From dcd6477030c78bb2821128fc7b40e8bf9e1adba7 Mon Sep 17 00:00:00 2001 From: Shannon Deminick Date: Sat, 6 Apr 2013 01:54:41 +0600 Subject: [PATCH 01/18] Removes un-needed ShowUmbracoTags files from legacy files. --- .../settings/modals/ShowUmbracoTags.aspx | 59 ------------------- .../settings/modals/ShowUmbracoTags.aspx.cs | 49 ++++++--------- .../modals/ShowUmbracoTags.aspx.designer.cs | 25 -------- 3 files changed, 19 insertions(+), 114 deletions(-) delete mode 100644 src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx delete mode 100644 src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx.designer.cs diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx b/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx deleted file mode 100644 index ffa0426ec6..0000000000 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx +++ /dev/null @@ -1,59 +0,0 @@ -<%@ Page Language="c#" MasterPageFile="../../masterpages/umbracoPage.Master" Title="ShowUmbracoTags" - Codebehind="ShowUmbracoTags.aspx.cs" AutoEventWireup="True" - Inherits="umbraco.cms.presentation.settings.modal.ShowUmbracoTags" %> -<%@ Register TagPrefix="cc1" Namespace="umbraco.uicontrols" Assembly="controls" %> - - - - - - - - - - - - - -
Insert field - - <umbraco:Item field="bodyText" runat="server"/> - - - Fetches a value from the current page. - -
Insert macro - - <umbraco:Macro macroAlias="MacroAlias" Alias="MacroAlias" runat="server"/> - - Inserts a macro into the template -
Load child template - - <asp:ContentPlaceHolder runat="server" id="<%= alias %>ContentPlaceHolder" /> - - - This is the default placeholder for content stored in a child template using this exact template as it's master template. - -
Disable Request Validation - - <umbraco:DisableRequestValidation runat="server"/> - - Disable ASP.NET request validation. It's the same as adding a enableEventValidation="false" to a page directive (but this is not possible in Umbraco as all pages use the same ASPX page for all pages) -
MetaBlogApi / Content Channels - - <link rel="EditURI" type="application/rsd+xml" href="http://<%=Request.ServerVariables["SERVER_NAME"] %><%= umbraco.IO.IOHelper.ResolveUrl(umbraco.IO.SystemDirectories.Umbraco)%>/channels/rsd.aspx" /> -

- <link rel="wlwmanifest" type="application/wlwmanifest+xml" href="http://<%=Request.ServerVariables["SERVER_NAME"] %><%= umbraco.IO.IOHelper.ResolveUrl(umbraco.IO.SystemDirectories.Umbraco)%>/channels/wlwmanifest.aspx" /> - - - Insert the above two elements to the head element to gain optimal support for - using the MetaBlog Apis with 3rd party clients and to enable autodiscovery for Windows - Live Writer. - -
- - diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx.cs index 00b7545232..fb594ac657 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx.cs @@ -1,4 +1,4 @@ -using System; +using System; using System.Collections; using System.ComponentModel; using System.Data; @@ -11,37 +11,26 @@ using System.Web.UI.HtmlControls; namespace umbraco.cms.presentation.settings.modal { - /// - /// Summary description for ShowUmbracoTags. - /// - public partial class ShowUmbracoTags : umbraco.BasePages.UmbracoEnsuredPage - { + /// + /// Summary description for ShowUmbracoTags. + /// + public partial class ShowUmbracoTags : umbraco.BasePages.UmbracoEnsuredPage + { public static string alias = ""; - protected void Page_Load(object sender, System.EventArgs e) - { + protected void Page_Load(object sender, System.EventArgs e) + { alias = Request.QueryString["alias"].Replace(" ", "").Trim(); - // Put user code to initialize the page here - } + // Put user code to initialize the page here + } - #region Web Form Designer generated code - override protected void OnInit(EventArgs e) - { - // - // CODEGEN: This call is required by the ASP.NET Web Form Designer. - // - InitializeComponent(); - base.OnInit(e); - } - - /// - /// Required method for Designer support - do not modify - /// the contents of this method with the code editor. - /// - private void InitializeComponent() - { - - } - #endregion - } + /// + /// Pane7 control. + /// + /// + /// Auto-generated field. + /// To modify move field declaration from designer file to code-behind file. + /// + protected global::umbraco.uicontrols.Pane Pane7; + } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx.designer.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx.designer.cs deleted file mode 100644 index d6a7fec73a..0000000000 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/settings/modals/ShowUmbracoTags.aspx.designer.cs +++ /dev/null @@ -1,25 +0,0 @@ -//------------------------------------------------------------------------------ -// -// This code was generated by a tool. -// Runtime Version:2.0.50727.4927 -// -// Changes to this file may cause incorrect behavior and will be lost if -// the code is regenerated. -// -//------------------------------------------------------------------------------ - -namespace umbraco.cms.presentation.settings.modal { - - - public partial class ShowUmbracoTags { - - /// - /// Pane7 control. - /// - /// - /// Auto-generated field. - /// To modify move field declaration from designer file to code-behind file. - /// - protected global::umbraco.uicontrols.Pane Pane7; - } -} From 90e73cb89f9295f243565fa514955fac9b12b4ff Mon Sep 17 00:00:00 2001 From: Shannon Deminick Date: Sat, 6 Apr 2013 01:59:28 +0600 Subject: [PATCH 02/18] cleans up some code in codeEditorSave --- src/Umbraco.Web/Umbraco.Web.csproj | 13 +- .../webservices/codeEditorSave.asmx.cs | 155 +++++++++--------- 2 files changed, 76 insertions(+), 92 deletions(-) diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj index c16128ce48..f107977a6a 100644 --- a/src/Umbraco.Web/Umbraco.Web.csproj +++ b/src/Umbraco.Web/Umbraco.Web.csproj @@ -385,6 +385,9 @@ ASPXCodeBehind + + ASPXCodeBehind + @@ -1496,13 +1499,6 @@ EditNodeTypeNew.aspx - - ShowUmbracoTags.aspx - ASPXCodeBehind - - - ShowUmbracoTags.aspx - editScript.aspx ASPXCodeBehind @@ -2039,9 +2035,6 @@ ASPXCodeBehind - - ASPXCodeBehind - ASPXCodeBehind diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs index 08efdbaa48..d770034abd 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs @@ -11,16 +11,15 @@ using System.Web.Services; using System.Web.UI; using System.Xml; using System.Xml.Xsl; +using Umbraco.Core.IO; using umbraco.BasePages; using umbraco.cms.businesslogic.macro; using umbraco.cms.businesslogic.template; using umbraco.cms.businesslogic.web; using umbraco.presentation.cache; using System.Net; -using umbraco.IO; using System.Collections; using umbraco.NodeFactory; -using umbraco.scripting; namespace umbraco.presentation.webservices { @@ -45,36 +44,33 @@ namespace umbraco.presentation.webservices { if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID)) { - string returnValue = "false"; - StyleSheet stylesheet = new StyleSheet(fileID); + string returnValue; + var stylesheet = new StyleSheet(fileID) + { + Content = fileContents, Text = fileName + }; - if (stylesheet != null) + try { - stylesheet.Content = fileContents; - stylesheet.Text = fileName; - try + stylesheet.saveCssToFile(); + stylesheet.Save(); + returnValue = "true"; + + + //deletes the old css file if the name was changed... + if (fileName.ToLowerInvariant() != oldName.ToLowerInvariant()) { - stylesheet.saveCssToFile(); - stylesheet.Save(); - returnValue = "true"; - - - //deletes the old css file if the name was changed... - if (fileName.ToLowerInvariant() != oldName.ToLowerInvariant()) - { - string p = IOHelper.MapPath(SystemDirectories.Css + "/" + oldName + ".css"); - if (System.IO.File.Exists(p)) - System.IO.File.Delete(p); - } - - } - catch (Exception ex) - { - return ex.ToString(); + var p = IOHelper.MapPath(SystemDirectories.Css + "/" + oldName + ".css"); + if (File.Exists(p)) + File.Delete(p); } - //this.speechBubble(speechBubbleIcon.save, ui.Text("speechBubbles", "editStylesheetSaved", base.getUser()), ""); } + catch (Exception ex) + { + return ex.ToString(); + } + return returnValue; } return "false"; @@ -111,15 +107,14 @@ namespace umbraco.presentation.webservices string xpath = UmbracoSettings.UseLegacyXmlSchema ? "/root/node" : "/root/*"; if (content.Instance.XmlContent.SelectNodes(xpath).Count > 0) { - XmlDocument macroXML = new XmlDocument(); + var macroXML = new XmlDocument(); macroXML.LoadXml(""); - XslCompiledTransform macroXSLT = new XslCompiledTransform(); - page umbPage = new page(content.Instance.XmlContent.SelectSingleNode("//* [@parentID = -1]")); + var macroXSLT = new XslCompiledTransform(); + var umbPage = new page(content.Instance.XmlContent.SelectSingleNode("//* [@parentID = -1]")); - XsltArgumentList xslArgs; - xslArgs = macro.AddMacroXsltExtensions(); - library lib = new library(umbPage); + var xslArgs = macro.AddMacroXsltExtensions(); + var lib = new library(umbPage); xslArgs.AddExtensionObject("urn:umbraco.library", lib); HttpContext.Current.Trace.Write("umbracoMacro", "After adding extensions"); @@ -130,16 +125,16 @@ namespace umbraco.presentation.webservices // Create reader and load XSL file // We need to allow custom DTD's, useful for defining an ENTITY - XmlReaderSettings readerSettings = new XmlReaderSettings(); + var readerSettings = new XmlReaderSettings(); readerSettings.ProhibitDtd = false; - using (XmlReader xmlReader = XmlReader.Create(tempFileName, readerSettings)) + using (var xmlReader = XmlReader.Create(tempFileName, readerSettings)) { - XmlUrlResolver xslResolver = new XmlUrlResolver(); + var xslResolver = new XmlUrlResolver(); xslResolver.Credentials = CredentialCache.DefaultCredentials; macroXSLT.Load(xmlReader, XsltSettings.TrustedXslt, xslResolver); xmlReader.Close(); // Try to execute the transformation - HtmlTextWriter macroResult = new HtmlTextWriter(new StringWriter()); + var macroResult = new HtmlTextWriter(new StringWriter()); macroXSLT.Transform(macroXML, xslArgs, macroResult); macroResult.Close(); @@ -163,24 +158,23 @@ namespace umbraco.presentation.webservices errorMessage = errorMessage.Replace("\n", "
\n"); //closeErrorMessage.Visible = true; - string[] errorLine; // Find error - MatchCollection m = Regex.Matches(errorMessage, @"\d*[^,],\d[^\)]", RegexOptions.IgnoreCase | RegexOptions.IgnorePatternWhitespace); + var m = Regex.Matches(errorMessage, @"\d*[^,],\d[^\)]", RegexOptions.IgnoreCase | RegexOptions.IgnorePatternWhitespace); foreach (Match mm in m) { - errorLine = mm.Value.Split(','); + string[] errorLine = mm.Value.Split(','); if (errorLine.Length > 0) { - int theErrorLine = int.Parse(errorLine[0]); - int theErrorChar = int.Parse(errorLine[1]); + var theErrorLine = int.Parse(errorLine[0]); + var theErrorChar = int.Parse(errorLine[1]); errorMessage = "Error in XSLT at line " + errorLine[0] + ", char " + errorLine[1] + "
"; errorMessage += ""; - string[] xsltText = fileContents.Split("\n".ToCharArray()); - for (int i = 0; i < xsltText.Length; i++) + var xsltText = fileContents.Split("\n".ToCharArray()); + for (var i = 0; i < xsltText.Length; i++) { if (i >= theErrorLine - 3 && i <= theErrorLine + 1) if (i + 1 == theErrorLine) @@ -202,15 +196,13 @@ namespace umbraco.presentation.webservices errorMessage += ""; } } - - } } if (errorMessage == "" && fileName.ToLower().EndsWith(".xslt")) { //Hardcoded security-check... only allow saving files in xslt directory... - string savePath = IOHelper.MapPath(SystemDirectories.Xslt + "/" + fileName); + var savePath = IOHelper.MapPath(SystemDirectories.Xslt + "/" + fileName); if (savePath.StartsWith(IOHelper.MapPath(SystemDirectories.Xslt + "/"))) { @@ -218,9 +210,9 @@ namespace umbraco.presentation.webservices if (fileName != oldName) { - string p = IOHelper.MapPath(SystemDirectories.Xslt + "/" + oldName); - if (System.IO.File.Exists(p)) - System.IO.File.Delete(p); + var p = IOHelper.MapPath(SystemDirectories.Xslt + "/" + oldName); + if (File.Exists(p)) + File.Delete(p); } SW = File.CreateText(savePath); @@ -252,8 +244,8 @@ namespace umbraco.presentation.webservices if (string.IsNullOrEmpty(fileName)) throw new ArgumentNullException("fileName"); - List allowedExtensions = new List(); - foreach (MacroEngineLanguage lang in MacroEngineFactory.GetSupportedUILanguages()) + var allowedExtensions = new List(); + foreach (var lang in MacroEngineFactory.GetSupportedUILanguages()) { if (!allowedExtensions.Contains(lang.Extension)) allowedExtensions.Add(lang.Extension); @@ -268,8 +260,6 @@ namespace umbraco.presentation.webservices allowedExtensions); - StreamWriter SW; - //As Files Can Be Stored In Sub Directories, So We Need To Get The Exeuction Directory Correct var lastOccurance = fileName.LastIndexOf('/') + 1; var directory = fileName.Substring(0, lastOccurance); @@ -278,10 +268,11 @@ namespace umbraco.presentation.webservices IOHelper.MapPath(SystemDirectories.MacroScripts + "/" + directory + DateTime.Now.Ticks + "_" + fileNameWithExt); - //SW = File.CreateText(tempFileName); - SW = new StreamWriter(tempFileName, false, Encoding.UTF8); - SW.Write(fileContents); - SW.Close(); + using (var sw = new StreamWriter(tempFileName, false, Encoding.UTF8)) + { + sw.Write(fileContents); + sw.Close(); + } var errorMessage = ""; if (!ignoreDebugging) @@ -322,9 +313,11 @@ namespace umbraco.presentation.webservices File.Delete(p); } - SW = new StreamWriter(savePath, false, Encoding.UTF8); - SW.Write(fileContents); - SW.Close(); + using (var sw = new StreamWriter(savePath, false, Encoding.UTF8)) + { + sw.Write(fileContents); + sw.Close(); + } errorMessage = "true"; @@ -353,38 +346,36 @@ namespace umbraco.presentation.webservices UmbracoSettings.ScriptFileTypes.Split(',').ToList()); - string val = contents; - string returnValue = "false"; + var val = contents; + string returnValue; try { - string saveOldPath = ""; - if (oldName.StartsWith("~/")) - saveOldPath = IOHelper.MapPath(oldName); - else - saveOldPath = IOHelper.MapPath(SystemDirectories.Scripts + "/" + oldName); - - string savePath = ""; - if (filename.StartsWith("~/")) - savePath = IOHelper.MapPath(filename); - else - savePath = IOHelper.MapPath(SystemDirectories.Scripts + "/" + filename); - + var saveOldPath = ""; + saveOldPath = oldName.StartsWith("~/") + ? IOHelper.MapPath(oldName) + : IOHelper.MapPath(SystemDirectories.Scripts + "/" + oldName); + var savePath = ""; + savePath = filename.StartsWith("~/") + ? IOHelper.MapPath(filename) + : IOHelper.MapPath(SystemDirectories.Scripts + "/" + filename); + //Directory check.. only allow files in script dir and below to be edited if (savePath.StartsWith(IOHelper.MapPath(SystemDirectories.Scripts + "/")) || savePath.StartsWith(IOHelper.MapPath(SystemDirectories.Masterpages + "/"))) { //deletes the old file if (savePath != saveOldPath) { - if (System.IO.File.Exists(saveOldPath)) - System.IO.File.Delete(saveOldPath); + if (File.Exists(saveOldPath)) + File.Delete(saveOldPath); } - - StreamWriter SW; - SW = File.CreateText(savePath); - SW.Write(val); - SW.Close(); - + + using (var sw = File.CreateText(savePath)) + { + sw.Write(val); + sw.Close(); + } + returnValue = "true"; } else From 668d4f9f91083a1233bfd313c9b37493189f52a1 Mon Sep 17 00:00:00 2001 From: Sebastiaan Janssen Date: Mon, 8 Apr 2013 05:59:02 -0200 Subject: [PATCH 03/18] Fixes U4-1864 Publishing document type with Upload field and related umbracoWidth, umbracoHeight, etc fields added --- src/umbraco.cms/businesslogic/Content.