* Making ProblemDetails details more generic
* Adding authorizer that can be replaces for external authz in handlers. Adding handler and requirement for UserBelongsToUserGroupInRequest policy
* Adding method to get the GUID from claims
* Adding service methods to check user group authz
* Porting MustSatisfyRequirementAuthorizationHandler
* Adding controllers authz
* Fix return status code + produced response type
* Moving to folder
* Adding DenyLocalLogin policy scaffold
* Implement a temp DenyLocalLoginHandler
* Introducing a new Fobidden result
* Fix comment
* Introducing a helper class for authorizers
* Changed nullability for GetCurrentUser
* Changes from Attempt to Status + FIXME comments
* Create a UserGroupAuthorizationStatus to be used in the future
* Introduces a new authz status for checking media acess
* Introducing a new permission service for media
* Adding fixme
* Adding more policy configurations
* Adding Media policy requirement and handler
* Adding media authorizer
* Fix order of params
* Adding duplicate code comment
* Adding authz to media controllers
* Migrating more logic from MediaPermissions.cs
* Adding more MediaAuthorizationStatus-es
* Handling of new authorization status
* Fix comment
* Adding NotFound case
* Adding NewDenyLocalLoginIfConfigured policy && commenting [AllowAnonymous] where the policy is applied since it is already handled
* Changed Forbid() to Forbidden() to get the correct status code
* Remove policy that is applied on the base controller already
* Implement and apply NewUmbracoFeatureEnabled policy
* Renaming classes to add Permission in the name
* Register permission services
* Add FIXME
* Introduce new IUserGroupPermissionService and refactor accordingly
* Add single overload with default implementation
* Adding user permission policy and related
* Applying admin policy
* Register all new policies
* Better wording
* Add default implementation for a single overload
* Adding remarks to IContentPermissionService.cs
* Supporting null as key in ContentPermissionService
* Fix namespace
* Reverting back to not supporting null as content key, but having dedicated implementation
* Adding content authorizer with null values to represent root item
* Removing null key support and adding dedicated implementation
* Removing remarks
* Adding content resource with null support
* Removing null support
* Adding requirement and status
* Adding content authorizer + handlers
* Applying policies to content controllers
* Update comment
* Handling of Authorization Statuses
* More authz in controllers
* Fix comments
* New branch handler
* Obsolete old implementation
* Adding dedicated policies to root and bin
* Adding a branch specific namespace
* Bin specific requirement and namespace
* Root specific requirement and namespace
* Changing to new root policy
* Refactoring
* Save policies
* Fix null check/reference
* Add TODO comment
* Create media root- and bin-specific policies, handlers, etc.
* Apply correct policy in create and update media controllers
* Apply root policy to move and sort controllers
* Fix wording
* Adding UserGroupAuthorizationStatusResult
* Remove all AuthorizationStatusResult as we cannot get the specific AuthorizationStatus
* Fixing Umbraco feature policy
* Fix allow anonymous endpoints - the value returned from DenyLocalLoginHandler wasn't enough, we need to succeed DenyAnonymousAuthorizationRequirement as it is required for some of the endpoints that had the attribute
* Apply DenyLocalLoginIfConfigured policy to corresponding re-implementation of PostSetInvitedUserPassword
* Fix comment
* Renaming performingUser to user and fixing comments
* Rename helper method
* Fix references
* Re-add merge conflict deletion
* Adding Backoffice requirement and relevant
* Registering
* Added a simple policy test
* Fixed small test things and clean up
* Temp solution
* Added one more test and fix another static issue
* Fix another merge conflict
* Remove BackOfficePermissionRequirement and handler as they might not be necessary
* Comment out again [AllowAnonymous]
* Remove AuthorizationPolicies.BackOfficeAccessWithoutApproval policy as it might not be necessary
* Fix temp implementation
* Fix reference to correct handler
* Apply authz policy to new publish/unpublish controllers
* Fix comments
* Removing duplicate ProducesResponseTypes
* Added swagger documentation about the 401 and 403
* Added Resources to Media, User and UserGroup
* Handle root, recycle bin and branch in the same handler
* Handle both parent and target when moving
* Check Ids for all sort requests
* Xml docs
* Clean up
* Clean up
* Fix build
* Cleanup
