* V2 output expansion + field limiting incl. deprecation of V1 APIs
* Performance optimizations for Content and Block based property editors
* A little formatting
* Support API versioning in Delivery API endpoint matcher policy
* Add V2 "expand" and "fields" to Swagger docs
* Renamed route for "multiple items by ID"
* Review changes
* Update src/Umbraco.Cms.Api.Delivery/Controllers/Media/ByIdMediaApiController.cs
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Update src/Umbraco.Cms.Api.Delivery/Filters/SwaggerDocumentationFilterBase.cs
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Update src/Umbraco.Cms.Api.Delivery/Filters/SwaggerDocumentationFilterBase.cs
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Revert "Performance optimizations for Content and Block based property editors"
This reverts commit 0d5a57956b36e94ce951f1dad7a7f3f43eb1f60b.
* Introduce explicit API cache levels for property expansion
* Friendly handling of bad expand/fields parameters
---------
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Implement persistence
* Start implementing repository
* Implement repository
* Implement request service
* Dont run WebhookFiring if not in runtime mode run
* Refactor repository and service to have full CRUD
* add tests for Request service
* Implement WebhookRequest lock
* Register hosted service
* Add try catch when firing HttpRequest
* Add migration
* Refactor to use renamed IWebhookService
* Refactor tests too
* Add setting to configure webhook firing period
* Update docs
* Review fixes
* Add column renaming migration
* Remove unused service
* run request in parralel
* Refactor to fire parallel in background
---------
Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Refactor IWebhookEvent to contain event type.
* refactor frontend to filter on eventType.
* Display event names
* refactor to use eventNames
* remove npm from overview
* implement alias for WebhookEvents
* Implement [WebhookEvent] attribute
* Refactor IWebhookService to get by event alias and not name
* Rename parameter to fit method name
* to lower event type to avoid casing issues
* Apply suggestions from code review
Co-authored-by: Ronald Barendse <ronald@barend.se>
* Change event names from constants to hard coded. And give more friendly names
* Refactor to not use event names, where it was not intended
* Add renaming column migration
* display event alias in logs
* Update migration to check if old column is there
* Apply suggestions from code review
Co-authored-by: Kenn Jacobsen <kja@umbraco.dk>
* add determineResource function to avoid duplicate code
---------
Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Ronald Barendse <ronald@barend.se>
Co-authored-by: Kenn Jacobsen <kja@umbraco.dk>
* insert umb rte block web component in rte
* First stab at moving the RTE markup to a nested "markup" property in the property value.
* initial work
* only rewrite markup
* transform RTE into component
* parse scope in grid.rte
* revert use a fallback instead
* block insertion and sync in place
* block picker partly impl
* remove test of old controller
* remove test of old controller
* block with block data
* proper block with api connection
* remove log
* styling
* Persist blocks data (still a temporary solution)
* styling allows for interaction
* block actions
* tinyMCE styling
* paste feature
* prevalue display Inline toggle
* inline mode in RTE
* todo note
* fixes wording
* preparation for editor communication
* remove val-server-match for now
* clean up blocks that does not belong in markup
* remove blocks not used in the markup
* liveEditing
* displayAsBlock formatting
* clean up
* TODO note
* Serverside handling for RTE blocks (incl. refactor of Block List and Block Grid)
* ensure rich text loads after block editor
* trigger resize on block init
* Handle RTE blocks output in Delivery API
* sanitize ng classes
* simplify calls to init blocks
* move sanitisation
* make validation work
* only warn when missing one
* clean up
* remove validation border as it does not work
* more clean up
* add unsupported block entry editor
* Revert breaking functionality for Block List and Grid
* prevent re-inits of blocks
* make sure delete blocks triggers an update
* Refactor RichTextPropertyIndexValueFactory to index values from blocks + clean up RichTextPropertyEditor dependencies
* first working cursor solution
* inline element approach
* Handle both inline and block level blocks
* Fix the RTE block parser regex so it handles multiple inline blocks.
