* Property level validation for content - initial implementation
* Always succeed create/update regardless of property level validation errors
* Move old complex editor validation classes to Web.BackOffice so they will be deleted
* Include operation status and property validation errors in ProblemDetails
* Refactor property validation to its own service(s)
* Make the problem details builder a little more generic towards extensions
* Validation for item and branch publish
* Moved malplaced test
* Get rid of a TODO
* Integration tests for content validation service
* Simplify validation service
* Add missing response types to create and update for document and media
* Remove test that no longer applies
* Use "errors" for model validation errors (property validation errors)
* Split create/update and validation into their own endpoints
* Fix forward merge
* Correct wrong assumption for missing properties
* Remove localization from validation error messages - decreases dependencies, adds a lot of obsolete constructors
* Reuse existing validation service + support custom error messages
* Fix merge errors
* Review comments
* Implemented culture based authorization for content
* Implemented culture auth for create/update of documents
* Applied culture authorization to dictionary create/update
* Added an integration test to test an assumption about the ContentTypeEditingService.CreateAsync method
* Fix processing when result is already false;
* Apply suggestions from code review
Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
* Refactor method to async + clarify and consilidate comments regarding dictionary locks
---------
Co-authored-by: Sven Geusens <sge@umbraco.dk>
Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
* Making ProblemDetails details more generic
* Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy
* Adding method to get the GUID from claims
* Adding service methods to check user group authz
* Porting MustSatisfyRequirementAuthorizationHandler
* Adding controllers authz
* Fix return status code + produced response type
* Moving to folder
* Adding DenyLocalLogin policy scaffold
* Implement a temp DenyLocalLoginHandler
* Introducing a new Fobidden result
* Fix comment
* Introducing a helper class for authorizers
* Changed nullability for GetCurrentUser
* Changes from Attempt to Status + FIXME comments
* Create a UserGroupAuthorizationStatus to be used in the future
* Introduces a new authz status for checking media acess
* Introducing a new permission service for media
* Adding fixme
* Adding more policy configurations
* Adding Media policy requirement and handler
* Adding media authorizer
* Fix order of params
* Adding duplicate code comment
* Adding authz to media controllers
* Migrating more logic from MediaPermissions.cs
* Adding more MediaAuthorizationStatus-es
* Handling of new authorization status
* Fix comment
* Adding NotFound case
* Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled
* Changed Forbid() to Forbidden() to get the correct status code
* Remove policy that is applied on the base controller already
* Implement and apply NewUmbracoFeatureEnabled policy
* Renaming classes to add Permission in the name
* Register permission services
* Add FIXME
* Introduce new IUserGroupPermissionService and refactor accordingly
* Add single overload with default implementation
* Adding user permission policy and related
* Applying admin policy
* Register all new policies
* Better wording
* Add default implementation for a single overload
* Adding remarks to IContentPermissionService.cs
* Supporting null as key in ContentPermissionService
* Fix namespace
* Reverting back to not supporting null as content key, but having dedicated implementation
* Adding content authorizer with null values to represent root item
* Removing null key support and adding dedicated implementation
* Removing remarks
* Adding content resource with null support
* Removing null support
* Adding requirement and status
* Adding content authorizer + handlers
* Applying policies to content controllers
* Update comment
* Handling of Authorization Statuses
* More authz in controllers
* Fix comments
* New branch handler
* Obsolete old implementation
* Adding dedicated policies to root and bin
* Adding a branch specific namespace
* Bin specific requirement and namespace
* Root specific requirement and namespace
* Changing to new root policy
* Refactoring
* Save policies
* Fix null check/reference
* Add TODO comment
* Create media root- and bin-specific policies, handlers, etc.
* Apply correct policy in create and update media controllers
* Apply root policy to move and sort controllers
* Fix wording
* Adding UserGroupAuthorizationStatusResult
* Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus
* Fixing Umbraco feature policy
* Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute
* Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword
* Fix comment
* Renaming performingUser to user and fixing comments
* Rename helper method
* Fix references
* Re-add merge conflict deletion
* Adding Backoffice requirement and relevant
* Registering
* Added a simple policy test
* Fixed small test things and clean up
* Temp solution
* Added one more test and fix another static issue
* Fix another merge conflict
* Remove BackOfficePermissionRequirement and handler as they might not be necessary
* Comment out again [AllowAnonymous]
* Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary
* Fix temp implementation
* Fix reference to correct handler
* Apply authz policy to new publish/unpublish controllers
* Fix comments
* Removing duplicate ProducesResponseTypes
* Added swagger documentation about the 401 and 403
* Added Resources to Media, User and UserGroup
* Handle root, recycle bin and branch in the same handler
* Handle both parent and target when moving
* Check Ids for all sort requests
* Xml docs
* Clean up
* Clean up
* Fix build
* Cleanup
* Remove TODO
* Added missing overload
* Use yield
* Adding some keys to check
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
* Updated API version package and moved attribute to each controller as it cannot be inherited.
* Ignore "$type" on types implementing interfaces in the delivery api
* Add default super user key to migrations
* Start refactoring all interfaces signatures with ids
* Refactor datatype service to use userKey pattern instead
* Refactor ContentEditingService to use userkeys
* Refactor services to userKey
* Refactor more services to use userkey instead of id
* Refactor RelationService to use userKeys
* Refactor template service to use keys instead of ids
* Refactor fileservice to use keys instead of ids
* Refactor LocalizationService to use keys instead of ids
* Refactor PackagingService to use keys instead of ids
* Refactor TemplateController to use current user keys
* Refactor DataTypeContainerService.cs
* Refactor DataTypeService to use keys instead of ids
* Fix up tests
* Fix up media editing service to use userkey instead of ID
* Update service ctor to avoid ambigious ctors
* refactor DataTypeService
* Refactor DataTypeService to not have a default value for parentKey
* Apply suggestions from code review
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Update comment
* Add suppression file
* Add backoffice CompatibilitySuppressions
---------
Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* CRUD API for media + get by ID for media types
* A little housekeeping for documents (align with media)
* Update Open API json
* Add messages to NotFound results (both content and media)
* Review changes; use same model for content and media URLs + return bad request when trying to move something to trash that is already in trash
* Fix bad merge + rename base (response) classes appropriately between both media and content types