* Remove TODO
* Added missing overload
* Use yield
* Adding some keys to check
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Andreas Zerbst <andr317c@live.dk>
* make CoreScopeProvider available for derived classes
* Create publish controller
* Add publish functionality
* Remove unneeded using
* Implement publish for multiple cultures
* support multiple cultures in controler
* Dont validate properties
* Refactor to use PublishingOperationStatus
* refactor to use proper publish async methods
* Refactor publish logic into own service
* Commit some demo code
* Add notes about what errors can happen when publishing
* Rework ContentPublishingService and introduce explicit Publish and PublishBranch methods in ContentService
* Fix merge
* Allow the publishing strategy to do its job
* Improved check for unsaved changes
* Make the old content controller work (as best possible)
* Remove SaveAndPublish (SaveAndPublishBranch) from all tests
* Proper guards for invalid cultures when publishing
* Fix edge cases for property validation and content unpublishing + add unpublishing to ContentPublishingService
* Clear out a few TODOs - we'll accept the behavior for now
* Unpublish controller
* Fix merge
* Fix branch publish notifications
* Added extra test for publishing unpublished cultures and added FIXME comments for when we fix the state of published cultures in content
---------
Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
Co-authored-by: Zeegaan <nge@umbraco.dk>
* Adding a replacement to IUserGroupAuthorizationService
* Replacement for the implementation as well
* Adding AuthorizationStatus & mapping it to the corresponding OperationStatus
* Fix references
* Fix another reference
* Fix statuses
* Fix status result messages
* Fix wording
* Moving check for user part of user group earlier
* Review suggestion
* Fix section name
* Refactor OpenIddict for shared usage between APIs + implement member authentication and handling within the Delivery API
* Make SwaggerRouteTemplatePipelineFilter UI config overridable
* Enable token revocation + rename logout endpoint to signout
* Add default implementation of SwaggerGenOptions configuration for enabling Delivery API member auth in Swagger
* Correct notification handling when (un)protecting content
* Fixing integration test framework
* Cleanup test to not execute some composers twice
* Update paths to match docs
* Return Forbidden when a member is authorized but not allowed to access the requested resource
* Cleanup
* Rename RequestMemberService to RequestMemberAccessService
* Rename badly named variable
* Review comments
* Hide the auth controller from Swagger
* Remove semaphore
* Add security requirements for content API operations in Swagger
* Hide the back-office auth endpoints from Swagger
* Fix merge
* Update back-office API auth endpoint paths + add revoke and sign-out endpoints (as of now they do not exist, a separate task will fix that)
* Swap endpoint order to maintain backwards compat with the current login screen for new back-office (will be swapped back again to ensure correct .well-known endpoints, see FIXME comment)
* Make "items by IDs" endpoint support member auth
* Add 401 and 403 to "items by IDs" endpoint responses
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Elitsa <elm@umbraco.dk>
* Change document delete into move-to-recycle-bin
* Make it possible to supply an explicit ID when creating content and media
* Change media delete into move-to-recycle-bin
* Merge "allowed child content types" controllers into one + fixed a bug that allowed all types if none were defined
* Update OpenAPI JSON to reflect merged endpoints
* Added attribute filter to ensure a request is taking a minimum time to response
* Added functionality to management api to send forgot password emails and verify these + do the actual reset using the token
* Renamed UserKey to UserId and updated OpenApi.json
* Update src/Umbraco.Core/Services/IUserService.cs
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Cleanup
* Renaming param
* Fixing send user username instead of email + wrong EmailTypes
* Fixed issue with forgot password functionality after reusing other functionality
* Rename prop
* Adding docs and renaming param
* Handle password validation return types
* More cleanup
---------
Co-authored-by: Elitsa <elm@umbraco.dk>
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Add content and media sorting to the Management API
* Rename "id" to "key" throughout the ContentEditingService
* Update Open API json file
* Use "key" instead of "id" in ContentEditingServiceBase
* Use "key" instead of "id" in IMediaEditingService and MediaEditingService