* Fix reference and tags tracking, add tests, make the editor backwards compatible and make deploy happy
* Use RichTextPropertyEditorHelper serialization in tests
* Ensure correct model in Block Grid value converter (incl unit test to prove it)
* do not include umbblockpicker in grid
* make blocks the new default, instead of macros
* only send value of body from DOMParser
* Blocks of deleted ElementTypes shows unsupported
* do not edit a unsupported block
* remove trying to be smart on the init
* fix missing culture issue
* set dirty
* alert when no blocks
* Revert "make blocks the new default, instead of macros"
This reverts commit 283e8aa473fdfde075197d34aa47e35dfc64a8ae.
---------
Co-authored-by: kjac <kja@umbraco.dk>
* Create webhook models
* Define interfaces for service and repository
* Create Webhook dto and corresponding factory
* implement WebhookRepository.cs
* Remove entity name from models, as that should be resolved in mapping instead
* Add new table to schema creator
* Register repo for DI
* Remove more mentions of entityname
* Refactor repository to guids
* Implement WebhookService
* Use scopes in service
* Start creating tests for service
* Refactor delete to use Id and not entire entity
* Rework Webhooks to be able to have multiple entity keys
* Implement GetAll functionality
* Implement webhook controller
* Imeplement get all events action
* Add equalityComparer deletegate to Webhook
* Add datacontract attirbutes to properties
* Implement backoffice webhooks tree
* Implement first webhooks menu
* Make WebHookController authorized
* Update to have tabs with webhooks and logs
* Enable create overlay
* Push to entityKeys array
* Fix up pagination
* Implement delete functionality
* remove pagination
* add log view
* Fix create to be able to select more than one content type
* implement type name resolving for content
* Refactor to use less duplication
* Implement update functionality in frontend
* Rename database table
* Make multiple events possible
* create new event picker
* Refactor to actually add new database table with proper name
* Make it possible to select multiple events
* Fix updating current items
* Fix up update functionality after db rework
* Add webhook icon
* Switch to match heartcore icons
* Refactor to use bases instead of Enum
* Refactor to make IWebhookEvent to Collection, so it can be injected instead of using reflection
* Fix up frontend to match new models
* Fix integration tests
* Remove obsolete entity key from webhookdto
* Introduce constants instead of hard coded strings
* Start implementation of firing mechanism
* Add new GetByEventName method
* Add 1 to many list on WebhookDto
* Implement new repository pattern
* Implement GetByEventName
* Fix up repository to use all async
* Refactor events to fire
* Refactor WebhookEvents to be more DRY
* Add custom header
* Start implementing log repository
* Implement GetPaged
* Implement WebhookLogService
* Implement GetLogs
* Add url to webhook log
* Implement log overview
* Formatting
* Implement details view
* Refactor to get actual retry count
* Refactor firing to fire only when Enabled
* Add Status code to detailed view
* Add configuration to disable webhooks entirely
* Implement custom headers frontend
* Implement persistence of custom headers
* Refactor retry service to also retry on non success status codes.
* Refactor registration of Webhooks, to also register as NotificationHandler
* Add webhooks migration
* Add key for adding webhook headers
* Fix up test
* Change event icon to flag
* Remember event, when editing what events you have chosen
* Refactor reflection to check if INotificationAsyncHandler instead
* Formatting
* Refactor webhook model to no longer derive from EntityBase
* Rename entityKeys to content keys
* Rename controller to lowercase H
* Add null check before trying to access selectedEvents
* Add configuration for maximum number of retries
* Add index to date
* Add webhook Key to logs
* Check for SchedulingPublisher before sending webhooks
* rename requestObject to payload
* Refactor event to send appropriate payloads
* Refactor logging to happen for every try.
