diff --git a/src/Umbraco.Web.UI/umbraco/js/umbracoUpgradeChecker.js b/src/Umbraco.Web.UI/umbraco/js/umbracoUpgradeChecker.js index 8d962b457a..687cdd20c1 100644 --- a/src/Umbraco.Web.UI/umbraco/js/umbracoUpgradeChecker.js +++ b/src/Umbraco.Web.UI/umbraco/js/umbracoUpgradeChecker.js @@ -1,14 +1,15 @@ function umbracoCheckUpgrade(result) { - if (result.UpgradeType.toLowerCase() != 'none') { - if (UmbSpeechBubble == null) { - InitUmbracoSpeechBubble(); + if (result) { + if (result.UpgradeType.toLowerCase() != 'none') { + if (UmbSpeechBubble == null) { + InitUmbracoSpeechBubble(); + } + var icon = 'info'; + if (result.UpgradeType.toLowerCase() == 'critical') { + icon = 'error'; + } + + UmbSpeechBubble.ShowMessage(icon, 'Upgrade Available!', '' + result.UpgradeComment + '', true); } - var icon = 'info'; - if (result.UpgradeType.toLowerCase() == 'critical') { - icon = 'error'; - } - - UmbSpeechBubble.ShowMessage(icon, 'Upgrade Available!', '' + result.UpgradeComment + '', true); } - } \ No newline at end of file diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj index b083e0b61b..7e681679bd 100644 --- a/src/Umbraco.Web/Umbraco.Web.csproj +++ b/src/Umbraco.Web/Umbraco.Web.csproj @@ -561,6 +561,9 @@ ASPXCodeBehind + + ASPXCodeBehind + @@ -1476,13 +1479,6 @@ EditNodeTypeNew.aspx - - ShowUmbracoTags.aspx - ASPXCodeBehind - - - ShowUmbracoTags.aspx - editScript.aspx ASPXCodeBehind @@ -1781,7 +1777,15 @@ + + + Component + + + + Component + @@ -1963,9 +1967,6 @@ ASPXCodeBehind - - ASPXCodeBehind - ASPXCodeBehind diff --git a/src/Umbraco.Web/WebServices/UmbracoAuthorizedHttpHandler.cs b/src/Umbraco.Web/WebServices/UmbracoAuthorizedHttpHandler.cs new file mode 100644 index 0000000000..4524f1e47c --- /dev/null +++ b/src/Umbraco.Web/WebServices/UmbracoAuthorizedHttpHandler.cs @@ -0,0 +1,153 @@ +using System; +using System.Linq; +using System.Web; +using System.Web.Security; +using Umbraco.Core; +using umbraco; +using umbraco.BasePages; +using umbraco.BusinessLogic; +using umbraco.businesslogic.Exceptions; + +namespace Umbraco.Web.WebServices +{ + public abstract class UmbracoAuthorizedHttpHandler : UmbracoHttpHandler + { + protected UmbracoAuthorizedHttpHandler() + : base() + { + } + + protected UmbracoAuthorizedHttpHandler(UmbracoContext umbracoContext) + : base(umbracoContext) + { + } + + //IMPORTANT NOTE: !! All of these security bits and pieces have been moved in to one centralized class + // in 6.1 called WebSecurity. All this logic is all here temporarily! + + private User _user; + private readonly InnerPage _page = new InnerPage(); + + /// + /// Checks if the umbraco context id is valid + /// + /// + /// + protected bool ValidateUserContextId(string currentUmbracoUserContextId) + { + return BasePage.ValidateUserContextID(currentUmbracoUserContextId); + } + + /// + /// Checks if the username/password credentials are valid + /// + /// + /// + /// + protected bool ValidateCredentials(string username, string password) + { + return Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].ValidateUser(username, password); + } + + /// + /// Validates the user for access to a certain application + /// + /// The application alias. + /// true if an exception should be thrown if authorization fails + /// + protected bool AuthorizeRequest(string app, bool throwExceptions = false) + { + //ensure we have a valid user first! + if (!AuthorizeRequest(throwExceptions)) return false; + + //if it is empty, don't validate + if (app.IsNullOrWhiteSpace()) + { + return true; + } + var hasAccess = UserHasAppAccess(app, UmbracoUser); + if (!hasAccess && throwExceptions) + throw new UserAuthorizationException("The user does not have access to the required application"); + return hasAccess; + } + + /// + /// Checks if the specified user as access to the app + /// + /// + /// + /// + protected bool UserHasAppAccess(string app, User user) + { + return user.Applications.Any(uApp => uApp.alias == app); + } + + /// + /// Checks if the specified user by username as access to the app + /// + /// + /// + /// + protected bool UserHasAppAccess(string app, string username) + { + var uid = global::umbraco.BusinessLogic.User.getUserId(username); + if (uid < 0) return false; + var usr = global::umbraco.BusinessLogic.User.GetUser(uid); + if (usr == null) return false; + return UserHasAppAccess(app, usr); + } + + /// + /// Returns true if there is a valid logged in user and that ssl is enabled if required + /// + /// true if an exception should be thrown if authorization fails + /// + protected bool AuthorizeRequest(bool throwExceptions = false) + { + // check for secure connection + if (GlobalSettings.UseSSL && !HttpContext.Current.Request.IsSecureConnection) + { + if (throwExceptions) + throw new UserAuthorizationException("This installation requires a secure connection (via SSL). Please update the URL to include https://"); + return false; + } + + try + { + return UmbracoUser != null; + } + catch (ArgumentException) + { + if (throwExceptions) throw; + //an exception will occur if the user is not valid inside of _page.getUser(); + return false; + } + catch (InvalidOperationException) + { + if (throwExceptions) throw; + //an exception will occur if the user is not valid inside of _page.getUser(); + return false; + } + } + + /// + /// Returns the current user + /// + protected User UmbracoUser + { + get + { + return _user ?? (_user = _page.getUser()); + } + } + + /// + /// Used to validate, thie is temporary, in 6.1 we have the WebSecurity class which does all + /// authorization stuff for us. + /// + private class InnerPage : BasePage + { + + } + } +} \ No newline at end of file diff --git a/src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs b/src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs new file mode 100644 index 0000000000..ac55ebecbc --- /dev/null +++ b/src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs @@ -0,0 +1,159 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; +using System.Web; +using System.Web.Security; +using Umbraco.Core.Configuration; +using umbraco.BasePages; +using umbraco.BusinessLogic; +using Umbraco.Core; +using umbraco.businesslogic.Exceptions; + +namespace Umbraco.Web.WebServices +{ + /// + /// An abstract web service class that has the methods and properties to correct validate an Umbraco user + /// + public abstract class UmbracoAuthorizedWebService : UmbracoWebService + { + protected UmbracoAuthorizedWebService() + : base() + { + } + + protected UmbracoAuthorizedWebService(UmbracoContext umbracoContext) + : base(umbracoContext) + { + } + + //IMPORTANT NOTE: !! All of these security bits and pieces have been moved in to one centralized class + // in 6.1 called WebSecurity. All this logic is all here temporarily! + + private User _user; + private readonly InnerPage _page = new InnerPage(); + + /// + /// Checks if the umbraco context id is valid + /// + /// + /// + protected bool ValidateUserContextId(string currentUmbracoUserContextId) + { + return BasePage.ValidateUserContextID(currentUmbracoUserContextId); + } + + /// + /// Checks if the username/password credentials are valid + /// + /// + /// + /// + protected bool ValidateCredentials(string username, string password) + { + return Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].ValidateUser(username, password); + } + + /// + /// Validates the user for access to a certain application + /// + /// The application alias. + /// true if an exception should be thrown if authorization fails + /// + protected bool AuthorizeRequest(string app, bool throwExceptions = false) + { + //ensure we have a valid user first! + if (!AuthorizeRequest(throwExceptions)) return false; + + //if it is empty, don't validate + if (app.IsNullOrWhiteSpace()) + { + return true; + } + var hasAccess = UserHasAppAccess(app, UmbracoUser); + if (!hasAccess && throwExceptions) + throw new UserAuthorizationException("The user does not have access to the required application"); + return hasAccess; + } + + /// + /// Checks if the specified user as access to the app + /// + /// + /// + /// + protected bool UserHasAppAccess(string app, User user) + { + return user.Applications.Any(uApp => uApp.alias == app); + } + + /// + /// Checks if the specified user by username as access to the app + /// + /// + /// + /// + protected bool UserHasAppAccess(string app, string username) + { + var uid = global::umbraco.BusinessLogic.User.getUserId(username); + if (uid < 0) return false; + var usr = global::umbraco.BusinessLogic.User.GetUser(uid); + if (usr == null) return false; + return UserHasAppAccess(app, usr); + } + + /// + /// Returns true if there is a valid logged in user and that ssl is enabled if required + /// + /// true if an exception should be thrown if authorization fails + /// + protected bool AuthorizeRequest(bool throwExceptions = false) + { + // check for secure connection + if (GlobalSettings.UseSSL && !HttpContext.Current.Request.IsSecureConnection) + { + if (throwExceptions) + throw new UserAuthorizationException("This installation requires a secure connection (via SSL). Please update the URL to include https://"); + return false; + } + + try + { + return UmbracoUser != null; + } + catch (ArgumentException) + { + if (throwExceptions) throw; + //an exception will occur if the user is not valid inside of _page.getUser(); + return false; + } + catch (InvalidOperationException) + { + if (throwExceptions) throw; + //an exception will occur if the user is not valid inside of _page.getUser(); + return false; + } + } + + /// + /// Returns the current user + /// + protected User UmbracoUser + { + get + { + return _user ?? (_user = _page.getUser()); + } + } + + /// + /// Used to validate, thie is temporary, in 6.1 we have the WebSecurity class which does all + /// authorization stuff for us. + /// + private class InnerPage : BasePage + { + + } + + } +} diff --git a/src/Umbraco.Web/WebServices/UmbracoHttpHandler.cs b/src/Umbraco.Web/WebServices/UmbracoHttpHandler.cs new file mode 100644 index 0000000000..28e7619b04 --- /dev/null +++ b/src/Umbraco.Web/WebServices/UmbracoHttpHandler.cs @@ -0,0 +1,74 @@ +using System; +using System.Web; +using System.Web.Mvc; +using System.Web.Routing; +using Umbraco.Core; + +namespace Umbraco.Web.WebServices +{ + public abstract class UmbracoHttpHandler : IHttpHandler + { + public abstract void ProcessRequest(HttpContext context); + public abstract bool IsReusable { get; } + + protected UmbracoHttpHandler() + : this(UmbracoContext.Current) + { + + } + + protected UmbracoHttpHandler(UmbracoContext umbracoContext) + { + if (umbracoContext == null) throw new ArgumentNullException("umbracoContext"); + UmbracoContext = umbracoContext; + Umbraco = new UmbracoHelper(umbracoContext); + } + + /// + /// Returns the current ApplicationContext + /// + public ApplicationContext ApplicationContext + { + get { return UmbracoContext.Application; } + } + + /// + /// Returns the current UmbracoContext + /// + public UmbracoContext UmbracoContext { get; private set; } + + /// + /// Returns