. @@ -68,7 +71,7 @@ public class ContentPermissionResource : IPermissionResource /// The keys of the contents. /// An instance of . public static ContentPermissionResource WithKeys(string permissionToCheck, IEnumerable contentKeys) => - new ContentPermissionResource(contentKeys, new HashSet { permissionToCheck }, false, false, null, null); + new(contentKeys, new HashSet { permissionToCheck }, false, false, null, null); /// /// Creates a with the specified permission and content keys. @@ -77,8 +80,9 @@ public class ContentPermissionResource : IPermissionResource /// The keys of the contents. /// The required culture access /// An instance of . - public static ContentPermissionResource WithKeys(string permissionToCheck, IEnumerable contentKeys, IEnumerable cultures) => - new ContentPermissionResource( + public static ContentPermissionResource WithKeys(string permissionToCheck, IEnumerable contentKeys, + IEnumerable cultures) => + new( contentKeys, new HashSet { permissionToCheck }, false, @@ -93,7 +97,7 @@ public class ContentPermissionResource : IPermissionResource /// The keys of the contents. /// An instance of . public static ContentPermissionResource WithKeys(ISet permissionsToCheck, IEnumerable contentKeys) => - new ContentPermissionResource(contentKeys, permissionsToCheck, false, false, null, null); + new(contentKeys, permissionsToCheck, false, false, null, null); /// /// Creates a with the specified permission and the root. @@ -101,7 +105,7 @@ public class ContentPermissionResource : IPermissionResource /// The permission to check for. /// An instance of . public static ContentPermissionResource Root(string permissionToCheck) => - new ContentPermissionResource(Enumerable.Empty(), new HashSet { permissionToCheck }, true, false, null, null); + new(Enumerable.Empty(), new HashSet { permissionToCheck }, true, false, null, null); /// /// Creates a with the specified permission and the root. @@ -110,7 +114,8 @@ public class ContentPermissionResource : IPermissionResource /// The cultures to validate /// An instance of . public static ContentPermissionResource Root(string permissionToCheck, IEnumerable cultures) => - new ContentPermissionResource(Enumerable.Empty(), new HashSet { permissionToCheck }, true, false, null, new HashSet(cultures)); + new(Enumerable.Empty(), new HashSet { permissionToCheck }, true, false, null, + new HashSet(cultures)); /// /// Creates a with the specified permissions and the root. @@ -118,7 +123,7 @@ public class ContentPermissionResource : IPermissionResource /// The permissions to check for. /// An instance of . public static ContentPermissionResource Root(ISet permissionsToCheck) => - new ContentPermissionResource(Enumerable.Empty(), permissionsToCheck, true, false, null, null); + new(Enumerable.Empty(), permissionsToCheck, true, false, null, null); /// /// Creates a with the specified permissions and the root. @@ -127,8 +132,7 @@ public class ContentPermissionResource : IPermissionResource /// The cultures to validate /// An instance of . public static ContentPermissionResource Root(ISet permissionsToCheck, IEnumerable cultures) => - new ContentPermissionResource(Enumerable.Empty(), permissionsToCheck, true, false, null, new HashSet(cultures)); - + new(Enumerable.Empty(), permissionsToCheck, true, false, null, new HashSet(cultures)); /// @@ -137,7 +141,7 @@ public class ContentPermissionResource : IPermissionResource /// The permissions to check for. /// An instance of . public static ContentPermissionResource RecycleBin(ISet permissionsToCheck) => - new ContentPermissionResource(Enumerable.Empty(), permissionsToCheck, false, true, null, null); + new(Enumerable.Empty(), permissionsToCheck, false, true, null, null); /// /// Creates a with the specified permission and the recycle bin. @@ -145,7 +149,7 @@ public class ContentPermissionResource : IPermissionResource /// The permission to check for. /// An instance of . public static ContentPermissionResource RecycleBin(string permissionToCheck) => - new ContentPermissionResource(Enumerable.Empty(), new HashSet { permissionToCheck }, false, true, null, null); + new(Enumerable.Empty(), new HashSet { permissionToCheck }, false, true, null, null); /// /// Creates a with the specified permissions and the branch from the specified parent key. @@ -154,7 +158,7 @@ public class ContentPermissionResource : IPermissionResource /// The parent key of the branch. /// An instance of . public static ContentPermissionResource Branch(ISet permissionsToCheck, Guid parentKeyForBranch) => - new ContentPermissionResource(Enumerable.Empty(), permissionsToCheck, false, true, parentKeyForBranch, null); + new(Enumerable.Empty(), permissionsToCheck, false, true, parentKeyForBranch, null); /// /// Creates