Removes UmbracoTreeAuthorizeAttribute and migrates usages to authz policies
This commit is contained in:
Shannon
@@ -36,6 +36,8 @@ using ContentType = Umbraco.Core.Models.ContentType;
|
||||
using Umbraco.Core.Configuration.Models;
|
||||
using Microsoft.Extensions.Options;
|
||||
using Umbraco.Core.Serialization;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Umbraco.Web.BackOffice.Authorization;
|
||||
|
||||
namespace Umbraco.Web.BackOffice.Controllers
|
||||
{
|
||||
@@ -48,7 +50,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// An API controller used for dealing with content types
|
||||
/// </summary>
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
[UmbracoTreeAuthorize(Constants.Trees.DocumentTypes)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessDocumentTypes)]
|
||||
public class ContentTypeController : ContentTypeControllerBase<IContentType>
|
||||
{
|
||||
private readonly IEntityXmlSerializer _serializer;
|
||||
@@ -136,7 +138,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
}
|
||||
|
||||
[HttpGet]
|
||||
[UmbracoTreeAuthorize(Constants.Trees.DocumentTypes)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessDocumentTypes)]
|
||||
public bool HasContentNodes(int id)
|
||||
{
|
||||
return _contentTypeService.HasContentNodes(id);
|
||||
@@ -223,10 +225,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// Gets all user defined properties.
|
||||
/// </summary>
|
||||
/// <returns></returns>
|
||||
[UmbracoTreeAuthorize(
|
||||
Constants.Trees.DocumentTypes, Constants.Trees.Content,
|
||||
Constants.Trees.MediaTypes, Constants.Trees.Media,
|
||||
Constants.Trees.MemberTypes, Constants.Trees.Members)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessAnyContentOrTypes)]
|
||||
public IEnumerable<string> GetAllPropertyTypeAliases()
|
||||
{
|
||||
return _contentTypeService.GetAllPropertyTypeAliases();
|
||||
@@ -236,10 +235,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// Gets all the standard fields.
|
||||
/// </summary>
|
||||
/// <returns></returns>
|
||||
[UmbracoTreeAuthorize(
|
||||
Constants.Trees.DocumentTypes, Constants.Trees.Content,
|
||||
Constants.Trees.MediaTypes, Constants.Trees.Media,
|
||||
Constants.Trees.MemberTypes, Constants.Trees.Members)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessAnyContentOrTypes)]
|
||||
public IEnumerable<string> GetAllStandardFields()
|
||||
{
|
||||
string[] preValuesSource = { "createDate", "creatorName", "level", "nodeType", "nodeTypeAlias", "pageID", "pageName", "parentID", "path", "template", "updateDate", "writerID", "writerName" };
|
||||
@@ -280,10 +276,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
return Ok(result);
|
||||
}
|
||||
|
||||
[UmbracoTreeAuthorize(
|
||||
Constants.Trees.DocumentTypes, Constants.Trees.Content,
|
||||
Constants.Trees.MediaTypes, Constants.Trees.Media,
|
||||
Constants.Trees.MemberTypes, Constants.Trees.Members)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessAnyContentOrTypes)]
|
||||
public ContentPropertyDisplay GetPropertyTypeScaffold(int id)
|
||||
{
|
||||
var dataTypeDiff = _dataTypeService.GetDataType(id);
|
||||
@@ -523,7 +516,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// Returns the allowed child content type objects for the content item id passed in
|
||||
/// </summary>
|
||||
/// <param name="contentId"></param>
|
||||
[UmbracoTreeAuthorize(Constants.Trees.DocumentTypes, Constants.Trees.Content)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessDocumentsOrDocumentTypes)]
|
||||
public IEnumerable<ContentTypeBasic> GetAllowedChildren(int contentId)
|
||||
{
|
||||
if (contentId == Constants.System.RecycleBinContent)
|
||||
|
||||
@@ -5,6 +5,7 @@ using System.Linq;
|
||||
using System.Net;
|
||||
using System.Net.Mime;
|
||||
using System.Text;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.Extensions.Options;
|
||||
using Umbraco.Core;
|
||||
@@ -14,6 +15,7 @@ using Umbraco.Core.Models;
|
||||
using Umbraco.Core.PropertyEditors;
|
||||
using Umbraco.Core.Serialization;
|
||||
using Umbraco.Core.Services;
|
||||
using Umbraco.Web.BackOffice.Authorization;
|
||||
using Umbraco.Web.BackOffice.Filters;
|
||||
using Umbraco.Web.Common.Attributes;
|
||||
using Umbraco.Web.Common.Exceptions;
|
||||
@@ -31,7 +33,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// Content Types, Member Types or Media Types ... and of course to Data Types
