From ea31ddea6d6fb566726e99b2177db1f3348e022a Mon Sep 17 00:00:00 2001 From: Sven Geusens Date: Fri, 8 Mar 2024 10:37:46 +0100 Subject: [PATCH] Enable member management authorization (#15843) * Enabled Section authorization on member management endpoints Changed filter endpoints from tree style auth to section as it returns the same model and be in line with other filter endpoints * Clean up member filter base inheritance --------- Co-authored-by: Sven Geusens Co-authored-by: kjac --- .../Member/Filter/MemberFilterControllerBase.cs | 6 +----- .../Controllers/Member/MemberControllerBase.cs | 7 ++++--- 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Member/Filter/MemberFilterControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Member/Filter/MemberFilterControllerBase.cs index 13a165579e..190e0bee9d 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Member/Filter/MemberFilterControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Member/Filter/MemberFilterControllerBase.cs @@ -1,16 +1,12 @@ -using Microsoft.AspNetCore.Authorization; using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Management.Routing; using Umbraco.Cms.Core; using Umbraco.Cms.Core.Services.OperationStatus; -using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.Member.Filter; [VersionedApiBackOfficeRoute($"{Constants.Web.RoutePath.Filter}/{Constants.UdiEntityType.Member}")] -[ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Member))] -[Authorize(Policy = AuthorizationPolicies.SectionAccessForMemberTree)] -public abstract class MemberFilterControllerBase : ManagementApiControllerBase +public abstract class MemberFilterControllerBase : MemberControllerBase { protected IActionResult MemberTypeNotFound() => OperationStatusResult(ContentEditingOperationStatus.NotFound, problemDetailsBuilder diff --git a/src/Umbraco.Cms.Api.Management/Controllers/Member/MemberControllerBase.cs b/src/Umbraco.Cms.Api.Management/Controllers/Member/MemberControllerBase.cs index 2fd929e992..42d435a449 100644 --- a/src/Umbraco.Cms.Api.Management/Controllers/Member/MemberControllerBase.cs +++ b/src/Umbraco.Cms.Api.Management/Controllers/Member/MemberControllerBase.cs @@ -1,4 +1,5 @@ -using Microsoft.AspNetCore.Http; +using Microsoft.AspNetCore.Authorization; +using Microsoft.AspNetCore.Http; using Microsoft.AspNetCore.Mvc; using Umbraco.Cms.Api.Common.Builders; using Umbraco.Cms.Api.Management.Controllers.Content; @@ -7,13 +8,13 @@ using Umbraco.Cms.Api.Management.ViewModels.Member; using Umbraco.Cms.Core; using Umbraco.Cms.Core.Models.ContentEditing; using Umbraco.Cms.Core.Services.OperationStatus; +using Umbraco.Cms.Web.Common.Authorization; namespace Umbraco.Cms.Api.Management.Controllers.Member; [VersionedApiBackOfficeRoute(Constants.UdiEntityType.Member)] [ApiExplorerSettings(GroupName = nameof(Constants.UdiEntityType.Member))] -// FIXME: implement authorization -// [Authorize(Policy = AuthorizationPolicies.SectionAccessMembers)] +[Authorize(Policy = AuthorizationPolicies.SectionAccessMembers)] public class MemberControllerBase : ContentControllerBase { protected IActionResult MemberNotFound() => OperationStatusResult(MemberEditingOperationStatus.MemberNotFound, MemberNotFound);