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/umbraco.cms/businesslogic/Content.cs b/src/umbraco.cms/businesslogic/Content.cs index 9d80511bca..8390269602 100644 --- a/src/umbraco.cms/businesslogic/Content.cs +++ b/src/umbraco.cms/businesslogic/Content.cs @@ -699,7 +699,7 @@ namespace umbraco.cms.businesslogic continue; //get the propertyId - var property = propData.SingleOrDefault(x => x.PropertyTypeId == pt.Id); + var property = propData.FirstOrDefault(x => x.PropertyTypeId == pt.Id); if (property == null) { //continue; From 99fe89addc33bb92f10bb30c5151b591cc4973c8 Mon Sep 17 00:00:00 2001 From: Sebastiaan Janssen Date: Mon, 8 Apr 2013 06:55:48 -0200 Subject: [PATCH 04/18] Fix U4-1864 the same way as in 6.0.x --- src/umbraco.cms/businesslogic/Content.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/umbraco.cms/businesslogic/Content.cs b/src/umbraco.cms/businesslogic/Content.cs index 8390269602..d8c30138ae 100644 --- a/src/umbraco.cms/businesslogic/Content.cs +++ b/src/umbraco.cms/businesslogic/Content.cs @@ -699,7 +699,7 @@ namespace umbraco.cms.businesslogic continue; //get the propertyId - var property = propData.FirstOrDefault(x => x.PropertyTypeId == pt.Id); + var property = propData.LastOrDefault(x => x.PropertyTypeId == pt.Id); if (property == null) { //continue; From 74b970d58631231e662c5b99b16bc66421d7b3fe Mon Sep 17 00:00:00 2001 From: Shannon Deminick Date: Tue, 9 Apr 2013 05:00:22 +0600 Subject: [PATCH 05/18] Fixes: #U4-529 - Created 2 base classes for web services - UmbracoWebService and UmbracoAuthorizedWebService for use in creating asmx classes. This makes it easier to authenticate/authorize per app and also exposes Umbraco standard objects like UmbracoContext, ApplicationCOntext, etc... --- src/Umbraco.Web/Umbraco.Web.csproj | 6 ++ .../UmbracoAuthorizedWebService.cs | 93 +++++++++++++++++++ .../WebServices/UmbracoWebService.cs | 75 +++++++++++++++ .../webservices/codeEditorSave.asmx.cs | 21 ++--- 4 files changed, 182 insertions(+), 13 deletions(-) create mode 100644 src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs create mode 100644 src/Umbraco.Web/WebServices/UmbracoWebService.cs diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj index f107977a6a..c6c7b482b2 100644 --- a/src/Umbraco.Web/Umbraco.Web.csproj +++ b/src/Umbraco.Web/Umbraco.Web.csproj @@ -1816,6 +1816,12 @@ Reference.map + + Component + + + Component + diff --git a/src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs b/src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs new file mode 100644 index 0000000000..34b2141540 --- /dev/null +++ b/src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs @@ -0,0 +1,93 @@ +using System; +using System.Collections.Generic; +using System.Linq; +using System.Text; +using System.Web; +using Umbraco.Core.Configuration; +using umbraco.BasePages; +using umbraco.BusinessLogic; +using Umbraco.Core; + +namespace Umbraco.Web.WebServices +{ + /// + /// An abstract web service class that has the methods and properties to correct validate an Umbraco user + /// + public abstract class UmbracoAuthorizedWebService : UmbracoWebService + { + protected UmbracoAuthorizedWebService() + : base() + { + } + + protected UmbracoAuthorizedWebService(UmbracoContext umbracoContext) + : base(umbracoContext) + { + } + + /// + /// Validates the user for access to a certain application + /// + /// The application alias. + /// + protected bool ValidateUserApp(string app) + { + //ensure we have a valid user first! + if (!ValidateUser()) return false; + + //if it is empty, don't validate + if (app.IsNullOrWhiteSpace()) + { + return true; + } + return UmbracoUser.Applications.Any(uApp => uApp.alias == app); + } + + + private User _user; + private readonly InnerPage _page = new InnerPage(); + + /// + /// Returns true if there is a valid logged in user + /// + /// + protected bool ValidateUser() + { + try + { + return UmbracoUser != null; + } + catch (ArgumentException) + { + //an exception will occur if the user is not valid inside of _page.getUser(); + return false; + } + catch (InvalidOperationException) + { + //an exception will occur if the user is not valid inside of _page.getUser(); + return false; + } + } + + /// + /// Returns the current user + /// + protected User UmbracoUser + { + get + { + return _user ?? (_user = _page.getUser()); + } + } + + /// + /// Used to validate, thie is temporary, in 6.1 we have the WebSecurity class which does all + /// authorization stuff for us. + /// + private class InnerPage : BasePage + { + + } + + } +} diff --git a/src/Umbraco.Web/WebServices/UmbracoWebService.cs b/src/Umbraco.Web/WebServices/UmbracoWebService.cs new file mode 100644 index 0000000000..1e7ac345cd --- /dev/null +++ b/src/Umbraco.Web/WebServices/UmbracoWebService.cs @@ -0,0 +1,75 @@ +using System; +using System.Web; +using System.Web.Mvc; +using System.Web.Routing; +using System.Web.Services; +using Umbraco.Core; + +namespace Umbraco.Web.WebServices +{ + /// + /// An abstract web service class exposing common umbraco objects + /// + public abstract class UmbracoWebService : WebService + { + protected UmbracoWebService() + : this(UmbracoContext.Current) + { + + } + + protected UmbracoWebService(UmbracoContext umbracoContext) + { + if (umbracoContext == null) throw new ArgumentNullException("umbracoContext"); + UmbracoContext = umbracoContext; + Umbraco = new UmbracoHelper(umbracoContext); + } + + /// + /// Returns the current ApplicationContext + /// + public ApplicationContext ApplicationContext + { + get { return UmbracoContext.Application; } + } + + /// + /// Returns the current UmbracoContext + /// + public UmbracoContext UmbracoContext { get; private set; } + + /// + /// Returns an UmbracoHelper object + /// + public UmbracoHelper Umbraco { get; private set; } + + private UrlHelper _url; + + /// + /// Returns a UrlHelper + /// + /// + /// This URL helper is created without any route data and an empty request context + /// + public UrlHelper Url + { + get { return _url ?? (_url = new UrlHelper(new RequestContext(new HttpContextWrapper(Context), new RouteData()))); } + } + + ///// + ///// Returns a ServiceContext + ///// + //public ServiceContext Services + //{ + // get { return ApplicationContext.Services; } + //} + + ///// + ///// Returns a DatabaseContext + ///// + //public DatabaseContext DatabaseContext + //{ + // get { return ApplicationContext.DatabaseContext; } + //} + } +} \ No newline at end of file diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs index d770034abd..49ec839d0e 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs @@ -12,7 +12,9 @@ using System.Web.UI; using System.Xml; using System.Xml.Xsl; using Umbraco.Core.IO; +using Umbraco.Web.WebServices; using umbraco.BasePages; +using umbraco.BusinessLogic; using umbraco.cms.businesslogic.macro; using umbraco.cms.businesslogic.template; using umbraco.cms.businesslogic.web; @@ -30,19 +32,13 @@ namespace umbraco.presentation.webservices [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [ToolboxItem(false)] [ScriptService] - public class codeEditorSave : WebService + public class codeEditorSave : UmbracoAuthorizedWebService { - [WebMethod] - public string Save(string fileName, string fileAlias, string fileContents, string fileType, int fileID, - int masterID, bool ignoreDebug) - { - return "Not implemented"; - } [WebMethod] public string SaveCss(string fileName, string oldName, string fileContents, int fileID) { - if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID)) + if (ValidateUserApp(DefaultApps.settings.ToString())) { string returnValue; var stylesheet = new StyleSheet(fileID) @@ -79,7 +75,7 @@ namespace umbraco.presentation.webservices [WebMethod] public string SaveXslt(string fileName, string oldName, string fileContents, bool ignoreDebugging) { - if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID)) + if (ValidateUserApp(DefaultApps.developer.ToString())) { // validate file @@ -238,8 +234,7 @@ namespace umbraco.presentation.webservices [WebMethod] public string SaveDLRScript(string fileName, string oldName, string fileContents, bool ignoreDebugging) { - - if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID)) + if (ValidateUserApp(DefaultApps.developer.ToString())) { if (string.IsNullOrEmpty(fileName)) throw new ArgumentNullException("fileName"); @@ -335,7 +330,7 @@ namespace umbraco.presentation.webservices [WebMethod] public string SaveScript(string filename, string oldName, string contents) { - if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID)) + if (ValidateUserApp(DefaultApps.settings.ToString())) { // validate file @@ -397,7 +392,7 @@ namespace umbraco.presentation.webservices [WebMethod] public string SaveTemplate(string templateName, string templateAlias, string templateContents, int templateID, int masterTemplateID) { - if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID)) + if (ValidateUserApp(DefaultApps.settings.ToString())) { var _template = new Template(templateID); string retVal = "false"; From 3a539629dc3de0bc8183ea9a6d1a7f7ac0506ee2 Mon Sep 17 00:00:00 2001 From: Shannon Deminick Date: Tue, 9 Apr 2013 05:04:21 +0600 Subject: [PATCH 06/18] imports patch from ed6939e5927f since that fix belongs in the main dev branch --- .../BasePages/BasePage.cs | 27 +++++++++++++------ 1 file changed, 19 insertions(+), 8 deletions(-) diff --git a/src/umbraco.businesslogic/BasePages/BasePage.cs b/src/umbraco.businesslogic/BasePages/BasePage.cs index ad849847dd..3f09e70cb3 100644 --- a/src/umbraco.businesslogic/BasePages/BasePage.cs +++ b/src/umbraco.businesslogic/BasePages/BasePage.cs @@ -131,23 +131,34 @@ namespace umbraco.BasePages /// public static int GetUserId(string umbracoUserContextID) { + + Guid contextId; + if (!Guid.TryParse(umbracoUserContextID, out contextId)) + { + return -1; + } + try { - if (System.Web.HttpRuntime.Cache["UmbracoUserContext" + umbracoUserContextID] == null) + if (HttpRuntime.Cache["UmbracoUserContext" + umbracoUserContextID] == null) { - System.Web.HttpRuntime.Cache.Insert( + var uId = SqlHelper.ExecuteScalar( + "select userID from umbracoUserLogins where contextID = @contextId", + SqlHelper.CreateParameter("@contextId", new Guid(umbracoUserContextID))); + if (!uId.HasValue) + { + return -1; + } + + HttpRuntime.Cache.Insert( "UmbracoUserContext" + umbracoUserContextID, - SqlHelper.ExecuteScalar("select userID from umbracoUserLogins where contextID = @contextId", - SqlHelper.CreateParameter("@contextId", new Guid(umbracoUserContextID)) - ), + uId.Value, null, System.Web.Caching.Cache.NoAbsoluteExpiration, new TimeSpan(0, (int) (UmbracoTimeOutInMinutes/10), 0)); - - } - return (int)System.Web.HttpRuntime.Cache["UmbracoUserContext" + umbracoUserContextID]; + return (int)HttpRuntime.Cache["UmbracoUserContext" + umbracoUserContextID]; } catch From 9803309e34f8081a76a9273991120d10784e4d89 Mon Sep 17 00:00:00 2001 From: Shannon Deminick Date: Tue, 9 Apr 2013 05:04:57 +0600 Subject: [PATCH 07/18] imports patch from 846d845a5a87 since it belongs in the main dev branch. --- .../umbraco/webservices/MediaUploader.ashx.cs | 10 +++++++--- src/umbraco.businesslogic/BasePages/BasePage.cs | 2 +- 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs index ba0b19e998..80036576ea 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs @@ -239,10 +239,14 @@ namespace umbraco.presentation.umbraco.webservices if (isValid) AuthenticatedUser = user; } - else if (User.GetCurrent() != null) + else { - isValid = true; - AuthenticatedUser = User.GetCurrent(); + var usr = User.GetCurrent(); + if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID) && usr != null) + { + isValid = true; + AuthenticatedUser = usr; + } } return isValid; diff --git a/src/umbraco.businesslogic/BasePages/BasePage.cs b/src/umbraco.businesslogic/BasePages/BasePage.cs index 3f09e70cb3..2118dd4cc6 100644 --- a/src/umbraco.businesslogic/BasePages/BasePage.cs +++ b/src/umbraco.businesslogic/BasePages/BasePage.cs @@ -172,7 +172,7 @@ namespace umbraco.BasePages /// /// Validates the user context ID. /// - /// The umbraco user context ID. + /// The umbraco user context ID. /// public static bool ValidateUserContextID(string currentUmbracoUserContextID) { From 29bf61b1f2d576480dda00a41727dcee5bb7ac4f Mon Sep 17 00:00:00 2001 From: Shannon Deminick Date: Tue, 9 Apr 2013 06:07:25 +0600 Subject: [PATCH 08/18] Starts on #U4-2078, mostly just some initial code cleanup --- .../umbraco/js/umbracoUpgradeChecker.js | 21 +-- .../UmbracoAuthorizedWebService.cs | 57 ++++++-- .../umbraco/webservices/CMSNode.asmx.cs | 17 ++- .../webservices/CacheRefresher.asmx.cs | 41 +----- .../webservices/CheckForUpgrade.asmx.cs | 10 +- .../umbraco/webservices/Developer.asmx.cs | 132 +++++++----------- .../umbraco/webservices/MediaUploader.ashx.cs | 2 +- .../umbraco/webservices/Settings.asmx.cs | 64 ++------- .../TagsAutoCompleteHandler.ashx.cs | 4 +- .../webservices/TreeClientService.asmx.cs | 6 +- .../webservices/TreeDataService.ashx.cs | 5 +- .../umbraco/webservices/ajaxHelpers.cs | 15 +- .../webservices/codeEditorSave.asmx.cs | 10 +- .../webservices/legacyAjaxCalls.asmx.cs | 45 +++--- .../webservices/progressStatus.asmx.cs | 32 ----- .../umbraco/webservices/publication.asmx.cs | 34 +---- .../umbraco/webservices/templates.asmx.cs | 125 +++++++---------- .../umbraco/webservices/trashcan.asmx.cs | 11 +- .../BasePages/BasePage.cs | 11 +- 19 files changed, 244 insertions(+), 