|
||||
/// </remarks>
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
[UmbracoTreeAuthorize(Constants.Trees.DataTypes, Constants.Trees.DocumentTypes, Constants.Trees.MediaTypes, Constants.Trees.MemberTypes)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessDocumentsOrDocumentTypes)]
|
||||
public class DataTypeController : BackOfficeNotificationsController
|
||||
{
|
||||
private readonly PropertyEditorCollection _propertyEditors;
|
||||
@@ -414,7 +416,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <remarks>
|
||||
/// Permission is granted to this method if the user has access to any of these sections: Content, media, settings, developer, members
|
||||
/// </remarks>
|
||||
[UmbracoApplicationAuthorizeAttribute(Constants.Applications.Content, Constants.Applications.Media, Constants.Applications.Members,
|
||||
[UmbracoApplicationAuthorize(Constants.Applications.Content, Constants.Applications.Media, Constants.Applications.Members,
|
||||
Constants.Applications.Settings, Constants.Applications.Packages)]
|
||||
public IEnumerable<DataTypeBasic> GetAll()
|
||||
{
|
||||
@@ -430,7 +432,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <remarks>
|
||||
/// Permission is granted to this method if the user has access to any of these sections: Content, media, settings, developer, members
|
||||
/// </remarks>
|
||||
[UmbracoTreeAuthorize(Constants.Applications.Content, Constants.Applications.Media, Constants.Applications.Members,
|
||||
[UmbracoApplicationAuthorize(Constants.Applications.Content, Constants.Applications.Media, Constants.Applications.Members,
|
||||
Constants.Applications.Settings, Constants.Applications.Packages)]
|
||||
public IDictionary<string, IEnumerable<DataTypeBasic>> GetGroupedDataTypes()
|
||||
{
|
||||
@@ -462,9 +464,8 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <remarks>
|
||||
/// Permission is granted to this method if the user has access to any of these sections: Content, media, settings, developer, members
|
||||
/// </remarks>
|
||||
[UmbracoTreeAuthorize(Constants.Applications.Content, Constants.Applications.Media, Constants.Applications.Members,
|
||||
[UmbracoApplicationAuthorize(Constants.Applications.Content, Constants.Applications.Media, Constants.Applications.Members,
|
||||
Constants.Applications.Settings, Constants.Applications.Packages)]
|
||||
|
||||
public IDictionary<string, IEnumerable<DataTypeBasic>> GetGroupedPropertyEditors()
|
||||
{
|
||||
var datatypes = new List<DataTypeBasic>();
|
||||
@@ -495,9 +496,8 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <remarks>
|
||||
/// Permission is granted to this method if the user has access to any of these sections: Content, media, settings, developer, members
|
||||
/// </remarks>
|
||||
[UmbracoTreeAuthorize(Constants.Applications.Content, Constants.Applications.Media, Constants.Applications.Members,
|
||||
[UmbracoApplicationAuthorize(Constants.Applications.Content, Constants.Applications.Media, Constants.Applications.Members,
|
||||
Constants.Applications.Settings, Constants.Applications.Packages)]
|
||||
|
||||
public IEnumerable<PropertyEditorBasic> GetAllPropertyEditors()
|
||||
{
|
||||
return _propertyEditorCollection
|
||||
|
||||
@@ -18,6 +18,8 @@ using Umbraco.Web.Security;
|
||||
using Constants = Umbraco.Core.Constants;
|
||||
using Umbraco.Core.Configuration.Models;
|
||||
using Microsoft.Extensions.Options;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Umbraco.Web.BackOffice.Authorization;
|
||||
|
||||
namespace Umbraco.Web.BackOffice.Controllers
|
||||
{
|
||||
@@ -30,7 +32,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// Dictionary
|
||||
/// </remarks>
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
[UmbracoTreeAuthorize(Constants.Trees.Dictionary)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessDictionary)]
|
||||
public class DictionaryController : BackOfficeNotificationsController
|
||||
{
|
||||
private readonly ILogger<DictionaryController> _logger;
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Globalization;
|
||||
using System.Linq;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Microsoft.Extensions.Options;
|
||||
using Umbraco.Core;
|
||||
@@ -10,6 +11,7 @@ using Umbraco.Core.Configuration.Models;
|
||||
using Umbraco.Core.Mapping;
|
||||
using Umbraco.Core.Models;
|
||||
using Umbraco.Core.Services;
|
||||
