From d3ed90c23e7abacaa3f1143df1c972c4e38459e6 Mon Sep 17 00:00:00 2001 From: Sebastiaan Janssen Date: Tue, 28 May 2013 12:10:29 -0200 Subject: [PATCH] Some fixes & refactor --- .../WebServices/FolderBrowserService.cs | 56 ++++---- .../UltimatePickerAutoCompleteHandler.ashx.cs | 135 +++++------------- 2 files changed, 71 insertions(+), 120 deletions(-) diff --git a/src/Umbraco.Web/WebServices/FolderBrowserService.cs b/src/Umbraco.Web/WebServices/FolderBrowserService.cs index 02132356f0..e463494d30 100644 --- a/src/Umbraco.Web/WebServices/FolderBrowserService.cs +++ b/src/Umbraco.Web/WebServices/FolderBrowserService.cs @@ -1,16 +1,11 @@ using System; using System.Collections.Generic; using System.Linq; -using System.Text; -using System.Web; using System.Web.Script.Serialization; -using Umbraco.Core; using Umbraco.Web.Media.ThumbnailProviders; -using umbraco.BasePages; using umbraco.BusinessLogic; -using umbraco.IO; +using Umbraco.Core.IO; using umbraco.cms.businesslogic.Tags; -using umbraco.cms.businesslogic.media; using Umbraco.Web.BaseRest; namespace Umbraco.Web.WebServices @@ -21,26 +16,20 @@ namespace Umbraco.Web.WebServices [RestExtensionMethod(ReturnXml = false)] public static string GetChildren(int parentId) { + var currentUser = GetCurrentUser(); + var parentMedia = new global::umbraco.cms.businesslogic.media.Media(parentId); - var currentUser = User.GetCurrent(); + AuthorizeAccess(parentMedia, currentUser); + var data = new List(); - // Check user is logged in - if (currentUser == null) - throw new UnauthorizedAccessException("You must be logged in to use this service"); - - // Check user is allowed to access selected media item - if(!("," + parentMedia.Path + ",").Contains("," + currentUser.StartMediaId + ",")) - throw new UnauthorizedAccessException("You do not have access to this Media node"); - // Get children and filter //TODO: Only fetch files, not containers //TODO: Cache responses to speed up susequent searches foreach (var child in parentMedia.Children) { var fileProp = child.getProperty("umbracoFile") ?? - child.GenericProperties.FirstOrDefault(x => - x.PropertyType.DataTypeDefinition.DataType.Id == new Guid("5032a6e6-69e3-491d-bb28-cd31cd11086c")); + child.GenericProperties.FirstOrDefault(x => x.PropertyType.DataTypeDefinition.DataType.Id == new Guid("5032a6e6-69e3-491d-bb28-cd31cd11086c")); var fileUrl = fileProp != null ? fileProp.Value.ToString() : ""; var thumbUrl = ThumbnailProvidersResolver.Current.GetThumbnailUrl(fileUrl); @@ -53,9 +42,9 @@ namespace Umbraco.Web.WebServices MediaTypeAlias = child.ContentType.Alias, EditUrl = string.Format("editMedia.aspx?id={0}", child.Id), FileUrl = fileUrl, - ThumbnailUrl = !string.IsNullOrEmpty(thumbUrl) - ? thumbUrl - : IOHelper.ResolveUrl(SystemDirectories.Umbraco + "/images/thumbnails/" + child.ContentType.Thumbnail) + ThumbnailUrl = string.IsNullOrEmpty(thumbUrl) + ? IOHelper.ResolveUrl(SystemDirectories.Umbraco + "/images/thumbnails/" + child.ContentType.Thumbnail) + : thumbUrl }; data.Add(item); @@ -67,15 +56,19 @@ namespace Umbraco.Web.WebServices [RestExtensionMethod(ReturnXml = false)] public static string Delete(string nodeIds) { - var nodeIdParts = nodeIds.Split(','); + var currentUser = GetCurrentUser(); - foreach (var nodeIdPart in nodeIdParts.Where(x => !string.IsNullOrEmpty(x))) + var nodeIdParts = nodeIds.Split(','); + + foreach (var nodeIdPart in nodeIdParts.Where(x => string.IsNullOrEmpty(x) == false)) { - var nodeId = 0; - if (!Int32.TryParse(nodeIdPart, out nodeId)) + int nodeId; + if (Int32.TryParse(nodeIdPart, out nodeId) == false) continue; var node = new global::umbraco.cms.businesslogic.media.Media(nodeId); + AuthorizeAccess(node, currentUser); + node.delete(("," + node.Path + ",").Contains(",-21,")); } @@ -84,5 +77,20 @@ namespace Umbraco.Web.WebServices success = true }); } + + private static User GetCurrentUser() + { + var currentUser = User.GetCurrent(); + if (currentUser == null) + throw new UnauthorizedAccessException("You must be logged in to use this service"); + + return currentUser; + } + + private static void AuthorizeAccess(global::umbraco.cms.businesslogic.media.Media mediaItem, User currentUser) + { + if (("," + mediaItem.Path + ",").Contains("," + currentUser.StartMediaId + ",") == false) + throw new UnauthorizedAccessException("You do not have access to this Media node"); + } } } diff --git a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/UltimatePickerAutoCompleteHandler.ashx.cs b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/UltimatePickerAutoCompleteHandler.ashx.cs index 8fa77e7a8b..8d2acf4f8f 100644 --- a/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/UltimatePickerAutoCompleteHandler.ashx.cs +++ b/src/Umbraco.Web/umbraco.presentation/umbraco/webservices/UltimatePickerAutoCompleteHandler.ashx.cs @@ -1,9 +1,9 @@ using System; -using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.Services; using Umbraco.Web.WebServices; +using umbraco.BasePages; using umbraco.BusinessLogic; using umbraco.cms.businesslogic.web; using umbraco.cms.businesslogic; @@ -25,77 +25,44 @@ namespace umbraco.presentation.umbraco.webservices public override void ProcessRequest(HttpContext context) { - //user must be