using System;
using System.Web;
using System.Web.Http;
using System.Web.Http.Controllers;
using Umbraco.Core;
using Umbraco.Web.Security;
using umbraco.BasePages;
namespace Umbraco.Web.Install
{
///
/// Ensures authorization occurs for the installer if it has already completed. If install has not yet occured
/// then the authorization is successful
///
internal class HttpInstallAuthorizeAttribute : AuthorizeAttribute
{
private readonly ApplicationContext _applicationContext;
private readonly UmbracoContext _umbracoContext;
private ApplicationContext GetApplicationContext()
{
return _applicationContext ?? ApplicationContext.Current;
}
private UmbracoContext GetUmbracoContext()
{
return _umbracoContext ?? UmbracoContext.Current;
}
///
/// THIS SHOULD BE ONLY USED FOR UNIT TESTS
///
///
public HttpInstallAuthorizeAttribute(UmbracoContext umbracoContext)
{
if (umbracoContext == null) throw new ArgumentNullException("umbracoContext");
_umbracoContext = umbracoContext;
_applicationContext = _umbracoContext.Application;
}
public HttpInstallAuthorizeAttribute()
{
}
protected override bool IsAuthorized(HttpActionContext actionContext)
{
try
{
//if its not configured then we can continue
if (GetApplicationContext().IsConfigured == false)
{
return true;
}
var umbCtx = GetUmbracoContext();
//otherwise we need to ensure that a user is logged in
var isLoggedIn = GetUmbracoContext().Security.ValidateCurrentUser();
if (isLoggedIn)
{
return true;
}
return false;
}
catch (Exception)
{
return false;
}
}
}
}