yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes: U4-5891

Browse Source
This commit is contained in:
Shannon
2014-11-27 17:57:33 +11:00
parent de7900cd2e
commit dc27368397
3 changed files with 31 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Umbraco.Web/Trees/LegacyTreeController.cs
View File

@@ -19,7 +19,7 @@ namespace Umbraco.Web.Trees
/// This is used to output JSON from legacy trees
/// </summary>
[PluginController("UmbracoTrees")]
//public class LegacyTreeController : UmbracoAuthorizedApiController
[LegacyTreeAuthorizeAttribute]
public class LegacyTreeController : TreeControllerBase
{
private readonly XmlTreeNode _xmlTreeNode;

3
src/Umbraco.Web/Umbraco.Web.csproj
View File

@@ -552,6 +552,7 @@
<Compile Include="WebApi\Filters\ClearAngularAntiForgeryTokenAttribute.cs" />
<Compile Include="WebApi\Filters\DisableBrowserCacheAttribute.cs" />
<Compile Include="WebApi\Filters\FilterGrouping.cs" />
<Compile Include="WebApi\Filters\LegacyTreeAuthorizeAttribute.cs" />
<Compile Include="WebApi\Filters\OutgoingNoHyphenGuidFormatAttribute.cs" />
<Compile Include="WebApi\Filters\SetAngularAntiForgeryTokensAttribute.cs" />
<Compile Include="WebApi\Filters\UmbracoBackOfficeLogoutAttribute.cs" />
@@ -2158,4 +2159,4 @@
<!--<PostBuildEvent>xcopy "$(ProjectDir)..\..\lib\*.dll" "$(TargetDir)*.dll" /Y</PostBuildEvent>-->
</PropertyGroup>
<Import Project="$(SolutionDir)\.nuget\nuget.targets" />
</Project>
</Project>

28
src/Umbraco.Web/WebApi/Filters/LegacyTreeAuthorizeAttribute.cs Normal file
View File

@@ -0,0 +1,28 @@
using System.Web.Http;
using System.Web.Http.Controllers;
using Umbraco.Core;
namespace Umbraco.Web.WebApi.Filters
{
internal class LegacyTreeAuthorizeAttribute : AuthorizeAttribute
{
protected override bool IsAuthorized(HttpActionContext actionContext)
{
var httpContext = actionContext.Request.TryGetHttpContext();
if (httpContext)
{
var treeRequest = httpContext.Result.Request.QueryString["treeType"];
if (treeRequest.IsNullOrWhiteSpace()) return false;
var tree = ApplicationContext.Current.Services.ApplicationTreeService.GetByAlias(treeRequest);
if (tree == null) return false;
return UmbracoContext.Current.Security.CurrentUser != null
&& UmbracoContext.Current.Security.UserHasAppAccess(tree.ApplicationAlias, UmbracoContext.Current.Security.CurrentUser);
}
return false;
}
}
}