a with the specified permission and the branch from the specified parent key. @@ -163,7 +167,7 @@ public class ContentPermissionResource : IPermissionResource /// The parent key of the branch. /// An instance of . public static ContentPermissionResource Branch(string permissionToCheck, Guid parentKeyForBranch) => - new ContentPermissionResource(Enumerable.Empty(), new HashSet { permissionToCheck }, false, true, parentKeyForBranch, null); + new(Enumerable.Empty(), new HashSet { permissionToCheck }, false, true, parentKeyForBranch, null); /// /// Creates a with the specified permission and the branch from the specified parent key. @@ -172,8 +176,9 @@ public class ContentPermissionResource : IPermissionResource /// The parent key of the branch. /// The required cultures /// An instance of . - public static ContentPermissionResource Branch(string permissionToCheck, Guid parentKeyForBranch, IEnumerable culturesToCheck) => - new ContentPermissionResource( + public static ContentPermissionResource Branch(string permissionToCheck, Guid parentKeyForBranch, + IEnumerable culturesToCheck) => + new( Enumerable.Empty(), new HashSet { permissionToCheck }, false, diff --git a/src/Umbraco.Core/Security/Authorization/DictionaryPermissionAuthorizer.cs b/src/Umbraco.Core/Security/Authorization/DictionaryPermissionAuthorizer.cs new file mode 100644 index 0000000000..312ae37c44 --- /dev/null +++ b/src/Umbraco.Core/Security/Authorization/DictionaryPermissionAuthorizer.cs @@ -0,0 +1,20 @@ +using Umbraco.Cms.Core.Models.Membership; +using Umbraco.Cms.Core.Services; +using Umbraco.Cms.Core.Services.AuthorizationStatus; + +namespace Umbraco.Cms.Core.Security.Authorization; + +internal class DictionaryPermissionAuthorizer : IDictionaryPermissionAuthorizer +{ + private readonly IDictionaryPermissionService _dictionaryPermissionService; + + public DictionaryPermissionAuthorizer(IDictionaryPermissionService dictionaryPermissionService) => + _dictionaryPermissionService = dictionaryPermissionService; + + public async Task IsAuthorizedForCultures(IUser currentUser, ISet culturesToCheck) + { + DictionaryAuthorizationStatus result = + await _dictionaryPermissionService.AuthorizeCultureAccessAsync(currentUser, culturesToCheck); + return result is DictionaryAuthorizationStatus.Success; + } +} diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/Dictionary/DictionaryPermissionResource.cs b/src/Umbraco.Core/Security/Authorization/DictionaryPermissionResource.cs similarity index 79% rename from src/Umbraco.Cms.Api.Management/Security/Authorization/Dictionary/DictionaryPermissionResource.cs rename to src/Umbraco.Core/Security/Authorization/DictionaryPermissionResource.cs index a173fcd35b..35cda6f718 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/Dictionary/DictionaryPermissionResource.cs +++ b/src/Umbraco.Core/Security/Authorization/DictionaryPermissionResource.cs @@ -1,11 +1,9 @@ -namespace Umbraco.Cms.Api.Management.Security.Authorization.Dictionary; +namespace Umbraco.Cms.Core.Security.Authorization; public class DictionaryPermissionResource : IPermissionResource { - public DictionaryPermissionResource(IEnumerable cultures) - { + public DictionaryPermissionResource(IEnumerable cultures) => CulturesToCheck = new HashSet(cultures); - } /// /// All the cultures need to be accessible when evaluating diff --git a/src/Umbraco.Core/Security/Authorization/FeatureAuthorizer.cs b/src/Umbraco.Core/Security/Authorization/FeatureAuthorizer.cs new file mode 100644 index 0000000000..1d238070fb --- /dev/null +++ b/src/Umbraco.Core/Security/Authorization/FeatureAuthorizer.cs @@ -0,0 +1,15 @@ +using Umbraco.Cms.Core.Features; + +namespace Umbraco.Cms.Core.Security.Authorization; + +/// +internal sealed class FeatureAuthorizer : IFeatureAuthorizer +{ + private readonly UmbracoFeatures _umbracoFeatures; + + public FeatureAuthorizer(UmbracoFeatures umbracoFeatures) => _umbracoFeatures = umbracoFeatures; + + /// + public async Task IsDeniedAsync(Type type) => + await Task.FromResult(_umbracoFeatures.IsControllerEnabled(type) is false); +} diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/IAuthorizationHelper.cs b/src/Umbraco.Core/Security/Authorization/IAuthorizationHelper.cs similarity index 89% rename from src/Umbraco.Cms.Api.Management/Security/Authorization/IAuthorizationHelper.cs rename to src/Umbraco.Core/Security/Authorization/IAuthorizationHelper.cs index b1bb4b9617..429d18c25f 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/IAuthorizationHelper.cs +++ b/src/Umbraco.Core/Security/Authorization/IAuthorizationHelper.cs @@ -1,7 +1,7 @@ using System.Security.Principal; using