* Turn delegates into abstracts + fix bug that allowed deleting items outside of the recycle bin
* Use PUT instead of POST
* Update src/Umbraco.Core/Services/MediaEditingService.cs
Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
* Update src/Umbraco.Core/Services/MediaEditingService.cs
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Update Open API JSON
---------
Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* CRUD for content and media type folders + refactor data type folder CRUD controllers and services to match
* Correct response types + update OpenAPI JSON
* Review changes
* Review changes
* Update OpenAPI JSON after merge
* Add GetAsync method
* Fix up delete document type controller
* Add scope to delete async
* Add some scaffolding
* Add create model
* Start working on validation
* Move validation to its own service
* Use GetAllAsync instead of GetAsync
* Add initial composition support
Still need to figure out some kinks
* Validate compositions when creating
* Add initial folder support
* Initial handling of generic properties
* Add operation status responses
* Move create operation into service
* Add first test
* Fix issued shown by test
* Ensure a specific key can be specified when creating
* Rename container id to container key
Let's try and be consistent
* Create basic composition test
* Ensure new property groups are created with the correct key
* Add test showing property type issue
* Fix property types not using the expected key.
* Validate against model fetched from content type service
Just to make sure nothing explodes on the round trip
* Make helper for creating create models
* Add helper for creating container
* Make helper methods simpler to use
* Add test for compositions using compositions
* Add more composition tests
* Fix bug allowing element types to be composed by non element types
* Remove validators
This can just be a part of the editing service
* Minor cleanup
* Ensure that multiple levels of inheritance is possible
* Ensure doctype cannot be used as both composition and inheritance on the same doctype
* Ensure no duplicate aliases from composition and that compositions exists
* Minor cleanup
* Address todos
* Add SaveAsync method
* Renamed some models
* Rename from DocumentType to ContentType
* Clarify ParentKey as being container only + untangle things a tiny bit
* Clean out another TODO (less duplicate code) + more tests
* Refactor for reuse across different content types + add media type editing service + unit tests
* Refactor in preparation for update handling
* More tests + fixed bugs found while testing
* Simplify things a bit
* Content type update + a lot of unit tests + some refactor + fix bugs found while testing
* Begin building presentation factories for mapping view models to editing models
* Use async save
* Mapping factories and some clean-up
* Rename Key to Id (ParentKey to ParentId)
* Fix slight typo
* Use editing service in document type controllers and introduce media type controllers
* Validate containers and align container aliases with the current backoffice
* Remove ParentId from response
* Fix scope handling in DeleteAsync
* Refactor ContentTypeSort
* A little renaming for clarity + safeguard against changes to inheritance
* Persist allowed content types
* Fix bad merge + update controller response annotations
* Update OpenAPI JSON
* Update src/Umbraco.Cms.Api.Management/Controllers/DocumentType/DocumentTypeControllerBase.cs
Co-authored-by: Mole <nikolajlauridsen@protonmail.ch>
* Fix review comments
* Update usage of MapCreateAsync to ValidateAndMapForCreationAsync
---------
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
* Implement GetEntryByContentKey
* Implement PublicAccessResponseModel
* Implement IPublicAccessPresentationFactory
* Rename MemberGroupItemReponseModel to MemberGroupItemResponseModel
* Refactor PublicAccessResponseModel to use Ids instead of entire content items
* Return attempt instead of PresentationModel
* Add missing statuses to PublicAccessOperationStatusResult
* Implement PublicAccessDocumentController.cs
* Refacotr PublicAccessResponseModel to use a base model
* Add CreatePublicAccessEntry method
* Refactor AccessRequestModel to use names not ids :(
* Rename ErrorPageNotFound to ErrorNodeNotFound
* Implement new SaveAsync method
* Introduce more OperationResults
* Implement PublicAccessEntrySlim
* Implement SaveAsync
* Remove CreatePublicAccessEntry from presentation factory
* Rename to CreateAsync
* Implement UpdateAsync
* Rename to async
* Implement CreatePublicAccessEntry
* Implement update endpoint