using Umbraco.Web.BackOffice.Authorization;
|
||||
using Umbraco.Web.BackOffice.Filters;
|
||||
using Umbraco.Web.Common.Attributes;
|
||||
using Umbraco.Web.Common.Exceptions;
|
||||
@@ -80,7 +82,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <summary>
|
||||
/// Deletes a language with a given ID
|
||||
/// </summary>
|
||||
[UmbracoTreeAuthorize(Constants.Trees.Languages)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessLanguages)]
|
||||
[HttpDelete]
|
||||
[HttpPost]
|
||||
public IActionResult DeleteLanguage(int id)
|
||||
@@ -109,7 +111,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <summary>
|
||||
/// Creates or saves a language
|
||||
/// </summary>
|
||||
[UmbracoTreeAuthorize(Constants.Trees.Languages)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessLanguages)]
|
||||
[HttpPost]
|
||||
public Language SaveLanguage(Language language)
|
||||
{
|
||||
|
||||
@@ -19,6 +19,8 @@ using Umbraco.Web.Security;
|
||||
using Umbraco.Core;
|
||||
using Umbraco.Core.Mapping;
|
||||
using Umbraco.Core.Security;
|
||||
using Umbraco.Web.BackOffice.Authorization;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
|
||||
namespace Umbraco.Web.BackOffice.Controllers
|
||||
{
|
||||
@@ -27,7 +29,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// The API controller used for editing dictionary items
|
||||
/// </summary>
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
[UmbracoTreeAuthorize(Constants.Trees.Macros)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessMacros)]
|
||||
public class MacrosController : BackOfficeNotificationsController
|
||||
{
|
||||
private readonly ParameterEditorCollection _parameterEditorCollection;
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Net;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Umbraco.Core;
|
||||
using Umbraco.Core.Dictionary;
|
||||
@@ -10,6 +11,7 @@ using Umbraco.Core.Models;
|
||||
using Umbraco.Core.Security;
|
||||
using Umbraco.Core.Services;
|
||||
using Umbraco.Core.Strings;
|
||||
using Umbraco.Web.BackOffice.Authorization;
|
||||
using Umbraco.Web.BackOffice.Filters;
|
||||
using Umbraco.Web.Common.Attributes;
|
||||
using Umbraco.Web.Common.Exceptions;
|
||||
@@ -27,7 +29,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// An API controller used for dealing with content types
|
||||
/// </summary>
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
[UmbracoTreeAuthorize(Constants.Trees.MediaTypes)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessMediaTypes)]
|
||||
public class MediaTypeController : ContentTypeControllerBase<IMediaType>
|
||||
{
|
||||
private readonly IContentTypeService _contentTypeService;
|
||||
@@ -78,7 +80,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <param name="id"></param>
|
||||
/// <returns></returns>
|
||||
[DetermineAmbiguousActionByPassingParameters]
|
||||
[UmbracoTreeAuthorize(Constants.Trees.MediaTypes, Constants.Trees.Media)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessMediaOrMediaTypes)]
|
||||
public MediaTypeDisplay GetById(int id)
|
||||
{
|
||||
var ct = _mediaTypeService.Get(id);
|
||||
@@ -97,7 +99,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <param name="id"></param>
|
||||
/// <returns></returns>
|
||||
[DetermineAmbiguousActionByPassingParameters]
|
||||
[UmbracoTreeAuthorize(Constants.Trees.MediaTypes, Constants.Trees.Media)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessMediaOrMediaTypes)]
|
||||
public MediaTypeDisplay GetById(Guid id)
|
||||
{
|
||||
var mediaType = _mediaTypeService.Get(id);
|
||||
@@ -116,7 +118,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <param name="id"></param>
|
||||
/// <returns></returns>
|
||||
[DetermineAmbiguousActionByPassingParameters]
|
||||
[UmbracoTreeAuthorize(Constants.Trees.MediaTypes, Constants.Trees.Media)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessMediaOrMediaTypes)]
|
||||
public MediaTypeDisplay GetById(Udi id)
|
||||
{
|
||||
var guidUdi = id as GuidUdi;
|
||||
@@ -314,7 +316,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// Returns the allowed child content type objects for the content item id passed in - based on an INT id
|
||||
/// </summary>
|
||||
/// <param name="contentId"></param>
|
||||
[UmbracoTreeAuthorize(Constants.Trees.MediaTypes, Constants.Trees.Media)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessMediaOrMediaTypes)]
|
||||