Umbraco.Cms.Core.Models.Membership; -namespace Umbraco.Cms.Api.Management.Security.Authorization; +namespace Umbraco.Cms.Core.Security.Authorization; /// /// Utility class for working with policy authorizers. diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/Content/IContentPermissionAuthorizer.cs b/src/Umbraco.Core/Security/Authorization/IContentPermissionAuthorizer.cs similarity index 67% rename from src/Umbraco.Cms.Api.Management/Security/Authorization/Content/IContentPermissionAuthorizer.cs rename to src/Umbraco.Core/Security/Authorization/IContentPermissionAuthorizer.cs index 2e7acd2df2..e24e423f7c 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/Content/IContentPermissionAuthorizer.cs +++ b/src/Umbraco.Core/Security/Authorization/IContentPermissionAuthorizer.cs @@ -1,7 +1,7 @@ -using System.Security.Principal; +using Umbraco.Cms.Core.Models.Membership; using Umbraco.Extensions; -namespace Umbraco.Cms.Api.Management.Security.Authorization.Content; +namespace Umbraco.Cms.Core.Security.Authorization; /// /// Authorizes content access. @@ -11,74 +11,74 @@ public interface IContentPermissionAuthorizer /// /// Authorizes whether the current user has access to the specified content item. /// - /// The current user's principal. + /// The current user. /// The key of the content item to check for. /// The permission to authorize. /// Returns true if authorization is successful, otherwise false. - Task IsAuthorizedAsync(IPrincipal currentUser, Guid contentKey, string permissionToCheck) + Task IsDeniedAsync(IUser currentUser, Guid contentKey, string permissionToCheck) => IsDeniedAsync(currentUser, contentKey.Yield(), new HashSet { permissionToCheck }); /// /// Authorizes whether the current user has access to the specified content item(s). /// - /// The current user's principal. + /// The current user. /// The keys of the content items to check for. /// The collection of permissions to authorize. /// Returns true if authorization is successful, otherwise false. - Task IsDeniedAsync(IPrincipal currentUser, IEnumerable contentKeys, ISet permissionsToCheck); + Task IsDeniedAsync(IUser currentUser, IEnumerable contentKeys, ISet permissionsToCheck); /// /// Authorizes whether the current user has access to the descendants of the specified content item. /// - /// The current user's principal. + /// The current user. /// The key of the parent content item. /// The permission to authorize. /// Returns true if authorization is successful, otherwise false. - Task IsAuthorizedWithDescendantsAsync(IPrincipal currentUser, Guid parentKey, string permissionToCheck) + Task IsDeniedWithDescendantsAsync(IUser currentUser, Guid parentKey, string permissionToCheck) => IsDeniedWithDescendantsAsync(currentUser, parentKey, new HashSet { permissionToCheck }); /// /// Authorizes whether the current user has access to the descendants of the specified content item. /// - /// The current user's principal. + /// The current user. /// The key of the parent content item. /// The collection of permissions to authorize. /// Returns true if authorization is successful, otherwise false. - Task IsDeniedWithDescendantsAsync(IPrincipal currentUser, Guid parentKey, ISet permissionsToCheck); + Task IsDeniedWithDescendantsAsync(IUser currentUser, Guid parentKey, ISet permissionsToCheck); /// /// Authorizes whether the current user has access to the root item. /// - /// The current user's principal. + /// The current user. /// The permission to authorize. /// Returns true if authorization is successful, otherwise false. - Task IsAuthorizedAtRootLevelAsync(IPrincipal currentUser, string permissionToCheck) + Task IsAuthorizedAtRootLevelAsync(IUser currentUser, string permissionToCheck) => IsDeniedAtRootLevelAsync(currentUser, new HashSet { permissionToCheck }); /// /// Authorizes whether the current user has access to the root item. /// - /// The current user's principal. + /// The current user. /// The collection of permissions to authorize. /// Returns true if authorization is successful, otherwise false. - Task IsDeniedAtRootLevelAsync(IPrincipal currentUser, ISet permissionsToCheck); + Task IsDeniedAtRootLevelAsync(IUser currentUser, ISet permissionsToCheck); /// /// Authorizes whether the current user has access to the recycle bin item. /// - /// The current user's principal. + /// The current user'. /// The permission to authorize. /// Returns true if authorization is successful, otherwise false. - Task IsAuthorizedAtRecycleBinLevelAsync(IPrincipal currentUser, string permissionToCheck) + Task IsDeniedAtRecycleBinLevelAsync(IUser currentUser, string permissionToCheck) => IsDeniedAtRecycleBinLevelAsync(currentUser, new HashSet { permissionToCheck }); /// /// Authorizes