From e25ee246fb8e89dcef69dca89d2835818f4b97ef Mon Sep 17 00:00:00 2001
From: Shannon Deminick <sdeminick@gmail.com>
Date: Tue, 9 Apr 2013 06:31:26 +0600
Subject: [PATCH] Works on #U4-2078

---
 .../umbraco/webservices/Settings.asmx.cs      |  8 +++++---
 .../webservices/progressStatus.asmx.cs        |  7 +++++--
 .../umbraco/webservices/publication.asmx.cs   | 19 ++++++++++++++-----
 .../umbraco/webservices/templates.asmx.cs     | 15 +++++++++------
 4 files changed, 33 insertions(+), 16 deletions(-)

diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Settings.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Settings.asmx.cs
index 79b1a57920..d33e9b842e 100644
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Settings.asmx.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/Settings.asmx.cs
@@ -8,17 +8,19 @@ using System.Web.Services;
 using System.Linq;
 using System.Xml;
 using Umbraco.Core;
+using Umbraco.Web.WebServices;
+using umbraco.BusinessLogic;
 
 namespace umbraco.webservices
 {
-	
-	public class Settings : WebService
+
+    public class Settings : UmbracoAuthorizedWebService
 	{
 		
 		[WebMethod]
 		public XmlNode GetTabs(string ContextID, int ContentTypeId)
 		{
-		    if (BasePages.BasePage.ValidateUserContextID(ContextID)) 
+            if (!AuthorizeRequest(DefaultApps.settings.ToString()))
 			{
 				var xmlDoc = new XmlDocument();
 				var tabs = xmlDoc.CreateElement("tabs");
diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/progressStatus.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/progressStatus.asmx.cs
index 31d5e247e5..c70b5df17e 100644
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/progressStatus.asmx.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/progressStatus.asmx.cs
@@ -5,6 +5,7 @@ using System.Data;
 using System.Diagnostics;
 using System.Web;
 using System.Web.Services;
+using Umbraco.Web.WebServices;
 
 namespace presentation.umbraco.webservices
 {
@@ -12,12 +13,14 @@ namespace presentation.umbraco.webservices
 	/// Summary description for progressStatus.
 	/// </summary>
 	[WebService(Namespace="http://umbraco.org/webservices/")]
-	public class progressStatus : System.Web.Services.WebService
+    public class progressStatus : UmbracoAuthorizedWebService
 	{
 		
 		[WebMethod]
-		public int GetStatus(string key) 
+		public int GetStatus(string key)
 		{
+		    if (!AuthorizeRequest()) return 0;
+
 			try 
 			{
 				return int.Parse(Application[key].ToString());
diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/publication.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/publication.asmx.cs
index 143a2dcb4c..16e2dcd8da 100644
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/publication.asmx.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/publication.asmx.cs
@@ -2,6 +2,8 @@ using System;
 using System.ComponentModel;
 using System.Web.Services;
 using System.Web.Script.Services;
+using Umbraco.Web.WebServices;
+using umbraco.BusinessLogic;
 using umbraco.presentation.webservices;
 
 namespace umbraco.webservices
@@ -11,14 +13,15 @@ namespace umbraco.webservices
 	/// </summary>
 	[WebService(Namespace="http://umbraco.org/webservices/")]
     [ScriptService]
-	public class publication : WebService
+    public class publication : UmbracoAuthorizedWebService
 	{
 		
 		[WebMethod]
         [ScriptMethod]
-		public int GetPublicationStatus(string key) 
+		public int GetPublicationStatus(string key)
 		{
-            legacyAjaxCalls.Authorize();
+		    if (!AuthorizeRequest(DefaultApps.content.ToString()))
+		        return 0;
 
 			try 
 			{
@@ -34,7 +37,8 @@ namespace umbraco.webservices
         [ScriptMethod]
         public int GetPublicationStatusMax(string key)
         {
-            legacyAjaxCalls.Authorize();
+            if (!AuthorizeRequest(DefaultApps.content.ToString()))
+                return 0;
 
             try
             {
@@ -50,6 +54,9 @@ namespace umbraco.webservices
         [ScriptMethod]
         public int GetPublicationStatusMaxAll(string key)
         {
+            if (!AuthorizeRequest(DefaultApps.content.ToString()))
+		        return 0;
+
             try
             {
                 return int.Parse(Application["publishTotalAll" + key].ToString());
@@ -60,6 +67,7 @@ namespace umbraco.webservices
             }
         }
 
+        [Obsolete("This doesn't do anything and will be removed in future versions")]
 		[WebMethod]
 		public void HandleReleaseAndExpireDates(Guid PublishingServiceKey) 
 		{
@@ -68,7 +76,8 @@ namespace umbraco.webservices
         [WebMethod]
         public void SaveXmlCacheToDisk()
         {
-            legacyAjaxCalls.Authorize();
+            if (!AuthorizeRequest(DefaultApps.content.ToString()))
+                return;
 
             content.Instance.PersistXmlToFile();
         }
diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/templates.asmx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/templates.asmx.cs
index 8417fdcb38..93dc363f7d 100644
--- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/templates.asmx.cs
+++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/templates.asmx.cs
@@ -9,6 +9,8 @@ using System.Xml;
 using System.Web.Script.Services;
 using Umbraco.Core;
 using Umbraco.Core.IO;
+using Umbraco.Web.WebServices;
+using umbraco.BusinessLogic;
 using umbraco.presentation.webservices;
 
 namespace umbraco.webservices
@@ -18,13 +20,13 @@ namespace umbraco.webservices
 	/// </summary>
 	[WebService(Namespace="http://umbraco.org/webservices/")]
     [ScriptService]
-	public class templates : WebService
+    public class templates : UmbracoAuthorizedWebService
 	{
 		
 		[WebMethod]
 		public XmlNode GetTemplates(string Login, string Password)
 		{
-		    if (BusinessLogic.User.validateCredentials(Login, Password)) 
+		    if (ValidateCredentials(Login, Password) && UserHasAppAccess(DefaultApps.settings.ToString(), Login)) 
 			{
 				var xmlDoc = new XmlDocument();
 				xmlDoc.LoadXml("<templates/>");
@@ -43,7 +45,7 @@ namespace umbraco.webservices
 	    [WebMethod]
 		public XmlNode GetTemplate(int Id, string Login, string Password)
 		{
-		    if (BusinessLogic.User.validateCredentials(Login, Password)) 
+            if (ValidateCredentials(Login, Password) && UserHasAppAccess(DefaultApps.settings.ToString(), Login)) 
 			{
 				var t = new cms.businesslogic.template.Template(Id);
 				var xmlDoc = new XmlDocument();
@@ -60,7 +62,7 @@ namespace umbraco.webservices
 	    [WebMethod]
 		public bool UpdateTemplate(int Id, int Master, string Design, string Login, string Password)
 		{
-		    if (BusinessLogic.User.validateCredentials(Login, Password)) 
+            if (ValidateCredentials(Login, Password) && UserHasAppAccess(DefaultApps.settings.ToString(), Login)) 
 			{
                 try
                 {
@@ -84,8 +86,9 @@ namespace umbraco.webservices
 	    [WebMethod]
         [ScriptMethod]
         public string GetCodeSnippet(object templateId)
-        {
-            legacyAjaxCalls.Authorize();
+	    {
+            //NOTE: The legacy code threw an exception so will continue to do that.
+	        AuthorizeRequest(DefaultApps.settings.ToString(), true);
             
 	        var templateFile = 
                 System.IO.File.OpenText(IOHelper.MapPath(SystemDirectories.Umbraco + "/scripting/templates/cshtml/" + templateId));