an UmbracoHelper object + /// + public UmbracoHelper Umbraco { get; private set; } + + private UrlHelper _url; + + /// + /// Returns a UrlHelper + /// + /// + /// This URL helper is created without any route data and an empty request context + /// + public UrlHelper Url + { + get { return _url ?? (_url = new UrlHelper(new RequestContext(new HttpContextWrapper(HttpContext.Current), new RouteData()))); } + } + + ///// + ///// Returns a ServiceContext + ///// + //public ServiceContext Services + //{ + // get { return ApplicationContext.Services; } + //} + + ///// + ///// Returns a DatabaseContext + ///// + //public DatabaseContext DatabaseContext + //{ + // get { return ApplicationContext.DatabaseContext; } + //} + } +} \ No newline at end of file diff --git a/src/Umbraco.Web/WebServices/UmbracoWebService.cs b/src/Umbraco.Web/WebServices/UmbracoWebService.cs new file mode 100644 index 0000000000..1e7ac345cd --- /dev/null +++ b/src/Umbraco.Web/WebServices/UmbracoWebService.cs @@ -0,0 +1,75 @@ +using System; +using System.Web; +using System.Web.Mvc; +using System.Web.Routing; +using System.Web.Services; +using Umbraco.Core; + +namespace Umbraco.Web.WebServices +{ + /// + /// An abstract web service class exposing common umbraco objects + /// + public abstract class UmbracoWebService : WebService + { + protected UmbracoWebService() + : this(UmbracoContext.Current) + { + + } + + protected UmbracoWebService(UmbracoContext umbracoContext) + { + if (umbracoContext == null) throw new ArgumentNullException("umbracoContext"); + UmbracoContext = umbracoContext; + Umbraco = new UmbracoHelper(umbracoContext); + } + + /// + /// Returns the current ApplicationContext + /// + public ApplicationContext ApplicationContext + { + get { return UmbracoContext.Application; } + } + + /// + /// Returns the current UmbracoContext + /// + public UmbracoContext UmbracoContext { get; private set; } + + /// + /// Returns an UmbracoHelper object + /// + public UmbracoHelper Umbraco { get; private set; } + + private UrlHelper _url; + + /// + /// Returns a UrlHelper + /// + /// + /// This URL helper is created without any route data and an empty request context + /// + public UrlHelper Url + { + get { return _url ?? (_url = new UrlHelper(new RequestContext(new HttpContextWrapper(Context), new RouteData()))); } + } + + ///// + ///// Returns a ServiceContext + ///// + //public ServiceContext Services + //{ + // get { return ApplicationContext.Services; } + //} + + ///// + ///// Returns a DatabaseContext + ///// + //public DatabaseContext DatabaseContext + //{ + // get { return ApplicationContext.DatabaseContext; } + //} + } +} \ No newline at end of file diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Packages/StarterKits.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Packages/StarterKits.aspx.cs index 1417a79d67..3d85864ffe 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Packages/StarterKits.aspx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Packages/StarterKits.aspx.cs @@ -4,27 +4,33 @@ using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; +using Umbraco.Core.IO; using umbraco.BasePages; -using umbraco.IO; +using umbraco.BusinessLogic; namespace umbraco.presentation.umbraco.developer.Packages { [Obsolete("This class is no longer used and will be removed in future version. The page that supercedes this is Umbraco.Web.UI.Umbraco.Developer.Packages.StarterKits")] public partial class StarterKits : UmbracoEnsuredPage { + public StarterKits() + { + CurrentApp = DefaultApps.developer.ToString(); + } + protected void Page_Load(object sender, EventArgs e) { if (!cms.businesslogic.skinning.Skinning.IsStarterKitInstalled()) - showStarterKits(); + ShowStarterKits(); else showSkins((Guid)cms.businesslogic.skinning.Skinning.StarterKitGuid()); } - private void showStarterKits() + private void ShowStarterKits() { - install.steps.Skinning.loadStarterKits starterkitsctrl = - (install.steps.Skinning.loadStarterKits)new UserControl().LoadControl(SystemDirectories.Install + "/steps/Skinning/loadStarterKits.ascx"); - starterkitsctrl.StarterKitInstalled += new install.steps.Skinning.StarterKitInstalledEventHandler(starterkitsctrl_StarterKitInstalled); + var starterkitsctrl = + (install.steps.Skinning.loadStarterKits)LoadControl(SystemDirectories.Install + "/steps/Skinning/loadStarterKits.ascx"); + starterkitsctrl.StarterKitInstalled += starterkitsctrl_StarterKitInstalled; ph_starterkits.Controls.Add(starterkitsctrl); @@ -40,11 +46,11 @@ namespace umbraco.presentation.umbraco.developer.Packages public void showSkins(Guid starterKitGuid) { - install.steps.Skinning.loadStarterKitDesigns ctrl = (install.steps.Skinning.loadStarterKitDesigns)new UserControl().LoadControl(SystemDirectories.Install + "/steps/Skinning/loadStarterKitDesigns.ascx"); + var ctrl = (install.steps.Skinning.loadStarterKitDesigns)new UserControl().LoadControl(SystemDirectories.Install + "/steps/Skinning/loadStarterKitDesigns.ascx"); ctrl.ID = "StarterKitDesigns"; ctrl.StarterKitGuid = starterKitGuid; - ctrl.StarterKitDesignInstalled += new install.steps.Skinning.StarterKitDesignInstalledEventHandler(ctrl_StarterKitDesignInstalled); + ctrl.StarterKitDesignInstalled += ctrl_StarterKitDesignInstalled; ph_skins.Controls.Add(ctrl); StarterKitNotInstalled.Visible = false; diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/emptyTrashcan.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/emptyTrashcan.aspx.cs index ba87f14b07..8eb2f2c9ab 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/emptyTrashcan.aspx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/emptyTrashcan.aspx.cs @@ -6,11 +6,24 @@ namespace umbraco.presentation.dialogs { public partial class emptyTrashcan : UmbracoEnsuredPage { + + protected override void OnInit(EventArgs e) + { + base.OnInit(e); + + var recycleBinType = helper.Request("type"); + if (!ValidateUserApp(recycleBinType)) + { + throw new InvalidOperationException("The user does not have access to the requested app"); + } + } + protected void Page_Load(object sender, EventArgs e) { } - protected override void OnPreRender(EventArgs e) { + protected override void OnPreRender(EventArgs e) + { base.OnPreRender(e); ScriptManager.GetCurrent(Page).Services.Add(new ServiceReference("../webservices/trashcan.asmx")); diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/uploadImage.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/uploadImage.aspx.cs index 8c3defc8a0..86aabc6589 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/uploadImage.aspx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/uploadImage.aspx.cs @@ -10,6 +10,7 @@ using System.Web.UI.WebControls; using System.Web.UI.HtmlControls; using System.Xml; +using umbraco.BusinessLogic; using umbraco.IO; namespace umbraco.dialogs @@ -17,6 +18,9 @@ namespace umbraco.dialogs [Obsolete("Use the UploadMediaImage control instead")] public partial class uploadImage : BasePages.UmbracoEnsuredPage { - + public uploadImage() + { + CurrentApp = DefaultApps.media.ToString(); + } } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx b/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx deleted file mode 100644 index ffa0426ec6..0000000000 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx +++ /dev/null @@ -1,59 +0,0 @@ -<%@ Page Language="c#" MasterPageFile="../../masterpages/umbracoPage.Master" Title="ShowUmbracoTags" - Codebehind="ShowUmbracoTags.aspx.cs" AutoEventWireup="True" - Inherits="umbraco.cms.presentation.settings.modal.ShowUmbracoTags" %> -<%@ Register TagPrefix="cc1" Namespace="umbraco.uicontrols" Assembly="controls" %> - - - - - - - - - - - - - -
Insert field - - <umbraco:Item field="bodyText" runat="server"/> - - - Fetches a value from the current page. - -
Insert macro - - <umbraco:Macro macroAlias="MacroAlias" Alias="MacroAlias" runat="server"/> - - Inserts a macro into the template -
Load child template - - <asp:ContentPlaceHolder runat="server" id="<%= alias %>ContentPlaceHolder" /> - - - This is the default placeholder for content stored in a child template using this exact template as it's master template. - -
Disable Request Validation - - <umbraco:DisableRequestValidation runat="server"/> - - Disable ASP.NET request validation. It's the same as adding a enableEventValidation="false" to a page directive (but this is not possible in Umbraco as all pages use the same ASPX page for all pages) -
MetaBlogApi / Content Channels - - <link rel="EditURI" type="application/rsd+xml" href="http://<%=Request.ServerVariables["SERVER_NAME"] %><%= umbraco.IO.IOHelper.ResolveUrl(umbraco.IO.SystemDirectories.Umbraco)%>/channels/rsd.aspx" /> -

- <link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://<%=Request.ServerVariables["SERVER_NAME"] %><%= umbraco.IO.IOHelper.ResolveUrl(umbraco.IO.SystemDirectories.Umbraco)%>/channels/wlwmanifest.aspx" /> - - - Insert the above two elements to the head element to gain optimal support for - using the MetaBlog Apis with 3rd party clients and to enable autodiscovery for Windows - Live Writer. - -
- - diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx.cs index 00b7545232..fb594ac657 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx.cs @@ -1,4 +1,4 @@ -using System; +using System; using System.Collections; using System.ComponentModel; using System.Data; @@ -11,37 +11,26 @@ using System.Web.UI.HtmlControls; namespace umbraco.cms.presentation.settings.modal { - /// - /// Summary description for ShowUmbracoTags. - /// - public partial class ShowUmbracoTags : umbraco.BasePages.UmbracoEnsuredPage - { + /// + /// Summary description for ShowUmbracoTags. + /// + public partial class ShowUmbracoTags : umbraco.BasePages.UmbracoEnsuredPage + { public static string alias = ""; - protected void Page_Load(object sender, System.EventArgs e) - { + protected void Page_Load(object sender, System.EventArgs e) + { alias = Request.QueryString["alias"].Replace(" ", "").Trim(); - // Put user code to initialize the page here - } + // Put user code to initialize the page here + } - #region Web Form Designer generated code - override protected void OnInit(EventArgs e) - { - // - // CODEGEN: This call is required by the ASP.NET Web Form Designer. - // - InitializeComponent(); - base.OnInit(e); - } - - /// - /// Required method for Designer support - do not modify - /// the contents of this method with the code editor. - /// - private void InitializeComponent() - { - - } - #endregion - } + /// + /// Pane7 control. + /// + /// + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// + protected global::umbraco.uicontrols.Pane Pane7; + } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx.designer.