allowed to see content or media - if (!AuthorizeRequest(DefaultApps.content.ToString()) && !AuthorizeRequest(DefaultApps.media.ToString())) - return; + if (BasePage.ValidateUserContextID(BasePage.umbracoUserContextID) == false) + throw new Exception("Client authorization failed. User is not logged in"); + //user must be allowed to see content or media + if (AuthorizeRequest(DefaultApps.content.ToString()) == false && AuthorizeRequest(DefaultApps.media.ToString()) == false) + return; context.Response.ContentType = "text/plain"; _prefix = context.Request.QueryString["q"]; - int parentNodeId = Convert.ToInt32(context.Request.QueryString["id"]); - bool showGrandChildren = Convert.ToBoolean(context.Request.QueryString["showchildren"]); + var parentNodeId = Convert.ToInt32(context.Request.QueryString["id"]); + var showGrandChildren = Convert.ToBoolean(context.Request.QueryString["showchildren"]); - string documentAliasFilter = context.Request.QueryString["filter"]; - string[] documentAliasFilters = documentAliasFilter.Split(",".ToCharArray()); + var documentAliasFilter = context.Request.QueryString["filter"]; + var documentAliasFilters = documentAliasFilter.Split(",".ToCharArray()); + var parent = new CMSNode(parentNodeId); - CMSNode parent = new CMSNode(parentNodeId); - if (!showGrandChildren) + _nodeCount = 0; + + //store children array here because iterating over an Array property object is very inneficient. + var children = parent.Children; + foreach (CMSNode child in children) { - _nodeCount = 0; - - //store children array here because iterating over an Array property object is very inneficient. - var children = parent.Children; - foreach (CMSNode child in children) - { - - - NodeChildrenCount(child, false, documentAliasFilters); - - } - - _output = new string[_nodeCount]; - - _counter = 0; - int level = 1; - - //why is there a 2nd iteration of the same thing here? - foreach (CMSNode child in children) - { - - AddNode(child, level, showGrandChildren, documentAliasFilters); - } - - - } - else - { - _nodeCount = 0; - - //store children array here because iterating over an Array property object is very inneficient. - var children = parent.Children; - foreach (CMSNode child in children) - { - NodeChildrenCount(child, true, documentAliasFilters); - } - - _output = new string[_nodeCount]; - _counter = 0; - int level = 1; - - foreach (CMSNode child in children) - { - AddNode(child, level, showGrandChildren, documentAliasFilters); - } - - - + NodeChildrenCount(child, showGrandChildren, documentAliasFilters); } + _output = new string[_nodeCount]; + _counter = 0; + int level = 1; - foreach (string item in _output) + foreach (CMSNode child in children) + { + AddNode(child, level, showGrandChildren, documentAliasFilters); + } + + foreach (var item in _output) { context.Response.Write(item + Environment.NewLine); } @@ -103,38 +70,21 @@ namespace umbraco.presentation.umbraco.webservices private bool ValidNode(string nodeText) { - - - if (nodeText.Length >= _prefix.Length) - { - - - if (nodeText.Substring(0, _prefix.Length).ToLower() == _prefix.ToLower()) - { - return true; - } - } - - return false; + return nodeText.Length >= _prefix.Length && nodeText.Substring(0, _prefix.Length).ToLower() == _prefix.ToLower(); } private void NodeChildrenCount(CMSNode node, bool countChildren, string[] documentAliasFilters) { if (documentAliasFilters.Length > 0) { - - foreach (string filter in documentAliasFilters) + foreach (var filter in documentAliasFilters) { - string trimmedFilter = filter.TrimStart(" ".ToCharArray()); + var trimmedFilter = filter.TrimStart(" ".ToCharArray()); trimmedFilter = trimmedFilter.TrimEnd(" ".ToCharArray()); - if (new Document(node.Id).ContentType.Alias == trimmedFilter || trimmedFilter == string.Empty) + if ((new Document(node.Id).ContentType.Alias == trimmedFilter || trimmedFilter == string.Empty) && ValidNode(node.Text)) { - if (ValidNode(node.Text)) - { - _nodeCount += 1; - } - + _nodeCount += 1; } } } @@ -160,28 +110,24 @@ namespace umbraco.presentation.umbraco.webservices private void AddNode(CMSNode node, int level, bool showGrandChildren, string[] documentAliasFilters) { + var preText = string.Empty; - string preText = string.Empty; - - for (int i = 1; i < level; i++) + for (var i = 1; i < level; i++) { preText += "- "; } if (documentAliasFilters.Length > 0) { - foreach (string filter in documentAliasFilters) + foreach (var filter in documentAliasFilters) { - string trimmedFilter = filter.TrimStart(" ".ToCharArray()); + var trimmedFilter = filter.TrimStart(" ".ToCharArray()); trimmedFilter = trimmedFilter.TrimEnd(" ".ToCharArray()); - if (new Document(node.Id).ContentType.Alias == trimmedFilter || trimmedFilter == string.Empty) + if ((new Document(node.Id).ContentType.Alias == trimmedFilter || trimmedFilter == string.Empty) && ValidNode(node.Text)) { - if (ValidNode(node.Text)) - { - _output[_counter] = preText + node.Text + " [" + node.Id + "]"; - _counter++; - } + _output[_counter] = preText + node.Text + " [" + node.Id + "]"; + _counter++; } } @@ -211,10 +157,7 @@ namespace umbraco.presentation.umbraco.webservices public override bool IsReusable { - get - { - return false; - } + get { return false; } } } }