* Order date by descending
* Add todo
* Change firing service to use String not ByteContent
* Update Headers to Interface instead of concrete implementation
* Dont return if a table exists already
* Rename updateModel to webhook
* Annotate WebhookController.cs with PluginController attribute
* Add danish translations
* Do not check if fail
* Dont filter when selecting custom items
* Remove delay from WebhookFiringService
---------
Co-authored-by: Zeegaan <nge@umbraco.dk>
* implement interface
* add build targets for login screen
* package lock
* move components to pages folder
* load logo and background from property
* styling
* move mocks around
* remove unused vars
* add backoffice handlers
* install rxjs
* add mock data
* add element and context for localization
* mock data
* use umb-localize
* remove the extra logic with check for section_
* change key for login button
* add base to vite environment
* login styling
* cleanup and button styling
* use correct reset url
* change body of reset request
* validate password reset code
* redirect to /login/new on reset password code verify
* add obsolete messages
* remove inline scripts for old backoffice
* remove shadowdom from localize element
* Revert "remove shadowdom from localize element"
This reverts commit 46ae282f7ce9235c15f160d57d54acd5d3378668.
* hook up reset password to api
* rename pages to state as it is not actually used as different pages
* reset password styling
* more styling
* add confirmation page to new password
* set router to firstUpdated to avoid rAF
* set a custom baseUrl on the router to make sure it works without trailing slash
* use route parameters to redirect on the login page to ensure correct escaping
* add server variables
* make sure auth layout uses the provided properties for images
* format
* redirect to code expired page
* add missing properties
* use allowPasswordReset and allowInvite properties in routing and layout
* make ts happy
* cleanup
* init invite page
* hook up usernameIsEmail
* init external login providers
* add mock provider
* add padding to buttons
* replace uui button with normal button
* add external login providers as slot
* add disableLocalLogin property
* add form to external login providers
* remove unused method
* fix build errors
* add attributes for external login
* add custom view to external login
* add new custom icon registry
* attach two icon registries
* use relative paths
* use relative paths
* use main registry instead of providing directly
* add look and color to external login
* implement getIcons() method
* use getIcons() to request icons
* install remixicon to supplement backoffice icons (replacing font-awesome eventually)
* move icon registries to auth element
* Revert "install remixicon to supplement backoffice icons (replacing font-awesome eventually)"
This reverts commit 0c6659d8d9dfe0664314ec6a3acaa8e20cb606ed.
* add icons for common external providers
* add more icons
* remove resetCode hack as it is no longer needed
* add validation to new password
* get gretting from translation file
* add hack to get text left aligned in uui-button
* add custom router
* WIP Use router
* also change the URL during an action
* update login action to redirect to /new when needed
* redirect to login from reset and new if not allowed
* fix new password button href
* use property on login element instead of context
* check for redirect on invite-user
* move fake external login providers to index.html for use in dev server
* allow password reset on dev server
* add look and color
* only set styles for default view buttons
* suppress vite import warning
* check and inform for errors and show 'nothing' if a custom view fails to load
* fix mock path for localizedtext
* fix build errors
* ensure that msw (and all its dependencies) do not end up in the production bundle (saved ~500 KB)
* Revert AngularValueExternalLoginInfoScriptAsync removal
* forward the providerName to custom views
* change default icon
* add button look and color to external login provider options
* add obsolete to ButtonStyle and add a mapper to new values
* add required xml comments
* map external login providers to <umb-login-external />
* fix typo
* only show external login layout if there are slotted children
* pass on name as "provider"
* send externalLoginUrl to custom views
* cleanup
* global import
* hide external logins completely when empty
* cleanup
* setup redirect to invite
* rename pages to name-page
* fix names and paths
* use new password layout for invite and new password
* add comments
* cleanup and use confirmation element
* set parameters after successful verifyinvite
* map display-name and provider-name to the external element
* map display-name
* set up external login to handle correct display- and provider-name with documentation
* add support for disabling local login
* update path to handlers
* add more localization
* add handlers for 2fa
* router should support a factory for component
* push login to ?flow=mfa on 402 codes
* add page to handle 2fa/mfa
* add support for custom routing
* add fallback for welcome greeting
* handle AngularJS silliness
* fix typo
* fix router and replace custom umbroute:statechange event with native pushState
* simplify code and cleanup
* a11y improvements
* you can now navigate to anywhere from anywhere with pushState
* access the "twoFactorView" from the backend
* set the default implemented twoFactorView to NULL
* add initial logic to handle a custom mfa view
* roll back custom pushState changes
* add mocks for 2fa custom view
* use router redirect
* re-enable click url change
* cleanup
* remove debug buttons
* add unsafeHTML to localize element
* load mfa custom views
* load custom view
* improve external login custom views
* using optimisation
* add current culture
* only show mfa page if 402 code has been encountered in same session
* format
* remove unnesesary action
* add new user invite password
* remove console log
