yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
db268c680599ee7ee70bf75e90f231a77ad8c036
Umbraco-CMS/src/Umbraco.Web/Install/UmbracoInstallAuthorizeAttribute.cs
Shannon Deminick db268c6805 renamed to MemberAuthorizeAttribute and changed it to inherit from a AuthorizeAttribute as this happens much further up the chain than 
the filter attribute and also contains the correct logic to ensure authorization always happens regardless of if the page is cached. Cleaned
up our other authorize attibutes.
2013-02-26 02:21:51 +06:00

73 lines
2.1 KiB
C#
Raw Blame History

using System;
using System.Web;
using System.Web.Mvc;
using Umbraco.Core;
using Umbraco.Web.Security;
using umbraco.BasePages;
namespace Umbraco.Web.Install
{
/// <summary>
/// Ensures authorization occurs for the installer if it has already completed. If install has not yet occured
/// then the authorization is successful
/// </summary>
internal class UmbracoInstallAuthorizeAttribute : AuthorizeAttribute
{
private readonly ApplicationContext _applicationContext;
public UmbracoInstallAuthorizeAttribute(ApplicationContext appContext)
{
if (appContext == null) throw new ArgumentNullException("appContext");
_applicationContext = appContext;
}
public UmbracoInstallAuthorizeAttribute()
: this(ApplicationContext.Current)
{
}
/// <summary>
/// Ensures that the user must be logged in or that the application is not configured just yet.
/// </summary>
/// <param name="httpContext"></param>
/// <returns></returns>
protected override bool AuthorizeCore(HttpContextBase httpContext)
{
if (httpContext == null) throw new ArgumentNullException("httpContext");
try
{
//if its not configured then we can continue
if (!_applicationContext.IsConfigured)
{
return true;
}
//otherwise we need to ensure that a user is logged in
var isLoggedIn = WebSecurity.ValidateUserContextId(WebSecurity.UmbracoUserContextId);
if (isLoggedIn)
{
return true;
}
return false;
}
catch (Exception)
{
return false;
}
}
/// <summary>
/// Override to throw exception instead of returning 401 result
/// </summary>
/// <param name="filterContext"></param>
protected override void HandleUnauthorizedRequest(AuthorizationContext filterContext)
{
//they aren't authorized but the app has installed
throw new HttpException((int)global::System.Net.HttpStatusCode.Unauthorized, "You must login to view this resource.");
}
}
}
Reference in New Issue View Git Blame Copy Permalink