From f814a80ab7fb1451d7b2abbd274ac6ace1338691 Mon Sep 17 00:00:00 2001
From: Shannon <sdeminick@gmail.com>
Date: Thu, 14 Feb 2019 11:37:27 +1100
Subject: [PATCH] Fixes the ContentSaveValidationAttribute since it was
 capturing a request based object in it's ctor when it's a singleton, moves
 the OnlyLocalRequestsAttribute to the correct namespace, WebSecurity
 shouldn't be IDisposable

---
 .../Filters/ContentSaveValidationAttribute.cs    | 16 +++++++---------
 src/Umbraco.Web/Editors/KeepAliveController.cs   |  1 +
 src/Umbraco.Web/Security/WebSecurity.cs          | 10 +++-------
 src/Umbraco.Web/Umbraco.Web.csproj               |  2 +-
 .../Filters}/OnlyLocalRequestsAttribute.cs       |  3 +--
 5 files changed, 13 insertions(+), 19 deletions(-)
 rename src/Umbraco.Web/{Mvc => WebApi/Filters}/OnlyLocalRequestsAttribute.cs (92%)

diff --git a/src/Umbraco.Web/Editors/Filters/ContentSaveValidationAttribute.cs b/src/Umbraco.Web/Editors/Filters/ContentSaveValidationAttribute.cs
index a0565c1d2f..6286572946 100644
--- a/src/Umbraco.Web/Editors/Filters/ContentSaveValidationAttribute.cs
+++ b/src/Umbraco.Web/Editors/Filters/ContentSaveValidationAttribute.cs
@@ -15,7 +15,6 @@ using Umbraco.Web.Actions;
 using Umbraco.Web.Composing;
 using Umbraco.Web.Models.ContentEditing;
 using Umbraco.Web.Security;
-using Umbraco.Web.WebApi;
 
 namespace Umbraco.Web.Editors.Filters
 {
@@ -24,23 +23,21 @@ namespace Umbraco.Web.Editors.Filters
     /// </summary>
     internal sealed class ContentSaveValidationAttribute : ActionFilterAttribute
     {
-        public ContentSaveValidationAttribute(): this(Current.Logger, Current.UmbracoContextAccessor, Current.Services.ContentService, Current.Services.UserService, Current.Services.EntityService, UmbracoContext.Current.Security)
+        public ContentSaveValidationAttribute(): this(Current.Logger, Current.UmbracoContextAccessor, Current.Services.ContentService, Current.Services.UserService, Current.Services.EntityService)
         { }
 
-        public ContentSaveValidationAttribute(ILogger logger, IUmbracoContextAccessor umbracoContextAccessor, IContentService contentService, IUserService userService, IEntityService entityService, WebSecurity security)
+        public ContentSaveValidationAttribute(ILogger logger, IUmbracoContextAccessor umbracoContextAccessor, IContentService contentService, IUserService userService, IEntityService entityService)
         {
             _logger = logger;
             _umbracoContextAccessor = umbracoContextAccessor;
             _contentService = contentService ?? throw new ArgumentNullException(nameof(contentService));
             _userService = userService ?? throw new ArgumentNullException(nameof(userService));
             _entityService = entityService ?? throw new ArgumentNullException(nameof(entityService));
-            _security = security ?? throw new ArgumentNullException(nameof(security));
         }
 
         private readonly ILogger _logger;
         private readonly IUmbracoContextAccessor _umbracoContextAccessor;
         private readonly IContentService _contentService;
-        private readonly WebSecurity _security;
         private readonly IUserService _userService;
         private readonly IEntityService _entityService;
 
@@ -51,7 +48,7 @@ namespace Umbraco.Web.Editors.Filters
 
             if (!ValidateAtLeastOneVariantIsBeingSaved(model, actionContext)) return;
             if (!contentItemValidator.ValidateExistingContent(model, actionContext)) return;
-            if (!ValidateUserAccess(model, actionContext)) return;
+            if (!ValidateUserAccess(model, actionContext, _umbracoContextAccessor.UmbracoContext.Security)) return;
             
             //validate for each variant that is being updated
             foreach (var variant in model.Variants.Where(x => x.Save))
@@ -83,7 +80,8 @@ namespace Umbraco.Web.Editors.Filters
         /// </summary>
         /// <param name="actionContext"></param>
         /// <param name="contentItem"></param>
-        private bool ValidateUserAccess(ContentItemSave contentItem, HttpActionContext actionContext)
+        /// <param name="webSecurity"></param>
+        private bool ValidateUserAccess(ContentItemSave contentItem, HttpActionContext actionContext, WebSecurity webSecurity)
         {  
 