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx.designer.cs deleted file mode 100644 index d6a7fec73a..0000000000 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx.designer.cs +++ /dev/null @@ -1,25 +0,0 @@ -//------------------------------------------------------------------------------ -// -// This code was generated by a tool. -// Runtime Version:2.0.50727.4927 -// -// Changes to this file may cause incorrect behavior and will be lost if -// the code is regenerated. -// -//------------------------------------------------------------------------------ - -namespace umbraco.cms.presentation.settings.modal { - - - public partial class ShowUmbracoTags { - - /// - /// Pane7 control. - /// - /// - /// Auto-generated field. - /// To modify move field declaration from designer file to code-behind file. - /// - protected global::umbraco.uicontrols.Pane Pane7; - } -} diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CMSNode.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CMSNode.asmx.cs index 89e3256ccb..e71d405d62 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CMSNode.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CMSNode.asmx.cs @@ -6,7 +6,7 @@ using System.Web.Script.Services; using System.Web.Services; using System.Web.Services.Protocols; using System.ComponentModel; - +using Umbraco.Web.WebServices; using umbraco.cms.businesslogic; using umbraco.BusinessLogic; @@ -17,22 +17,21 @@ namespace umbraco.presentation.webservices /// [WebService(Namespace = "http://umbraco.org/webservices/")] [ScriptService] - public class CMSNode : System.Web.Services.WebService + public class CMSNode : UmbracoAuthorizedWebService { [WebMethod] public string GetNodeName(string ContextID, int NodeId) { - if (BasePages.BasePage.ValidateUserContextID(ContextID)) - return getNodeName(NodeId); - - return ""; + return ValidateUserContextId(ContextID) + ? GetNodeName(NodeId) + : string.Empty; } - private string getNodeName(int NodeId) + private string GetNodeName(int nodeId) { - legacyAjaxCalls.Authorize(); - cms.businesslogic.CMSNode n = new cms.businesslogic.CMSNode(NodeId); + if (!AuthorizeRequest()) return string.Empty; + var n = new cms.businesslogic.CMSNode(nodeId); return n.Text; } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CacheRefresher.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CacheRefresher.asmx.cs index 9a335599b4..7f79097615 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CacheRefresher.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CacheRefresher.asmx.cs @@ -17,41 +17,8 @@ namespace umbraco.presentation.webservices /// Summary description for CacheRefresher. /// [WebService(Namespace="http://umbraco.org/webservices/")] - public class CacheRefresher : System.Web.Services.WebService - { - public CacheRefresher() - { - //CODEGEN: This call is required by the ASP.NET Web Services Designer - InitializeComponent(); - } - - #region Component Designer generated code - - //Required by the Web Services Designer - private IContainer components = null; - - /// - /// Required method for Designer support - do not modify - /// the contents of this method with the code editor. - /// - private void InitializeComponent() - { - } - - /// - /// Clean up any resources being used. - /// - protected override void Dispose( bool disposing ) - { - if(disposing && components != null) - { - components.Dispose(); - } - base.Dispose(disposing); - } - - #endregion - + public class CacheRefresher : WebService + { [WebMethod] public void RefreshAll(Guid uniqueIdentifier, string Login, string Password) { @@ -146,11 +113,11 @@ namespace umbraco.presentation.webservices { if (BusinessLogic.User.validateCredentials(Login, Password)) { - XmlDocument xd = new XmlDocument(); + var xd = new XmlDocument(); xd.LoadXml(""); foreach (var cr in CacheRefreshersResolver.Current.CacheResolvers) { - XmlNode n = xmlHelper.addTextNode(xd, "cacheRefresher", cr.Name); + var n = xmlHelper.addTextNode(xd, "cacheRefresher", cr.Name); n.Attributes.Append(xmlHelper.addAttribute(xd, "uniqueIdentifier", cr.UniqueIdentifier.ToString())); xd.DocumentElement.AppendChild(n); } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CheckForUpgrade.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CheckForUpgrade.asmx.cs index f6aa1f337b..d12668d26b 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CheckForUpgrade.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CheckForUpgrade.asmx.cs @@ -4,6 +4,7 @@ using System.Web; using System.Web.Services; using System.Web.Script.Services; using Umbraco.Core; +using Umbraco.Web.WebServices; using Umbraco.Core.Configuration; @@ -16,16 +17,16 @@ namespace umbraco.presentation.webservices [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [System.ComponentModel.ToolboxItem(false)] [ScriptService] - public class CheckForUpgrade : System.Web.Services.WebService + public class CheckForUpgrade : UmbracoAuthorizedWebService { [WebMethod] [ScriptMethod] public UpgradeResult CallUpgradeService() { - legacyAjaxCalls.Authorize(); + if (!AuthorizeRequest()) return null; - org.umbraco.update.CheckForUpgrade check = new global::umbraco.presentation.org.umbraco.update.CheckForUpgrade(); + var check = new global::umbraco.presentation.org.umbraco.update.CheckForUpgrade(); org.umbraco.update.UpgradeResult result = check.CheckUpgrade(UmbracoVersion.Current.Major, UmbracoVersion.Current.Minor, UmbracoVersion.Current.Build, @@ -39,7 +40,7 @@ namespace umbraco.presentation.webservices { bool isUpgrade = false; // if it's an upgrade, you'll need to be logged in before we allow this call - if (!String.IsNullOrEmpty(Umbraco.Core.Configuration.GlobalSettings.ConfigurationStatus)) + if (!String.IsNullOrEmpty(global::Umbraco.Core.Configuration.GlobalSettings.ConfigurationStatus)) { isUpgrade = true; legacyAjaxCalls.Authorize(); @@ -62,7 +63,7 @@ namespace umbraco.presentation.webservices installCookie.SetValue(installId.ToString()); string dbProvider = String.Empty; - if (!String.IsNullOrEmpty(Umbraco.Core.Configuration.GlobalSettings.ConfigurationStatus)) + if (!String.IsNullOrEmpty(global::Umbraco.Core.Configuration.GlobalSettings.ConfigurationStatus)) dbProvider = ApplicationContext.Current.DatabaseContext.DatabaseProvider.ToString(); org.umbraco.update.CheckForUpgrade check = new global::umbraco.presentation.org.umbraco.update.CheckForUpgrade(); diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Developer.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Developer.asmx.cs index 2ecd9b52f9..c752d25ae7 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Developer.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Developer.asmx.cs @@ -1,12 +1,8 @@ -using System; -using System.Collections; -using System.ComponentModel; -using System.Data; -using System.Diagnostics; -using System.Web; using System.Web.Services; - using System.Xml; +using Umbraco.Core; +using Umbraco.Web.WebServices; +using umbraco.BusinessLogic; using umbraco.presentation.webservices; namespace umbraco.webservices @@ -15,99 +11,70 @@ namespace umbraco.webservices /// Summary description for Developer. /// [WebService(Namespace="http://umbraco.org/webservices/")] - public class Developer : System.Web.Services.WebService + public class Developer : UmbracoAuthorizedWebService { - public Developer() - { - //CODEGEN: This call is required by the ASP.NET Web Services Designer - InitializeComponent(); - } - + [WebMethod] - public string BootStrapTidy(string html, string ContextID) + public string BootStrapTidy(string html, string ContextID) { - legacyAjaxCalls.Authorize(); + //pretty sure this is legacy and it used to throw an exception so we'll continue to do the same + //true = throw if invalid + AuthorizeRequest(true); return cms.helpers.xhtml.BootstrapTidy(html); } [WebMethod] - public XmlNode GetMacros(string Login, string Password) + public XmlNode GetMacros(string Login, string Password) { - if (BusinessLogic.User.validateCredentials(Login, Password)) + if (ValidateCredentials(Login, Password) + && UserHasAppAccess(DefaultApps.developer.ToString(), Login)) { - XmlDocument xmlDoc = new XmlDocument(); - XmlElement macros = xmlDoc.CreateElement("macros"); - foreach (cms.businesslogic.macro.Macro m in cms.businesslogic.macro.Macro.GetAll()) + var xmlDoc = new XmlDocument(); + var macros = xmlDoc.CreateElement("macros"); + foreach (var m in cms.businesslogic.macro.Macro.GetAll()) { - XmlElement mXml = xmlDoc.CreateElement("macro"); - mXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "id", m.Id.ToString())); - mXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "alias", m.Alias)); - mXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "name", m.Name)); + var mXml = xmlDoc.CreateElement("macro"); + mXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "id", m.Id.ToString())); + mXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "alias", m.Alias)); + mXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "name", m.Name)); macros.AppendChild(mXml); } return macros; - } else - return null; - } - - [WebMethod] - public XmlNode GetMacro(int Id, string Login, string Password) - { - if (BusinessLogic.User.validateCredentials(Login, Password)) - { - XmlDocument xmlDoc = new XmlDocument(); - XmlElement macro = xmlDoc.CreateElement("macro"); - cms.businesslogic.macro.Macro m = new cms.businesslogic.macro.Macro(Id); - macro.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "id", m.Id.ToString())); - macro.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "refreshRate", m.RefreshRate.ToString())); - macro.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "useInEditor", m.UseInEditor.ToString())); - macro.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "alias", m.Alias)); - macro.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "name", m.Name)); - macro.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "assembly", m.Assembly)); - macro.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "type", m.Type)); - macro.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "xslt", m.Xslt)); - XmlElement Properties = xmlDoc.CreateElement("properties"); - foreach (cms.businesslogic.macro.MacroProperty mp in m.Properties) - { - XmlElement pXml = xmlDoc.CreateElement("property"); - pXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "alias", mp.Alias)); - pXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "name", mp.Name)); - pXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "public", mp.Public.ToString())); - Properties.AppendChild(pXml); - } - macro.AppendChild(Properties); - return macro; - } else - return null; - } - - #region Component Designer generated code - - //Required by the Web Services Designer - private IContainer components = null; - - /// - /// Required method for Designer support - do not modify - /// the contents of this method with the code editor. - /// - private void InitializeComponent() - { - } - - /// - /// Clean up any resources being used. - /// - protected override void Dispose( bool disposing ) - { - if(disposing && components != null) - { - components.Dispose(); } - base.Dispose(disposing); + return null; } - - #endregion + [WebMethod] + public XmlNode GetMacro(int Id, string Login, string Password) + { + if (ValidateCredentials(Login, Password) + && UserHasAppAccess(DefaultApps.developer.ToString(), Login)) + { + var xmlDoc = new XmlDocument(); + var macro = xmlDoc.CreateElement("macro"); + var m = new cms.businesslogic.macro.Macro(Id); + macro.