public static void ValidateMediaUploadAccess(int userId, IMediaService sender, Umbraco.Core.Events.SaveEventArgs <Umbraco.Core.Models.IMedia> e) { IMedia firstItem = e.SavedEntities.FirstOrDefault(); if (firstItem.HasIdentity) { return; } int[] startNodes = StartNodeRepository.GetCachedStartNodesByUserId(userId).Media; if (startNodes == null || firstItem.Path == null) { return; } if (!PathContainsAStartNode(firstItem.Path, startNodes)) { e.CanCancel = true; e.CancelOperation(new Umbraco.Core.Events.EventMessage("Permission Denied", "You do not have permission to upload files to this folder.")); foreach (var m in e.SavedEntities) { sender.Delete(m); } } }
public UserStartNodes GetById(int userId) { StartNodeCollection startNodes = StartNodeRepository.GetCachedStartNodesByUserId(userId, ApplicationContext, DatabaseContext); UserStartNodes userStartNodes = new UserStartNodes(); userStartNodes.UserId = userId; userStartNodes.Content = (startNodes.Content != null) ? string.Join(",", startNodes.Content) : ""; userStartNodes.Media = (startNodes.Media != null) ? string.Join(",", startNodes.Media) : ""; return(userStartNodes); }
public static void RenderContentStartNodes(int userId, TreeControllerBase sender, TreeNodesRenderingEventArgs e) { StartNodeCollection startNodes = StartNodeRepository.GetCachedStartNodesByUserId(userId, sender.ApplicationContext, sender.DatabaseContext); if (startNodes.Content == null) { return; } if (startNodes.Content.Any()) { // Remove default start nodes e.Nodes.Clear(); IEnumerable <IUmbracoEntity> startNodesEntities = sender.Services.EntityService.GetAll(Umbraco.Core.Models.UmbracoObjectTypes.Document, startNodes.Content); // Feels like a lot of duct tape. A lot taken from: // https://github.com/umbraco/Umbraco-CMS/blob/5397f2c53acbdeb0805e1fe39fda938f571d295a/src/Umbraco.Web/Trees/ContentTreeController.cs#L75 foreach (IUmbracoEntity startNodeEntity in startNodesEntities) { UmbracoEntity entity = (UmbracoEntity)startNodeEntity; // Not as safe as the approach in core // https://github.com/umbraco/Umbraco-CMS/blob/5397f2c53acbdeb0805e1fe39fda938f571d295a/src/Umbraco.Core/Models/UmbracoEntityExtensions.cs#L34 bool isContainer = (entity.AdditionalData.ContainsKey("IsContainer") && entity.AdditionalData["IsContainer"].ToString() == "True"); TreeNode node = sender.CreateTreeNode( startNodeEntity.Id.ToInvariantString(), "-1", e.QueryStrings, startNodeEntity.Name, entity.ContentTypeIcon, entity.HasChildren && (isContainer == false) ); AddQueryStringsToAdditionalData(node, e.QueryStrings); if (e.QueryStrings.Get("isDialog") == "true") { node.RoutePath = "#"; } // TODO: How should we order nodes? e.Nodes.Add(node); } } }
private Task <HttpResponseMessage> HandleListViewStartNodes(HttpRequestMessage request, CancellationToken cancellationToken) { // do at root in the media section or in the picker when it should be limited if (request.RequestUri.Query.Contains("id=-1") && (request.RequestUri.Query.Contains("pageNumber=1") || Settings.LimitPickersToStartNodes)) { IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser; ApplicationContext appContext = ContextHelpers.EnsureApplicationContext(); int[] startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id, appContext, appContext.DatabaseContext).Media; if (user.UserType.Alias == "admin" || startNodes == null) { return(base.SendAsync(request, cancellationToken)); } return(base.SendAsync(request, cancellationToken) .ContinueWith(task => { HttpResponseMessage response = task.Result; if (!response.IsSuccessStatusCode) { return response; } try { HttpContent data = response.Content; ObjectContent dataContent = ((ObjectContent)(data)); int itemCount = startNodes.Length; IMedia[] startIMedia = appContext.Services.MediaService.GetByIds(startNodes).ToArray(); var pagedResult = new PagedResult <ContentItemBasic <ContentPropertyBasic, IMedia> >(itemCount, 1, itemCount); pagedResult.Items = startIMedia .Select(Mapper.Map <IMedia, ContentItemBasic <ContentPropertyBasic, IMedia> >); dataContent.Value = pagedResult; } catch (Exception ex) { LogHelper.Error <WebApiHandler>("Could not replace start nodes.", ex); } return response; } )); } return(base.SendAsync(request, cancellationToken)); }