398 deletions(-) diff --git a/src/Umbraco.Web.UI/umbraco/js/umbracoUpgradeChecker.js b/src/Umbraco.Web.UI/umbraco/js/umbracoUpgradeChecker.js index 8d962b457a..687cdd20c1 100644 --- a/src/Umbraco.Web.UI/umbraco/js/umbracoUpgradeChecker.js +++ b/src/Umbraco.Web.UI/umbraco/js/umbracoUpgradeChecker.js @@ -1,14 +1,15 @@ function umbracoCheckUpgrade(result) { - if (result.UpgradeType.toLowerCase() != 'none') { - if (UmbSpeechBubble == null) { - InitUmbracoSpeechBubble(); + if (result) { + if (result.UpgradeType.toLowerCase() != 'none') { + if (UmbSpeechBubble == null) { + InitUmbracoSpeechBubble(); + } + var icon = 'info'; + if (result.UpgradeType.toLowerCase() == 'critical') { + icon = 'error'; + } + + UmbSpeechBubble.ShowMessage(icon, 'Upgrade Available!', '' + result.UpgradeComment + '', true); } - var icon = 'info'; - if (result.UpgradeType.toLowerCase() == 'critical') { - icon = 'error'; - } - - UmbSpeechBubble.ShowMessage(icon, 'Upgrade Available!', '' + result.UpgradeComment + '', true); } - } \ No newline at end of file diff --git a/src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs b/src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs index 34b2141540..6740782d50 100644 --- a/src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs +++ b/src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs @@ -3,10 +3,14 @@ using System.Collections.Generic; using System.Linq; using System.Text; using System.Web; +using System.Web.Security; using Umbraco.Core.Configuration; using umbraco.BasePages; using umbraco.BusinessLogic; using Umbraco.Core; +using umbraco.businesslogic.Exceptions; +using GlobalSettings = umbraco.GlobalSettings; +using UmbracoSettings = umbraco.UmbracoSettings; namespace Umbraco.Web.WebServices { @@ -25,45 +29,80 @@ namespace Umbraco.Web.WebServices { } + private User _user; + private readonly InnerPage _page = new InnerPage(); + + /// + /// Checks if the umbraco context id is valid + /// + /// + /// + protected bool ValidateUserContextId(string currentUmbracoUserContextId) + { + return BasePage.ValidateUserContextID(currentUmbracoUserContextId); + } + + /// + /// Checks if the username/password credentials are valid + /// + /// + /// + /// + protected bool ValidateCredentials(string username, string password) + { + return Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].ValidateUser(username, password); + } + /// /// Validates the user for access to a certain application /// /// The application alias. + /// true if an exception should be thrown if authorization fails /// - protected bool ValidateUserApp(string app) + protected bool AuthorizeRequest(string app, bool throwExceptions = false) { //ensure we have a valid user first! - if (!ValidateUser()) return false; + if (!AuthorizeRequest(throwExceptions)) return false; //if it is empty, don't validate if (app.IsNullOrWhiteSpace()) { return true; } - return UmbracoUser.Applications.Any(uApp => uApp.alias == app); + var hasAccess = UmbracoUser.Applications.Any(uApp => uApp.alias == app); + if (!hasAccess && throwExceptions) + throw new UserAuthorizationException("The user does not have access to the required application"); + return hasAccess; } - - private User _user; - private readonly InnerPage _page = new InnerPage(); - /// - /// Returns true if there is a valid logged in user + /// Returns true if there is a valid logged in user and that ssl is enabled if required /// + /// true if an exception should be thrown if authorization fails /// - protected bool ValidateUser() + protected bool AuthorizeRequest(bool throwExceptions = false) { + // check for secure connection + if (GlobalSettings.UseSSL && !HttpContext.Current.Request.IsSecureConnection) + { + if (throwExceptions) + throw new UserAuthorizationException("This installation requires a secure connection (via SSL). Please update the URL to include https://"); + return false; + } + try { return UmbracoUser != null; } catch (ArgumentException) { + if (throwExceptions) throw; //an exception will occur if the user is not valid inside of _page.getUser(); return false; } catch (InvalidOperationException) { + if (throwExceptions) throw; //an exception will occur if the user is not valid inside of _page.getUser(); return false; } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CMSNode.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CMSNode.asmx.cs index 89e3256ccb..e71d405d62 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CMSNode.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CMSNode.asmx.cs @@ -6,7 +6,7 @@ using System.Web.Script.Services; using System.Web.Services; using System.Web.Services.Protocols; using System.ComponentModel; - +using Umbraco.Web.WebServices; using umbraco.cms.businesslogic; using umbraco.BusinessLogic; @@ -17,22 +17,21 @@ namespace umbraco.presentation.webservices /// [WebService(Namespace = "http://umbraco.org/webservices/")] [ScriptService] - public class CMSNode : System.Web.Services.WebService + public class CMSNode : UmbracoAuthorizedWebService { [WebMethod] public string GetNodeName(string ContextID, int NodeId) { - if (BasePages.BasePage.ValidateUserContextID(ContextID)) - return getNodeName(NodeId); - - return ""; + return ValidateUserContextId(ContextID) + ? GetNodeName(NodeId) + : string.Empty; } - private string getNodeName(int NodeId) + private string GetNodeName(int nodeId) { - legacyAjaxCalls.Authorize(); - cms.businesslogic.CMSNode n = new cms.businesslogic.CMSNode(NodeId); + if (!AuthorizeRequest()) return string.Empty; + var n = new cms.businesslogic.CMSNode(nodeId); return n.Text; } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CacheRefresher.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CacheRefresher.asmx.cs index d2ecd05a33..f29072588e 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CacheRefresher.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CacheRefresher.asmx.cs @@ -14,41 +14,8 @@ namespace umbraco.presentation.webservices /// Summary description for CacheRefresher. /// [WebService(Namespace="http://umbraco.org/webservices/")] - public class CacheRefresher : System.Web.Services.WebService - { - public CacheRefresher() - { - //CODEGEN: This call is required by the ASP.NET Web Services Designer - InitializeComponent(); - } - - #region Component Designer generated code - - //Required by the Web Services Designer - private IContainer components = null; - - /// - /// Required method for Designer support - do not modify - /// the contents of this method with the code editor. - /// - private void InitializeComponent() - { - } - - /// - /// Clean up any resources being used. - /// - protected override void Dispose( bool disposing ) - { - if(disposing && components != null) - { - components.Dispose(); - } - base.Dispose(disposing); - } - - #endregion - + public class CacheRefresher : WebService + { [WebMethod] public void RefreshAll(Guid uniqueIdentifier, string Login, string Password) { @@ -96,11 +63,11 @@ namespace umbraco.presentation.webservices { if (BusinessLogic.User.validateCredentials(Login, Password)) { - XmlDocument xd = new XmlDocument(); + var xd = new XmlDocument(); xd.LoadXml(""); foreach (var cr in CacheRefreshersResolver.Current.CacheResolvers) { - XmlNode n = xmlHelper.addTextNode(xd, "cacheRefresher", cr.Name); + var n = xmlHelper.addTextNode(xd, "cacheRefresher", cr.Name); n.Attributes.Append(xmlHelper.addAttribute(xd, "uniqueIdentifier", cr.UniqueIdentifier.ToString())); xd.DocumentElement.AppendChild(n); } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CheckForUpgrade.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CheckForUpgrade.asmx.cs index 732be59d19..2885e784d5 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CheckForUpgrade.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CheckForUpgrade.asmx.cs @@ -3,6 +3,7 @@ using System.Collections.Generic; using System.Web; using System.Web.Services; using System.Web.Script.Services; +using Umbraco.Web.WebServices; namespace umbraco.presentation.webservices @@ -14,17 +15,16 @@ namespace umbraco.presentation.webservices [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [System.ComponentModel.ToolboxItem(false)] [ScriptService] - public class CheckForUpgrade : System.Web.Services.WebService + public class CheckForUpgrade : UmbracoAuthorizedWebService { [WebMethod] [ScriptMethod] public UpgradeResult CallUpgradeService() { - legacyAjaxCalls.Authorize(); - - org.umbraco.update.CheckForUpgrade check = new global::umbraco.presentation.org.umbraco.update.CheckForUpgrade(); - org.umbraco.update.UpgradeResult result = check.CheckUpgrade(GlobalSettings.VersionMajor, GlobalSettings.VersionMinor, GlobalSettings.VersionPatch, GlobalSettings.VersionComment); + if (!AuthorizeRequest()) return null; + var check = new org.umbraco.update.CheckForUpgrade(); + var result = check.CheckUpgrade(GlobalSettings.VersionMajor, GlobalSettings.VersionMinor, GlobalSettings.VersionPatch, GlobalSettings.VersionComment); return new UpgradeResult(result.UpgradeType.ToString(), result.Comment, result.UpgradeUrl); } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Developer.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Developer.asmx.cs index 2ecd9b52f9..aaa6ece5e4 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Developer.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Developer.asmx.cs @@ -1,12 +1,7 @@ -using System; -using System.Collections; -using System.ComponentModel; -using System.Data; -using System.Diagnostics; -using System.Web; using System.Web.Services; - using System.Xml; +using Umbraco.Core; +using Umbraco.Web.WebServices; using umbraco.presentation.webservices; namespace umbraco.webservices @@ -15,99 +10,68 @@ namespace umbraco.webservices /// Summary description for Developer. /// [WebService(Namespace="http://umbraco.org/webservices/")] - public class Developer : System.Web.Services.WebService + public class Developer : UmbracoAuthorizedWebService { - public Developer() - { - //CODEGEN: This call is required by the ASP.NET Web Services Designer - InitializeComponent(); - } - + [WebMethod] - public string BootStrapTidy(string html, string ContextID) + public string BootStrapTidy(string html, string ContextID) { - legacyAjaxCalls.Authorize(); + //pretty sure this is legacy and it used to throw an exception so we'll continue to do the same + //true = throw if invalid + AuthorizeRequest(true); return cms.helpers.xhtml.BootstrapTidy(html); } [WebMethod] - public XmlNode GetMacros(string Login, string Password) + public XmlNode GetMacros(string Login, string Password) { - if (BusinessLogic.User.validateCredentials(Login, Password)) + if (ValidateCredentials(Login, Password)) { - XmlDocument xmlDoc = new XmlDocument(); - XmlElement macros = xmlDoc.CreateElement("macros"); - foreach (cms.businesslogic.macro.Macro m in cms.businesslogic.macro.Macro.GetAll()) + var xmlDoc = new XmlDocument(); + var macros = xmlDoc.CreateElement("macros"); + foreach (var m in cms.businesslogic.macro.Macro.GetAll()) { - XmlElement mXml = xmlDoc.CreateElement("macro"); - mXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "id", m.Id.ToString())); - mXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "alias", m.Alias)); - mXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "name", m.Name)); + var mXml = xmlDoc.CreateElement("macro"); + mXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "id", m.Id.ToString())); + mXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "alias", m.Alias)); + mXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "name", m.Name)); macros.AppendChild(mXml); } return macros; - } else - return null; - } - - [WebMethod] - public XmlNode GetMacro(int Id, string Login, string Password) - { - if (BusinessLogic.User.validateCredentials(Login, Password)) - { - XmlDocument xmlDoc = new XmlDocument(); - XmlElement macro = xmlDoc.CreateElement("macro"); - cms.businesslogic.macro.Macro m = new cms.businesslogic.macro.Macro(Id); - macro.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "id", m.Id.ToString())); - macro.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "refreshRate", m.RefreshRate.ToString())); - macro.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "useInEditor", m.UseInEditor.ToString())); - macro.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "alias", m.Alias)); - macro.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "name", m.Name)); - macro.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "assembly", m.Assembly)); - macro.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "type", m.Type)); - macro.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "xslt", m.Xslt)); - XmlElement Properties = xmlDoc.CreateElement("properties"); - foreach (cms.businesslogic.macro.MacroProperty mp in m.Properties) - { - XmlElement pXml = xmlDoc.CreateElement("property"); - pXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "alias", mp.Alias)); - pXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "name", mp.Name)); - pXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "public", mp.Public.ToString())); - Properties.AppendChild(pXml); - } - macro.AppendChild(Properties); - return macro; - } else - return null; - } - - #region Component Designer generated code - - //Required by the Web Services Designer - private IContainer components = null; - - /// - /// Required method for Designer support - do not modify - /// the contents of this method with the code editor. - /// - private void InitializeComponent() - { - } - - /// - /// Clean up any resources being used. - /// - protected override void Dispose( bool disposing ) - { - if(disposing && components != null) - { - components.Dispose(); } - base.Dispose(disposing); + return null; } - - #endregion + [WebMethod] + public XmlNode GetMacro(int Id, string Login, string Password) + { + if (ValidateCredentials(Login, Password)) + { + var xmlDoc = new XmlDocument(); + var macro = xmlDoc.CreateElement("macro"); + var m = new cms.businesslogic.macro.Macro(Id); + macro.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "id", m.Id.ToString())); + macro.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "refreshRate", m.RefreshRate.ToString())); + macro.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "useInEditor", m.UseInEditor.ToString())); + macro.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "alias", m.Alias)); + macro.