yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixes the ContentSaveValidationAttribute since it was capturing a request based object in it's ctor when it's a singleton, moves the OnlyLocalRequestsAttribute to the correct namespace, WebSecurity shouldn't be IDisposable

Browse Source
This commit is contained in:
Shannon
2019-02-14 11:37:27 +11:00
parent 9a264a120b
commit f814a80ab7
5 changed files with 13 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/Umbraco.Web/Editors/Filters/ContentSaveValidationAttribute.cs
View File

@@ -15,7 +15,6 @@ using Umbraco.Web.Actions;
using Umbraco.Web.Composing;
using Umbraco.Web.Models.ContentEditing;
using Umbraco.Web.Security;
using Umbraco.Web.WebApi;
namespace Umbraco.Web.Editors.Filters
{
@@ -24,23 +23,21 @@ namespace Umbraco.Web.Editors.Filters
/// </summary>
internal sealed class ContentSaveValidationAttribute : ActionFilterAttribute
{
public ContentSaveValidationAttribute(): this(Current.Logger, Current.UmbracoContextAccessor, Current.Services.ContentService, Current.Services.UserService, Current.Services.EntityService, UmbracoContext.Current.Security)
public ContentSaveValidationAttribute(): this(Current.Logger, Current.UmbracoContextAccessor, Current.Services.ContentService, Current.Services.UserService, Current.Services.EntityService)
{ }
public ContentSaveValidationAttribute(ILogger logger, IUmbracoContextAccessor umbracoContextAccessor, IContentService contentService, IUserService userService, IEntityService entityService, WebSecurity security)
public ContentSaveValidationAttribute(ILogger logger, IUmbracoContextAccessor umbracoContextAccessor, IContentService contentService, IUserService userService, IEntityService entityService)
{
_logger = logger;
_umbracoContextAccessor = umbracoContextAccessor;
_contentService = contentService ?? throw new ArgumentNullException(nameof(contentService));
_userService = userService ?? throw new ArgumentNullException(nameof(userService));
_entityService = entityService ?? throw new ArgumentNullException(nameof(entityService));
_security = security ?? throw new ArgumentNullException(nameof(security));
}
private readonly ILogger _logger;
private readonly IUmbracoContextAccessor _umbracoContextAccessor;
private readonly IContentService _contentService;
private readonly WebSecurity _security;
private readonly IUserService _userService;
private readonly IEntityService _entityService;
@@ -51,7 +48,7 @@ namespace Umbraco.Web.Editors.Filters
if (!ValidateAtLeastOneVariantIsBeingSaved(model, actionContext)) return;
if (!contentItemValidator.ValidateExistingContent(model, actionContext)) return;
if (!ValidateUserAccess(model, actionContext)) return;
if (!ValidateUserAccess(model, actionContext, _umbracoContextAccessor.UmbracoContext.Security)) return;
//validate for each variant that is being updated
foreach (var variant in model.Variants.Where(x => x.Save))
@@ -83,7 +80,8 @@ namespace Umbraco.Web.Editors.Filters
/// </summary>
/// <param name="actionContext"></param>
/// <param name="contentItem"></param>
private bool ValidateUserAccess(ContentItemSave contentItem, HttpActionContext actionContext)
/// <param name="webSecurity"></param>
private bool ValidateUserAccess(ContentItemSave contentItem, HttpActionContext actionContext, WebSecurity webSecurity)
{
//We now need to validate that the user is allowed to be doing what they are doing.
@@ -194,13 +192,13 @@ namespace Umbraco.Web.Editors.Filters
actionContext.Request.Properties[typeof(IContent).ToString()] = contentItem;
accessResult = ContentPermissionsHelper.CheckPermissions(
contentToCheck, _security.CurrentUser,
contentToCheck, webSecurity.CurrentUser,
_userService, _entityService, permissionToCheck.ToArray());
}
else
{
accessResult = ContentPermissionsHelper.CheckPermissions(
contentIdToCheck, _security.CurrentUser,
contentIdToCheck, webSecurity.CurrentUser,
_userService, _contentService, _entityService,
out contentToCheck,
permissionToCheck.ToArray());

1
src/Umbraco.Web/Editors/KeepAliveController.cs
View File

@@ -2,6 +2,7 @@
using System.Web.Http;
using Umbraco.Web.Mvc;
using Umbraco.Web.WebApi;
using Umbraco.Web.WebApi.Filters;
namespace Umbraco.Web.Editors
{

10
src/Umbraco.Web/Security/WebSecurity.cs
View File

@@ -21,9 +21,9 @@ namespace Umbraco.Web.Security
/// <summary>
/// A utility class used for dealing with USER security in Umbraco
/// </summary>
public class WebSecurity : DisposableObjectSlim
public class WebSecurity
{
private HttpContextBase _httpContext;
private readonly HttpContextBase _httpContext;
private readonly IUserService _userService;
private readonly IGlobalSettings _globalSettings;
@@ -263,10 +263,6 @@ namespace Umbraco.Web.Security
{
return _httpContext.User != null && _httpContext.User.Identity.IsAuthenticated && _httpContext.GetCurrentIdentity(false) != null;
}
protected override void DisposeResources()
{
_httpContext = null;
}
}
}

2
src/Umbraco.Web/Umbraco.Web.csproj
View File

@@ -207,7 +207,7 @@
<Compile Include="Models\Link.cs" />
<Compile Include="Models\LinkType.cs" />
<Compile Include="Models\TemplateQuery\OperatorFactory.cs" />
<Compile Include="Mvc\OnlyLocalRequestsAttribute.cs" />
<Compile Include="WebApi\Filters\OnlyLocalRequestsAttribute.cs" />
<Compile Include="PropertyEditors\MultiUrlPickerConfiguration.cs" />
<Compile Include="PropertyEditors\MultiUrlPickerConfigurationEditor.cs" />
<Compile Include="PropertyEditors\MultiUrlPickerPropertyEditor.cs" />

3
src/Umbraco.Web/Mvc/OnlyLocalRequestsAttribute.cs → src/Umbraco.Web/WebApi/Filters/OnlyLocalRequestsAttribute.cs
View File

@@ -1,11 +1,10 @@
using System.Net;
using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
namespace Umbraco.Web.Mvc
namespace Umbraco.Web.WebApi.Filters
{
public class OnlyLocalRequestsAttribute : ActionFilterAttribute
{