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "id", m.Id.ToString())); + macro.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "refreshRate", m.RefreshRate.ToString())); + macro.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "useInEditor", m.UseInEditor.ToString())); + macro.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "alias", m.Alias)); + macro.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "name", m.Name)); + macro.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "assembly", m.Assembly)); + macro.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "type", m.Type)); + macro.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "xslt", m.Xslt)); + var properties = xmlDoc.CreateElement("properties"); + foreach (var mp in m.Properties) + { + var pXml = xmlDoc.CreateElement("property"); + pXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "alias", mp.Alias)); + pXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "name", mp.Name)); + pXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "public", mp.Public.ToString())); + properties.AppendChild(pXml); + } + macro.AppendChild(properties); + return macro; + } + return null; + } } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MacroContainerService.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MacroContainerService.asmx.cs index 76cb25d994..207995fbd6 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MacroContainerService.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MacroContainerService.asmx.cs @@ -4,6 +4,7 @@ using System.Linq; using System.Web; using System.Web.Services; using System.Web.Script.Services; +using Umbraco.Web.WebServices; namespace umbraco.presentation.webservices { @@ -14,15 +15,17 @@ namespace umbraco.presentation.webservices [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [System.ComponentModel.ToolboxItem(false)] [ScriptService] - public class MacroContainerService : System.Web.Services.WebService + public class MacroContainerService : UmbracoAuthorizedWebService { [WebMethod(EnableSession = true)] [ScriptMethod] public void SetSortOrder(string id, string sortorder) { - HttpContext.Current.Session[id + "sortorder"] = sortorder; - + if (AuthorizeRequest()) + { + HttpContext.Current.Session[id + "sortorder"] = sortorder; + } } } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs index bc681ddf2b..b2cd26c963 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs @@ -24,7 +24,7 @@ namespace umbraco.presentation.umbraco.webservices public bool IsReusable { - get { return true; } + get { return false; } } public void ProcessRequest(HttpContext context) @@ -240,10 +240,14 @@ namespace umbraco.presentation.umbraco.webservices if (isValid) AuthenticatedUser = user; } - else if (User.GetCurrent() != null) + else { - isValid = true; - AuthenticatedUser = User.GetCurrent(); + var usr = User.GetCurrent(); + if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID) && usr != null) + { + isValid = true; + AuthenticatedUser = usr; + } } return isValid; diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Settings.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Settings.asmx.cs index 9cdeb41d7b..d33e9b842e 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Settings.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Settings.asmx.cs @@ -7,68 +7,34 @@ using System.Web; using System.Web.Services; using System.Linq; using System.Xml; +using Umbraco.Core; +using Umbraco.Web.WebServices; +using umbraco.BusinessLogic; namespace umbraco.webservices { - /// - /// Summary description for Settings. - /// - public class Settings : System.Web.Services.WebService - { - public Settings() - { - //CODEGEN: This call is required by the ASP.NET Web Services Designer - InitializeComponent(); - } + public class Settings : UmbracoAuthorizedWebService + { + [WebMethod] - public XmlNode GetTabs(string ContextID, int ContentTypeId) + public XmlNode GetTabs(string ContextID, int ContentTypeId) { - if (BasePages.BasePage.ValidateUserContextID(ContextID)) + if (!AuthorizeRequest(DefaultApps.settings.ToString())) { - XmlDocument xmlDoc = new XmlDocument(); - XmlElement tabs = xmlDoc.CreateElement("tabs"); - foreach (cms.businesslogic.ContentType.TabI t in new cms.businesslogic.ContentType(ContentTypeId).getVirtualTabs.ToList()) + var xmlDoc = new XmlDocument(); + var tabs = xmlDoc.CreateElement("tabs"); + foreach (var t in new cms.businesslogic.ContentType(ContentTypeId).getVirtualTabs.ToList()) { - XmlElement mXml = xmlDoc.CreateElement("tab"); - mXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "id", t.Id.ToString())); - mXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "caption", t.Caption)); + var mXml = xmlDoc.CreateElement("tab"); + mXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "id", t.Id.ToString())); + mXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "caption", t.Caption)); tabs.AppendChild(mXml); } return tabs; - } - else - return null; - } - - - - #region Component Designer generated code - - //Required by the Web Services Designer - private IContainer components = null; - - /// - /// Required method for Designer support - do not modify - /// the contents of this method with the code editor. - /// - private void InitializeComponent() - { - } - - /// - /// Clean up any resources being used. - /// - protected override void Dispose( bool disposing ) - { - if(disposing && components != null) - { - components.Dispose(); } - base.Dispose(disposing); - } - - #endregion + return null; + } } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TagsAutoCompleteHandler.ashx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TagsAutoCompleteHandler.ashx.cs index 3f48666680..bf89d5bc84 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TagsAutoCompleteHandler.ashx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TagsAutoCompleteHandler.ashx.cs @@ -11,9 +11,7 @@ using umbraco.presentation.webservices; namespace umbraco.presentation.umbraco.webservices { - /// - /// Summary description for $codebehindclassname$ - /// + [WebService(Namespace = "http://tempuri.org/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] public class TagsAutoCompleteHandler : IHttpHandler diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeClientService.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeClientService.asmx.cs index 354a9d5bab..7b17c2303e 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeClientService.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeClientService.asmx.cs @@ -2,6 +2,7 @@ using System.Collections.Generic; using System.Web; using System.Web.Services; +using Umbraco.Web.WebServices; using umbraco.presentation.umbraco.controls; using umbraco.cms.presentation.Trees; using System.Web.Script.Services; @@ -18,7 +19,7 @@ namespace umbraco.presentation.webservices /// [ScriptService] [WebService] - public class TreeClientService : WebService + public class TreeClientService : UmbracoAuthorizedWebService { /// @@ -29,9 +30,9 @@ namespace umbraco.presentation.webservices [ScriptMethod(ResponseFormat = ResponseFormat.Json)] public Dictionary GetInitAppTreeData(string app, string treeType, bool showContextMenu, bool isDialog, TreeDialogModes dialogMode, string functionToCall, string nodeKey) { - Authorize(); + AuthorizeRequest(app, true); - TreeControl treeCtl = new TreeControl() + var treeCtl = new TreeControl() { ShowContextMenu = showContextMenu, IsDialog = isDialog, @@ -43,7 +44,7 @@ namespace umbraco.presentation.webservices FunctionToCall = string.IsNullOrEmpty(functionToCall) ? "" : functionToCall }; - Dictionary returnVal = new Dictionary(); + var returnVal = new Dictionary(); if (string.IsNullOrEmpty(treeType)) { @@ -65,7 +66,7 @@ namespace umbraco.presentation.webservices //tree.StartNodeID = //now render it's start node - XmlTree xTree = new XmlTree(); + var xTree = new XmlTree(); xTree.Add(tree.RootNode); returnVal.Add("json", xTree.ToString()); } @@ -74,13 +75,13 @@ namespace umbraco.presentation.webservices returnVal.Add("js", treeCtl.JSCurrApp); return returnVal; - } + } + [Obsolete("Use the AuthorizeRequest methods on the base class UmbracoAuthorizedWebService instead")] public static void Authorize() { if (!BasePages.BasePage.ValidateUserContextID(BasePages.BasePage.umbracoUserContextID)) throw new Exception("Client authorization failed. User is not logged in"); - } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeDataService.ashx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeDataService.ashx.cs index 9809fe682f..ebd49d7af4 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeDataService.ashx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeDataService.ashx.cs @@ -2,6 +2,7 @@ using System.Collections.Generic; using System.Web; using System.Web.Services; +using Umbraco.Web.WebServices; using umbraco.cms.presentation.Trees; using System.Threading; @@ -13,19 +14,18 @@ namespace umbraco.presentation.webservices [WebService(Namespace = "http://tempuri.org/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [System.ComponentModel.ToolboxItem(false)] - public class TreeDataService : IHttpHandler + public class TreeDataService : UmbracoAuthorizedHttpHandler { - public void ProcessRequest(HttpContext context) + public override void ProcessRequest(HttpContext context) { - Authorize(); - //Thread.Sleep(100000); + AuthorizeRequest(true); context.Response.ContentType = "application/json"; context.Response.Write(GetXmlTree().ToString()); } - public bool IsReusable + public override bool IsReusable { get { @@ -33,6 +33,7 @@ namespace umbraco.presentation.webservices } } + [Obsolete("Use the base class AuthorizeRequest methods in UmbracoAuthorizedHttpHandler")] public static void Authorize() { if (!BasePages.BasePage.ValidateUserContextID(BasePages.BasePage.umbracoUserContextID)) @@ -46,7 +47,10 @@ namespace umbraco.presentation.webservices /// public XmlTree GetXmlTree() { - TreeRequestParams treeParams = TreeRequestParams.FromQueryStrings(); + var treeParams = TreeRequestParams.FromQueryStrings(); + + //validate the current user for the request app! + AuthorizeRequest(treeParams.Application, true); if (string.IsNullOrEmpty(treeParams.TreeType)) if (!string.IsNullOrEmpty(treeParams.Application)) @@ -56,16 +60,16 @@ namespace umbraco.presentation.webservices else LoadTree(treeParams); - return xTree; + return _xTree; } - private XmlTree xTree = new XmlTree(); + private XmlTree _xTree = new XmlTree(); /// /// If the application supports multiple trees, then this function iterates over all of the trees assigned to it /// and creates their top level nodes and context menus. /// - /// + /// private void LoadAppTrees(TreeRequestParams treeParams) { //find all tree definitions that have the current application alias @@ -75,15 +79,14 @@ namespace umbraco.presentation.webservices { BaseTree bTree = treeDef.CreateInstance(); bTree.SetTreeParameters(treeParams); - xTree.Add(bTree.RootNode); + _xTree.Add(bTree.RootNode); } } /// /// This