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "name", m.Name)); + macro.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "assembly", m.Assembly)); + macro.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "type", m.Type)); + macro.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "xslt", m.Xslt)); + var properties = xmlDoc.CreateElement("properties"); + foreach (var mp in m.Properties) + { + var pXml = xmlDoc.CreateElement("property"); + pXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "alias", mp.Alias)); + pXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "name", mp.Name)); + pXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "public", mp.Public.ToString())); + properties.AppendChild(pXml); + } + macro.AppendChild(properties); + return macro; + } + return null; + } } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs index 80036576ea..252577884c 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MediaUploader.ashx.cs @@ -23,7 +23,7 @@ namespace umbraco.presentation.umbraco.webservices public bool IsReusable { - get { return true; } + get { return false; } } public void ProcessRequest(HttpContext context) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Settings.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Settings.asmx.cs index 9cdeb41d7b..79b1a57920 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Settings.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Settings.asmx.cs @@ -7,68 +7,32 @@ using System.Web; using System.Web.Services; using System.Linq; using System.Xml; +using Umbraco.Core; namespace umbraco.webservices { - /// - /// Summary description for Settings. - /// - public class Settings : System.Web.Services.WebService + + public class Settings : WebService { - public Settings() - { - //CODEGEN: This call is required by the ASP.NET Web Services Designer - InitializeComponent(); - } - + [WebMethod] - public XmlNode GetTabs(string ContextID, int ContentTypeId) + public XmlNode GetTabs(string ContextID, int ContentTypeId) { - if (BasePages.BasePage.ValidateUserContextID(ContextID)) + if (BasePages.BasePage.ValidateUserContextID(ContextID)) { - XmlDocument xmlDoc = new XmlDocument(); - XmlElement tabs = xmlDoc.CreateElement("tabs"); - foreach (cms.businesslogic.ContentType.TabI t in new cms.businesslogic.ContentType(ContentTypeId).getVirtualTabs.ToList()) + var xmlDoc = new XmlDocument(); + var tabs = xmlDoc.CreateElement("tabs"); + foreach (var t in new cms.businesslogic.ContentType(ContentTypeId).getVirtualTabs.ToList()) { - XmlElement mXml = xmlDoc.CreateElement("tab"); - mXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "id", t.Id.ToString())); - mXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "caption", t.Caption)); + var mXml = xmlDoc.CreateElement("tab"); + mXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "id", t.Id.ToString())); + mXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "caption", t.Caption)); tabs.AppendChild(mXml); } return tabs; - } - else - return null; - } - - - - #region Component Designer generated code - - //Required by the Web Services Designer - private IContainer components = null; - - /// - /// Required method for Designer support - do not modify - /// the contents of this method with the code editor. - /// - private void InitializeComponent() - { - } - - /// - /// Clean up any resources being used. - /// - protected override void Dispose( bool disposing ) - { - if(disposing && components != null) - { - components.Dispose(); } - base.Dispose(disposing); - } - - #endregion + return null; + } } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TagsAutoCompleteHandler.ashx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TagsAutoCompleteHandler.ashx.cs index 161dd1f898..b69f0acaa3 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TagsAutoCompleteHandler.ashx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TagsAutoCompleteHandler.ashx.cs @@ -10,9 +10,7 @@ using umbraco.presentation.webservices; namespace umbraco.presentation.umbraco.webservices { - /// - /// Summary description for $codebehindclassname$ - /// + [WebService(Namespace = "http://tempuri.org/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] public class TagsAutoCompleteHandler : IHttpHandler diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeClientService.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeClientService.asmx.cs index 354a9d5bab..879c277a8d 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeClientService.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeClientService.asmx.cs @@ -31,7 +31,7 @@ namespace umbraco.presentation.webservices { Authorize(); - TreeControl treeCtl = new TreeControl() + var treeCtl = new TreeControl() { ShowContextMenu = showContextMenu, IsDialog = isDialog, @@ -43,7 +43,7 @@ namespace umbraco.presentation.webservices FunctionToCall = string.IsNullOrEmpty(functionToCall) ? "" : functionToCall }; - Dictionary returnVal = new Dictionary(); + var returnVal = new Dictionary(); if (string.IsNullOrEmpty(treeType)) { @@ -65,7 +65,7 @@ namespace umbraco.presentation.webservices //tree.StartNodeID = //now render it's start node - XmlTree xTree = new XmlTree(); + var xTree = new XmlTree(); xTree.Add(tree.RootNode); returnVal.Add("json", xTree.ToString()); } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeDataService.ashx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeDataService.ashx.cs index 9809fe682f..89609703aa 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeDataService.ashx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeDataService.ashx.cs @@ -65,7 +65,7 @@ namespace umbraco.presentation.webservices /// If the application supports multiple trees, then this function iterates over all of the trees assigned to it /// and creates their top level nodes and context menus. /// - /// + /// private void LoadAppTrees(TreeRequestParams treeParams) { //find all tree definitions that have the current application alias @@ -82,8 +82,7 @@ namespace umbraco.presentation.webservices /// /// This will load the particular ITree object and call it's render method to get the nodes that need to be rendered. /// - /// - /// + /// private void LoadTree(TreeRequestParams treeParams) { diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/ajaxHelpers.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/ajaxHelpers.cs index 74c37891c1..68c140945b 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/ajaxHelpers.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/ajaxHelpers.cs @@ -7,13 +7,16 @@ using System.Web.UI; using System.Web.UI.WebControls; using System.Web.UI.WebControls.WebParts; using System.Web.UI.HtmlControls; -using umbraco.IO; +using Umbraco.Core.IO; -namespace umbraco.presentation.webservices { - public class ajaxHelpers { - public static void EnsureLegacyCalls(System.Web.UI.Page page) { - ScriptManager sm = ScriptManager.GetCurrent(page); - ServiceReference legacyPath = new ServiceReference(SystemDirectories.Webservices + "/legacyAjaxCalls.asmx"); +namespace umbraco.presentation.webservices +{ + public class ajaxHelpers + { + public static void EnsureLegacyCalls(Page page) + { + var sm = ScriptManager.GetCurrent(page); + var legacyPath = new ServiceReference(SystemDirectories.WebServices + "/legacyAjaxCalls.asmx"); if (!sm.Services.Contains(legacyPath)) sm.Services.Add(legacyPath); diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs index 49ec839d0e..2cf993329c 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/codeEditorSave.asmx.cs @@ -38,7 +38,7 @@ namespace umbraco.presentation.webservices [WebMethod] public string SaveCss(string fileName, string oldName, string fileContents, int fileID) { - if (ValidateUserApp(DefaultApps.settings.ToString())) + if (AuthorizeRequest(DefaultApps.settings.ToString())) { string returnValue; var stylesheet = new StyleSheet(fileID) @@ -75,7 +75,7 @@ namespace umbraco.presentation.webservices [WebMethod] public string SaveXslt(string fileName, string oldName, string fileContents, bool ignoreDebugging) { - if (ValidateUserApp(DefaultApps.developer.ToString())) + if (AuthorizeRequest(DefaultApps.developer.ToString())) { // validate file @@ -234,7 +234,7 @@ namespace umbraco.presentation.webservices [WebMethod] public string SaveDLRScript(string fileName, string oldName, string fileContents, bool ignoreDebugging) { - if (ValidateUserApp(DefaultApps.developer.ToString())) + if (AuthorizeRequest(DefaultApps.developer.ToString())) { if (string.IsNullOrEmpty(fileName)) throw new ArgumentNullException("fileName"); @@ -330,7 +330,7 @@ namespace umbraco.presentation.webservices [WebMethod] public string SaveScript(string filename, string oldName, string contents) { - if (ValidateUserApp(DefaultApps.settings.ToString())) + if (AuthorizeRequest(DefaultApps.settings.ToString())) { // validate file @@ -392,7 +392,7 @@ namespace umbraco.presentation.webservices [WebMethod] public string SaveTemplate(string templateName, string templateAlias, string templateContents, int templateID, int masterTemplateID) { - if (ValidateUserApp(DefaultApps.settings.ToString())) + if (AuthorizeRequest(DefaultApps.settings.ToString())) { var _template = new Template(templateID); string retVal = "false"; diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs index f9e9127325..6a4f73d4b2 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs @@ -2,6 +2,7 @@ using System; using System.Data; using System.Web; using System.Collections; +using System.Web.Security; using System.Web.Services; using System.Web.Services.Protocols; using System.ComponentModel; @@ -16,6 +17,8 @@ using System.Text.RegularExpressions; using System.Diagnostics; using System.Net; using System.Web.UI; +using Umbraco.Web.WebServices; +using umbraco.BusinessLogic; using umbraco.businesslogic.Exceptions; using umbraco.IO; using umbraco.cms.businesslogic.web; @@ -32,18 +35,16 @@ namespace umbraco.presentation.webservices [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [ToolboxItem(false)] [ScriptService] - public class legacyAjaxCalls : System.Web.Services.WebService + public class legacyAjaxCalls : UmbracoAuthorizedWebService { [WebMethod] public bool ValidateUser(string username, string password) { - if (System.Web.Security.Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].ValidateUser( - username, password)) + if (ValidateCredentials(username, password)) { - BusinessLogic.User u = new BusinessLogic.User(username); + var u = new BusinessLogic.User(username); BasePage.doLogin(u); - return true; } else @@ -64,7 +65,7 @@ namespace umbraco.presentation.webservices public void Delete(string nodeId, string alias, string nodeType) { - Authorize(); + AuthorizeRequest(true); //check which parameters to pass depending on the types passed in int intNodeID; @@ -83,7 +84,7 @@ namespace umbraco.presentation.webservices [ScriptMethod] public void DeleteContentPermanently(string nodeId, string nodeType) { - Authorize(); + AuthorizeRequest( true); int intNodeID; if (int.TryParse(nodeId, out intNodeID)) @@ -113,8 +114,7 @@ namespace umbraco.presentation.webservices [ScriptMethod] public void DisableUser(int userId) { - - Authorize(); + AuthorizeRequest(DefaultApps.users.ToString(), true); BusinessLogic.User.GetUser(userId).disable(); } @@ -124,7 +124,7 @@ namespace umbraco.presentation.webservices public string GetNodeName(int nodeId) { - Authorize(); + AuthorizeRequest(true); return new cms.businesslogic.CMSNode(nodeId).Text; } @@ -134,7 +134,7 @@ namespace umbraco.presentation.webservices public string[] GetNodeBreadcrumbs(int nodeId) { - Authorize(); + AuthorizeRequest(true); var node = new cms.businesslogic.CMSNode(nodeId); var crumbs = new System.Collections.Generic.List() { node.Text }; @@ -152,7 +152,7 @@ namespace umbraco.presentation.webservices public string NiceUrl(int nodeId) { - Authorize(); + AuthorizeRequest(true); return library.NiceUrl(nodeId); } @@ -168,7 +168,7 @@ namespace umbraco.presentation.webservices [ScriptMethod] public void RenewUmbracoSession() { - Authorize(); + AuthorizeRequest(true); BasePage.RenewLoginTimeout(); @@ -178,7 +178,9 @@ namespace umbraco.presentation.webservices [ScriptMethod] public int GetSecondsBeforeUserLogout() { - Authorize(); + //TODO: Change this to not throw an exception otherwise we end up with JS errors all the time when recompiling!! + + AuthorizeRequest(true); long timeout = BasePage.GetTimeout(true); DateTime timeoutDate = new DateTime(timeout); DateTime currentDate = DateTime.Now; @@ -191,7 +193,7 @@ namespace umbraco.presentation.webservices [ScriptMethod] public string TemplateMasterPageContentContainer(int templateId, int masterTemplateId) { - Authorize(); + AuthorizeRequest(DefaultApps.settings.ToString(), true); return new cms.businesslogic.template.Template(templateId).GetMasterContentElement(masterTemplateId); } @@ -199,20 +201,22 @@ namespace umbraco.presentation.webservices [ScriptMethod] public string SaveFile(string fileName, string fileAlias, string fileContents, string fileType, int fileID, int masterID, bool ignoreDebug) { - - Authorize(); - switch (fileType) { case "xslt": + AuthorizeRequest(DefaultApps.developer.ToString(), true); return saveXslt(fileName, fileContents, ignoreDebug); case "python": + AuthorizeRequest(DefaultApps.developer.ToString(), true); return "true"; case "css": + AuthorizeRequest(DefaultApps.settings.ToString(), true); return saveCss(fileName, fileContents, fileID); case "script": + AuthorizeRequest(DefaultApps.settings.ToString(), true); return saveScript(fileName, fileContents); case "template": + AuthorizeRequest(DefaultApps.settings.ToString(), true); return saveTemplate(fileName, fileAlias, fileContents, fileID, masterID); default: throw new ArgumentException(String.Format("Invalid fileType passed: '{0}'", fileType)); @@ -223,7 +227,7 @@ namespace umbraco.presentation.webservices public string Tidy(string textToTidy) { - Authorize(); + AuthorizeRequest(true); return library.Tidy(helper.Request("StringToTidy"), true); } @@ -452,10 +456,9 @@ namespace umbraco.presentation.webservices return retVal; } - + [Obsolete("You should use the AuthorizeRequest methods on the base class of UmbracoAuthorizedWebService and ensure you inherit from that class for umbraco asmx web services")] public static void Authorize() { - // check for secure connection if (GlobalSettings.UseSSL && !HttpContext.Current.Request.IsSecureConnection) throw new UserAuthorizationException("This installation requires a secure connection (via SSL). Please update the URL to include https://"); diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/progressStatus.