[DetermineAmbiguousActionByPassingParameters]
|
||||
public IEnumerable<ContentTypeBasic> GetAllowedChildren(int contentId)
|
||||
{
|
||||
@@ -361,7 +363,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// Returns the allowed child content type objects for the content item id passed in - based on a GUID id
|
||||
/// </summary>
|
||||
/// <param name="contentId"></param>
|
||||
[UmbracoTreeAuthorize(Constants.Trees.MediaTypes, Constants.Trees.Media)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessMediaOrMediaTypes)]
|
||||
[DetermineAmbiguousActionByPassingParameters]
|
||||
public IEnumerable<ContentTypeBasic> GetAllowedChildren(Guid contentId)
|
||||
{
|
||||
@@ -378,7 +380,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// Returns the allowed child content type objects for the content item id passed in - based on a UDI id
|
||||
/// </summary>
|
||||
/// <param name="contentId"></param>
|
||||
[UmbracoTreeAuthorize(Constants.Trees.MediaTypes, Constants.Trees.Media)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessMediaOrMediaTypes)]
|
||||
[DetermineAmbiguousActionByPassingParameters]
|
||||
public IEnumerable<ContentTypeBasic> GetAllowedChildren(Udi contentId)
|
||||
{
|
||||
|
||||
@@ -2,11 +2,13 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Net;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Umbraco.Core;
|
||||
using Umbraco.Core.Mapping;
|
||||
using Umbraco.Core.Models;
|
||||
using Umbraco.Core.Services;
|
||||
using Umbraco.Web.BackOffice.Authorization;
|
||||
using Umbraco.Web.BackOffice.Filters;
|
||||
using Umbraco.Web.Common.Attributes;
|
||||
using Umbraco.Web.Common.Exceptions;
|
||||
@@ -19,7 +21,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// An API controller used for dealing with member groups
|
||||
/// </summary>
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
[UmbracoTreeAuthorize(Constants.Trees.MemberGroups)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessMemberGroups)]
|
||||
public class MemberGroupController : UmbracoAuthorizedJsonController
|
||||
{
|
||||
private readonly IMemberGroupService _memberGroupService;
|
||||
|
||||
@@ -24,6 +24,8 @@ using Umbraco.Web.Common.Exceptions;
|
||||
using Umbraco.Web.Editors;
|
||||
using Umbraco.Web.Routing;
|
||||
using Umbraco.Web.Security;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Umbraco.Web.BackOffice.Authorization;
|
||||
|
||||
namespace Umbraco.Web.BackOffice.Controllers
|
||||
{
|
||||
@@ -31,7 +33,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// An API controller used for dealing with member types
|
||||
/// </summary>
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
[UmbracoTreeAuthorize(new string[] { Constants.Trees.MemberTypes, Constants.Trees.Members})]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessMemberTypes)]
|
||||
public class MemberTypeController : ContentTypeControllerBase<IMemberType>
|
||||
{
|
||||
private readonly IMemberTypeService _memberTypeService;
|
||||
@@ -71,7 +73,6 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// </summary>
|
||||
/// <param name="id"></param>
|
||||
/// <returns></returns>
|
||||
[UmbracoTreeAuthorize(Constants.Trees.MemberTypes)]
|
||||
[DetermineAmbiguousActionByPassingParameters]
|
||||
public MemberTypeDisplay GetById(int id)
|
||||
{
|
||||
@@ -90,7 +91,6 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// </summary>
|
||||
/// <param name="id"></param>
|
||||
/// <returns></returns>
|
||||
[UmbracoTreeAuthorize(Constants.Trees.MemberTypes)]
|
||||
[DetermineAmbiguousActionByPassingParameters]
|
||||
public MemberTypeDisplay GetById(Guid id)
|
||||
{
|
||||
@@ -109,7 +109,6 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// </summary>
|
||||
/// <param name="id"></param>
|
||||
/// <returns></returns>
|
||||
[UmbracoTreeAuthorize(Constants.Trees.MemberTypes)]
|
||||
[DetermineAmbiguousActionByPassingParameters]
|
||||
public MemberTypeDisplay GetById(Udi id)
|
||||
{
|
||||
@@ -134,7 +133,6 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <returns></returns>
|
||||
[HttpDelete]
|
||||
[HttpPost]
|
||||
[UmbracoTreeAuthorize(Constants.Trees.MemberTypes)]
|
||||
public IActionResult DeleteById(int id)
|
||||
{
|
||||
var foundType = _memberTypeService.Get(id);
|
||||
@@ -161,8 +159,6 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// be looked up via the db, they need to be passed in.