private Task <HttpResponseMessage> RemoveInaccessibleNodesFromSearchResults(HttpRequestMessage request, CancellationToken cancellationToken) { IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser; StartNodeCollection startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id); if (user.UserType.Alias == "admin") { return(base.SendAsync(request, cancellationToken)); } return(base.SendAsync(request, cancellationToken) .ContinueWith(task => { HttpResponseMessage response = task.Result; if (!response.IsSuccessStatusCode) { return response; } try { HttpContent data = response.Content; ObjectContent dataContent = ((ObjectContent)(data)); IEnumerable <EntityTypeSearchResult> entities = dataContent.Value as IEnumerable <EntityTypeSearchResult>; EntityTypeSearchResult contentResults = entities.FirstOrDefault(e => e.EntityType == "Document"); EntityTypeSearchResult mediaResults = entities.FirstOrDefault(e => e.EntityType == "Media"); if (startNodes.Content != null && contentResults.Results.Any()) { contentResults.Results = contentResults.Results.Where(e => PathContainsAStartNode(e.Path, startNodes.Content)); } if (startNodes.Media != null && mediaResults.Results.Any()) { mediaResults.Results = mediaResults.Results.Where(e => PathContainsAStartNode(e.Path, startNodes.Media)); } } catch (Exception ex) { LogHelper.Error <WebApiHandler>("Could not remove inaccessible nodes from search results.", ex); } return response; } )); }
public static void RenderMediaStartNodes(int userId, TreeControllerBase sender, TreeNodesRenderingEventArgs e) { StartNodeCollection startNodes = StartNodeRepository.GetCachedStartNodesByUserId(userId, sender.ApplicationContext, sender.DatabaseContext); if (startNodes.Media == null) { return; } if (startNodes.Media.Any()) { // Remove default start nodes e.Nodes.Clear(); IEnumerable <IUmbracoEntity> startNodesEntities = sender.Services.EntityService.GetAll(Umbraco.Core.Models.UmbracoObjectTypes.Media, startNodes.Media); foreach (IUmbracoEntity startNodeEntity in startNodesEntities) { UmbracoEntity entity = (UmbracoEntity)startNodeEntity; bool isContainer = (entity.AdditionalData.ContainsKey("IsContainer") && entity.AdditionalData["IsContainer"].ToString() == "True"); TreeNode node = sender.CreateTreeNode( startNodeEntity.Id.ToInvariantString(), "-1", e.QueryStrings, startNodeEntity.Name, entity.ContentTypeIcon, entity.HasChildren && (isContainer == false) ); node.AdditionalData.Add("contentType", entity.ContentTypeAlias); if (isContainer) { node.SetContainerStyle(); node.AdditionalData.Add("isContainer", true); } // TODO: How should we order nodes? e.Nodes.Add(node); } } }
private Task <HttpResponseMessage> RemoveInaccessibleNodesFromContentSearchResults(HttpRequestMessage request, CancellationToken cancellationToken) { if (!request.RequestUri.Query.ToLower().Contains("type=document")) { return(base.SendAsync(request, cancellationToken)); } IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser; int[] startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id).Content; if (user.UserType.Alias == "admin" || startNodes == null) { return(base.SendAsync(request, cancellationToken)); } return(base.SendAsync(request, cancellationToken) .ContinueWith(task => { HttpResponseMessage response = task.Result; if (!response.IsSuccessStatusCode) { return response; } try { HttpContent data = response.Content; ObjectContent dataContent = ((ObjectContent)(data)); IEnumerable <EntityBasic> entities = dataContent.Value as IEnumerable <EntityBasic>; entities = entities.Where(e => PathContainsAStartNode(e.Path, startNodes)); dataContent.Value = entities; } catch (Exception ex) { LogHelper.Error <WebApiHandler>("Could not remove inaccessible nodes from search results.", ex); } return response; } )); }