will load the particular ITree object and call it's render method to get the nodes that need to be rendered. /// - /// - /// + /// private void LoadTree(TreeRequestParams treeParams) { @@ -93,7 +96,7 @@ namespace umbraco.presentation.webservices { BaseTree bTree = treeDef.CreateInstance(); bTree.SetTreeParameters(treeParams); - bTree.Render(ref xTree); + bTree.Render(ref _xTree); } else LoadNullTree(treeParams); @@ -106,7 +109,7 @@ namespace umbraco.presentation.webservices { BaseTree nullTree = new NullTree(treeParams.Application); nullTree.SetTreeParameters(treeParams); - nullTree.Render(ref xTree); + nullTree.Render(ref _xTree); } } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/UltimatePickerAutoCompleteHandler.ashx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/UltimatePickerAutoCompleteHandler.ashx.cs index 97bd1934b5..8fa77e7a8b 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/UltimatePickerAutoCompleteHandler.ashx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/UltimatePickerAutoCompleteHandler.ashx.cs @@ -3,6 +3,8 @@ using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Services; +using Umbraco.Web.WebServices; +using umbraco.BusinessLogic; using umbraco.cms.businesslogic.web; using umbraco.cms.businesslogic; @@ -13,19 +15,24 @@ namespace umbraco.presentation.umbraco.webservices /// [WebService(Namespace = "http://tempuri.org/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] - public class UltimatePickerAutoCompleteHandler : IHttpHandler + public class UltimatePickerAutoCompleteHandler : UmbracoAuthorizedHttpHandler { - private int nodeCount; - private int Counter; - private string[] output; - private string prefix; + private int _nodeCount; + private int _counter; + private string[] _output; + private string _prefix; - public void ProcessRequest(HttpContext context) + public override void ProcessRequest(HttpContext context) { + //user must be allowed to see content or media + if (!AuthorizeRequest(DefaultApps.content.ToString()) && !AuthorizeRequest(DefaultApps.media.ToString())) + return; + + context.Response.ContentType = "text/plain"; - prefix = context.Request.QueryString["q"]; + _prefix = context.Request.QueryString["q"]; int parentNodeId = Convert.ToInt32(context.Request.QueryString["id"]); bool showGrandChildren = Convert.ToBoolean(context.Request.QueryString["showchildren"]); @@ -37,7 +44,7 @@ namespace umbraco.presentation.umbraco.webservices CMSNode parent = new CMSNode(parentNodeId); if (!showGrandChildren) { - nodeCount = 0; + _nodeCount = 0; //store children array here because iterating over an Array property object is very inneficient. var children = parent.Children; @@ -45,42 +52,42 @@ namespace umbraco.presentation.umbraco.webservices { - nodeChildrenCount(child, false, documentAliasFilters); + NodeChildrenCount(child, false, documentAliasFilters); } - output = new string[nodeCount]; + _output = new string[_nodeCount]; - Counter = 0; + _counter = 0; int level = 1; //why is there a 2nd iteration of the same thing here? foreach (CMSNode child in children) { - addNode(child, level, showGrandChildren, documentAliasFilters); + AddNode(child, level, showGrandChildren, documentAliasFilters); } } else { - nodeCount = 0; + _nodeCount = 0; //store children array here because iterating over an Array property object is very inneficient. var children = parent.Children; foreach (CMSNode child in children) { - nodeChildrenCount(child, true, documentAliasFilters); + NodeChildrenCount(child, true, documentAliasFilters); } - output = new string[nodeCount]; - Counter = 0; + _output = new string[_nodeCount]; + _counter = 0; int level = 1; foreach (CMSNode child in children) { - addNode(child, level, showGrandChildren, documentAliasFilters); + AddNode(child, level, showGrandChildren, documentAliasFilters); } @@ -88,21 +95,21 @@ namespace umbraco.presentation.umbraco.webservices } - foreach (string item in output) + foreach (string item in _output) { context.Response.Write(item + Environment.NewLine); } } - private bool validNode(string nodeText) + private bool ValidNode(string nodeText) { - if (nodeText.Length >= prefix.Length) + if (nodeText.Length >= _prefix.Length) { - if (nodeText.Substring(0, prefix.Length).ToLower() == prefix.ToLower()) + if (nodeText.Substring(0, _prefix.Length).ToLower() == _prefix.ToLower()) { return true; } @@ -111,7 +118,7 @@ namespace umbraco.presentation.umbraco.webservices return false; } - private void nodeChildrenCount(CMSNode node, bool countChildren, string[] documentAliasFilters) + private void NodeChildrenCount(CMSNode node, bool countChildren, string[] documentAliasFilters) { if (documentAliasFilters.Length > 0) { @@ -123,9 +130,9 @@ namespace umbraco.presentation.umbraco.webservices if (new Document(node.Id).ContentType.Alias == trimmedFilter || trimmedFilter == string.Empty) { - if (validNode(node.Text)) + if (ValidNode(node.Text)) { - nodeCount += 1; + _nodeCount += 1; } } @@ -133,9 +140,9 @@ namespace umbraco.presentation.umbraco.webservices } else { - if (validNode(node.Text)) + if (ValidNode(node.Text)) { - nodeCount += 1; + _nodeCount += 1; } } @@ -145,13 +152,13 @@ namespace umbraco.presentation.umbraco.webservices var children = node.Children; foreach (CMSNode child in children) { - nodeChildrenCount(child, countChildren, documentAliasFilters); + NodeChildrenCount(child, countChildren, documentAliasFilters); } } } - private void addNode(CMSNode node, int level, bool showGrandChildren, string[] documentAliasFilters) + private void AddNode(CMSNode node, int level, bool showGrandChildren, string[] documentAliasFilters) { string preText = string.Empty; @@ -170,10 +177,10 @@ namespace umbraco.presentation.umbraco.webservices if (new Document(node.Id).ContentType.Alias == trimmedFilter || trimmedFilter == string.Empty) { - if (validNode(node.Text)) + if (ValidNode(node.Text)) { - output[Counter] = preText + node.Text + " [" + node.Id + "]"; - Counter++; + _output[_counter] = preText + node.Text + " [" + node.Id + "]"; + _counter++; } } @@ -181,10 +188,10 @@ namespace umbraco.presentation.umbraco.webservices } else { - if (validNode(node.Text)) + if (ValidNode(node.Text)) { - output[Counter] = preText + node.Text + " [" + node.Id + "]"; - Counter++; + _output[_counter] = preText + node.Text + " [" + node.Id + "]"; + _counter++; } } @@ -196,13 +203,13 @@ namespace umbraco.presentation.umbraco.webservices var children = node.Children; foreach (CMSNode child in children) { - addNode(child, level + 1, showGrandChildren, documentAliasFilters); + AddNode(child, level + 1, showGrandChildren, documentAliasFilters); } } } } - public bool IsReusable + public override bool IsReusable { get { diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/ajaxHelpers.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/ajaxHelpers.cs index 74c37891c1..68c140945b 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/ajaxHelpers.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/ajaxHelpers.cs @@ -7,13 +7,16 @@ using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; -using umbraco.IO; +using Umbraco.Core.IO; -namespace umbraco.presentation.webservices { - public class ajaxHelpers { - public static void EnsureLegacyCalls(System.Web.UI.Page page) { - ScriptManager sm = ScriptManager.GetCurrent(page); - ServiceReference legacyPath = new ServiceReference(SystemDirectories.Webservices + "/legacyAjaxCalls.asmx"); +namespace umbraco.presentation.webservices +{ + public class ajaxHelpers + { + public static void EnsureLegacyCalls(Page page) + { + var sm = ScriptManager.GetCurrent(page); + var legacyPath = new ServiceReference(SystemDirectories.WebServices + "/legacyAjaxCalls.asmx"); if (!sm.Services.Contains(legacyPath)) sm.Services.Add(legacyPath); diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs index 2f4274fabb..48c037eee9 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs @@ -13,9 +13,11 @@ using System.Xml; using System.Xml.Xsl; using Umbraco.Core; using Umbraco.Core.IO; +using Umbraco.Web.WebServices; using Umbraco.Web; using Umbraco.Web.Cache; using umbraco.BasePages; +using umbraco.BusinessLogic; using umbraco.cms.businesslogic.macro; using umbraco.cms.businesslogic.template; using umbraco.cms.businesslogic.web; @@ -23,7 +25,6 @@ using umbraco.presentation.cache; using System.Net; using System.Collections; using umbraco.NodeFactory; -using umbraco.scripting; namespace umbraco.presentation.webservices { @@ -34,49 +35,41 @@ namespace umbraco.presentation.webservices [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [ToolboxItem(false)] [ScriptService] - public class codeEditorSave : WebService + public class codeEditorSave : UmbracoAuthorizedWebService { - [WebMethod] - public string Save(string fileName, string fileAlias, string fileContents, string fileType, int fileID, int masterID, bool ignoreDebug) - { - return "Not implemented"; - } [WebMethod] public string SaveCss(string fileName, string oldName, string fileContents, int fileID) { - if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID)) + if (AuthorizeRequest(DefaultApps.settings.ToString())) { - string returnValue = "false"; - StyleSheet stylesheet = new StyleSheet(fileID); + string returnValue; + var stylesheet = new StyleSheet(fileID) + { + Content = fileContents, Text = fileName + }; - if (stylesheet != null) + try { - stylesheet.Content = fileContents; - stylesheet.Text = fileName; - try + stylesheet.saveCssToFile(); + stylesheet.Save(); + returnValue = "true"; + + + //deletes the old css file if the name was changed... + if (fileName.ToLowerInvariant() != oldName.ToLowerInvariant()) { - stylesheet.saveCssToFile(); - stylesheet.Save(); - returnValue = "true"; - - - //deletes the old css file if the name was changed... - if (fileName.ToLowerInvariant() != oldName.ToLowerInvariant()) - { - string p = IOHelper.MapPath(SystemDirectories.Css + "/" + oldName + ".css"); - if (System.IO.File.Exists(p)) - System.IO.File.Delete(p); - } - - } - catch (Exception ex) - { - return ex.ToString(); + var p = IOHelper.MapPath(SystemDirectories.Css + "/" + oldName + ".css"); + if (File.Exists(p)) + File.Delete(p); } - //this.speechBubble(speechBubbleIcon.save, ui.Text("speechBubbles", "editStylesheetSaved", base.getUser()), ""); } + catch (Exception ex) + { + return ex.ToString(); + } + return returnValue; } return "false"; @@ -85,7 +78,7 @@ namespace umbraco.presentation.webservices [WebMethod] public string SaveXslt(string fileName, string oldName, string fileContents, bool ignoreDebugging) { - if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID)) + if (AuthorizeRequest(DefaultApps.developer.ToString())) { // validate file @@ -113,15 +106,14 @@ namespace umbraco.presentation.webservices string xpath = UmbracoSettings.UseLegacyXmlSchema ? "/root/node" : "/root/*"; if (content.Instance.XmlContent.SelectNodes(xpath).Count > 0) { - XmlDocument macroXML = new XmlDocument(); + var macroXML = new XmlDocument(); macroXML.LoadXml(""); - XslCompiledTransform macroXSLT = new XslCompiledTransform(); - page umbPage = new page(content.Instance.XmlContent.SelectSingleNode("//* [@parentID = -1]")); + var macroXSLT = new XslCompiledTransform(); + var umbPage = new page(content.Instance.XmlContent.SelectSingleNode("//* [@parentID = -1]")); - XsltArgumentList xslArgs; - xslArgs = macro.AddMacroXsltExtensions(); - library lib = new library(umbPage); + var xslArgs = macro.AddMacroXsltExtensions(); + var lib = new library(umbPage); xslArgs.AddExtensionObject("urn:umbraco.library", lib); HttpContext.Current.Trace.Write("umbracoMacro", "After adding extensions"); @@ -132,16 +124,16 @@ namespace umbraco.presentation.webservices // Create reader and load XSL file // We need to allow custom DTD's, useful for defining an ENTITY - XmlReaderSettings readerSettings = new XmlReaderSettings(); + var readerSettings = new XmlReaderSettings(); readerSettings.ProhibitDtd = false; - using (XmlReader xmlReader = XmlReader.Create(tempFileName, readerSettings)) + using (var xmlReader = XmlReader.Create(tempFileName, readerSettings)) { - XmlUrlResolver xslResolver = new XmlUrlResolver(); + var xslResolver = new XmlUrlResolver(); xslResolver.Credentials = CredentialCache.DefaultCredentials; macroXSLT.Load(xmlReader, XsltSettings.TrustedXslt, xslResolver); xmlReader.Close(); // Try to execute the transformation - HtmlTextWriter macroResult = new HtmlTextWriter(new StringWriter()); + var macroResult = new HtmlTextWriter(new StringWriter()); macroXSLT.Transform(macroXML, xslArgs, macroResult); macroResult.Close(); @@ -165,24 +157,23 @@ namespace umbraco.presentation.webservices errorMessage = errorMessage.Replace("\n", "
