* Applying [ApiController] to ManagementApiControllerBase and the rest derive it from it
* Removing [ApiController] from deriving controllers
* Removing [ApiVersion("1.0")] from controller base
* Cleanup
* [ApiController] from deriving DeliveryApiControllerBase controller
* Removed the "New" from all policy names now that the legacy backoffice is gone.
* more policy renaming
* more policy renaming
* Uncommenting tests
* Cleanup
* Removing unused policy names
* Renaming AdminUserEditsRequireAdmin to a more meaningful UserPermissionByResource
* Completing TODO and some alphabetical rearranging
---------
Co-authored-by: Elitsa <elm@umbraco.dk>
* Bugfix: MediaCacheRefresher needs to always clear the mediaCache no matter what the publishedState is
* fix: check correct permissions for deleteDocumentFromRecycleBin
* Fix: ImageCropper propertyValues should not hold invalid values.
* Added media delete endpoints
* PR comment fix: Do not schedule cleanup if we know the file does not exist.
* resolved forward merge build conflicts
namespace cleanup
---------
Co-authored-by: Sven Geusens <sge@umbraco.dk>
* First take at new models for improved mapping between client and server
* Add variants to Media
* Re-introduced lost names
* Start breaking apart "Id" reference properties in request models as well
* Refactor to fix OpenAPI spec
* Discard TODO (not relevant)
* Split recycle bin response models
* Delete unused marker interface
* Use reference properties for content and media type handling
* Rework document and media types to be explicit in relations (do not expose "content type", it is an implementation detail)
* Mapping for document and media type copy + move
* Ensure correct response model for Media
* Regenerate OpenAPI JSON after forward merge
* Fix forward merge issues
* Fix forward merge + regenerate OpenApi.json
* Added unit tests for content state helper
* Move "allowed document types" endpoint to document type silo, refactored services and added "allowed media types"
* Regenerate OpenApi.json after forward merge
* Do not include content state for media items
* Review fix
* Making ProblemDetails details more generic
* Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy
* Adding method to get the GUID from claims
* Adding service methods to check user group authz
* Porting MustSatisfyRequirementAuthorizationHandler
* Adding controllers authz
* Fix return status code + produced response type
* Moving to folder
* Adding DenyLocalLogin policy scaffold
* Implement a temp DenyLocalLoginHandler
* Introducing a new Fobidden result
* Fix comment
* Introducing a helper class for authorizers
* Changed nullability for GetCurrentUser
* Changes from Attempt to Status + FIXME comments
* Create a UserGroupAuthorizationStatus to be used in the future
* Introduces a new authz status for checking media acess
* Introducing a new permission service for media
* Adding fixme
* Adding more policy configurations
* Adding Media policy requirement and handler
* Adding media authorizer
* Fix order of params
* Adding duplicate code comment
* Adding authz to media controllers
* Migrating more logic from MediaPermissions.cs
* Adding more MediaAuthorizationStatus-es
* Handling of new authorization status
* Fix comment
* Adding NotFound case
* Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled
* Changed Forbid() to Forbidden() to get the correct status code
* Remove policy that is applied on the base controller already
* Implement and apply NewUmbracoFeatureEnabled policy
* Renaming classes to add Permission in the name
* Register permission services
* Add FIXME
* Introduce new IUserGroupPermissionService and refactor accordingly
* Add single overload with default implementation
* Adding user permission policy and related
* Applying admin policy
* Register all new policies
* Better wording
* Add default implementation for a single overload
* Adding remarks to IContentPermissionService.cs
* Supporting null as key in ContentPermissionService
* Fix namespace
* Reverting back to not supporting null as content key, but having dedicated implementation
* Adding content authorizer with null values to represent root item
* Removing null key support and adding dedicated implementation
* Removing remarks
* Adding content resource with null support
* Removing null support
* Adding requirement and status
* Adding content authorizer + handlers
* Applying policies to content controllers
* Update comment
* Handling of Authorization Statuses
* More authz in controllers
* Fix comments
* New branch handler
* Obsolete old implementation
* Adding dedicated policies to root and bin
* Adding a branch specific namespace
* Bin specific requirement and namespace
* Root specific requirement and namespace
* Changing to new root policy
* Refactoring
* Save policies
* Fix null check/reference
* Add TODO comment
* Create media root- and bin-specific policies, handlers, etc.
* Apply correct policy in create and update media controllers
* Apply root policy to move and sort controllers
* Fix wording
* Adding UserGroupAuthorizationStatusResult
* Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus
* Fixing Umbraco feature policy
* Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute
* Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword
* Fix comment
* Renaming performingUser to user and fixing comments
* Rename helper method
* Fix references
* Re-add merge conflict deletion
* Adding Backoffice requirement and relevant
* Registering
* Added a simple policy test
* Fixed small test things and clean up
* Temp solution
* Added one more test and fix another static issue
* Fix another merge conflict
* Remove BackOfficePermissionRequirement and handler as they might not be necessary
* Comment out again [AllowAnonymous]
* Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary
* Fix temp implementation
* Fix reference to correct handler
* Apply authz policy to new publish/unpublish controllers
* Fix comments
* Removing duplicate ProducesResponseTypes
* Added swagger documentation about the 401 and 403
* Added Resources to Media, User and UserGroup
* Handle root, recycle bin and branch in the same handler
* Handle both parent and target when moving
* Check Ids for all sort requests
* Xml docs
* Clean up
* Clean up
* Fix build
* Cleanup
* Remove TODO
* Added missing overload
* Use yield
* Adding some keys to check
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
* Updated API version package and moved attribute to each controller as it cannot be inherited.
* Ignore "$type" on types implementing interfaces in the delivery api
* Created a common library for the APIs and moved stuff that is required for the new content API. Also moved the versioned backoffice API route handling to the management API where it belongs.
* Remove test auth attribute from Media