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/progressStatus.asmx.cs index 124b7fe3c5..31d5e247e5 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/progressStatus.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/progressStatus.asmx.cs @@ -14,39 +14,7 @@ namespace presentation.umbraco.webservices [WebService(Namespace="http://umbraco.org/webservices/")] public class progressStatus : System.Web.Services.WebService { - public progressStatus() - { - //CODEGEN: This call is required by the ASP.NET Web Services Designer - InitializeComponent(); - } - - #region Component Designer generated code - //Required by the Web Services Designer - private IContainer components = null; - - /// - /// Required method for Designer support - do not modify - /// the contents of this method with the code editor. - /// - private void InitializeComponent() - { - } - - /// - /// Clean up any resources being used. - /// - protected override void Dispose( bool disposing ) - { - if(disposing && components != null) - { - components.Dispose(); - } - base.Dispose(disposing); - } - - #endregion - [WebMethod] public int GetStatus(string key) { diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/publication.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/publication.asmx.cs index 56fbdf7ae0..143a2dcb4c 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/publication.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/publication.asmx.cs @@ -13,12 +13,7 @@ namespace umbraco.webservices [ScriptService] public class publication : WebService { - public publication() - { - //CODEGEN: This call is required by the ASP.NET Web Services Designer - InitializeComponent(); - } - + [WebMethod] [ScriptMethod] public int GetPublicationStatus(string key) @@ -78,32 +73,5 @@ namespace umbraco.webservices content.Instance.PersistXmlToFile(); } - #region Component Designer generated code - - //Required by the Web Services Designer - private IContainer components = null; - - /// - /// Required method for Designer support - do not modify - /// the contents of this method with the code editor. - /// - private void InitializeComponent() - { - } - - /// - /// Clean up any resources being used. - /// - protected override void Dispose( bool disposing ) - { - if(disposing && components != null) - { - components.Dispose(); - } - base.Dispose(disposing); - } - - #endregion - } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/templates.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/templates.asmx.cs index 691e4ad7e7..8417fdcb38 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/templates.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/templates.asmx.cs @@ -7,6 +7,8 @@ using System.Web; using System.Web.Services; using System.Xml; using System.Web.Script.Services; +using Umbraco.Core; +using Umbraco.Core.IO; using umbraco.presentation.webservices; namespace umbraco.webservices @@ -16,111 +18,82 @@ namespace umbraco.webservices /// [WebService(Namespace="http://umbraco.org/webservices/")] [ScriptService] - public class templates : System.Web.Services.WebService + public class templates : WebService { - public templates() - { - //CODEGEN: This call is required by the ASP.NET Web Services Designer - InitializeComponent(); - } - + [WebMethod] - public XmlNode GetTemplates(string Login, string Password) + public XmlNode GetTemplates(string Login, string Password) { - if (BusinessLogic.User.validateCredentials(Login, Password)) + if (BusinessLogic.User.validateCredentials(Login, Password)) { - XmlDocument xmlDoc = new XmlDocument(); + var xmlDoc = new XmlDocument(); xmlDoc.LoadXml(""); foreach (cms.businesslogic.template.Template t in cms.businesslogic.template.Template.GetAllAsList()) { - XmlElement tt = xmlDoc.CreateElement("template"); - tt.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "id", t.Id.ToString())); - tt.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "name", t.Text)); + var tt = xmlDoc.CreateElement("template"); + tt.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "id", t.Id.ToString())); + tt.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "name", t.Text)); xmlDoc.DocumentElement.AppendChild(tt); } return xmlDoc.DocumentElement; - } else - return null; + } + return null; } - [WebMethod] - public XmlNode GetTemplate(int Id, string Login, string Password) + [WebMethod] + public XmlNode GetTemplate(int Id, string Login, string Password) { - if (BusinessLogic.User.validateCredentials(Login, Password)) + if (BusinessLogic.User.validateCredentials(Login, Password)) { - cms.businesslogic.template.Template t = new cms.businesslogic.template.Template(Id); - XmlDocument xmlDoc = new XmlDocument(); - XmlElement tXml = xmlDoc.CreateElement("template"); - tXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "id", t.Id.ToString())); - tXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "master", t.MasterTemplate.ToString())); - tXml.Attributes.Append(xmlHelper.addAttribute(xmlDoc, "name", t.Text)); - tXml.AppendChild(xmlHelper.addCDataNode(xmlDoc, "design", t.Design)); + var t = new cms.businesslogic.template.Template(Id); + var xmlDoc = new XmlDocument(); + var tXml = xmlDoc.CreateElement("template"); + tXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "id", t.Id.ToString())); + tXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "master", t.MasterTemplate.ToString())); + tXml.Attributes.Append(XmlHelper.AddAttribute(xmlDoc, "name", t.Text)); + tXml.AppendChild(XmlHelper.AddCDataNode(xmlDoc, "design", t.Design)); return tXml; - } else - return null; - + } + return null; } - [WebMethod] - public bool UpdateTemplate(int Id, int Master, string Design, string Login, string Password) + [WebMethod] + public bool UpdateTemplate(int Id, int Master, string Design, string Login, string Password) { - if (BusinessLogic.User.validateCredentials(Login, Password)) + if (BusinessLogic.User.validateCredentials(Login, Password)) { - cms.businesslogic.template.Template t = new cms.businesslogic.template.Template(Id); - if (t != null) - { - t.MasterTemplate = Master; - t.Design = Design; - return true; - } - else - return false; - } else - return false; + try + { + var t = new cms.businesslogic.template.Template(Id) + { + MasterTemplate = Master, + Design = Design + }; + //ensure events are raised + t.Save(); + return true; + } + catch (ArgumentException) + { + return false; + } + } + return false; } - [WebMethod] + [WebMethod] [ScriptMethod] public string GetCodeSnippet(object templateId) { legacyAjaxCalls.Authorize(); - - - string content = string.Empty; - - System.IO.StreamReader templateFile = - System.IO.File.OpenText(umbraco.IO.IOHelper.MapPath(IO.SystemDirectories.Umbraco + "/scripting/templates/cshtml/" + templateId.ToString())); - content = templateFile.ReadToEnd(); + + var templateFile = + System.IO.File.OpenText(IOHelper.MapPath(SystemDirectories.Umbraco + "/scripting/templates/cshtml/" + templateId)); + var content = templateFile.ReadToEnd(); templateFile.Close(); return content; } - #region Component Designer generated code - //Required by the Web Services Designer - private IContainer components = null; - - /// - /// Required method for Designer support - do not modify - /// the contents of this method with the code editor. - /// - private void InitializeComponent() - { - } - - /// - /// Clean up any resources being used. - /// - protected override void Dispose( bool disposing ) - { - if(disposing && components != null) - { - components.Dispose(); - } - base.Dispose(disposing); - } - - #endregion - } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/trashcan.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/trashcan.asmx.cs index e7a39a9ead..884b3c6ef7 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/trashcan.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/trashcan.asmx.cs @@ -40,19 +40,18 @@ namespace umbraco.presentation.webservices { if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID)) { - if (Application["trashcanEmptyLeft"] != null) - return Application["trashcanEmptyLeft"].ToString(); - else - return ""; + return Application["trashcanEmptyLeft"] != null + ? Application["trashcanEmptyLeft"].ToString() + : ""; } return "-"; } - private void emptyTrashCanDo(cms.businesslogic.RecycleBin.RecycleBinType type) + private void emptyTrashCanDo(RecycleBin.RecycleBinType type) { - RecycleBin trashCan = new RecycleBin(type); + var trashCan = new RecycleBin(type); var callback = new Action(x => { diff --git a/src/umbraco.businesslogic/BasePages/BasePage.cs b/src/umbraco.businesslogic/BasePages/BasePage.cs index 2118dd4cc6..5ff368e264 100644 --- a/src/umbraco.businesslogic/BasePages/BasePage.cs +++ b/src/umbraco.businesslogic/BasePages/BasePage.cs @@ -7,7 +7,7 @@ using Umbraco.Core.IO; using Umbraco.Core.Logging; using umbraco.BusinessLogic; using umbraco.DataLayer; -using System.Web.UI; +using Umbraco.Core; namespace umbraco.BasePages { @@ -176,17 +176,18 @@ namespace umbraco.BasePages /// public static bool ValidateUserContextID(string currentUmbracoUserContextID) { - if ((currentUmbracoUserContextID != "")) + if (!currentUmbracoUserContextID.IsNullOrWhiteSpace()) { - int uid = GetUserId(currentUmbracoUserContextID); - long timeout = GetTimeout(currentUmbracoUserContextID); + var uid = GetUserId(currentUmbracoUserContextID); + var timeout = GetTimeout(currentUmbracoUserContextID); if (timeout > DateTime.Now.Ticks) { return true; } - BusinessLogic.Log.Add(BusinessLogic.LogTypes.Logout, BusinessLogic.User.GetUser(uid), -1, ""); + //TODO: We don't actually log anyone out here, not sure why we're logging ?? + Log.Add(LogTypes.Logout, BusinessLogic.User.GetUser(uid), -1, ""); } return false; } From fb34c4716a9b11b3f4db19093e85f8e432b91360 Mon Sep 17 00:00:00 2001 From: Shannon Deminick Date: Tue, 9 Apr 2013 06:18:15 +0600 Subject: [PATCH 09/18] Works on #U4-2078 --- .../UmbracoAuthorizedWebService.cs | 28 ++++++++++++++++++- .../umbraco/webservices/Developer.asmx.cs | 7 +++-- .../webservices/legacyAjaxCalls.asmx.cs | 2 +- 3 files changed, 33 insertions(+), 4 deletions(-) diff --git a/src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs b/src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs index 6740782d50..497ad77a6e 100644 --- a/src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs +++ b/src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs @@ -69,12 +69,38 @@ namespace Umbraco.Web.WebServices { return true; } - var hasAccess = UmbracoUser.Applications.Any(uApp => uApp.alias == app); + var hasAccess = UserHasAppAccess(app, UmbracoUser); if (!hasAccess && throwExceptions) throw new UserAuthorizationException("The user does not have access to the required application"); return hasAccess; } + /// + /// Checks if the specified user as access to the app + /// + /// + /// + /// + protected bool UserHasAppAccess(string app, User user) + { + return user.Applications.Any(uApp => uApp.alias == app); + } + + /// + /// Checks if the specified user by username as access to the app + /// + /// + /// + /// + protected bool UserHasAppAccess(string app, string username) + { + var uid = global::umbraco.BusinessLogic.User.getUserId(username); + if (uid < 0) return false; + var usr = global::umbraco.BusinessLogic.User.GetUser(uid); + if (usr == null) return false; + return UserHasAppAccess(app, usr); + } + /// /// Returns true if there is a valid logged in user and that ssl is enabled if required /// diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Developer.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Developer.asmx.cs index aaa6ece5e4..c752d25ae7 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Developer.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Developer.asmx.cs @@ -2,6 +2,7 @@ using System.Web.Services; using System.Xml; using Umbraco.Core; using Umbraco.Web.WebServices; +using umbraco.BusinessLogic; using umbraco.presentation.webservices; namespace umbraco.webservices @@ -26,7 +27,8 @@ namespace umbraco.webservices [WebMethod] public XmlNode GetMacros(string Login, string Password) { - if (ValidateCredentials(Login, Password)) + if (ValidateCredentials(Login, Password) + && UserHasAppAccess(DefaultApps.developer.ToString(), Login)) { var xmlDoc = new XmlDocument(); var macros = xmlDoc.CreateElement("macros"); @@ -46,7 +48,8 @@ namespace umbraco.webservices [WebMethod] public XmlNode GetMacro(int Id, string Login, string Password) { - if (ValidateCredentials(Login, Password)) + if (ValidateCredentials(Login, Password) + && UserHasAppAccess(DefaultApps.developer.ToString(), Login)) { var xmlDoc = new XmlDocument(); var macro = xmlDoc.CreateElement("macro"); diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs index 6a4f73d4b2..3640c1020a 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs @@ -84,7 +84,7 @@ namespace umbraco.presentation.webservices [ScriptMethod] public void DeleteContentPermanently(string nodeId, string nodeType) { - AuthorizeRequest( true); + AuthorizeRequest(DefaultApps.content.ToString(), true); int intNodeID; if (int.TryParse(nodeId, out intNodeID)) From 8e8ec41dae710c8f142380f0f109b074afb4da0a Mon Sep 17 00:00:00 2001 From: Shannon Deminick Date: Tue, 9 Apr 2013 06:25:47 +0600 Subject: [PATCH 10/18] Works on #U4-2078 --- .../webservices/MacroContainerService.asmx.cs | 9 +- .../umbraco/webservices/nodeSorter.asmx.cs | 116 ++++++++---------- 2 files changed, 57 insertions(+), 68 deletions(-) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MacroContainerService.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MacroContainerService.asmx.cs index 76cb25d994..207995fbd6 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MacroContainerService.