protected override bool IsAuthorized(HttpActionContext actionContext)
{
var umbCtx = GetUmbracoContext();
var currentUser = umbCtx.Security.CurrentUser;
var queryString = actionContext.Request.GetQueryNameValuePairs();
var ids = queryString.Where(x => x.Key == _paramName).ToArray();
if (ids.Length == 0)
{
return(base.IsAuthorized(actionContext));
}
var intIds = ids.Select(x => x.Value.TryConvertTo <int>()).Where(x => x.Success).Select(x => x.Result).ToArray();
var authHelper = new UserGroupEditorAuthorizationHelper(
umbCtx.Application.Services.UserService,
umbCtx.Application.Services.ContentService,
umbCtx.Application.Services.MediaService,
umbCtx.Application.Services.EntityService);
return(authHelper.AuthorizeGroupAccess(currentUser, intIds));
}
public UserGroupDisplay PostSaveUserGroup(UserGroupSave userGroupSave)
{
if (userGroupSave == null)
{
throw new ArgumentNullException(nameof(userGroupSave));
}
//authorize that the user has access to save this user group
var authHelper = new UserGroupEditorAuthorizationHelper(
Services.UserService, Services.ContentService, Services.MediaService, Services.EntityService);
var isAuthorized = authHelper.AuthorizeGroupAccess(Security.CurrentUser, userGroupSave.Alias);
if (isAuthorized == false)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized, isAuthorized.Result));
}
//if sections were added we need to check that the current user has access to that section
isAuthorized = authHelper.AuthorizeSectionChanges(Security.CurrentUser,
userGroupSave.PersistedUserGroup.AllowedSections,
userGroupSave.Sections);
if (isAuthorized == false)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized, isAuthorized.Result));
}
//if start nodes were changed we need to check that the current user has access to them
isAuthorized = authHelper.AuthorizeStartNodeChanges(Security.CurrentUser,
userGroupSave.PersistedUserGroup.StartContentId,
userGroupSave.StartContentId,
userGroupSave.PersistedUserGroup.StartMediaId,
userGroupSave.StartMediaId);
if (isAuthorized == false)
{
throw new HttpResponseException(Request.CreateResponse(HttpStatusCode.Unauthorized, isAuthorized.Result));
}
//need to ensure current user is in a group if not an admin to avoid a 401
EnsureNonAdminUserIsInSavedUserGroup(userGroupSave);
//save the group
Services.UserService.Save(userGroupSave.PersistedUserGroup, userGroupSave.Users.ToArray());
//deal with permissions
//remove ones that have been removed
var existing = Services.UserService.GetPermissions(userGroupSave.PersistedUserGroup, true)
.ToDictionary(x => x.EntityId, x => x);
var toRemove = existing.Keys.Except(userGroupSave.AssignedPermissions.Select(x => x.Key));
foreach (var contentId in toRemove)
{
Services.UserService.RemoveUserGroupPermissions(userGroupSave.PersistedUserGroup.Id, contentId);
}
//update existing
foreach (var assignedPermission in userGroupSave.AssignedPermissions)
{
Services.UserService.ReplaceUserGroupPermissions(
userGroupSave.PersistedUserGroup.Id,
assignedPermission.Value.Select(x => x[0]),
assignedPermission.Key);
}
var display = Mapper.Map <UserGroupDisplay>(userGroupSave.PersistedUserGroup);
display.AddSuccessNotification(Services.TextService.Localize("speechBubbles/operationSavedHeader"), Services.TextService.Localize("speechBubbles/editUserGroupSaved"));
return(display);
}