whether the current user has access to the recycle bin item. /// - /// The current user's principal. + /// The current user. /// The collection of permissions to authorize. /// Returns true if authorization is successful, otherwise false. - Task IsDeniedAtRecycleBinLevelAsync(IPrincipal currentUser, ISet permissionsToCheck); + Task IsDeniedAtRecycleBinLevelAsync(IUser currentUser, ISet permissionsToCheck); - Task IsDeniedForCultures(IPrincipal currentUser, ISet culturesToCheck); + Task IsDeniedForCultures(IUser currentUser, ISet culturesToCheck); } diff --git a/src/Umbraco.Core/Security/Authorization/IDictionaryPermissionAuthorizer.cs b/src/Umbraco.Core/Security/Authorization/IDictionaryPermissionAuthorizer.cs new file mode 100644 index 0000000000..f26479d7f1 --- /dev/null +++ b/src/Umbraco.Core/Security/Authorization/IDictionaryPermissionAuthorizer.cs @@ -0,0 +1,8 @@ +using Umbraco.Cms.Core.Models.Membership; + +namespace Umbraco.Cms.Core.Security.Authorization; + +public interface IDictionaryPermissionAuthorizer +{ + Task IsAuthorizedForCultures(IUser currentUser, ISet culturesToCheck); +} diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/Feature/IFeatureAuthorizer.cs b/src/Umbraco.Core/Security/Authorization/IFeatureAuthorizer.cs similarity index 54% rename from src/Umbraco.Cms.Api.Management/Security/Authorization/Feature/IFeatureAuthorizer.cs rename to src/Umbraco.Core/Security/Authorization/IFeatureAuthorizer.cs index 69cf7513d1..e9da23ae2f 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/Feature/IFeatureAuthorizer.cs +++ b/src/Umbraco.Core/Security/Authorization/IFeatureAuthorizer.cs @@ -1,6 +1,4 @@ -using Microsoft.AspNetCore.Authorization; - -namespace Umbraco.Cms.Api.Management.Security.Authorization.Feature; +namespace Umbraco.Cms.Core.Security.Authorization; /// /// Authorizes Umbraco features. @@ -10,7 +8,7 @@ public interface IFeatureAuthorizer /// /// Authorizes the current action. /// - /// The authorization context. + /// The type to check if is disabled. /// Returns true if authorization is successful, otherwise false. - Task IsDeniedAsync(AuthorizationHandlerContext context); + Task IsDeniedAsync(Type type); } diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/Media/IMediaPermissionAuthorizer.cs b/src/Umbraco.Core/Security/Authorization/IMediaPermissionAuthorizer.cs similarity index 64% rename from src/Umbraco.Cms.Api.Management/Security/Authorization/Media/IMediaPermissionAuthorizer.cs rename to src/Umbraco.Core/Security/Authorization/IMediaPermissionAuthorizer.cs index 1611a1cf4a..ea6e22818b 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/Media/IMediaPermissionAuthorizer.cs +++ b/src/Umbraco.Core/Security/Authorization/IMediaPermissionAuthorizer.cs @@ -1,7 +1,7 @@ -using System.Security.Principal; +using Umbraco.Cms.Core.Models.Membership; using Umbraco.Extensions; -namespace Umbraco.Cms.Api.Management.Security.Authorization.Media; +namespace Umbraco.Cms.Core.Security.Authorization; /// /// Authorizes media access. @@ -11,31 +11,31 @@ public interface IMediaPermissionAuthorizer /// /// Authorizes whether the current user has access to the specified media item. /// - /// The current user's principal. + /// The current user. /// The key of the media item to check for. /// Returns true if authorization is successful, otherwise false. - Task IsAuthorizedAsync(IPrincipal currentUser, Guid mediaKey) + Task IsDeniedAsync(IUser currentUser, Guid mediaKey) => IsDeniedAsync(currentUser, mediaKey.Yield()); /// /// Authorizes whether the current user has access to the specified media item(s). /// - /// The current user's principal. + /// The current user. /// The keys of the media items to check for. /// Returns true if authorization is successful, otherwise false. - Task IsDeniedAsync(IPrincipal currentUser, IEnumerable mediaKeys); + Task IsDeniedAsync(IUser currentUser, IEnumerable mediaKeys); /// /// Authorizes whether the current user has access to the root item. /// - /// The current user's principal. + /// The current user. /// Returns true if authorization is successful, otherwise false. - Task IsDeniedAtRootLevelAsync(IPrincipal currentUser); + Task IsDeniedAtRootLevelAsync(IUser currentUser); /// /// Authorizes whether the current user has access to the recycle bin item. /// - /// The current user's principal. + /// The current user. /// Returns true if authorization is successful, otherwise false. - Task IsDeniedAtRecycleBinLevelAsync(IPrincipal currentUser); + Task IsDeniedAtRecycleBinLevelAsync(IUser currentUser); } diff --git a/src/Umbraco.Core/Security/Authorization/IPermissionResource.cs b/src/Umbraco.Core/Security/Authorization/IPermissionResource.cs new file