* fix getting stuck at new password page if you've triggered custom validity
* unify layouts
* add styling to buttons in error layout
* remove unused css
* add error message to new password page
* add error message to reset password
* add error message to invite page
* fix invite page not being rendered
* cleanup
* add obsolete notice to PostSetInvitedUserPassword
* add request model to set a new password for an invited user
* add new method to handle invited user password
* add get password config api call
* fix password config parameters and add invite call
* get invited user
* get password config
* assign unique guid to login project
* add userId to get password config and use the config as validation
* fix
* add alerts
* fix the new password layout
* auth redirects invite error to error page
* use password config on new password page
* remove console log
* move file and remove unused extension
* make ts happy
* file structure
* rename login-extern to external-login-provider
* update element name
* update dependencies
* export custom-view.element.ts
* remove debug
* use umb-custom-view to load custom views
* build types
* move @umbraco/uui to the login app and import from there in backoffice
* make the ui library and icon registry generally available as exports from the login app
* add mock handler for icons
* cleanup package
* use uui for external login providers in the backoffice
* add imports and enable the backoffice icon registry globally
* disable shadowdom
* default background image
* use undefined
* revert angular values
* remove legacy sys variables
* add logic to handle mfa in an overlay scenario without routing
* add new login screen to replace the overlay when logged in to the backoffice
* update spec to work with locators
* cleanup of legacy context
* ViewData is not always required
* add method to solely return the default view of the backoffice to simply BackofficeController as well as unit tests
* add test for the login view
* cleanup usings
* Apply suggestions from code review
Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
* remove 'remember me'
* add more contrast to external login divider
* update dependencies
* set "lang" attribute to lowercase
* remove default headline
* localize the "Or" divider and add aria-hidden
* remove Umbraco reference from logo and add aria-hidden
* add aria-hidden to uui-icon inside external login buttons
* format code
* update dependencies
* update dependencies
* add translations to invite user page
* use back to login button
* update localization-context.ts to match api from old LocalizeService in Angular
* add tsc to watch
* formatting
* add missing localizations
* fix a11y issues with muted text
* refresh current user after login
* remove unused variable
* add localization
* add localization for error messages
* remove unused var
* return user after login and set successful auth
* retry request queue after login
* add language keys for failed login
* add language keys for failed login
* render the views without a router so that it works inside a modal in the backoffice
* add autocomplete to reset password fields
* add autocomplete to login screen
* add generic error layout to new-password-page
* new-password-layout should be able to handle with and without username
* update language keys
* check for userId before trying to request invited user
* show error when no invited user is found
* place back-to-login button on all error layouts
* update lockfile
---------
Co-authored-by: Jesper Møller Jensen <26099018+JesmoDev@users.noreply.github.com>
Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
* Expose editor UI alias in published property type, so custom value converters can use it
* Add default property value converters for all value types (#14869)
* Add default property value converters for all value types
* Clean up some left-over stuff
(cherry picked from commit ce86abe8ac)
* Added "plain" property editors for all (meaningful) value types
* Refactor OpenIddict for shared usage between APIs + implement member authentication and handling within the Delivery API
* Make SwaggerRouteTemplatePipelineFilter UI config overridable
* Enable token revocation + rename logout endpoint to signout
* Add default implementation of SwaggerGenOptions configuration for enabling Delivery API member auth in Swagger
* Correct notification handling when (un)protecting content
* Fixing integration test framework
* Cleanup test to not execute some composers twice
* Update paths to match docs
* Return Forbidden when a member is authorized but not allowed to access the requested resource
* Cleanup
* Rename RequestMemberService to RequestMemberAccessService
* Rename badly named variable
* Review comments
* Hide the auth controller from Swagger
* Remove semaphore
* Add security requirements for content API operations in Swagger
* Hide the back-office auth endpoints from Swagger
* Fix merge
* Update back-office API auth endpoint paths + add revoke and sign-out endpoints (as of now they do not exist, a separate task will fix that)
* Swap endpoint order to maintain backwards compat with the current login screen for new back-office (will be swapped back again to ensure correct .well-known endpoints, see FIXME comment)
* Make "items by IDs" endpoint support member auth
* Add 401 and 403 to "items by IDs" endpoint responses
---------
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
Co-authored-by: Elitsa <elm@umbraco.dk>
* Change document delete into move-to-recycle-bin
* Make it possible to supply an explicit ID when creating content and media
* Change media delete into move-to-recycle-bin
* Merge "allowed child content types" controllers into one + fixed a bug that allowed all types if none were defined
* Update OpenAPI JSON to reflect merged endpoints
* chore: Fix XML warnings
* docs: Fix XML warnings
* docs: Fix XML in resource designer
* docs: Fix XML warnings
* Revert "docs: Fix XML in resource designer"
This reverts commit 8ea61c51ac161e1853ae080db7fe1b4d4cb4d2be.