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/MacroContainerService.asmx.cs @@ -4,6 +4,7 @@ using System.Linq; using System.Web; using System.Web.Services; using System.Web.Script.Services; +using Umbraco.Web.WebServices; namespace umbraco.presentation.webservices { @@ -14,15 +15,17 @@ namespace umbraco.presentation.webservices [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [System.ComponentModel.ToolboxItem(false)] [ScriptService] - public class MacroContainerService : System.Web.Services.WebService + public class MacroContainerService : UmbracoAuthorizedWebService { [WebMethod(EnableSession = true)] [ScriptMethod] public void SetSortOrder(string id, string sortorder) { - HttpContext.Current.Session[id + "sortorder"] = sortorder; - + if (AuthorizeRequest()) + { + HttpContext.Current.Session[id + "sortorder"] = sortorder; + } } } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/nodeSorter.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/nodeSorter.asmx.cs index 1e7a26052a..e59faad863 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/nodeSorter.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/nodeSorter.asmx.cs @@ -3,7 +3,11 @@ using System.Collections; using System.ComponentModel; using System.Web.Script.Services; using System.Web.Services; +using System.Xml; +using Umbraco.Core.Logging; +using Umbraco.Web.WebServices; using umbraco.BasePages; +using umbraco.BusinessLogic; using umbraco.BusinessLogic.Actions; using umbraco.cms.businesslogic.web; @@ -16,7 +20,7 @@ namespace umbraco.presentation.webservices [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [ToolboxItem(false)] [ScriptService] - public class nodeSorter : WebService + public class nodeSorter : UmbracoAuthorizedWebService { [WebMethod] public SortNode GetNodes(int ParentId, string App) @@ -76,81 +80,63 @@ namespace umbraco.presentation.webservices try { - if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID)) + if (!AuthorizeRequest()) return; + if (SortOrder.Trim().Length <= 0) return; + + var tmp = SortOrder.Split(','); + + var isContent = helper.Request("app") == "content" | helper.Request("app") == ""; + var isMedia = helper.Request("app") == "media"; + + //ensure user is authorized for the app requested + if (isContent && !AuthorizeRequest(DefaultApps.content.ToString())) return; + if (isMedia && !AuthorizeRequest(DefaultApps.media.ToString())) return; + + for (var i = 0; i < tmp.Length; i++) { + if (tmp[i] == "" || tmp[i].Trim() == "") continue; + + new cms.businesslogic.CMSNode(int.Parse(tmp[i])).sortOrder = i; - if (SortOrder.Trim().Length > 0) + if (isContent) { - string[] tmp = SortOrder.Split(','); - - bool isContent = false; - if (helper.Request("app") == "content" | helper.Request("app") == "") - isContent = true; - - //CHANGE:Allan Stegelmann Laustsen, we need to know if the node is in media. - bool isMedia = false; - if (helper.Request("app") == "media") + var d = new Document(int.Parse(tmp[i])); + // refresh the xml for the sorting to work + if (d.Published) { - isMedia = true; + d.refreshXmlSortOrder(); + library.UpdateDocumentCache(int.Parse(tmp[i])); } - //CHANGE:End - - for (int i = 0; i < tmp.Length; i++) - { - if (tmp[i] != "" && tmp[i].Trim() != "") - { - new cms.businesslogic.CMSNode(int.Parse(tmp[i])).sortOrder = i; - - if (isContent) - { - Document d = new Document(int.Parse(tmp[i])); - // refresh the xml for the sorting to work - if (d.Published) - { - d.refreshXmlSortOrder(); - library.UpdateDocumentCache(int.Parse(tmp[i])); - } - } - //CHANGE:Allan Laustsen, to update the sortorder of the media node in the XML, re-save the node.... - else if (isMedia) - { - new cms.businesslogic.media.Media(int.Parse(tmp[i])).Save(); - } - //CHANGE:End - } - } - - // Refresh sort order on cached xml - if (isContent) - { - System.Xml.XmlNode parentNode; - - if (ParentId == -1) - parentNode = content.Instance.XmlContent.DocumentElement; - else - parentNode = content.Instance.XmlContent.GetElementById(ParentId.ToString()); - - //only try to do the content sort if the the parent node is available... - if (parentNode != null) - content.SortNodes(ref parentNode); - - - // Load balancing - then refresh entire cache - if (UmbracoSettings.UseDistributedCalls) - library.RefreshContent(); - } - - - // fire actionhandler, check for content - if ((helper.Request("app") == "content" | helper.Request("app") == "") && ParentId > 0) - global::umbraco.BusinessLogic.Actions.Action.RunActionHandlers(new Document(ParentId), ActionSort.Instance); + } + else if (isMedia) + { + new cms.businesslogic.media.Media(int.Parse(tmp[i])).Save(); } } + // Refresh sort order on cached xml + if (isContent) + { + XmlNode parentNode = ParentId == -1 + ? content.Instance.XmlContent.DocumentElement + : content.Instance.XmlContent.GetElementById(ParentId.ToString()); + + //only try to do the content sort if the the parent node is available... + if (parentNode != null) + content.SortNodes(ref parentNode); + + // Load balancing - then refresh entire cache + if (UmbracoSettings.UseDistributedCalls) + library.RefreshContent(); + } + + // fire actionhandler, check for content + if ((helper.Request("app") == "content" | helper.Request("app") == "") && ParentId > 0) + BusinessLogic.Actions.Action.RunActionHandlers(new Document(ParentId), ActionSort.Instance); } catch (Exception ex) { - BusinessLogic.Log.Add(global::umbraco.BusinessLogic.LogTypes.Debug, ParentId, ex.ToString()); + LogHelper.Error("Could not update sort order", ex); } } From e25ee246fb8e89dcef69dca89d2835818f4b97ef Mon Sep 17 00:00:00 2001 From: Shannon Deminick Date: Tue, 9 Apr 2013 06:31:26 +0600 Subject: [PATCH 11/18] Works on #U4-2078 --- .../umbraco/webservices/Settings.asmx.cs | 8 +++++--- .../webservices/progressStatus.asmx.cs | 7 +++++-- .../umbraco/webservices/publication.asmx.cs | 19 ++++++++++++++----- .../umbraco/webservices/templates.asmx.cs | 15 +++++++++------ 4 files changed, 33 insertions(+), 16 deletions(-) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Settings.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Settings.asmx.cs index 79b1a57920..d33e9b842e 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Settings.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Settings.asmx.cs @@ -8,17 +8,19 @@ using System.Web.Services; using System.Linq; using System.Xml; using Umbraco.Core; +using Umbraco.Web.WebServices; +using umbraco.BusinessLogic; namespace umbraco.webservices { - - public class Settings : WebService + + public class Settings : UmbracoAuthorizedWebService { [WebMethod] public XmlNode GetTabs(string ContextID, int ContentTypeId) { - if (BasePages.BasePage.ValidateUserContextID(ContextID)) + if (!AuthorizeRequest(DefaultApps.settings.ToString())) { var xmlDoc = new XmlDocument(); var tabs = xmlDoc.CreateElement("tabs"); diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/progressStatus.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/progressStatus.asmx.cs index 31d5e247e5..c70b5df17e 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/progressStatus.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/progressStatus.asmx.cs @@ -5,6 +5,7 @@ using System.Data; using System.Diagnostics; using System.Web; using System.Web.Services; +using Umbraco.Web.WebServices; namespace presentation.umbraco.webservices { @@ -12,12 +13,14 @@ namespace presentation.umbraco.webservices /// Summary description for progressStatus. /// [WebService(Namespace="http://umbraco.org/webservices/")] - public class progressStatus : System.Web.Services.WebService + public class progressStatus : UmbracoAuthorizedWebService { [WebMethod] - public int GetStatus(string key) + public int GetStatus(string key) { + if (!AuthorizeRequest()) return 0; + try { return int.Parse(Application[key].ToString()); diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/publication.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/publication.asmx.cs index 143a2dcb4c..16e2dcd8da 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/publication.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/publication.asmx.cs @@ -2,6 +2,8 @@ using System; using System.ComponentModel; using System.Web.Services; using System.Web.Script.Services; +using Umbraco.Web.WebServices; +using umbraco.BusinessLogic; using umbraco.presentation.webservices; namespace umbraco.webservices @@ -11,14 +13,15 @@ namespace umbraco.webservices /// [WebService(Namespace="http://umbraco.org/webservices/")] [ScriptService] - public class publication : WebService + public class publication : UmbracoAuthorizedWebService { [WebMethod] [ScriptMethod] - public int GetPublicationStatus(string key) + public int GetPublicationStatus(string key) { - legacyAjaxCalls.Authorize(); + if (!AuthorizeRequest(DefaultApps.content.ToString())) + return 0; try { @@ -34,7 +37,8 @@ namespace umbraco.webservices [ScriptMethod] public int GetPublicationStatusMax(string key) { - legacyAjaxCalls.Authorize(); + if (!AuthorizeRequest(DefaultApps.content.ToString())) + return 0; try { @@ -50,6 +54,9 @@ namespace umbraco.webservices [ScriptMethod] public int GetPublicationStatusMaxAll(string key) { + if (!AuthorizeRequest(DefaultApps.content.ToString())) + return 0; + try { return int.Parse(Application["publishTotalAll" + key].ToString()); @@ -60,6 +67,7 @@ namespace umbraco.webservices } } + [Obsolete("This doesn't do anything and will be removed in future versions")] [WebMethod] public void HandleReleaseAndExpireDates(Guid PublishingServiceKey) { @@ -68,7 +76,8 @@ namespace umbraco.webservices [WebMethod] public void SaveXmlCacheToDisk() { - legacyAjaxCalls.Authorize(); + if (!AuthorizeRequest(DefaultApps.content.ToString())) + return; content.Instance.PersistXmlToFile(); } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/templates.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/templates.asmx.cs index 8417fdcb38..93dc363f7d 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/templates.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/templates.asmx.cs @@ -9,6 +9,8 @@ using System.Xml; using System.Web.Script.Services; using Umbraco.Core; using Umbraco.Core.IO; +using Umbraco.Web.WebServices; +using umbraco.BusinessLogic; using umbraco.presentation.webservices; namespace umbraco.webservices @@ -18,13 +20,13 @@ namespace umbraco.webservices /// [WebService(Namespace="http://umbraco.org/webservices/")] [ScriptService] - public class templates : WebService + public class templates : UmbracoAuthorizedWebService { [WebMethod] public XmlNode GetTemplates(string Login, string Password) { - if (BusinessLogic.User.validateCredentials(Login, Password)) + if (ValidateCredentials(Login, Password) && UserHasAppAccess(DefaultApps.settings.ToString(), Login)) { var xmlDoc = new XmlDocument(); xmlDoc.LoadXml(""); @@ -43,7 +45,7 @@ namespace umbraco.webservices [WebMethod] public XmlNode GetTemplate(int Id, string Login, string Password) { - if (BusinessLogic.User.validateCredentials(Login, Password)) + if (ValidateCredentials(Login, Password) && UserHasAppAccess(DefaultApps.settings.ToString(), Login)) { var t = new cms.businesslogic.template.Template(Id); var xmlDoc = new XmlDocument(); @@ -60,7 +62,7 @@ namespace umbraco.webservices [WebMethod] public bool UpdateTemplate(int Id, int Master, string Design, string Login, string Password) { - if (BusinessLogic.User.validateCredentials(Login, Password)) + if (ValidateCredentials(Login, Password) && UserHasAppAccess(DefaultApps.settings.ToString(), Login)) { try { @@ -84,8 +86,9 @@ namespace umbraco.webservices [WebMethod] [ScriptMethod] public string GetCodeSnippet(object templateId) - { - legacyAjaxCalls.Authorize(); + { + //NOTE: The legacy code threw an exception so will continue to do that. + AuthorizeRequest(DefaultApps.settings.ToString(), true); var templateFile = System.IO.File.OpenText(IOHelper.MapPath(SystemDirectories.Umbraco + "/scripting/templates/cshtml/" + templateId)); From b928170103d94179ebd96bd74d85ebde522fc4b7 Mon Sep 17 00:00:00 2001 From: Shannon Deminick Date: Tue, 9 Apr 2013 06:40:02 +0600 Subject: [PATCH 12/18] Works on #U4-2078 --- .../webservices/TreeClientService.asmx.cs | 9 ++++--- .../umbraco/webservices/trashcan.asmx.cs | 26 ++++++++++++++----- 2 files changed, 25 insertions(+), 10 deletions(-) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeClientService.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeClientService.asmx.cs index 879c277a8d..7b17c2303e 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeClientService.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeClientService.asmx.cs @@ -2,6 +2,7 @@ using System.Collections.Generic; using System.Web; using System.Web.Services; +using Umbraco.Web.WebServices; using umbraco.presentation.umbraco.controls; using umbraco.cms.presentation.Trees; using System.Web.Script.Services; @@ -18,7 +19,7 @@ namespace umbraco.presentation.webservices /// [ScriptService] [WebService] - public class TreeClientService : WebService + public class TreeClientService : UmbracoAuthorizedWebService { /// @@ -29,7 +30,7 @@ namespace umbraco.presentation.webservices [ScriptMethod(ResponseFormat = ResponseFormat.Json)] public Dictionary GetInitAppTreeData(string app, string treeType, bool showContextMenu, bool isDialog, TreeDialogModes dialogMode, string functionToCall, string nodeKey) { - Authorize(); + AuthorizeRequest(app, true); var treeCtl = new TreeControl() { @@ -74,13 +75,13 @@ namespace umbraco.presentation.webservices returnVal.Add("js", treeCtl.JSCurrApp); return returnVal; - } + } + [Obsolete("Use the AuthorizeRequest methods on the base class UmbracoAuthorizedWebService instead")] public static void Authorize() { if (!BasePages.BasePage.ValidateUserContextID(BasePages.BasePage.umbracoUserContextID)) throw new Exception("Client authorization failed. User is not logged in"); - } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/trashcan.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/trashcan.asmx.cs index 884b3c6ef7..6bb42078b0 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/trashcan.