mode 100644 index 0000000000..408bfdc26d --- /dev/null +++ b/src/Umbraco.Core/Security/Authorization/IPermissionResource.cs @@ -0,0 +1,5 @@ +namespace Umbraco.Cms.Core.Security.Authorization; + +public interface IPermissionResource +{ +} diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/UserGroup/IUserGroupPermissionAuthorizer.cs b/src/Umbraco.Core/Security/Authorization/IUserGroupPermissionAuthorizer.cs similarity index 67% rename from src/Umbraco.Cms.Api.Management/Security/Authorization/UserGroup/IUserGroupPermissionAuthorizer.cs rename to src/Umbraco.Core/Security/Authorization/IUserGroupPermissionAuthorizer.cs index f8f5760276..f683040e0f 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/UserGroup/IUserGroupPermissionAuthorizer.cs +++ b/src/Umbraco.Core/Security/Authorization/IUserGroupPermissionAuthorizer.cs @@ -1,7 +1,7 @@ -using System.Security.Principal; +using Umbraco.Cms.Core.Models.Membership; using Umbraco.Extensions; -namespace Umbraco.Cms.Api.Management.Security.Authorization.UserGroup; +namespace Umbraco.Cms.Core.Security.Authorization; /// /// Authorizes user group access. @@ -11,17 +11,17 @@ public interface IUserGroupPermissionAuthorizer /// /// Authorizes whether the current user has access to the specified user group. /// - /// The current user's principal. + /// The current user. /// The key of the user group to check against. /// Returns true if authorization is successful, otherwise false. - Task IsDeniedAsync(IPrincipal currentUser, Guid userGroupKey) + Task IsDeniedAsync(IUser currentUser, Guid userGroupKey) => IsDeniedAsync(currentUser, userGroupKey.Yield()); /// /// Authorizes whether the current user has access to the specified user group(s). /// - /// The current user's principal. + /// The current user. /// The keys of the user groups to check against. /// Returns true if authorization is successful, otherwise false. - Task IsDeniedAsync(IPrincipal currentUser, IEnumerable userGroupKeys); + Task IsDeniedAsync(IUser currentUser, IEnumerable userGroupKeys); } diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/User/IUserPermissionAuthorizer.cs b/src/Umbraco.Core/Security/Authorization/IUserPermissionAuthorizer.cs similarity index 67% rename from src/Umbraco.Cms.Api.Management/Security/Authorization/User/IUserPermissionAuthorizer.cs rename to src/Umbraco.Core/Security/Authorization/IUserPermissionAuthorizer.cs index f923cf9670..56de07b2f5 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/User/IUserPermissionAuthorizer.cs +++ b/src/Umbraco.Core/Security/Authorization/IUserPermissionAuthorizer.cs @@ -1,7 +1,7 @@ -using System.Security.Principal; +using Umbraco.Cms.Core.Models.Membership; using Umbraco.Extensions; -namespace Umbraco.Cms.Api.Management.Security.Authorization.User; +namespace Umbraco.Cms.Core.Security.Authorization; /// /// Authorizes user access. @@ -11,17 +11,17 @@ public interface IUserPermissionAuthorizer /// /// Authorizes whether the current user has access to the specified user account. /// - /// The current user's principal. + /// The current user. /// The key of the user to check for. /// Returns true if authorization is successful, otherwise false. - Task IsDeniedAsync(IPrincipal currentUser, Guid userKey) + Task IsDeniedAsync(IUser currentUser, Guid userKey) => IsDeniedAsync(currentUser, userKey.Yield()); /// /// Authorizes whether the current user has access to the specified user account(s). /// - /// The current user's principal. + /// The current user. /// The keys of the users to check for. /// Returns true if authorization is successful, otherwise false. - Task IsDeniedAsync(IPrincipal currentUser, IEnumerable userKeys); + Task IsDeniedAsync(IUser currentUser, IEnumerable userKeys); } diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/Media/MediaPermissionAuthorizer.cs b/src/Umbraco.Core/Security/Authorization/MediaPermissionAuthorizer.cs similarity index 53% rename from src/Umbraco.Cms.Api.Management/Security/Authorization/Media/MediaPermissionAuthorizer.cs rename to src/Umbraco.Core/Security/Authorization/MediaPermissionAuthorizer.cs index 3bb5172cec..af71fcf4af 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/Media/MediaPermissionAuthorizer.cs +++ b/src/Umbraco.Core/Security/Authorization/MediaPermissionAuthorizer.cs @@ -1,24 +1,19 @@ -using System.Security.Principal; using Umbraco.Cms.Core.Models.Membership; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.AuthorizationStatus; -namespace Umbraco.Cms.Api.Management.Security.Authorization.Media; +namespace Umbraco.Cms.Core.Security.Authorization; /// internal sealed class MediaPermissionAuthorizer : IMediaPermissionAuthorizer { - private readonly IAuthorizationHelper _authorizationHelper; private readonly IMediaPermissionService _mediaPermissionService; - public MediaPermissionAuthorizer(IAuthorizationHelper authorizationHelper, IMediaPermissionService mediaPermissionService) - { - _authorizationHelper = authorizationHelper; + public MediaPermissionAuthorizer(IMediaPermissionService mediaPermissionService) => _mediaPermissionService = mediaPermissionService; - } /// - public async Task IsDeniedAsync(IPrincipal currentUser, IEnumerable mediaKeys) + public async Task IsDeniedAsync(IUser currentUser, IEnumerable mediaKeys) { if (!mediaKeys.Any()) { @@ -26,31 +21,25 @@ internal sealed class MediaPermissionAuthorizer : IMediaPermissionAuthorizer return true; } - IUser user = _authorizationHelper.GetUmbracoUser(currentUser); - - var result = await _mediaPermissionService.AuthorizeAccessAsync(user, mediaKeys); + MediaAuthorizationStatus result = await _mediaPermissionService.AuthorizeAccessAsync(currentUser, mediaKeys); // If we can't find the media item(s) then we can't determine whether you are denied access. return result is not (MediaAuthorizationStatus.Success or MediaAuthorizationStatus.NotFound); } /// - public async Task IsDeniedAtRootLevelAsync(IPrincipal currentUser) + public async Task IsDeniedAtRootLevelAsync(IUser currentUser) { - IUser user = _authorizationHelper.GetUmbracoUser(currentUser); - - var result = await _mediaPermissionService.AuthorizeRootAccessAsync(user); + MediaAuthorizationStatus result = await _mediaPermissionService.AuthorizeRootAccessAsync(currentUser); // If we can't find the media item(s) then we can't determine whether you are denied access. return result is not (MediaAuthorizationStatus.Success or MediaAuthorizationStatus.NotFound); } /// - public async Task IsDeniedAtRecycleBinLevelAsync(IPrincipal currentUser) + public async Task IsDeniedAtRecycleBinLevelAsync(IUser currentUser) { - IUser user = _authorizationHelper.GetUmbracoUser(currentUser); - - var result = await _mediaPermissionService.AuthorizeBinAccessAsync(user); + MediaAuthorizationStatus result = await _mediaPermissionService.AuthorizeBinAccessAsync(currentUser); // If we can't find the media item(s) then we can't determine whether you are denied access. return result is not (MediaAuthorizationStatus.Success or MediaAuthorizationStatus.NotFound); diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/Media/MediaPermissionResource.cs b/src/Umbraco.Core/Security/Authorization/MediaPermissionResource.cs similarity index 87% rename from src/Umbraco.Cms.Api.Management/Security/Authorization/Media/MediaPermissionResource.cs rename to src/Umbraco.Core/Security/Authorization/MediaPermissionResource.cs index 52d93fab1b..1254076f78 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/Media/MediaPermissionResource.cs +++ b/src/Umbraco.Core/Security/Authorization/MediaPermissionResource.cs @@ -1,6 +1,6 @@ using Umbraco.Extensions; -namespace Umbraco.Cms.Api.Management.Security.Authorization.Media; +namespace Umbraco.Cms.Core.Security.Authorization; /// /// A resource used for the . @@ -31,8 +31,9 @@ public class MediaPermissionResource : IPermissionResource /// An instance of . public static MediaPermissionResource WithKeys(IEnumerable mediaKeys) { - var hasRoot = mediaKeys.Any(x => x is null); - IEnumerable keys = mediaKeys.Where(x => x.HasValue).Select(x => x!.Value); + IEnumerable mediaKeysList = mediaKeys.ToList(); + var hasRoot = mediaKeysList.Any(x => x is null); + IEnumerable keys = mediaKeysList.Where(x => x.HasValue).Select(x => x!.Value); return new MediaPermissionResource(keys, hasRoot, false); } @@ -42,21 +43,21 @@ public class MediaPermissionResource : IPermissionResource /// The keys of the medias. /// An instance of . public static MediaPermissionResource WithKeys(IEnumerable mediaKeys) => - new MediaPermissionResource(mediaKeys, false, false); + new(mediaKeys, false, false); /// /// Creates a with the root. /// /// An instance of . public static MediaPermissionResource Root() => - new MediaPermissionResource(Enumerable.Empty(), true, false); + new(Enumerable.Empty(), true, false); /// /// Creates a with the recycle bin. /// /// An instance of . public static MediaPermissionResource RecycleBin() => - new MediaPermissionResource(Enumerable.Empty(), false, true); + new(Enumerable.Empty(), false, true); private MediaPermissionResource(IEnumerable mediaKeys, bool checkRoot, bool checkRecycleBin) { diff --git a/src/Umbraco.Core/Security/Authorization/UserGroupPermissionAuthorizer.cs b/src/Umbraco.Core/Security/Authorization/UserGroupPermissionAuthorizer.cs new file mode 100644 index 0000000000..c8becee5d3 --- /dev/null +++ b/src/Umbraco.Core/Security/Authorization/UserGroupPermissionAuthorizer.cs @@ -0,0 +1,30 @@ +using Umbraco.Cms.Core.Models.Membership; +using Umbraco.Cms.Core.Services; +using Umbraco.Cms.Core.Services.AuthorizationStatus; + +namespace Umbraco.Cms.Core.Security.Authorization; + +/// +internal sealed class UserGroupPermissionAuthorizer : IUserGroupPermissionAuthorizer +{ + private readonly IUserGroupPermissionService _userGroupPermissionService; + + public UserGroupPermissionAuthorizer(IUserGroupPermissionService userGroupPermissionService) => + _userGroupPermissionService = userGroupPermissionService; + + /// + public async Task IsDeniedAsync(IUser currentUser, IEnumerable userGroupKeys) + { + var userGroupKeysList = userGroupKeys.ToList(); + if (userGroupKeysList.Count == 0) + { + // We can't deny something that is not defined + return false; + } + + UserGroupAuthorizationStatus result = + await _userGroupPermissionService.AuthorizeAccessAsync(currentUser, userGroupKeysList); + + return result is not UserGroupAuthorizationStatus.Success; + } +} diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/UserGroup/UserGroupPermissionResource.cs b/src/Umbraco.Core/Security/Authorization/UserGroupPermissionResource.cs similarity index 95% rename from src/Umbraco.Cms.Api.Management/Security/Authorization/UserGroup/UserGroupPermissionResource.cs rename to src/Umbraco.Core/Security/Authorization/UserGroupPermissionResource.cs index e8ea6ad467..69656992d0 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/UserGroup/UserGroupPermissionResource.cs +++ b/src/Umbraco.Core/Security/Authorization/UserGroupPermissionResource.cs @@ -1,6 +1,6 @@ using Umbraco.Extensions; -namespace Umbraco.Cms.Api.Management.Security.Authorization.UserGroup; +namespace Umbraco.Cms.Core.Security.Authorization; /// /// A resource used for the . diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/User/UserPermissionAuthorizer.cs b/src/Umbraco.Core/Security/Authorization/UserPermissionAuthorizer.cs similarity index 52% rename from src/Umbraco.Cms.Api.Management/Security/Authorization/User/UserPermissionAuthorizer.cs rename to src/Umbraco.Core/Security/Authorization/UserPermissionAuthorizer.cs index eca8cef4c0..513d317dc9 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/User/UserPermissionAuthorizer.cs +++ b/src/Umbraco.Core/Security/Authorization/UserPermissionAuthorizer.cs @@ -1,24 +1,19 @@ -using System.Security.Principal; using Umbraco.Cms.Core.Models.Membership; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.AuthorizationStatus; -namespace Umbraco.Cms.Api.Management.Security.Authorization.User; +namespace Umbraco.Cms.Core.Security.Authorization; /// internal sealed class UserPermissionAuthorizer : IUserPermissionAuthorizer { - private readonly IAuthorizationHelper _authorizationHelper; private readonly IUserPermissionService _userPermissionService; - public UserPermissionAuthorizer(IAuthorizationHelper authorizationHelper, IUserPermissionService userPermissionService) - { - _authorizationHelper = authorizationHelper; + public UserPermissionAuthorizer(IUserPermissionService userPermissionService) => _userPermissionService = userPermissionService; - } /// - public async Task IsDeniedAsync(IPrincipal currentUser, IEnumerable userKeys) + public async Task IsDeniedAsync(IUser currentUser, IEnumerable userKeys) { if (!userKeys.Any()) { @@ -26,9 +21,8 @@ internal sealed class UserPermissionAuthorizer : IUserPermissionAuthorizer return false; } - IUser performingUser = _authorizationHelper.GetUmbracoUser(currentUser); - UserAuthorizationStatus result = await _userPermissionService.AuthorizeAccessAsync(performingUser, userKeys); + UserAuthorizationStatus result = await _userPermissionService.AuthorizeAccessAsync(currentUser, userKeys); return result is not UserAuthorizationStatus.Success; } diff --git a/src/Umbraco.Cms.Api.Management/Security/Authorization/User/UserPermissionResource.cs b/src/Umbraco.Core/Security/Authorization/UserPermissionResource.cs similarity index 95% rename from src/Umbraco.Cms.Api.Management/Security/Authorization/User/UserPermissionResource.cs rename to src/Umbraco.Core/Security/Authorization/UserPermissionResource.cs index d004908c86..9e32810066 100644 --- a/src/Umbraco.Cms.Api.Management/Security/Authorization/User/UserPermissionResource.cs +++ b/src/Umbraco.Core/Security/Authorization/UserPermissionResource.cs @@ -1,6 +1,6 @@ using Umbraco.Extensions; -namespace Umbraco.Cms.Api.Management.Security.Authorization.User; +namespace Umbraco.Cms.Core.Security.Authorization; /// /// A resource used for the . diff --git a/src/Umbraco.Infrastructure/Services/Implement/ContentListViewService.cs b/src/Umbraco.Infrastructure/Services/Implement/ContentListViewService.cs index 