/// <inheritdoc/>
protected override Task <bool> IsAuthorized(AuthorizationHandlerContext context, UserGroupRequirement requirement)
{
IUser?currentUser = _backOfficeSecurityAccessor.BackOfficeSecurity?.CurrentUser;
var querystring = _httpContextAccessor.HttpContext?.Request.Query[requirement.QueryStringName];
if (querystring is null)
{
// Must succeed this requirement since we cannot process it.
return(Task.FromResult(true));
}
if (querystring.Value.Count == 0)
{
// Must succeed this requirement since we cannot process it.
return(Task.FromResult(true));
}
var intIds = querystring.Value.ToString().Split(Constants.CharArrays.Comma)
.Select(x => int.TryParse(x, NumberStyles.Integer, CultureInfo.InvariantCulture, out var output) ? Attempt <int> .Succeed(output) : Attempt <int> .Fail())
.Where(x => x.Success).Select(x => x.Result).ToArray();
var authHelper = new UserGroupEditorAuthorizationHelper(
_userService,
_contentService,
_mediaService,
_entityService,
_appCaches);
Attempt <string?> isAuth = authHelper.AuthorizeGroupAccess(currentUser, intIds);
return(Task.FromResult(isAuth.Success));
}
public ActionResult <UserGroupDisplay?> PostSaveUserGroup(UserGroupSave userGroupSave)
{
if (userGroupSave == null)
{
throw new ArgumentNullException(nameof(userGroupSave));
}
//authorize that the user has access to save this user group
var authHelper = new UserGroupEditorAuthorizationHelper(
_userService, _contentService, _mediaService, _entityService, _appCaches);
Attempt <string?> isAuthorized =
authHelper.AuthorizeGroupAccess(_backofficeSecurityAccessor.BackOfficeSecurity?.CurrentUser, userGroupSave.Alias);
if (isAuthorized == false)
{
return(Unauthorized(isAuthorized.Result));
}
//if sections were added we need to check that the current user has access to that section
isAuthorized = authHelper.AuthorizeSectionChanges(
_backofficeSecurityAccessor.BackOfficeSecurity?.CurrentUser,
userGroupSave.PersistedUserGroup?.AllowedSections,
userGroupSave.Sections);
if (isAuthorized == false)
{
return(Unauthorized(isAuthorized.Result));
}
//if start nodes were changed we need to check that the current user has access to them
isAuthorized = authHelper.AuthorizeStartNodeChanges(
_backofficeSecurityAccessor.BackOfficeSecurity?.CurrentUser,
userGroupSave.PersistedUserGroup?.StartContentId,
userGroupSave.StartContentId,
userGroupSave.PersistedUserGroup?.StartMediaId,
userGroupSave.StartMediaId);
if (isAuthorized == false)
{
return(Unauthorized(isAuthorized.Result));
}
//need to ensure current user is in a group if not an admin to avoid a 401
EnsureNonAdminUserIsInSavedUserGroup(userGroupSave);
//map the model to the persisted instance
_umbracoMapper.Map(userGroupSave, userGroupSave.PersistedUserGroup);
if (userGroupSave.PersistedUserGroup is not null)
{
//save the group
_userService.Save(userGroupSave.PersistedUserGroup, userGroupSave.Users?.ToArray());
}
//deal with permissions
//remove ones that have been removed
var existing = _userService.GetPermissions(userGroupSave.PersistedUserGroup, true)
.ToDictionary(x => x.EntityId, x => x);
if (userGroupSave.AssignedPermissions is not null)
{
IEnumerable <int> toRemove = existing.Keys.Except(userGroupSave.AssignedPermissions.Select(x => x.Key));
foreach (var contentId in toRemove)
{
_userService.RemoveUserGroupPermissions(userGroupSave.PersistedUserGroup?.Id ?? default, contentId);
}
//update existing
foreach (KeyValuePair <int, IEnumerable <string> > assignedPermission in userGroupSave.AssignedPermissions)
{
_userService.ReplaceUserGroupPermissions(
userGroupSave.PersistedUserGroup?.Id ?? default,
assignedPermission.Value.Select(x => x[0]),
assignedPermission.Key);
}
}
UserGroupDisplay?display = _umbracoMapper.Map <UserGroupDisplay>(userGroupSave.PersistedUserGroup);
display?.AddSuccessNotification(
_localizedTextService.Localize("speechBubbles", "operationSavedHeader"),
_localizedTextService.Localize("speechBubbles", "editUserGroupSaved"));
return(display);
}