\n"); //closeErrorMessage.Visible = true; - string[] errorLine; // Find error - MatchCollection m = Regex.Matches(errorMessage, @"\d*[^,],\d[^\)]", RegexOptions.IgnoreCase | RegexOptions.IgnorePatternWhitespace); + var m = Regex.Matches(errorMessage, @"\d*[^,],\d[^\)]", RegexOptions.IgnoreCase | RegexOptions.IgnorePatternWhitespace); foreach (Match mm in m) { - errorLine = mm.Value.Split(','); + string[] errorLine = mm.Value.Split(','); if (errorLine.Length > 0) { - int theErrorLine = int.Parse(errorLine[0]); - int theErrorChar = int.Parse(errorLine[1]); + var theErrorLine = int.Parse(errorLine[0]); + var theErrorChar = int.Parse(errorLine[1]); errorMessage = "Error in XSLT at line " + errorLine[0] + ", char " + errorLine[1] + "
"; errorMessage += ""; - string[] xsltText = fileContents.Split("\n".ToCharArray()); - for (int i = 0; i < xsltText.Length; i++) + var xsltText = fileContents.Split("\n".ToCharArray()); + for (var i = 0; i < xsltText.Length; i++) { if (i >= theErrorLine - 3 && i <= theErrorLine + 1) if (i + 1 == theErrorLine) @@ -204,15 +195,13 @@ namespace umbraco.presentation.webservices errorMessage += ""; } } - - } } if (errorMessage == "" && fileName.ToLower().EndsWith(".xslt")) { //Hardcoded security-check... only allow saving files in xslt directory... - string savePath = IOHelper.MapPath(SystemDirectories.Xslt + "/" + fileName); + var savePath = IOHelper.MapPath(SystemDirectories.Xslt + "/" + fileName); if (savePath.StartsWith(IOHelper.MapPath(SystemDirectories.Xslt + "/"))) { @@ -220,9 +209,9 @@ namespace umbraco.presentation.webservices if (fileName != oldName) { - string p = IOHelper.MapPath(SystemDirectories.Xslt + "/" + oldName); - if (System.IO.File.Exists(p)) - System.IO.File.Delete(p); + var p = IOHelper.MapPath(SystemDirectories.Xslt + "/" + oldName); + if (File.Exists(p)) + File.Delete(p); } SW = File.CreateText(savePath); @@ -248,14 +237,13 @@ namespace umbraco.presentation.webservices [WebMethod] public string SaveDLRScript(string fileName, string oldName, string fileContents, bool ignoreDebugging) { - - if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID)) + if (AuthorizeRequest(DefaultApps.developer.ToString())) { if (string.IsNullOrEmpty(fileName)) throw new ArgumentNullException("fileName"); - List allowedExtensions = new List(); - foreach (MacroEngineLanguage lang in MacroEngineFactory.GetSupportedUILanguages()) + var allowedExtensions = new List(); + foreach (var lang in MacroEngineFactory.GetSupportedUILanguages()) { if (!allowedExtensions.Contains(lang.Extension)) allowedExtensions.Add(lang.Extension); @@ -270,8 +258,6 @@ namespace umbraco.presentation.webservices allowedExtensions); - StreamWriter SW; - //As Files Can Be Stored In Sub Directories, So We Need To Get The Exeuction Directory Correct var lastOccurance = fileName.LastIndexOf('/') + 1; var directory = fileName.Substring(0, lastOccurance); @@ -280,10 +266,11 @@ namespace umbraco.presentation.webservices IOHelper.MapPath(SystemDirectories.MacroScripts + "/" + directory + DateTime.Now.Ticks + "_" + fileNameWithExt); - //SW = File.CreateText(tempFileName); - SW = new StreamWriter(tempFileName, false, Encoding.UTF8); - SW.Write(fileContents); - SW.Close(); + using (var sw = new StreamWriter(tempFileName, false, Encoding.UTF8)) + { + sw.Write(fileContents); + sw.Close(); + } var errorMessage = ""; if (!ignoreDebugging) @@ -324,9 +311,11 @@ namespace umbraco.presentation.webservices File.Delete(p); } - SW = new StreamWriter(savePath, false, Encoding.UTF8); - SW.Write(fileContents); - SW.Close(); + using (var sw = new StreamWriter(savePath, false, Encoding.UTF8)) + { + sw.Write(fileContents); + sw.Close(); + } errorMessage = "true"; @@ -387,7 +376,7 @@ namespace umbraco.presentation.webservices [WebMethod] public string SaveScript(string filename, string oldName, string contents) { - if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID)) + if (AuthorizeRequest(DefaultApps.settings.ToString())) { // validate file @@ -398,38 +387,36 @@ namespace umbraco.presentation.webservices UmbracoSettings.ScriptFileTypes.Split(',').ToList()); - string val = contents; - string returnValue = "false"; + var val = contents; + string returnValue; try { - string saveOldPath = ""; - if (oldName.StartsWith("~/")) - saveOldPath = IOHelper.MapPath(oldName); - else - saveOldPath = IOHelper.MapPath(SystemDirectories.Scripts + "/" + oldName); - - string savePath = ""; - if (filename.StartsWith("~/")) - savePath = IOHelper.MapPath(filename); - else - savePath = IOHelper.MapPath(SystemDirectories.Scripts + "/" + filename); - + var saveOldPath = ""; + saveOldPath = oldName.StartsWith("~/") + ? IOHelper.MapPath(oldName) + : IOHelper.MapPath(SystemDirectories.Scripts + "/" + oldName); + var savePath = ""; + savePath = filename.StartsWith("~/") + ? IOHelper.MapPath(filename) + : IOHelper.MapPath(SystemDirectories.Scripts + "/" + filename); + //Directory check.. only allow files in script dir and below to be edited if (savePath.StartsWith(IOHelper.MapPath(SystemDirectories.Scripts + "/")) || savePath.StartsWith(IOHelper.MapPath(SystemDirectories.Masterpages + "/"))) { //deletes the old file if (savePath != saveOldPath) { - if (System.IO.File.Exists(saveOldPath)) - System.IO.File.Delete(saveOldPath); + if (File.Exists(saveOldPath)) + File.Delete(saveOldPath); } - - StreamWriter SW; - SW = File.CreateText(savePath); - SW.Write(val); - SW.Close(); - + + using (var sw = File.CreateText(savePath)) + { + sw.Write(val); + sw.Close(); + } + returnValue = "true"; } else @@ -452,7 +439,7 @@ namespace umbraco.presentation.webservices [WebMethod] public string SaveTemplate(string templateName, string templateAlias, string templateContents, int templateID, int masterTemplateID) { - if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID)) + if (AuthorizeRequest(DefaultApps.settings.ToString())) { var _template = new Template(templateID); string retVal = "false"; diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs index 2ffe12e6ec..15c573aff4 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs @@ -2,6 +2,7 @@ using System; using System.Data; using System.Web; using System.Collections; +using System.Web.Security; using System.Web.Services; using System.Web.Services.Protocols; using System.ComponentModel; @@ -20,6 +21,8 @@ using Umbraco.Core; using Umbraco.Core.IO; using Umbraco.Web; using Umbraco.Web.Cache; +using Umbraco.Web.WebServices; +using umbraco.BusinessLogic; using umbraco.businesslogic.Exceptions; using umbraco.cms.businesslogic.web; using umbraco.cms.businesslogic.media; @@ -35,18 +38,16 @@ namespace umbraco.presentation.webservices [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [ToolboxItem(false)] [ScriptService] - public class legacyAjaxCalls : System.Web.Services.WebService + public class legacyAjaxCalls : UmbracoAuthorizedWebService { [WebMethod] public bool ValidateUser(string username, string password) { - if (System.Web.Security.Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].ValidateUser( - username, password)) + if (ValidateCredentials(username, password)) { - BusinessLogic.User u = new BusinessLogic.User(username); + var u = new BusinessLogic.User(username); BasePage.doLogin(u); - return true; } else @@ -67,7 +68,7 @@ namespace umbraco.presentation.webservices public void Delete(string nodeId, string alias, string nodeType) { - Authorize(); + AuthorizeRequest(true); //check which parameters to pass depending on the types passed in int intNodeID; @@ -86,8 +87,6 @@ namespace umbraco.presentation.webservices [ScriptMethod] public void DeleteContentPermanently(string nodeId, string nodeType) { - Authorize(); - int intNodeID; if (int.TryParse(nodeId, out intNodeID)) { @@ -95,13 +94,17 @@ namespace umbraco.presentation.webservices { case "media": case "mediaRecycleBin": + //ensure user has access to media + AuthorizeRequest(DefaultApps.media.ToString(), true); + new Media(intNodeID).delete(true); break; case "content": case "contentRecycleBin": - new Document(intNodeID).delete(true); - break; default: + //ensure user has access to content + AuthorizeRequest(DefaultApps.content.ToString(), true); + new Document(intNodeID).delete(true); break; } @@ -116,8 +119,7 @@ namespace umbraco.presentation.webservices [ScriptMethod] public void DisableUser(int userId) { - - Authorize(); + AuthorizeRequest(DefaultApps.users.ToString(), true); BusinessLogic.User.GetUser(userId).disable(); } @@ -127,7 +129,7 @@ namespace umbraco.presentation.webservices public string GetNodeName(int nodeId) { - Authorize(); + AuthorizeRequest(true); return new cms.businesslogic.CMSNode(nodeId).Text; } @@ -137,7 +139,7 @@ namespace umbraco.presentation.webservices public string[] GetNodeBreadcrumbs(int nodeId) { - Authorize(); + AuthorizeRequest(true); var node = new cms.businesslogic.CMSNode(nodeId); var crumbs = new System.Collections.Generic.List() { node.Text }; @@ -155,7 +157,7 @@ namespace umbraco.presentation.webservices public string NiceUrl(int nodeId) { - Authorize(); + AuthorizeRequest(true); return library.NiceUrl(nodeId); } @@ -171,7 +173,7 @@ namespace umbraco.presentation.webservices [ScriptMethod] public void RenewUmbracoSession() { - Authorize(); + AuthorizeRequest(true); BasePage.RenewLoginTimeout(); @@ -181,7 +183,9 @@ namespace umbraco.presentation.webservices [ScriptMethod] public int GetSecondsBeforeUserLogout() { - Authorize(); + //TODO: Change this to not throw an exception otherwise we end up with JS errors all the time when recompiling!! + + AuthorizeRequest(true); long timeout = BasePage.GetTimeout(true); DateTime timeoutDate = new DateTime(timeout); DateTime currentDate = DateTime.Now; @@ -194,7 +198,7 @@ namespace umbraco.presentation.webservices [ScriptMethod] public string TemplateMasterPageContentContainer(int templateId, int masterTemplateId) { - Authorize(); + AuthorizeRequest(DefaultApps.settings.ToString(), true); return new cms.businesslogic.template.Template(templateId).GetMasterContentElement(masterTemplateId); } @@ -202,20 +206,22 @@ namespace umbraco.presentation.webservices [ScriptMethod] public string SaveFile(string fileName, string fileAlias, string fileContents, string fileType, int fileID, int masterID, bool ignoreDebug) { - - Authorize(); - switch (fileType) { case "xslt": + AuthorizeRequest(DefaultApps.developer.ToString(), true); return SaveXslt(fileName, fileContents, ignoreDebug); case "python": + AuthorizeRequest(DefaultApps.developer.ToString(), true); return "true"; case "css": + AuthorizeRequest(DefaultApps.settings.ToString(), true); return SaveCss(fileName, fileContents, fileID); case "script": + AuthorizeRequest(DefaultApps.settings.ToString(), true); return SaveScript(fileName, fileContents); case "template": + AuthorizeRequest(DefaultApps.settings.ToString(), true); return SaveTemplate(fileName, fileAlias, fileContents, fileID, masterID); default: throw new ArgumentException(String.Format("Invalid fileType passed: '{0}'", fileType)); @@ -226,7 +232,7 @@ namespace umbraco.presentation.webservices public string Tidy(string textToTidy) { - Authorize(); + AuthorizeRequest(true); return library.Tidy(helper.Request("StringToTidy"), true); } @@ -433,10 +439,9 @@ namespace umbraco.presentation.webservices return retVal; } - + [Obsolete("You should use the AuthorizeRequest methods on the base class of UmbracoAuthorizedWebService and ensure you inherit from that class for umbraco asmx web services")] public static void Authorize() { - // check for secure connection if (GlobalSettings.UseSSL && !HttpContext.Current.Request.IsSecureConnection) throw new UserAuthorizationException("This installation requires a secure connection (via SSL). Please update the URL to include https://"); diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/nodeSorter.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/nodeSorter.asmx.cs index 376918fbb8..5d3e8e4c14 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/nodeSorter.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/nodeSorter.asmx.cs @@ -7,8 +7,10 @@ using System.Xml; using Umbraco.Core.Logging; using Umbraco.Core.Persistence.Caching; using Umbraco.Web; +using Umbraco.Web.WebServices; using Umbraco.Web.Security; using umbraco.BasePages; +using umbraco.BusinessLogic; using umbraco.BusinessLogic.Actions; using umbraco.cms.businesslogic.web; using Umbraco.Core; @@ -22,7 +24,7 @@ namespace umbraco.presentation.webservices [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [ToolboxItem(false)] [ScriptService] - public class nodeSorter : WebService + public class nodeSorter : UmbracoAuthorizedWebService { [WebMethod] public SortNode GetNodes(int ParentId, string App) @@ -78,74 +80,72 @@ namespace umbraco.presentation.webservices { try { - if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID)) - { - if (SortOrder.Trim().Length > 0) - { - var tmp = SortOrder.Split(','); + if (!AuthorizeRequest()) return; + if (SortOrder.Trim().Length <= 0) return; + var tmp = SortOrder.Split(','); var isContent = Context.Request.GetItemAsString("app") == Constants.Applications.Content | helper.Request("app") == ""; var isMedia = Context.Request.GetItemAsString("app") == Constants.Applications.Media; + //ensure user is authorized for the app requested + if (isContent && !AuthorizeRequest(DefaultApps.content.ToString())) return; + if (isMedia && !AuthorizeRequest(DefaultApps.media.ToString())) return; - for (var i = 0; i < tmp.Length; i++) + for (var i = 0; i < tmp.Length; i++) + { + if (tmp[i] == "" || tmp[i].Trim() == "") continue; + + if (isContent) + { + var document = new Document(int.Parse(tmp[i])); + var published = document.Published; + document.sortOrder = i; + document.Save(); + // refresh the xml for the sorting to work + if (published) { - if (tmp[i] != "" && tmp[i].Trim() != "") - { - if (isContent) - { - var document = new Document(int.Parse(tmp[i])); - var published = document.Published; - document.sortOrder = i; - document.Save(); - // refresh the xml for the sorting to work - if (published) - { document.SaveAndPublish(Umbraco.Web.UmbracoContext.Current.UmbracoUser); - document.refreshXmlSortOrder(); - } - } - // to update the sortorder of the media node in the XML, re-save the node.... - else if (isMedia) - { - var media = new cms.businesslogic.media.Media(int.Parse(tmp[i])); - media.sortOrder = i; - media.Save(); - } - else - { - new cms.businesslogic.CMSNode(int.Parse(tmp[i])).sortOrder = i; - } - } + document.refreshXmlSortOrder(); } - - // Refresh sort order on cached xml - if (isContent) - { - XmlNode parentNode = ParentId == -1 ? content.Instance.XmlContent.DocumentElement : content.Instance.XmlContent.GetElementById(ParentId.ToString()); - - //only try to do the content sort if the the parent node is available... - if (parentNode != null) - content.SortNodes(ref parentNode); - - - // Load balancing - then refresh entire cache - // NOTE: SD: This seems a bit excessive to do simply for sorting! I'm going to leave this here for now but - // the sort order should be updated in distributed calls when an item is Published (and it most likely is) - // but I guess this was put here for a reason at some point. - if (UmbracoSettings.UseDistributedCalls) - library.RefreshContent(); - } - - // fire actionhandler, check for content - if ((helper.Request("app") == Constants.Applications.Content | helper.Request("app") == "") && ParentId > 0) - global::umbraco.BusinessLogic.Actions.Action.RunActionHandlers(new Document(ParentId), ActionSort.Instance); + } + // to update the sortorder of the media node in the XML, re-save the node.... + else if (isMedia) + { + var media = new cms.businesslogic.media.Media(int.Parse(tmp[i])); + media.sortOrder = i; + media.Save(); + } + else + { + new cms.businesslogic.CMSNode(int.Parse(tmp[i])).sortOrder = i; } } + // Refresh sort order on cached xml + if (isContent) + { + XmlNode parentNode = ParentId == -1 + ? content.Instance.XmlContent.DocumentElement + : content.Instance.XmlContent.GetElementById(ParentId.ToString()); + + //only try to do the content sort if the the parent node is available... + if (parentNode != null) + content.SortNodes(ref parentNode); + + // Load balancing - then refresh entire cache + // NOTE: SD: This seems a bit excessive to do simply for sorting! I'm going to leave this here for now but + // the sort order should be updated in distributed calls when an item is Published (and it most likely is) + // but I guess this was put here for a reason at some point. + if (UmbracoSettings.UseDistributedCalls) + library.RefreshContent(); + } + + // fire actionhandler, check for content + if ((helper.Request("app") == Constants.Applications.Content | helper.Request("app") == "") && ParentId > 0) + BusinessLogic.Actions.Action.RunActionHandlers(new Document(ParentId), ActionSort.Instance); } catch (Exception ex) { - LogHelper.Error("An error occurred", ex); + LogHelper.Error("Could not update sort order", ex); } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/progressStatus.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/progressStatus.asmx.cs index 124b7fe3c5..c70b5df17e 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/progressStatus.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/progressStatus.asmx.cs @@ -5,6 +5,7 @@ using System.Data; using System.Diagnostics; using System.Web; using System.Web.Services; +using Umbraco.Web.WebServices; namespace presentation.umbraco.webservices { @@ -12,44 +13,14 @@ namespace presentation.umbraco.webservices /// Summary description for progressStatus. /// [WebService(Namespace="http://umbraco.org/webservices/")] - public class progressStatus : System.Web.Services.WebService + public class progressStatus : UmbracoAuthorizedWebService { - public progressStatus() - { - //CODEGEN: This call is required by the ASP.NET Web Services Designer - InitializeComponent(); - } - - #region Component Designer generated code - //Required by the Web Services Designer - private IContainer components = null; - - /// - /// Required method for Designer support - do not modify - /// the contents of this method with the code editor. - /// - private void InitializeComponent() - { - } - - /// - /// Clean up any resources being used. - /// - protected override void Dispose( bool disposing ) - { - if(disposing && components != null) - { - components.Dispose(); - } - base.Dispose(disposing); - } - - #endregion - [WebMethod] - public int GetStatus(string key) + public int GetStatus(string key) { + if (!AuthorizeRequest()) return 0; + try { return int.Parse(Application[key].ToString()); diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/publication.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/publication.asmx.cs index c68d7a7bf7..e312c4cfbf 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/publication.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/publication.asmx.cs @@ -2,6 +2,8 @@ using System; using System.ComponentModel; using System.Web.Services; using System.Web.Script.Services; +using Umbraco.Web.WebServices; +using umbraco.BusinessLogic; using umbraco.presentation.webservices; namespace umbraco.webservices @@ -11,14 +13,15 @@ namespace umbraco.webservices /// [WebService(Namespace="http://umbraco.org/webservices/")] [ScriptService] - public class publication : WebService + public class publication : UmbracoAuthorizedWebService { [WebMethod] [ScriptMethod] - public int GetPublicationStatus(string key) + public int GetPublicationStatus(string key) { - legacyAjaxCalls.Authorize(); + if (!AuthorizeRequest(DefaultApps.content.ToString())) + return 0; try { @@ -34,7 +37,8 @@ namespace umbraco.webservices [ScriptMethod] public int GetPublicationStatusMax(string key) { - legacyAjaxCalls.Authorize(); + if (!AuthorizeRequest(DefaultApps.content.ToString())) + return 0; try { @@ -50,6 +54,9 @@ namespace umbraco.webservices [ScriptMethod] public int GetPublicationStatusMaxAll(string key) { + if (!AuthorizeRequest(DefaultApps.content.ToString())) + return 0; + try { return int.Parse(Application["publishTotalAll" + key].ToString()); @@ -60,6 +67,7 @@ namespace umbraco.webservices } } + [Obsolete("This doesn't do anything and will be removed in future versions")] [WebMethod] public void HandleReleaseAndExpireDates(Guid PublishingServiceKey) { @@ -68,30 +76,12 @@ namespace umbraco.webservices [WebMethod] public void SaveXmlCacheToDisk() { - legacyAjaxCalls.Authorize(); + if (!AuthorizeRequest(DefaultApps.content.ToString())) + return; content.Instance.PersistXmlToFile(); } - #region Component Designer generated code - //Required by the Web Services Designer - private IContainer components = null; - - - /// - /// Clean up any resources being used. - /// - protected override void Dispose( bool disposing ) - { - if(disposing && components != null) - { - components.Dispose(); - } - base.Dispose(disposing); - } - - #endregion - } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/templates.