|
||||
/// </param>
|
||||
/// <returns></returns>
|
||||
|
||||
[UmbracoTreeAuthorize(Constants.Trees.MemberTypes)]
|
||||
public IActionResult GetAvailableCompositeMemberTypes(int contentTypeId,
|
||||
[FromQuery]string[] filterContentTypes,
|
||||
[FromQuery]string[] filterPropertyTypes)
|
||||
@@ -176,7 +172,6 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
return Ok(result);
|
||||
}
|
||||
|
||||
[UmbracoTreeAuthorize(Constants.Trees.MemberTypes)]
|
||||
public MemberTypeDisplay GetEmpty()
|
||||
{
|
||||
var ct = new MemberType(_shortStringHelper, -1);
|
||||
@@ -190,13 +185,13 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// <summary>
|
||||
/// Returns all member types
|
||||
/// </summary>
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessMembersOrMemberTypes)]
|
||||
public IEnumerable<ContentTypeBasic> GetAllTypes()
|
||||
{
|
||||
return _memberTypeService.GetAll()
|
||||
.Select(_umbracoMapper.Map<IMemberType, ContentTypeBasic>);
|
||||
}
|
||||
|
||||
[UmbracoTreeAuthorize(Constants.Trees.MemberTypes)]
|
||||
public ActionResult<MemberTypeDisplay> PostSave(MemberTypeSave contentTypeSave)
|
||||
{
|
||||
//get the persisted member type
|
||||
|
||||
@@ -15,6 +15,8 @@ using Umbraco.Core.Mapping;
|
||||
using Umbraco.Web.BackOffice.Filters;
|
||||
using Umbraco.Web.Common.Attributes;
|
||||
using Umbraco.Web.Common.Exceptions;
|
||||
using Umbraco.Web.BackOffice.Authorization;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
|
||||
namespace Umbraco.Web.BackOffice.Controllers
|
||||
{
|
||||
@@ -22,7 +24,7 @@ namespace Umbraco.Web.BackOffice.Controllers
|
||||
/// The API controller for editing relation types.
|
||||
/// </summary>
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
[UmbracoTreeAuthorize(Constants.Trees.RelationTypes)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessRelationTypes)]
|
||||
public class RelationTypeController : BackOfficeNotificationsController
|
||||
{
|
||||
private readonly ILogger<RelationTypeController> _logger;
|
||||
|
||||
@@ -2,6 +2,7 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using System.Net;
|
||||
using Microsoft.AspNetCore.Authorization;
|
||||
using Microsoft.AspNetCore.Mvc;
|
||||
using Umbraco.Core;
|
||||
using Umbraco.Core.IO;
|
||||
@@ -9,6 +10,7 @@ using Umbraco.Core.Mapping;
|
||||
using Umbraco.Core.Models;
|
||||
using Umbraco.Core.Services;
|
||||
using Umbraco.Core.Strings;
|
||||
using Umbraco.Web.BackOffice.Authorization;
|
||||
using Umbraco.Web.BackOffice.Filters;
|
||||
using Umbraco.Web.Common.Attributes;
|
||||
using Umbraco.Web.Common.Exceptions;
|
||||
@@ -18,7 +20,7 @@ using Constants = Umbraco.Core.Constants;
|
||||
namespace Umbraco.Web.BackOffice.Controllers
|
||||
{
|
||||
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
|
||||
[UmbracoTreeAuthorize(Constants.Trees.Templates)]
|
||||
[Authorize(Policy = AuthorizationPolicies.TreeAccessTemplates)]
|
||||
public class TemplateController : BackOfficeNotificationsController
|
||||
{
|
||||
private readonly IFileService _fileService;
|
||||
|
||||
Reference in New Issue
Block a user