* Use interfaces for API media return values + introduce dedicated models for crops and focal points
* Move content and media controllers to their own namespaces
This is needed so it can be used as a discriminator field by System.Text.Json
Changed both ApiElement and IApiElement to ensure not only ApiContentResponse,
but also ApiBlockItem, which uses the interface directly, are adjusted.
* Added attribute filter to ensure a request is taking a minimum time to response
* Added functionality to management api to send forgot password emails and verify these + do the actual reset using the token
* Renamed UserKey to UserId and updated OpenApi.json
* Update src/Umbraco.Core/Services/IUserService.cs
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Cleanup
* Renaming param
* Fixing send user username instead of email + wrong EmailTypes
* Fixed issue with forgot password functionality after reusing other functionality
* Rename prop
* Adding docs and renaming param
* Handle password validation return types
* More cleanup
---------
Co-authored-by: Elitsa <elm@umbraco.dk>
Co-authored-by: Elitsa Marinovska <21998037+elit0451@users.noreply.github.com>
* Add content and media sorting to the Management API
* Rename "id" to "key" throughout the ContentEditingService
* Update Open API json file
* Use "key" instead of "id" in ContentEditingServiceBase
* Use "key" instead of "id" in IMediaEditingService and MediaEditingService
* Turn delegates into abstracts + fix bug that allowed deleting items outside of the recycle bin
* Use PUT instead of POST
* Update src/Umbraco.Core/Services/MediaEditingService.cs
Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
* Update src/Umbraco.Core/Services/MediaEditingService.cs
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Update Open API JSON
---------
Co-authored-by: Nikolaj Geisle <70372949+Zeegaan@users.noreply.github.com>
Co-authored-by: Bjarke Berg <mail@bergmania.dk>
* Add GetAsync method
* Fix up delete document type controller
* Add scope to delete async
* Add some scaffolding
* Add create model
* Start working on validation
* Move validation to its own service
* Use GetAllAsync instead of GetAsync
* Add initial composition support
Still need to figure out some kinks
* Validate compositions when creating
* Add initial folder support
* Initial handling of generic properties
* Add operation status responses
* Move create operation into service
* Add first test
* Fix issued shown by test
* Ensure a specific key can be specified when creating
* Rename container id to container key
Let's try and be consistent
* Create basic composition test
* Ensure new property groups are created with the correct key
* Add test showing property type issue
* Fix property types not using the expected key.