* remove PublicAccessEntrySlim mapping
* implement CreatePublicAccessEntrySlim method
* Refactor UpdateAsync
* Remove ContentId from request model as it should be in the request
* Use new service layer
* Amend method name in update controller
* Refactor create public access entry to use async method and return entity
* Refactor to use saveAsync method instead of synchronously
* Use presentation factory instead of mapping
* Implement deleteAsync endpoint
* Add produces response type
* Refactor mapping to not use UmbracoMapper, as that causes errors
* Update OpenApi.json
* Refactor out variables to intermediate object
* Validate that groups and names are not specified at the same time
* Make presentation factory not async
* Minor cleanup
---------
Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
* Added functionality to verify user invite tokens and create the initial password
* Add response types
* Fail ValidateCredentialsAsync when user is not approved
* Enable user as part of initial password creating using validation token
* Adds documentation to badrequest and changed nocontent to ok, to align with other APIs
* Fixed tests and added a new one
---------
Co-authored-by: nikolajlauridsen <nikolajlauridsen@protonmail.ch>
* Adding default values to skip and take to align with the rest of the controllers
* Changing skip and take type from long to int to align with the rest
* Fixing wrong response type
* Remove double skip and take
* Update json file
* Implement allowed children of root
* Allow children by key controller
* Update to be document controlller instead
* Fix AllowedChildrenOfRootDocumentController
* Create GetAllAsync method in ContentTypeServiceBaseOfTRepositoryTItemTService
* Revert "Create GetAllAsync method in ContentTypeServiceBaseOfTRepositoryTItemTService"
This reverts commit b01b5b924099e58bb53246e4b4ba5fa15358d0cd.
* Implement attemp pattern in IContentTypeService
* Create IContentCreatingService
* Use new contentCreatingService in controller
* Revert if statement
* Use total from attempt
* Throw exceptions instead of returning attempt
* Wrap in scope
* Rename to GetAllowedChildrenContentTypesAsync
* Fix summary
* Removed unneccessary await Task.FromResult
---------
Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Add alias to document item response
* Add master template key to detailed model
* Add mater template key as optiona parameter to Scaffolding
* Check for duplicate alias when creating templates directly
* Clean
* Ensure integration tests creates templates with unique aliases
* Perform mapping in presentation factory
* Add current user data endpoint
* Add Change password endpoint
* Add SetAvatar
* Add get node permissions
* Add endpoint for getting currently logged in users linked logins
* Add tour service
* Add get tours
* Add set tour endpoint
* Added PermissionNames to IReadOnlyUserGroup
* Only require backend auth on management api
* Use ISet in response model
* Fixed issue with saving null as startMediaId, where it was ignored
* Add get current user endpoint
* Fix missing linebreak
* Append "New" keyword to policies
* Update OpenApi
---------
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
* Add current user data endpoint
* Add Change password endpoint
* Add SetAvatar
* Add get node permissions
* Add endpoint for getting currently logged in users linked logins
* Add tour service
* Add get tours
* Add set tour endpoint
* Split permissions endpoint in two, one for media and one for document
* ignore output files
* add new umb-login element
* allow to build and clean 'login' assets
* remove unused AuthUrl since this is now coded into the frontend code for each context
* ensure the ReturnUrl has a fallback to the default installation directory, since if you accidentally hit the login page and login, nothing happens if there is no return url
* switch to DependsOnTargets to account for if this is the only target being run (we need node_modules installed)
* add UmbracoUrl property
* add taghelper to use asp-append-version on login static assets
* Add variant information to the document tree model
* Add content type key to document tree and item
* Add sort order to PropertyTypeResponseModelBase
* This moves around files and deletes the temp projects with files that are not moved to Core, Infrastructure etc.
Also moves the from new backoffice to static access, and override those with the old views in the legacy executeable
* Removes old files from the new executeable.
* Added missing files
* Added EF Core project to solution file
* fix build
* Updated API version package and moved attribute to each controller as it cannot be inherited.