             //We now need to validate that the user is allowed to be doing what they are doing.
@@ -194,13 +192,13 @@ namespace Umbraco.Web.Editors.Filters
                 actionContext.Request.Properties[typeof(IContent).ToString()] = contentItem;
 
                 accessResult = ContentPermissionsHelper.CheckPermissions(
-                    contentToCheck, _security.CurrentUser,
+                    contentToCheck, webSecurity.CurrentUser,
                     _userService, _entityService, permissionToCheck.ToArray());
             }
             else
             {
                 accessResult = ContentPermissionsHelper.CheckPermissions(
-                       contentIdToCheck, _security.CurrentUser,
+                       contentIdToCheck, webSecurity.CurrentUser,
                        _userService, _contentService, _entityService,
                        out contentToCheck,
                        permissionToCheck.ToArray());
diff --git a/src/Umbraco.Web/Editors/KeepAliveController.cs b/src/Umbraco.Web/Editors/KeepAliveController.cs
index b15621ee23..23815e1bbe 100644
--- a/src/Umbraco.Web/Editors/KeepAliveController.cs
+++ b/src/Umbraco.Web/Editors/KeepAliveController.cs
@@ -2,6 +2,7 @@
 using System.Web.Http;
 using Umbraco.Web.Mvc;
 using Umbraco.Web.WebApi;
+using Umbraco.Web.WebApi.Filters;
 
 namespace Umbraco.Web.Editors
 {
diff --git a/src/Umbraco.Web/Security/WebSecurity.cs b/src/Umbraco.Web/Security/WebSecurity.cs
index ef6193694c..55ac421b92 100644
--- a/src/Umbraco.Web/Security/WebSecurity.cs
+++ b/src/Umbraco.Web/Security/WebSecurity.cs
@@ -21,9 +21,9 @@ namespace Umbraco.Web.Security
     /// <summary>
     /// A utility class used for dealing with USER security in Umbraco
     /// </summary>
-    public class WebSecurity : DisposableObjectSlim
+    public class WebSecurity
     {
-        private HttpContextBase _httpContext;
+        private readonly HttpContextBase _httpContext;
         private readonly IUserService _userService;
         private readonly IGlobalSettings _globalSettings;
 
@@ -263,10 +263,6 @@ namespace Umbraco.Web.Security
         {
             return _httpContext.User != null && _httpContext.User.Identity.IsAuthenticated && _httpContext.GetCurrentIdentity(false) != null;
         }
-
-        protected override void DisposeResources()
-        {
-            _httpContext = null;
-        }
+        
     }
 }
diff --git a/src/Umbraco.Web/Umbraco.Web.csproj b/src/Umbraco.Web/Umbraco.Web.csproj
index f8570d6dcc..bdea3f1a66 100755
--- a/src/Umbraco.Web/Umbraco.Web.csproj
+++ b/src/Umbraco.Web/Umbraco.Web.csproj
@@ -207,7 +207,7 @@
     <Compile Include="Models\Link.cs" />
     <Compile Include="Models\LinkType.cs" />
     <Compile Include="Models\TemplateQuery\OperatorFactory.cs" />
-    <Compile Include="Mvc\OnlyLocalRequestsAttribute.cs" />
+    <Compile Include="WebApi\Filters\OnlyLocalRequestsAttribute.cs" />
     <Compile Include="PropertyEditors\MultiUrlPickerConfiguration.cs" />
     <Compile Include="PropertyEditors\MultiUrlPickerConfigurationEditor.cs" />
     <Compile Include="PropertyEditors\MultiUrlPickerPropertyEditor.cs" />
diff --git a/src/Umbraco.Web/Mvc/OnlyLocalRequestsAttribute.cs b/src/Umbraco.Web/WebApi/Filters/OnlyLocalRequestsAttribute.cs
similarity index 92%
rename from src/Umbraco.Web/Mvc/OnlyLocalRequestsAttribute.cs
rename to src/Umbraco.Web/WebApi/Filters/OnlyLocalRequestsAttribute.cs
index ed36e6e3df..6906519b17 100644
--- a/src/Umbraco.Web/Mvc/OnlyLocalRequestsAttribute.cs
+++ b/src/Umbraco.Web/WebApi/Filters/OnlyLocalRequestsAttribute.cs
@@ -1,11 +1,10 @@
-
 using System.Net;
 using System.Net.Http;
 using System.Web.Http;
 using System.Web.Http.Controllers;
 using System.Web.Http.Filters;
 
-namespace Umbraco.Web.Mvc
+namespace Umbraco.Web.WebApi.Filters
 {
     public class OnlyLocalRequestsAttribute : ActionFilterAttribute
     {