20b5978057..d151b85c82 100644 --- a/src/Umbraco.Infrastructure/Services/Implement/ContentListViewService.cs +++ b/src/Umbraco.Infrastructure/Services/Implement/ContentListViewService.cs @@ -3,6 +3,7 @@ using Umbraco.Cms.Core.Actions; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Models.Membership; using Umbraco.Cms.Core.Persistence.Querying; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.AuthorizationStatus; using Umbraco.Cms.Core.Services.OperationStatus; @@ -13,20 +14,20 @@ namespace Umbraco.Cms.Infrastructure.Services.Implement; internal sealed class ContentListViewService : ContentListViewServiceBase, IContentListViewService { private readonly IContentService _contentService; - private readonly IContentPermissionService _contentPermissionService; + private readonly IContentPermissionAuthorizer _contentPermissionAuthorizer; protected override Guid DefaultListViewKey => Constants.DataTypes.Guids.ListViewContentGuid; public ContentListViewService( IContentService contentService, IContentTypeService contentTypeService, - IContentPermissionService contentPermissionService, IDataTypeService dataTypeService, - ISqlContext sqlContext) + ISqlContext sqlContext, + IContentPermissionAuthorizer contentPermissionAuthorizer) : base(contentTypeService, dataTypeService, sqlContext) { _contentService = contentService; - _contentPermissionService = contentPermissionService; + _contentPermissionAuthorizer = contentPermissionAuthorizer; } public async Task?, ContentCollectionOperationStatus>> GetListViewItemsByKeyAsync( @@ -80,19 +81,11 @@ internal sealed class ContentListViewService : ContentListViewServiceBase HasAccessToListViewItemAsync(IUser user, Guid key) { - // TODO: Consider if it is better to use IContentPermissionAuthorizer here as people will be able to apply their external authorization - ContentAuthorizationStatus accessStatus = await _contentPermissionService.AuthorizeAccessAsync( + var isDenied = await _contentPermissionAuthorizer.IsDeniedAsync( user, key, ActionBrowse.ActionLetter); - // var isAuthorized = await _contentPermissionAuthorizer.IsAuthorizedAsync( - // user, //IPrincipal - // item.Key, - // ActionBrowse.ActionLetter); - // - // return isAuthorized; - - return accessStatus == ContentAuthorizationStatus.Success; + return isDenied is false; } } diff --git a/src/Umbraco.Infrastructure/Services/Implement/MediaListViewService.cs b/src/Umbraco.Infrastructure/Services/Implement/MediaListViewService.cs index 1eadf53ce0..11025485ae 100644 --- a/src/Umbraco.Infrastructure/Services/Implement/MediaListViewService.cs +++ b/src/Umbraco.Infrastructure/Services/Implement/MediaListViewService.cs @@ -2,6 +2,7 @@ using Umbraco.Cms.Core; using Umbraco.Cms.Core.Models; using Umbraco.Cms.Core.Models.Membership; using Umbraco.Cms.Core.Persistence.Querying; +using Umbraco.Cms.Core.Security.Authorization; using Umbraco.Cms.Core.Services; using Umbraco.Cms.Core.Services.AuthorizationStatus; using Umbraco.Cms.Core.Services.OperationStatus; @@ -12,20 +13,20 @@ namespace Umbraco.Cms.Infrastructure.Services.Implement; internal sealed class MediaListViewService : ContentListViewServiceBase, IMediaListViewService { private readonly IMediaService _mediaService; - private readonly IMediaPermissionService _mediaPermissionService; + private readonly IMediaPermissionAuthorizer _mediaPermissionAuthorizer; protected override Guid DefaultListViewKey => Constants.DataTypes.Guids.ListViewMediaGuid; public MediaListViewService( IMediaService mediaService, IMediaTypeService mediaTypeService, - IMediaPermissionService mediaPermissionService, IDataTypeService dataTypeService, - ISqlContext sqlContext) + ISqlContext sqlContext, + IMediaPermissionAuthorizer mediaPermissionAuthorizer) : base(mediaTypeService, dataTypeService, sqlContext) { _mediaService = mediaService; - _mediaPermissionService = mediaPermissionService; + _mediaPermissionAuthorizer = mediaPermissionAuthorizer; } public async Task?, ContentCollectionOperationStatus>> GetListViewItemsByKeyAsync( @@ -76,17 +77,10 @@ internal sealed class MediaListViewService : ContentListViewServiceBase HasAccessToListViewItemAsync(IUser user, Guid key) { - // TODO: Consider if it is better to use IMediaPermissionAuthorizer here as people will be able to apply their external authorization - MediaAuthorizationStatus accessStatus = await _mediaPermissionService.AuthorizeAccessAsync( + var isDenied = await _mediaPermissionAuthorizer.IsDeniedAsync( user, key); - // var isAuthorized = await _mediaPermissionAuthorizer.IsAuthorizedAsync( - // user, //IPrincipal - // item.Key); - // - // return isAuthorized; - - return accessStatus == MediaAuthorizationStatus.Success; + return isDenied is false; } }