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/templates.asmx.cs index 691e4ad7e7..93dc363f7d 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/templates.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/templates.asmx.cs @@ -7,6 +7,10 @@ using System.Web; using System.Web.Services; using System.Xml; using System.Web.Script.Services; +using Umbraco.Core; +using Umbraco.Core.IO; +using Umbraco.Web.WebServices; +using umbraco.BusinessLogic; using umbraco.presentation.webservices; namespace umbraco.webservices @@ -16,111 +20,83 @@ namespace umbraco.webservices /// [WebService(Namespace="http://umbraco.org/webservices/")] [ScriptService] - public class templates : System.Web.Services.WebService + public class templates : UmbracoAuthorizedWebService { - public templates() - { - //CODEGEN: This call is required by the ASP.NET Web Services Designer - InitializeComponent(); - } - + [WebMethod] - public XmlNode GetTemplates(string Login, string Password) + public XmlNode GetTemplates(string Login, string Password) { - if (BusinessLogic.User.validateCredentials(Login, Password)) + if (ValidateCredentials(Login, Password) && UserHasAppAccess(DefaultApps.settings.ToString(), Login)) { - XmlDocument xmlDoc = new XmlDocument(); + var xmlDoc = new XmlDocument(); xmlDoc.LoadXml(""); foreach (cms.businesslogic.template.Template t in cms.businesslogic.template.Template.GetAllAsList()) { - XmlElement tt = xmlDoc.CreateElement("template"); - tt.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "id", t.Id.ToString())); - tt.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "name", t.Text)); + var tt = xmlDoc.CreateElement("template"); + tt.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "id", t.Id.ToString())); + tt.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "name", t.Text)); xmlDoc.DocumentElement.AppendChild(tt); } return xmlDoc.DocumentElement; - } else - return null; + } + return null; } - [WebMethod] - public XmlNode GetTemplate(int Id, string Login, string Password) + [WebMethod] + public XmlNode GetTemplate(int Id, string Login, string Password) { - if (BusinessLogic.User.validateCredentials(Login, Password)) + if (ValidateCredentials(Login, Password) && UserHasAppAccess(DefaultApps.settings.ToString(), Login)) { - cms.businesslogic.template.Template t = new cms.businesslogic.template.Template(Id); - XmlDocument xmlDoc = new XmlDocument(); - XmlElement tXml = xmlDoc.CreateElement("template"); - tXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "id", t.Id.ToString())); - tXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "master", t.MasterTemplate.ToString())); - tXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "name", t.Text)); - tXml.AppendChild(xmlHelper.addCDataNode(xmlDoc, "design", t.Design)); + var t = new cms.businesslogic.template.Template(Id); + var xmlDoc = new XmlDocument(); + var tXml = xmlDoc.CreateElement("template"); + tXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "id", t.Id.ToString())); + tXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "master", t.MasterTemplate.ToString())); + tXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "name", t.Text)); + tXml.AppendChild(XmlHelper.AddCDataNode(xmlDoc, "design", t.Design)); return tXml; - } else - return null; - + } + return null; } - [WebMethod] - public bool UpdateTemplate(int Id, int Master, string Design, string Login, string Password) + [WebMethod] + public bool UpdateTemplate(int Id, int Master, string Design, string Login, string Password) { - if (BusinessLogic.User.validateCredentials(Login, Password)) + if (ValidateCredentials(Login, Password) && UserHasAppAccess(DefaultApps.settings.ToString(), Login)) { - cms.businesslogic.template.Template t = new cms.businesslogic.template.Template(Id); - if (t != null) - { - t.MasterTemplate = Master; - t.Design = Design; - return true; - } - else - return false; - } else - return false; + try + { + var t = new cms.businesslogic.template.Template(Id) + { + MasterTemplate = Master, + Design = Design + }; + //ensure events are raised + t.Save(); + return true; + } + catch (ArgumentException) + { + return false; + } + } + return false; } - [WebMethod] + [WebMethod] [ScriptMethod] public string GetCodeSnippet(object templateId) - { - legacyAjaxCalls.Authorize(); - - - string content = string.Empty; - - System.IO.StreamReader templateFile = - System.IO.File.OpenText(umbraco.IO.IOHelper.MapPath(IO.SystemDirectories.Umbraco + "/scripting/templates/cshtml/" + templateId.ToString())); - content = templateFile.ReadToEnd(); + { + //NOTE: The legacy code threw an exception so will continue to do that. + AuthorizeRequest(DefaultApps.settings.ToString(), true); + + var templateFile = + System.IO.File.OpenText(IOHelper.MapPath(SystemDirectories.Umbraco + "/scripting/templates/cshtml/" + templateId)); + var content = templateFile.ReadToEnd(); templateFile.Close(); return content; } - #region Component Designer generated code - //Required by the Web Services Designer - private IContainer components = null; - - /// - /// Required method for Designer support - do not modify - /// the contents of this method with the code editor. - /// - private void InitializeComponent() - { - } - - /// - /// Clean up any resources being used. - /// - protected override void Dispose( bool disposing ) - { - if(disposing && components != null) - { - components.Dispose(); - } - base.Dispose(disposing); - } - - #endregion - } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/trashcan.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/trashcan.asmx.cs index eb1b9aac71..f1bdd6d3d5 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/trashcan.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/trashcan.asmx.cs @@ -2,7 +2,9 @@ using System; using System.Web.Script.Services; using System.Web.Services; using System.ComponentModel; +using Umbraco.Web.WebServices; using umbraco.BasePages; +using umbraco.BusinessLogic; using umbraco.cms.businesslogic; namespace umbraco.presentation.webservices @@ -14,37 +16,48 @@ namespace umbraco.presentation.webservices [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [ToolboxItem(false)] [ScriptService] - public class trashcan : System.Web.Services.WebService + public class trashcan : UmbracoAuthorizedWebService { [WebMethod] - public void EmptyTrashcan(cms.businesslogic.RecycleBin.RecycleBinType type) + public void EmptyTrashcan(RecycleBin.RecycleBinType type) { - if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID)) + //validate against the app type! + switch (type) { - Application["trashcanEmptyLeft"] = RecycleBin.Count(type).ToString(); - emptyTrashCanDo(type); + case RecycleBin.RecycleBinType.Content: + if (!AuthorizeRequest(DefaultApps.content.ToString())) return; + break; + case RecycleBin.RecycleBinType.Media: + if (!AuthorizeRequest(DefaultApps.media.ToString())) return; + break; + default: + throw new ArgumentOutOfRangeException("type"); } + //TODO: This will never work in LB scenarios + Application["trashcanEmptyLeft"] = RecycleBin.Count(type).ToString(); + emptyTrashCanDo(type); } [WebMethod] public string GetTrashStatus() { - if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID)) + //TODO: This will never work in LB scenarios + + if (AuthorizeRequest()) { - if (Application["trashcanEmptyLeft"] != null) - return Application["trashcanEmptyLeft"].ToString(); - else - return ""; + return Application["trashcanEmptyLeft"] != null + ? Application["trashcanEmptyLeft"].ToString() + : ""; } return "-"; } - private void emptyTrashCanDo(cms.businesslogic.RecycleBin.RecycleBinType type) + private void emptyTrashCanDo(RecycleBin.RecycleBinType type) { - RecycleBin trashCan = new RecycleBin(type); + var trashCan = new RecycleBin(type); var callback = new Action(x => { diff --git a/src/umbraco.businesslogic/BasePages/BasePage.cs b/src/umbraco.businesslogic/BasePages/BasePage.cs index ad7d73ddb8..aef989c26f 100644 --- a/src/umbraco.businesslogic/BasePages/BasePage.cs +++ b/src/umbraco.businesslogic/BasePages/BasePage.cs @@ -12,7 +12,7 @@ using Umbraco.Core.Logging; using Umbraco.Core.Services; using umbraco.BusinessLogic; using umbraco.DataLayer; -using System.Web.UI; +using Umbraco.Core; namespace umbraco.BasePages { @@ -196,16 +196,17 @@ namespace umbraco.BasePages //[Obsolete("Use Umbraco.Web.Security.WebSecurity.ValidateUserContextId instead")] public static bool ValidateUserContextID(string currentUmbracoUserContextID) { - if ((currentUmbracoUserContextID != "")) + if (!currentUmbracoUserContextID.IsNullOrWhiteSpace()) { - int uid = GetUserId(currentUmbracoUserContextID); - long timeout = GetTimeout(currentUmbracoUserContextID); + var uid = GetUserId(currentUmbracoUserContextID); + var timeout = GetTimeout(currentUmbracoUserContextID); if (timeout > DateTime.Now.Ticks) { return true; } var user = BusinessLogic.User.GetUser(uid); + //TODO: We don't actually log anyone out here, not sure why we're logging ?? LogHelper.Info("User {0} (Id:{1}) logged out", () => user.Name, () => user.Id); } return false; diff --git a/src/umbraco.businesslogic/BasePages/UmbracoEnsuredPage.cs b/src/umbraco.businesslogic/BasePages/UmbracoEnsuredPage.cs index f38b9bcd57..34083fc624 100644 --- a/src/umbraco.businesslogic/BasePages/UmbracoEnsuredPage.cs +++ b/src/umbraco.businesslogic/BasePages/UmbracoEnsuredPage.cs @@ -1,5 +1,6 @@ using System; using Umbraco.Core.Logging; +using System.Linq; using umbraco.BusinessLogic; using umbraco.businesslogic.Exceptions; using umbraco.IO; @@ -22,20 +23,16 @@ namespace umbraco.BasePages } + [Obsolete("This constructor is not used and will be removed from the codebase in the future")] public UmbracoEnsuredPage(string hest) { } - private bool _redirectToUmbraco; /// /// If true then umbraco will force any window/frame to reload umbraco in the main window /// - public bool RedirectToUmbraco - { - get { return _redirectToUmbraco; } - set { _redirectToUmbraco = value; } - } + public bool RedirectToUmbraco { get; set; } /// /// Validates the user for access to a certain application @@ -44,11 +41,7 @@ namespace umbraco.BasePages /// public bool ValidateUserApp(string app) { - - foreach (Application uApp in getUser().Applications) - if (uApp.alias == app) - return true; - return false; + return getUser().Applications.Any(uApp => uApp.alias == app); } /// @@ -72,7 +65,7 @@ namespace umbraco.BasePages /// Gets the current user. /// /// The current user. - public static BusinessLogic.User CurrentUser + public static User CurrentUser { get {