internal static void RestrictContentStartNodeOptions(int userId, TreeControllerBase sender, MenuRenderingEventArgs e, string section) { int[] startNodes = null; if (section == "content") { startNodes = StartNodeRepository.GetCachedStartNodesByUserId(userId, sender.ApplicationContext, sender.DatabaseContext).Content; } else if (section == "media") { startNodes = StartNodeRepository.GetCachedStartNodesByUserId(userId, sender.ApplicationContext, sender.DatabaseContext).Media; } if (startNodes == null || !startNodes.Contains(int.Parse(e.NodeId))) { return; } string[] preventedActionAliases = Settings.RemoveActionsForStartNodes; e.Menu.Items.RemoveAll(i => preventedActionAliases.Contains(i.Alias)); }
private Task <HttpResponseMessage> HandleRootChildFolders(HttpRequestMessage request, CancellationToken cancellationToken) { if (request.RequestUri.Query.Contains("id=-1")) { IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser; ApplicationContext appContext = ContextHelpers.EnsureApplicationContext(); int[] startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id, appContext, appContext.DatabaseContext).Media; if (user.UserType.Alias == "admin" || startNodes == null) { return(base.SendAsync(request, cancellationToken)); } return(base.SendAsync(request, cancellationToken) .ContinueWith(task => { HttpResponseMessage response = task.Result; if (!response.IsSuccessStatusCode) { return response; } try { HttpContent data = response.Content; ObjectContent dataContent = ((ObjectContent)(data)); IEnumerable <int> folderTypes = appContext.Services.ContentTypeService.GetAllMediaTypes().ToArray().Where(x => x.Alias.EndsWith("Folder")).Select(x => x.Id); IMedia[] children = appContext.Services.MediaService.GetByIds(startNodes).ToArray(); dataContent.Value = children.Where(x => folderTypes.Contains(x.ContentTypeId)).Select(Mapper.Map <IMedia, ContentItemBasic <ContentPropertyBasic, IMedia> >); } catch (Exception ex) { LogHelper.Error <WebApiHandler>("Could not replace start nodes.", ex); } return response; } )); } return(base.SendAsync(request, cancellationToken)); }
private Task <HttpResponseMessage> RemoveInacessibleContentNodesFromPath(HttpRequestMessage request, CancellationToken cancellationToken) { IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser; int[] startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id).Content; if (user.UserType.Alias == "admin" || startNodes == null) { return(base.SendAsync(request, cancellationToken)); } return(base.SendAsync(request, cancellationToken) .ContinueWith(task => { HttpResponseMessage response = task.Result; if (!response.IsSuccessStatusCode) { return response; } try { HttpContent data = response.Content; ContentItemDisplay content = ((ObjectContent)(data)).Value as ContentItemDisplay; if (!PathContainsAStartNode(content.Path, startNodes)) { response.StatusCode = HttpStatusCode.Forbidden; // prevent users from editing a node they shouldn't } content.Path = RemoveStartNodeAncestors(content.Path, startNodes); } catch (Exception ex) { LogHelper.Error <WebApiHandler>("Could not update path.", ex); } return response; } )); }