* Ignore "$type" on types implementing interfaces in the delivery api
* Add scaffolding
* Entities not Entitys
* Remove unececary obsoleted constructor
* Implement create script
* Return a simplified ScriptFile instead of IScript
That file abstraction seems way too bloated, containing a lot of stuff that's not relevant for files, such as IDs and keys.
* Use IScript instead of custom return model
* Add validation when creating script
* Add Get script endpoint
* Add response types
* Add Delete
* Throw if user key not found
* Remove unused maapper
* Add update endpoint
* Add Get by path
* Add create folder endpoint
* Don't pass performingUserId to folder creation
* Remove update folder
* Add delete folder endpoint
* Use specific ScriptFolderOperationStatus instead of ScriptOperationStatus
* Add OperationStatusResult
* Check folder for invalid name
* Check name for invalid characters
* Add partial view snippet endpoint
* Start working on CreatePartialView
* Add create partial view endpoint
* Retrieve key from audit method
* Add operation status results
* Add Get endpoint
* Return 201 when creating
* Add update partial view endpoint
* Add delete endpoint
* Add response types
* Add folder base implementation
* Add folder endpoints
* User property for allowed file extensions
* Rename async method to async
* Break snippet into endpoint in two
* Make content non-nullable
* Remove IService
* Add get by path
* Add viewmodels
* Add create and update models
* Add create stylesheet
* Add update endpoint
* Rename StylesheetControllerBase to StylesheetControllerBase
* Add stylesheet delete
* Rename controller bases
* Add stylesheet folders
* Add status results
* Add response types to folders
* Add richtext rules endpoints
* Add Get all endpoint
* Add get rules by path endpoint
* Aling validates so they're not async
These are private methods, so there's no reason to make them preemptively async
* Add template obsoletions to interface
* Add stream methods
This is evidently used by deploy 🤷
* Obsolete stylesheet operations
* Add get and getall across all services
* Obsolete script operations
* Obsolete old partial view methods
* Add some method docs
* Add compatibility suppression
* Update OpenApi.json
* Rename action
* formatting
* Fix import
* add expression body
* Invert if
* Move base on own line
* Rename file
* Rename to all
* Change to stylesheet instead of script
* Add Umbraco.Code.MapAll to map definitions
* Add comment about auditing
* use publish cancelable async
* use expression body
* formatting
* fix to use pattern matching
---------
Co-authored-by: Zeegaan <nge@umbraco.dk>
* Added functionality to split det swagger doc into multiple definitions. Most (maybe too much) is still shared between the apis.
* Fixed issue with duplicate operation ids when we have multiple versions of an endpoint
* use strong types instead of var
* Updated OpenApi.json
* Formatting
* formatting
* Delete old files that is not implemented in api.common
* Updated openAPi after merge
---------
Co-authored-by: Zeegaan <nge@umbraco.dk>
* Rename UsersController to UserController
* Rename namespace to User
* Rename UserGroupsControllerBase to UserGroupControllerBase
* Rename namespace to UserGroup
* New backoffice: User and member item endpoints (#14079)
* Implement ByKeys in MemberService
* Implement member item endpoint
* Add routing to static file item controller
* Implement user item endpoint
* Implement user group item endpoint
* return proper response model
* update OpenApi.json
* Add CompatibilitySuppressions
* Cleanup
* Update OpenApi
---------
Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Elitsa <elm@umbraco.dk>
* Make user-group item endpoint singular
* Make user item endpoint singular
* Renamer user and user group folders
* Move from Users namespace to user
* Move from UserGroups namespace to UserGroup
* Update OpenApi.json
* Fix namespace after merge
* Move user item endpoint to singular namespace
* Move user group item endpoint to singular namespace
* Fix open api schema
---------
Co-authored-by: Nikolaj Geisle <70372949+zeegaan@users.noreply.github.com>
Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Elitsa <elm@umbraco.dk>
* Add a dedicated (temporary) cookie setup for new backoffice logins, so old and new backoffice can co-exist behind separate logins
* use temp management api login endpoint for authentication
* Update OpenAPI JSON
---------
Co-authored-by: Jacob Overgaard <752371+iOvergaard@users.noreply.github.com>