* Validate against model fetched from content type service
Just to make sure nothing explodes on the round trip
* Make helper for creating create models
* Add helper for creating container
* Make helper methods simpler to use
* Add test for compositions using compositions
* Add more composition tests
* Fix bug allowing element types to be composed by non element types
* Remove validators
This can just be a part of the editing service
* Minor cleanup
* Ensure that multiple levels of inheritance is possible
* Ensure doctype cannot be used as both composition and inheritance on the same doctype
* Ensure no duplicate aliases from composition and that compositions exists
* Minor cleanup
* Address todos
* Add SaveAsync method
* Renamed some models
* Rename from DocumentType to ContentType
* Clarify ParentKey as being container only + untangle things a tiny bit
* Clean out another TODO (less duplicate code) + more tests
* Refactor for reuse across different content types + add media type editing service + unit tests
* Refactor in preparation for update handling
* More tests + fixed bugs found while testing
* Simplify things a bit
* Content type update + a lot of unit tests + some refactor + fix bugs found while testing
* Begin building presentation factories for mapping view models to editing models
* Use async save
* Mapping factories and some clean-up
* Rename Key to Id (ParentKey to ParentId)
* Fix slight typo
* Use editing service in document type controllers and introduce media type controllers
* Validate containers and align container aliases with the current backoffice
* Remove ParentId from response
* Fix scope handling in DeleteAsync
* Refactor ContentTypeSort
* A little renaming for clarity + safeguard against changes to inheritance
* Persist allowed content types
* Fix bad merge + update controller response annotations
* Update OpenAPI JSON
* Update src/Umbraco.Cms.Api.Management/Controllers/DocumentType/DocumentTypeControllerBase.cs
Co-authored-by: Mole <nikolajlauridsen@protonmail.ch>
* Fix review comments
* Update usage of MapCreateAsync to ValidateAndMapForCreationAsync
---------
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
* Change the obsoletion messages for language IDs to target V14 instead of V13.
* Wrong Language file
* Add ISO codes required to migrate custom code from language IDs
* Population of the new language FallbackIsoCode prop
* Changing obsoletion msgs from v13 to v14
* Fix breaking changes
* Implement GetEntryByContentKey
* Implement PublicAccessResponseModel
* Implement IPublicAccessPresentationFactory
* Rename MemberGroupItemReponseModel to MemberGroupItemResponseModel
* Refactor PublicAccessResponseModel to use Ids instead of entire content items
* Return attempt instead of PresentationModel
* Add missing statuses to PublicAccessOperationStatusResult
* Implement PublicAccessDocumentController.cs
* Refacotr PublicAccessResponseModel to use a base model
* Add CreatePublicAccessEntry method
* Refactor AccessRequestModel to use names not ids :(
* Rename ErrorPageNotFound to ErrorNodeNotFound
* Implement new SaveAsync method
* Introduce more OperationResults
* Implement PublicAccessEntrySlim
* Implement SaveAsync
* Remove CreatePublicAccessEntry from presentation factory
* Rename to CreateAsync
* Implement UpdateAsync
* Rename to async
* Implement CreatePublicAccessEntry
* Implement update endpoint
* remove PublicAccessEntrySlim mapping
* implement CreatePublicAccessEntrySlim method
* Refactor UpdateAsync
* Remove ContentId from request model as it should be in the request
* Use new service layer
* Amend method name in update controller
* Refactor create public access entry to use async method and return entity
* Refactor to use saveAsync method instead of synchronously
* Use presentation factory instead of mapping
* Implement deleteAsync endpoint
* Add produces response type
* Refactor mapping to not use UmbracoMapper, as that causes errors
* Update OpenApi.json
* Refactor out variables to intermediate object
* Validate that groups and names are not specified at the same time
* Make presentation factory not async
* Minor cleanup
---------
Co-authored-by: Zeegaan <nge@umbraco.dk>
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
* Add current user data endpoint
* Add Change password endpoint
* Add SetAvatar
* Add get node permissions
* Add endpoint for getting currently logged in users linked logins
* Add tour service
* Add get tours
* Add set tour endpoint
* Added PermissionNames to IReadOnlyUserGroup
* Only require backend auth on management api
* Use ISet in response model
* Fixed issue with saving null as startMediaId, where it was ignored
* Add get current user endpoint
* Fix missing linebreak
* Append "New" keyword to policies
* Update OpenApi
---------
Co-authored-by: Nikolaj <nikolajlauridsen@protonmail.ch>
* Add current user data endpoint
* Add Change password endpoint
* Add SetAvatar
* Add get node permissions
* Add endpoint for getting currently logged in users linked logins
* Add tour service
* Add get tours
* Add set tour endpoint
* Split permissions endpoint in two, one for media and one for document