private Task <HttpResponseMessage> RemoveInacessibleNodesFromPathPostMoveAndCopy(HttpRequestMessage request, CancellationToken cancellationToken) { ApplicationContext appContext = ContextHelpers.EnsureApplicationContext(); IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser; int[] startNodes; if (request.RequestUri.AbsolutePath.ToLower().Contains("/content/")) { startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id, appContext, appContext.DatabaseContext).Content; } else if (request.RequestUri.AbsolutePath.ToLower().Contains("/media/")) { startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id, appContext, appContext.DatabaseContext).Media; } else { return(base.SendAsync(request, cancellationToken)); } if (user.UserType.Alias == "admin" || startNodes == null) { return(base.SendAsync(request, cancellationToken)); } //// prevent moving/copying into inaccessible locations // do some hackery to read the post data more than once - http://stackoverflow.com/questions/12007689/cannot-read-body-data-from-web-api-post MediaTypeHeaderValue contentType = request.Content.Headers.ContentType; MoveOrCopy postModel = request.Content.ReadAsAsync <MoveOrCopy>().Result; string contentInString = JsonConvert.SerializeObject(postModel); request.Content = new StringContent(contentInString); request.Content.Headers.ContentType = contentType; IUmbracoEntity parent = appContext.Services.EntityService.Get(postModel.ParentId); if (!PathContainsAStartNode(parent.Path, startNodes)) { // take error notification from https://github.com/umbraco/Umbraco-CMS/blob/a2a4ad39476f4a18c8fe2c04d42f6fa635551b63/src/Umbraco.Web/Editors/MediaController.cs#L656 SimpleNotificationModel notificationModel = new SimpleNotificationModel(); notificationModel.AddErrorNotification(appContext.Services.TextService.Localize("moveOrCopy/notValid", CultureInfo.CurrentCulture), ""); throw new HttpResponseException(request.CreateValidationErrorResponse(notificationModel)); } else { // perform default request return(base.SendAsync(request, cancellationToken) .ContinueWith(task => { HttpResponseMessage response = task.Result; if (!response.IsSuccessStatusCode) { return response; } try { string path = response.Content.ReadAsStringAsync().Result; path = RemoveStartNodeAncestors(path, startNodes); response.Content = new StringContent(path, Encoding.UTF8, "application/json"); } catch (Exception ex) { LogHelper.Error <WebApiHandler>("Could not update path.", ex); } return response; } )); } }
private Task <HttpResponseMessage> RemoveInaccessibleAncestorsFromBreadcrumbs(HttpRequestMessage request, CancellationToken cancellationToken) { IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser; int[] startNodes; if (request.RequestUri.Query.Contains("type=document")) { startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id).Content; } else if (request.RequestUri.Query.Contains("type=media")) { startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id).Media; } else { return(base.SendAsync(request, cancellationToken)); } if (user.UserType.Alias == "admin" || startNodes == null) { return(base.SendAsync(request, cancellationToken)); } return(base.SendAsync(request, cancellationToken) .ContinueWith(task => { HttpResponseMessage response = task.Result; if (!response.IsSuccessStatusCode) { return response; } try { HttpContent data = response.Content; ObjectContent dataContent = ((ObjectContent)(data)); IEnumerable <EntityBasic> entities = dataContent.Value as IEnumerable <EntityBasic>; List <EntityBasic> entitiesList = entities.ToList(); if (Settings.LimitPickersToStartNodes) { entitiesList = entitiesList.Where(e => PathContainsAStartNode(e.Path, startNodes)).ToList(); } else { foreach (EntityBasic e in entitiesList) { e.AdditionalData.Add("Hidden", !PathContainsAStartNode(e.Path, startNodes)); } } dataContent.Value = entitiesList; } catch (Exception ex) { LogHelper.Error <WebApiHandler>("Could not remove ancestors from path.", ex); } return response; } )); }