diff --git a/src/Umbraco.Web/Editors/Filters/ContentSaveValidationAttribute.cs b/src/Umbraco.Web/Editors/Filters/ContentSaveValidationAttribute.cs
index a0565c1d2f..6286572946 100644
--- a/src/Umbraco.Web/Editors/Filters/ContentSaveValidationAttribute.cs
+++ b/src/Umbraco.Web/Editors/Filters/ContentSaveValidationAttribute.cs
@@ -15,7 +15,6 @@ using Umbraco.Web.Actions;
using Umbraco.Web.Composing;
using Umbraco.Web.Models.ContentEditing;
using Umbraco.Web.Security;
-using Umbraco.Web.WebApi;
namespace Umbraco.Web.Editors.Filters
{
@@ -24,23 +23,21 @@ namespace Umbraco.Web.Editors.Filters
///
internal sealed class ContentSaveValidationAttribute : ActionFilterAttribute
{
- public ContentSaveValidationAttribute(): this(Current.Logger, Current.UmbracoContextAccessor, Current.Services.ContentService, Current.Services.UserService, Current.Services.EntityService, UmbracoContext.Current.Security)
+ public ContentSaveValidationAttribute(): this(Current.Logger, Current.UmbracoContextAccessor, Current.Services.ContentService, Current.Services.UserService, Current.Services.EntityService)
{ }
- public ContentSaveValidationAttribute(ILogger logger, IUmbracoContextAccessor umbracoContextAccessor, IContentService contentService, IUserService userService, IEntityService entityService, WebSecurity security)
+ public ContentSaveValidationAttribute(ILogger logger, IUmbracoContextAccessor umbracoContextAccessor, IContentService contentService, IUserService userService, IEntityService entityService)
{
_logger = logger;
_umbracoContextAccessor = umbracoContextAccessor;
_contentService = contentService ?? throw new ArgumentNullException(nameof(contentService));
_userService = userService ?? throw new ArgumentNullException(nameof(userService));
_entityService = entityService ?? throw new ArgumentNullException(nameof(entityService));
- _security = security ?? throw new ArgumentNullException(nameof(security));
}
private readonly ILogger _logger;
private readonly IUmbracoContextAccessor _umbracoContextAccessor;
private readonly IContentService _contentService;
- private readonly WebSecurity _security;
private readonly IUserService _userService;
private readonly IEntityService _entityService;
@@ -51,7 +48,7 @@ namespace Umbraco.Web.Editors.Filters
if (!ValidateAtLeastOneVariantIsBeingSaved(model, actionContext)) return;
if (!contentItemValidator.ValidateExistingContent(model, actionContext)) return;
- if (!ValidateUserAccess(model, actionContext)) return;
+ if (!ValidateUserAccess(model, actionContext, _umbracoContextAccessor.UmbracoContext.Security)) return;
//validate for each variant that is being updated
foreach (var variant in model.Variants.Where(x => x.Save))
@@ -83,7 +80,8 @@ namespace Umbraco.Web.Editors.Filters
///
///
///
- private bool ValidateUserAccess(ContentItemSave contentItem, HttpActionContext actionContext)
+ ///
+ private bool ValidateUserAccess(ContentItemSave contentItem, HttpActionContext actionContext, WebSecurity webSecurity)
{
//We now need to validate that the user is allowed to be doing what they are doing.
@@ -194,13 +192,13 @@ namespace Umbraco.Web.Editors.Filters
actionContext.Request.Properties[typeof(IContent).ToString()] = contentItem;
accessResult = ContentPermissionsHelper.CheckPermissions(
- contentToCheck, _security.CurrentUser,
+ contentToCheck, webSecurity.CurrentUser,
_userService, _entityService, permissionToCheck.ToArray());
}
else
{
accessResult = ContentPermissionsHelper.CheckPermissions(
- contentIdToCheck, _security.CurrentUser,
+ contentIdToCheck, webSecurity.CurrentUser,
_userService, _contentService, _entityService,
out contentToCheck,
permissionToCheck.ToArray());
diff --git a/src/Umbraco.Web/Editors/KeepAliveController.cs b/src/Umbraco.Web/Editors/KeepAliveController.cs
index b15621ee23..23815e1bbe 100644
--- a/src/Umbraco.Web/Editors/KeepAliveController.cs
+++ b/src/Umbraco.Web/Editors/KeepAliveController.cs
@@ -2,6 +2,7 @@
using System.Web.Http;
using Umbraco.Web.Mvc;
using Umbraco.Web.WebApi;
+using Umbraco.Web.WebApi.Filters;
namespace Umbraco.Web.Editors
{
diff --git a/src/Umbraco.Web/Security/WebSecurity.cs b/src/Umbraco.Web/Security/WebSecurity.cs
index ef6193694c..55ac421b92 100644
--- a/src/Umbraco.Web/Security/WebSecurity.cs
+++ b/src/Umbraco.Web/Security/WebSecurity.cs
@@ -21,9 +21,9 @@ namespace Umbraco.Web.Security
///
/// A utility class used for dealing with USER security in Umbraco
///
- public class WebSecurity : DisposableObjectSlim
+ public class WebSecurity
{
- private HttpContextBase _httpContext;
+ private readonly HttpContextBase _httpContext;
private readonly IUserService _userService;
private readonly IGlobalSettings _globalSettings;
@@ -263,10 +263,6 @@ namespace Umbraco.Web.Security
{
return _httpContext.User != null && _httpContext.User.Identity.IsAuthenticated && _httpContext.GetCurrentIdentity(false) != null;
}
-
- protected override void DisposeResources()
- {
- _httpContext = null;
- }
+
}
}
diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj
index f8570d6dcc..bdea3f1a66 100755
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -207,7 +207,7 @@
-
+
diff --git a/src/Umbraco.Web/Mvc/OnlyLocalRequestsAttribute.cs b/src/Umbraco.Web/WebApi/Filters/OnlyLocalRequestsAttribute.cs
similarity index 92%
rename from src/Umbraco.Web/Mvc/OnlyLocalRequestsAttribute.cs
rename to src/Umbraco.Web/WebApi/Filters/OnlyLocalRequestsAttribute.cs
index ed36e6e3df..6906519b17 100644
--- a/src/Umbraco.Web/Mvc/OnlyLocalRequestsAttribute.cs
+++ b/src/Umbraco.Web/WebApi/Filters/OnlyLocalRequestsAttribute.cs
@@ -1,11 +1,10 @@
-
using System.Net;
using System.Net.Http;
using System.Web.Http;
using System.Web.Http.Controllers;
using System.Web.Http.Filters;
-namespace Umbraco.Web.Mvc
+namespace Umbraco.Web.WebApi.Filters
{
public class OnlyLocalRequestsAttribute : ActionFilterAttribute
{