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/trashcan.asmx.cs @@ -7,7 +7,9 @@ using System.Web.Script.Services; using System.Web.Services; using System.Web.Services.Protocols; using System.ComponentModel; +using Umbraco.Web.WebServices; using umbraco.BasePages; +using umbraco.BusinessLogic; using umbraco.BusinessLogic.console; using umbraco.cms.businesslogic; using umbraco.cms.businesslogic.web; @@ -22,23 +24,35 @@ namespace umbraco.presentation.webservices [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [ToolboxItem(false)] [ScriptService] - public class trashcan : System.Web.Services.WebService + public class trashcan : UmbracoAuthorizedWebService { [WebMethod] - public void EmptyTrashcan(cms.businesslogic.RecycleBin.RecycleBinType type) + public void EmptyTrashcan(RecycleBin.RecycleBinType type) { - if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID)) + //validate against the app type! + switch (type) { - Application["trashcanEmptyLeft"] = RecycleBin.Count(type).ToString(); - emptyTrashCanDo(type); + case RecycleBin.RecycleBinType.Content: + if (!AuthorizeRequest(DefaultApps.content.ToString())) return; + break; + case RecycleBin.RecycleBinType.Media: + if (!AuthorizeRequest(DefaultApps.media.ToString())) return; + break; + default: + throw new ArgumentOutOfRangeException("type"); } + //TODO: This will never work in LB scenarios + Application["trashcanEmptyLeft"] = RecycleBin.Count(type).ToString(); + emptyTrashCanDo(type); } [WebMethod] public string GetTrashStatus() { - if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID)) + //TODO: This will never work in LB scenarios + + if (AuthorizeRequest()) { return Application["trashcanEmptyLeft"] != null ? Application["trashcanEmptyLeft"].ToString() From 25b9ca3b0e1c805a16214dc84d0d4e19ed994ca1 Mon Sep 17 00:00:00 2001 From: Shannon Deminick Date: Tue, 9 Apr 2013 07:01:43 +0600 Subject: [PATCH 13/18] Works on #U4-2078 - adds new base classes for HttpHandlers just like for web services. --- src/Umbraco.Web/Umbraco.Web.csproj | 2 + .../UmbracoAuthorizedHttpHandler.cs | 153 ++++++++++++++++++ .../UmbracoAuthorizedWebService.cs | 5 +- .../WebServices/UmbracoHttpHandler.cs | 74 +++++++++ .../webservices/TreeDataService.ashx.cs | 26 +-- .../UltimatePickerAutoCompleteHandler.ashx.cs | 79 ++++----- 6 files changed, 290 insertions(+), 49 deletions(-) create mode 100644 src/Umbraco.Web/WebServices/UmbracoAuthorizedHttpHandler.cs create mode 100644 src/Umbraco.Web/WebServices/UmbracoHttpHandler.cs diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj index c6c7b482b2..c39de1963a 100644 --- a/src/Umbraco.Web/Umbraco.Web.csproj +++ b/src/Umbraco.Web/Umbraco.Web.csproj @@ -1816,9 +1816,11 @@ Reference.map + Component + Component diff --git a/src/Umbraco.Web/WebServices/UmbracoAuthorizedHttpHandler.cs b/src/Umbraco.Web/WebServices/UmbracoAuthorizedHttpHandler.cs new file mode 100644 index 0000000000..4524f1e47c --- /dev/null +++ b/src/Umbraco.Web/WebServices/UmbracoAuthorizedHttpHandler.cs @@ -0,0 +1,153 @@ +using System; +using System.Linq; +using System.Web; +using System.Web.Security; +using Umbraco.Core; +using umbraco; +using umbraco.BasePages; +using umbraco.BusinessLogic; +using umbraco.businesslogic.Exceptions; + +namespace Umbraco.Web.WebServices +{ + public abstract class UmbracoAuthorizedHttpHandler : UmbracoHttpHandler + { + protected UmbracoAuthorizedHttpHandler() + : base() + { + } + + protected UmbracoAuthorizedHttpHandler(UmbracoContext umbracoContext) + : base(umbracoContext) + { + } + + //IMPORTANT NOTE: !! All of these security bits and pieces have been moved in to one centralized class + // in 6.1 called WebSecurity. All this logic is all here temporarily! + + private User _user; + private readonly InnerPage _page = new InnerPage(); + + /// + /// Checks if the umbraco context id is valid + /// + /// + /// + protected bool ValidateUserContextId(string currentUmbracoUserContextId) + { + return BasePage.ValidateUserContextID(currentUmbracoUserContextId); + } + + /// + /// Checks if the username/password credentials are valid + /// + /// + /// + /// + protected bool ValidateCredentials(string username, string password) + { + return Membership.Providers[UmbracoSettings.DefaultBackofficeProvider].ValidateUser(username, password); + } + + /// + /// Validates the user for access to a certain application + /// + /// The application alias. + /// true if an exception should be thrown if authorization fails + /// + protected bool AuthorizeRequest(string app, bool throwExceptions = false) + { + //ensure we have a valid user first! + if (!AuthorizeRequest(throwExceptions)) return false; + + //if it is empty, don't validate + if (app.IsNullOrWhiteSpace()) + { + return true; + } + var hasAccess = UserHasAppAccess(app, UmbracoUser); + if (!hasAccess && throwExceptions) + throw new UserAuthorizationException("The user does not have access to the required application"); + return hasAccess; + } + + /// + /// Checks if the specified user as access to the app + /// + /// + /// + /// + protected bool UserHasAppAccess(string app, User user) + { + return user.Applications.Any(uApp => uApp.alias == app); + } + + /// + /// Checks if the specified user by username as access to the app + /// + /// + /// + /// + protected bool UserHasAppAccess(string app, string username) + { + var uid = global::umbraco.BusinessLogic.User.getUserId(username); + if (uid < 0) return false; + var usr = global::umbraco.BusinessLogic.User.GetUser(uid); + if (usr == null) return false; + return UserHasAppAccess(app, usr); + } + + /// + /// Returns true if there is a valid logged in user and that ssl is enabled if required + /// + /// true if an exception should be thrown if authorization fails + /// + protected bool AuthorizeRequest(bool throwExceptions = false) + { + // check for secure connection + if (GlobalSettings.UseSSL && !HttpContext.Current.Request.IsSecureConnection) + { + if (throwExceptions) + throw new UserAuthorizationException("This installation requires a secure connection (via SSL). Please update the URL to include https://"); + return false; + } + + try + { + return UmbracoUser != null; + } + catch (ArgumentException) + { + if (throwExceptions) throw; + //an exception will occur if the user is not valid inside of _page.getUser(); + return false; + } + catch (InvalidOperationException) + { + if (throwExceptions) throw; + //an exception will occur if the user is not valid inside of _page.getUser(); + return false; + } + } + + /// + /// Returns the current user + /// + protected User UmbracoUser + { + get + { + return _user ?? (_user = _page.getUser()); + } + } + + /// + /// Used to validate, thie is temporary, in 6.1 we have the WebSecurity class which does all + /// authorization stuff for us. + /// + private class InnerPage : BasePage + { + + } + } +} \ No newline at end of file diff --git a/src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs b/src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs index 497ad77a6e..ac55ebecbc 100644 --- a/src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs +++ b/src/Umbraco.Web/WebServices/UmbracoAuthorizedWebService.cs @@ -9,8 +9,6 @@ using umbraco.BasePages; using umbraco.BusinessLogic; using Umbraco.Core; using umbraco.businesslogic.Exceptions; -using GlobalSettings = umbraco.GlobalSettings; -using UmbracoSettings = umbraco.UmbracoSettings; namespace Umbraco.Web.WebServices { @@ -28,6 +26,9 @@ namespace Umbraco.Web.WebServices : base(umbracoContext) { } + + //IMPORTANT NOTE: !! All of these security bits and pieces have been moved in to one centralized class + // in 6.1 called WebSecurity. All this logic is all here temporarily! private User _user; private readonly InnerPage _page = new InnerPage(); diff --git a/src/Umbraco.Web/WebServices/UmbracoHttpHandler.cs b/src/Umbraco.Web/WebServices/UmbracoHttpHandler.cs new file mode 100644 index 0000000000..28e7619b04 --- /dev/null +++ b/src/Umbraco.Web/WebServices/UmbracoHttpHandler.cs @@ -0,0 +1,74 @@ +using System; +using System.Web; +using System.Web.Mvc; +using System.Web.Routing; +using Umbraco.Core; + +namespace Umbraco.Web.WebServices +{ + public abstract class UmbracoHttpHandler : IHttpHandler + { + public abstract void ProcessRequest(HttpContext context); + public abstract bool IsReusable { get; } + + protected UmbracoHttpHandler() + : this(UmbracoContext.Current) + { + + } + + protected UmbracoHttpHandler(UmbracoContext umbracoContext) + { + if (umbracoContext == null) throw new ArgumentNullException("umbracoContext"); + UmbracoContext = umbracoContext; + Umbraco = new UmbracoHelper(umbracoContext); + } + + /// + /// Returns the current ApplicationContext + /// + public ApplicationContext ApplicationContext + { + get { return UmbracoContext.Application; } + } + + /// + /// Returns the current UmbracoContext + /// + public UmbracoContext UmbracoContext { get; private set; } + + /// + /// Returns an UmbracoHelper object + /// + public UmbracoHelper Umbraco { get; private set; } + + private UrlHelper _url; + + /// + /// Returns a UrlHelper + /// + /// + /// This URL helper is created without any route data and an empty request context + /// + public UrlHelper Url + { + get { return _url ?? (_url = new UrlHelper(new RequestContext(new HttpContextWrapper(HttpContext.Current), new RouteData()))); } + } + + ///// + ///// Returns a ServiceContext + ///// + //public ServiceContext Services + //{ + // get { return ApplicationContext.Services; } + //} + + ///// + ///// Returns a DatabaseContext + ///// + //public DatabaseContext DatabaseContext + //{ + // get { return ApplicationContext.DatabaseContext; } + //} + } +} \ No newline at end of file diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeDataService.ashx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeDataService.ashx.cs index 89609703aa..ebd49d7af4 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeDataService.ashx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/TreeDataService.ashx.cs @@ -2,6 +2,7 @@ using System.Collections.Generic; using System.Web; using System.Web.Services; +using Umbraco.Web.WebServices; using umbraco.cms.presentation.Trees; using System.Threading; @@ -13,19 +14,18 @@ namespace umbraco.presentation.webservices [WebService(Namespace = "http://tempuri.org/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] [System.ComponentModel.ToolboxItem(false)] - public class TreeDataService : IHttpHandler + public class TreeDataService : UmbracoAuthorizedHttpHandler { - public void ProcessRequest(HttpContext context) + public override void ProcessRequest(HttpContext context) { - Authorize(); - //Thread.Sleep(100000); + AuthorizeRequest(true); context.Response.ContentType = "application/json"; context.Response.Write(GetXmlTree().ToString()); } - public bool IsReusable + public override bool IsReusable { get { @@ -33,6 +33,7 @@ namespace umbraco.presentation.webservices } } + [Obsolete("Use the base class AuthorizeRequest methods in UmbracoAuthorizedHttpHandler")] public static void Authorize() { if (!BasePages.BasePage.ValidateUserContextID(BasePages.BasePage.umbracoUserContextID)) @@ -46,7 +47,10 @@ namespace umbraco.presentation.webservices /// public XmlTree GetXmlTree() { - TreeRequestParams treeParams = TreeRequestParams.FromQueryStrings(); + var treeParams = TreeRequestParams.FromQueryStrings(); + + //validate the current user for the request app! + AuthorizeRequest(treeParams.Application, true); if (string.IsNullOrEmpty(treeParams.TreeType)) if (!string.IsNullOrEmpty(treeParams.Application)) @@ -56,10 +60,10 @@ namespace umbraco.presentation.webservices else LoadTree(treeParams); - return xTree; + return _xTree; } - private XmlTree xTree = new XmlTree(); + private XmlTree _xTree = new XmlTree(); /// /// If the application supports multiple trees, then this function iterates over all of the trees assigned to it @@ -75,7 +79,7 @@ namespace umbraco.presentation.webservices { BaseTree bTree = treeDef.CreateInstance(); bTree.SetTreeParameters(treeParams); - xTree.Add(bTree.RootNode); + _xTree.Add(bTree.RootNode); } } @@ -92,7 +96,7 @@ namespace umbraco.presentation.webservices { BaseTree bTree = treeDef.CreateInstance(); bTree.SetTreeParameters(treeParams); - bTree.Render(ref xTree); + bTree.Render(ref _xTree); } else LoadNullTree(treeParams); @@ -105,7 +109,7 @@ namespace umbraco.presentation.webservices { BaseTree nullTree = new NullTree(treeParams.Application); nullTree.SetTreeParameters(treeParams); - nullTree.Render(ref xTree); + nullTree.Render(ref _xTree); } } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/UltimatePickerAutoCompleteHandler.ashx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/UltimatePickerAutoCompleteHandler.ashx.cs index 97bd1934b5..8fa77e7a8b 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/UltimatePickerAutoCompleteHandler.ashx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/UltimatePickerAutoCompleteHandler.ashx.cs @@ -3,6 +3,8 @@ using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Services; +using Umbraco.Web.WebServices; +using umbraco.BusinessLogic; using umbraco.cms.businesslogic.web; using umbraco.cms.businesslogic; @@ -13,19 +15,24 @@ namespace umbraco.presentation.umbraco.webservices /// [WebService(Namespace = "http://tempuri.org/")] [WebServiceBinding(ConformsTo = WsiProfiles.BasicProfile1_1)] - public class UltimatePickerAutoCompleteHandler : IHttpHandler + public class UltimatePickerAutoCompleteHandler : UmbracoAuthorizedHttpHandler { - private int nodeCount; - private int Counter; - private string[] output; - private string prefix; + private int _nodeCount; + private int _counter; + private string[] _output; + private string _prefix; - public void ProcessRequest(HttpContext context) + public override void ProcessRequest(HttpContext context) { + //user must be allowed to see content or media + if (!AuthorizeRequest(DefaultApps.content.ToString()) && !AuthorizeRequest(DefaultApps.media.ToString())) + return; + + context.Response.ContentType = "text/plain"; - prefix = context.Request.QueryString["q"]; + _prefix = context.Request.QueryString["q"]; int parentNodeId = Convert.ToInt32(context.Request.QueryString["id"]); bool showGrandChildren = Convert.ToBoolean(context.Request.QueryString["showchildren"]); @@ -37,7 +44,7 @@ namespace umbraco.presentation.umbraco.webservices CMSNode parent = new CMSNode(parentNodeId); if (!showGrandChildren) { - nodeCount = 0; + _nodeCount = 0; //store children array here because iterating over an Array property object is very inneficient. var children = parent.Children; @@ -45,42 +52,42 @@ namespace umbraco.presentation.umbraco.webservices { - nodeChildrenCount(child, false, documentAliasFilters); + NodeChildrenCount(child, false, documentAliasFilters); } - output = new string[nodeCount]; + _output = new string[_nodeCount]; - Counter = 0; + _counter = 0; int level = 1; //why is there a 2nd iteration of the same thing here? foreach (CMSNode child in children) { - addNode(child, level, showGrandChildren, documentAliasFilters); + AddNode(child, level, showGrandChildren, documentAliasFilters); } } else { - nodeCount = 0; + _nodeCount = 0; //store children array here because iterating over an Array property object is very inneficient. var children = parent.Children; foreach (CMSNode child in children) { - nodeChildrenCount(child, true, documentAliasFilters); + NodeChildrenCount(child, true, documentAliasFilters); } - output = new string[nodeCount]; - Counter = 0; + _output = new string[_nodeCount]; + _counter = 0; int level = 1; foreach (CMSNode child in children) { - addNode(child, level, showGrandChildren, documentAliasFilters); + AddNode(child, level, showGrandChildren, documentAliasFilters); } @@ -88,21 +95,21 @@ namespace umbraco.presentation.umbraco.webservices } - foreach (string item in output) + foreach (string item in _output) { context.Response.Write(item + Environment.NewLine); } } - private bool validNode(string nodeText) + private bool ValidNode(string nodeText) { - if (nodeText.Length >= prefix.Length) + if (nodeText.Length >= _prefix.Length) { - if (nodeText.Substring(0, prefix.Length).ToLower() == prefix.ToLower()) + if (nodeText.Substring(0, _prefix.Length).ToLower() == _prefix.ToLower()) { return true; } @@ -111,7 +118,7 @@ namespace umbraco.presentation.umbraco.webservices return false; } - private void nodeChildrenCount(CMSNode node, bool countChildren, string[] documentAliasFilters) + private void NodeChildrenCount(CMSNode node, bool countChildren, string[] documentAliasFilters) { if (documentAliasFilters.Length > 0) { @@ -123,9 +130,9 @@ namespace umbraco.presentation.umbraco.webservices if (new Document(node.Id).ContentType.Alias == trimmedFilter || trimmedFilter == string.Empty) { - if (validNode(node.Text)) + if (ValidNode(node.Text)) { - nodeCount += 1; + _nodeCount += 1; } } @@ -133,9 +140,9 @@ namespace umbraco.presentation.umbraco.webservices } else { - if (validNode(node.Text)) + if (ValidNode(node.Text)) { - nodeCount += 1; + _nodeCount += 1; } } @@ -145,13 +152,13 @@ namespace umbraco.presentation.umbraco.webservices var children = node.Children; foreach (CMSNode child in children) { - nodeChildrenCount(child, countChildren, documentAliasFilters); + NodeChildrenCount(child, countChildren, documentAliasFilters); } } } - private void addNode(CMSNode node, int level, bool showGrandChildren, string[] documentAliasFilters) + private void AddNode(CMSNode node, int level, bool showGrandChildren, string[] documentAliasFilters) { string preText = string.Empty; @@ -170,10 +177,10 @@ namespace umbraco.presentation.umbraco.webservices if (new Document(node.Id).ContentType.Alias == trimmedFilter || trimmedFilter == string.Empty) { - if (validNode(node.Text)) + if (ValidNode(node.Text)) { - output[Counter] = preText + node.Text + " [" + node.Id + "]"; - Counter++; + _output[_counter] = preText + node.Text + " [" + node.Id + "]"; + _counter++; } } @@ -181,10 +188,10 @@ namespace umbraco.presentation.umbraco.webservices } else { - if (validNode(node.Text)) + if (ValidNode(node.Text)) { - output[Counter] = preText + node.Text + " [" + node.Id + "]"; - Counter++; + _output[_counter] = preText + node.Text + " [" + node.Id + "]"; + _counter++; } } @@ -196,13 +203,13 @@ namespace umbraco.presentation.umbraco.webservices var children = node.Children; foreach (CMSNode child in children) { - addNode(child, level + 1, showGrandChildren, documentAliasFilters); + AddNode(child, level + 1, showGrandChildren, documentAliasFilters); } } } } - public bool IsReusable + public override bool IsReusable { get { From 64bb7e1db037ebca1fcd7a5c9e330e119d7a36c4 Mon Sep 17 00:00:00 2001 From: Shannon Deminick Date: Tue, 9 Apr 2013 07:14:58 +0600 Subject: [PATCH 14/18] Fixes up an app check --- .../umbraco/webservices/legacyAjaxCalls.asmx.cs | 10 ++++++---- 1 file changed, 6 insertions(+), 4 deletions(-) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs index 3640c1020a..037590d4d5 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/legacyAjaxCalls.asmx.cs @@ -84,8 +84,6 @@ namespace umbraco.presentation.webservices [ScriptMethod] public void DeleteContentPermanently(string nodeId, string nodeType) { - AuthorizeRequest(DefaultApps.content.ToString(), true); - int intNodeID; if (int.TryParse(nodeId, out intNodeID)) { @@ -93,13 +91,17 @@ namespace umbraco.presentation.webservices { case "media": case "mediaRecycleBin": + //ensure user has access to media + AuthorizeRequest(DefaultApps.media.ToString(), true); + new Media(intNodeID).delete(true); break; case "content": case "contentRecycleBin": - new Document(intNodeID).delete(true); - break; default: + //ensure user has access to content + AuthorizeRequest(DefaultApps.content.ToString(), true); + new Document(intNodeID).delete(true); break; } From 106ac44e64c2143e6a621b760a814de7a9f71bf5 Mon Sep 17 00:00:00 2001 From: Shannon Deminick Date: Tue, 9 Apr 2013 07:23:33 +0600 Subject: [PATCH 15/18] Fixes: #U4-2073 --- .../umbraco/dialogs/uploadImage.aspx.cs | 6 +++++- .../BasePages/UmbracoEnsuredPage.cs | 17 +++++------------ 2 files changed, 10 insertions(+), 13 deletions(-) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/uploadImage.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/uploadImage.aspx.cs index 8c3defc8a0..86aabc6589 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/uploadImage.aspx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/uploadImage.aspx.cs @@ -10,6 +10,7 @@ using System.Web.UI.WebControls; using System.Web.UI.HtmlControls; using System.Xml; +using umbraco.BusinessLogic; using umbraco.IO; namespace umbraco.dialogs @@ -17,6 +18,9 @@ namespace umbraco.dialogs [Obsolete("Use the UploadMediaImage control instead")] public partial class uploadImage : BasePages.UmbracoEnsuredPage { - + public uploadImage() + { + CurrentApp = DefaultApps.media.ToString(); + } } } diff --git a/src/umbraco.businesslogic/BasePages/UmbracoEnsuredPage.cs b/src/umbraco.businesslogic/BasePages/UmbracoEnsuredPage.cs index d64fe79dc3..16109f91dc 100644 --- a/src/umbraco.businesslogic/BasePages/UmbracoEnsuredPage.cs +++ b/src/umbraco.businesslogic/BasePages/UmbracoEnsuredPage.cs @@ -1,4 +1,5 @@ using System; +using System.Linq; using umbraco.BusinessLogic; using umbraco.businesslogic.Exceptions; using umbraco.IO; @@ -20,20 +21,16 @@ namespace umbraco.BasePages } + [Obsolete("This constructor is not used and will be removed from the codebase in the future")] public UmbracoEnsuredPage(string hest) { } - private bool _redirectToUmbraco; /// /// If true then umbraco will force any window/frame to reload umbraco in the main window /// - public bool RedirectToUmbraco - { - get { return _redirectToUmbraco; } - set { _redirectToUmbraco = value; } - } + public bool RedirectToUmbraco { get; set; } /// /// Validates the user for access to a certain application @@ -42,11 +39,7 @@ namespace umbraco.BasePages /// public bool ValidateUserApp(string app) { - - foreach (Application uApp in getUser().Applications) - if (uApp.alias == app) - return true; - return false; + return getUser().Applications.Any(uApp => uApp.alias == app); } /// @@ -69,7 +62,7 @@ namespace umbraco.BasePages /// Gets the current user. /// /// The current user. - public static BusinessLogic.User CurrentUser + public static User CurrentUser { get { From 5b660d95f153c06cea3990a141b6003fda6b8236 Mon Sep 17 00:00:00 2001 From: Shannon Deminick Date: Tue, 9 Apr 2013 07:26:21 +0600 Subject: [PATCH 16/18] Fixes: #U4-2077 --- .../developer/Packages/StarterKits.aspx.cs | 22 ++++++++++++------- 1 file changed, 14 insertions(+), 8 deletions(-) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Packages/StarterKits.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Packages/StarterKits.aspx.cs index e53e704762..374e1e8df2 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Packages/StarterKits.aspx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/developer/Packages/StarterKits.aspx.cs @@ -4,26 +4,32 @@ using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; +using Umbraco.Core.IO; using umbraco.BasePages; -using umbraco.IO; +using umbraco.BusinessLogic; namespace umbraco.presentation.umbraco.developer.Packages { public partial class StarterKits : UmbracoEnsuredPage { + public StarterKits() + { + CurrentApp = DefaultApps.developer.ToString(); + } + protected void Page_Load(object sender, EventArgs e) { if (!cms.businesslogic.skinning.Skinning.IsStarterKitInstalled()) - showStarterKits(); + ShowStarterKits(); else showSkins((Guid)cms.businesslogic.skinning.Skinning.StarterKitGuid()); } - private void showStarterKits() + private void ShowStarterKits() { - install.steps.Skinning.loadStarterKits starterkitsctrl = - (install.steps.Skinning.loadStarterKits)new UserControl().LoadControl(SystemDirectories.Install + "/steps/Skinning/loadStarterKits.ascx"); - starterkitsctrl.StarterKitInstalled += new install.steps.Skinning.StarterKitInstalledEventHandler(starterkitsctrl_StarterKitInstalled); + var starterkitsctrl = + (install.steps.Skinning.loadStarterKits)LoadControl(SystemDirectories.Install + "/steps/Skinning/loadStarterKits.ascx"); + starterkitsctrl.StarterKitInstalled += starterkitsctrl_StarterKitInstalled; ph_starterkits.Controls.Add(starterkitsctrl); @@ -39,11 +45,11 @@ namespace umbraco.presentation.umbraco.developer.Packages public void showSkins(Guid starterKitGuid) { - install.steps.Skinning.loadStarterKitDesigns ctrl = (install.steps.Skinning.loadStarterKitDesigns)new UserControl().LoadControl(SystemDirectories.Install + "/steps/Skinning/loadStarterKitDesigns.ascx"); + var ctrl = (install.steps.Skinning.loadStarterKitDesigns)new UserControl().LoadControl(SystemDirectories.Install + "/steps/Skinning/loadStarterKitDesigns.ascx"); ctrl.ID = "StarterKitDesigns"; ctrl.StarterKitGuid = starterKitGuid; - ctrl.StarterKitDesignInstalled += new install.steps.Skinning.StarterKitDesignInstalledEventHandler(ctrl_StarterKitDesignInstalled); + ctrl.StarterKitDesignInstalled += ctrl_StarterKitDesignInstalled; ph_skins.Controls.Add(ctrl); StarterKitNotInstalled.Visible = false; From bad284515c8094c62d68f5a5cfb89111659ae2d0 Mon Sep 17 00:00:00 2001 From: Shannon Deminick Date: Tue, 9 Apr 2013 07:32:13 +0600 Subject: [PATCH 17/18] Fixes: #U4-2076 --- .../umbraco/dialogs/emptyTrashcan.aspx.cs | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/emptyTrashcan.aspx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/emptyTrashcan.aspx.cs index ba87f14b07..8eb2f2c9ab 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/emptyTrashcan.aspx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/dialogs/emptyTrashcan.aspx.cs @@ -6,11 +6,24 @@ namespace umbraco.presentation.dialogs { public partial class emptyTrashcan : UmbracoEnsuredPage { + + protected override void OnInit(EventArgs e) + { + base.OnInit(e); + + var recycleBinType = helper.Request("type"); + if (!ValidateUserApp(recycleBinType)) + { + throw new InvalidOperationException("The user does not have access to the requested app"); + } + } + protected void Page_Load(object sender, EventArgs e) { } - protected override void OnPreRender(EventArgs e) { + protected override void OnPreRender(EventArgs e) + { base.OnPreRender(e); ScriptManager.GetCurrent(Page).Services.Add(new ServiceReference("../webservices/trashcan.asmx")); From eadb1bb1941aa4fa1a5e8764f1651722cb5d0a05 Mon Sep 17 00:00:00 2001 From: Shannon Deminick Date: Tue, 9 Apr 2013 07:54:32 +0600 Subject: [PATCH 18/18] Fixes merge issues --- .../webservices/CheckForUpgrade.asmx.cs | 4 +-- .../umbraco/webservices/nodeSorter.asmx.cs | 30 +++++++++---------- 2 files changed, 17 insertions(+), 17 deletions(-) diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CheckForUpgrade.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CheckForUpgrade.asmx.cs index 113f8f8d07..d12668d26b 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CheckForUpgrade.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/CheckForUpgrade.asmx.cs @@ -40,7 +40,7 @@ namespace umbraco.presentation.webservices { bool isUpgrade = false; // if it's an upgrade, you'll need to be logged in before we allow this call - if (!String.IsNullOrEmpty(Umbraco.Core.Configuration.GlobalSettings.ConfigurationStatus)) + if (!String.IsNullOrEmpty(global::Umbraco.Core.Configuration.GlobalSettings.ConfigurationStatus)) { isUpgrade = true; legacyAjaxCalls.Authorize(); @@ -63,7 +63,7 @@ namespace umbraco.presentation.webservices installCookie.SetValue(installId.ToString()); string dbProvider = String.Empty; - if (!String.IsNullOrEmpty(Umbraco.Core.Configuration.GlobalSettings.ConfigurationStatus)) + if (!String.IsNullOrEmpty(global::Umbraco.Core.Configuration.GlobalSettings.ConfigurationStatus)) dbProvider = ApplicationContext.Current.DatabaseContext.DatabaseProvider.ToString(); org.umbraco.update.CheckForUpgrade check = new global::umbraco.presentation.org.umbraco.update.CheckForUpgrade(); diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/nodeSorter.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/nodeSorter.asmx.cs index e5025f8d3f..48dc9cf12b 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/nodeSorter.asmx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/nodeSorter.asmx.cs @@ -93,28 +93,28 @@ namespace umbraco.presentation.webservices if (isContent) { - var document = new Document(int.Parse(tmp[i])); - var published = document.Published; - document.sortOrder = i; - document.Save(); + var document = new Document(int.Parse(tmp[i])); + var published = document.Published; + document.sortOrder = i; + document.Save(); // refresh the xml for the sorting to work - if (d.Published) + if (published) { - document.Publish(BusinessLogic.User.GetCurrent()); - document.refreshXmlSortOrder(); + document.Publish(BusinessLogic.User.GetCurrent()); + document.refreshXmlSortOrder(); library.UpdateDocumentCache(int.Parse(tmp[i])); } } - // to update the sortorder of the media node in the XML, re-save the node.... + // to update the sortorder of the media node in the XML, re-save the node.... else if (isMedia) { - var media = new cms.businesslogic.media.Media(int.Parse(tmp[i])); - media.sortOrder = i; - media.Save(); - } - else - { - new cms.businesslogic.CMSNode(int.Parse(tmp[i])).sortOrder = i; + var media = new cms.businesslogic.media.Media(int.Parse(tmp[i])); + media.sortOrder = i; + media.Save(); + } + else + { + new cms.businesslogic.CMSNode(int.Parse(tmp[i])).sortOrder = i; } }