private void MediaServiceSaving(IMediaService sender, Umbraco.Core.Events.SaveEventArgs <Umbraco.Core.Models.IMedia> e) { UmbracoContext umbContext = ContextHelpers.EnsureUmbracoContext(); if (umbContext.Security.CurrentUser != null && (umbContext.Security.CurrentUser.UserType.Alias != "admin" && umbContext.Security.CurrentUser.StartMediaId == -1)) { BackOfficeUtils.ValidateMediaUploadAccess(umbContext.Security.CurrentUser.Id, sender, e); } }
private Task <HttpResponseMessage> HandleListViewStartNodes(HttpRequestMessage request, CancellationToken cancellationToken) { // do at root in the media section or in the picker when it should be limited if (request.RequestUri.Query.Contains("id=-1") && (request.RequestUri.Query.Contains("pageNumber=1") || Settings.LimitPickersToStartNodes)) { IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser; ApplicationContext appContext = ContextHelpers.EnsureApplicationContext(); int[] startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id, appContext, appContext.DatabaseContext).Media; if (user.UserType.Alias == "admin" || startNodes == null) { return(base.SendAsync(request, cancellationToken)); } return(base.SendAsync(request, cancellationToken) .ContinueWith(task => { HttpResponseMessage response = task.Result; if (!response.IsSuccessStatusCode) { return response; } try { HttpContent data = response.Content; ObjectContent dataContent = ((ObjectContent)(data)); int itemCount = startNodes.Length; IMedia[] startIMedia = appContext.Services.MediaService.GetByIds(startNodes).ToArray(); var pagedResult = new PagedResult <ContentItemBasic <ContentPropertyBasic, IMedia> >(itemCount, 1, itemCount); pagedResult.Items = startIMedia .Select(Mapper.Map <IMedia, ContentItemBasic <ContentPropertyBasic, IMedia> >); dataContent.Value = pagedResult; } catch (Exception ex) { LogHelper.Error <WebApiHandler>("Could not replace start nodes.", ex); } return response; } )); } return(base.SendAsync(request, cancellationToken)); }
private Task <HttpResponseMessage> RemoveInaccessibleNodesFromSearchResults(HttpRequestMessage request, CancellationToken cancellationToken) { IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser; StartNodeCollection startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id); if (user.UserType.Alias == "admin") { return(base.SendAsync(request, cancellationToken)); } return(base.SendAsync(request, cancellationToken) .ContinueWith(task => { HttpResponseMessage response = task.Result; if (!response.IsSuccessStatusCode) { return response; } try { HttpContent data = response.Content; ObjectContent dataContent = ((ObjectContent)(data)); IEnumerable <EntityTypeSearchResult> entities = dataContent.Value as IEnumerable <EntityTypeSearchResult>; EntityTypeSearchResult contentResults = entities.FirstOrDefault(e => e.EntityType == "Document"); EntityTypeSearchResult mediaResults = entities.FirstOrDefault(e => e.EntityType == "Media"); if (startNodes.Content != null && contentResults.Results.Any()) { contentResults.Results = contentResults.Results.Where(e => PathContainsAStartNode(e.Path, startNodes.Content)); } if (startNodes.Media != null && mediaResults.Results.Any()) { mediaResults.Results = mediaResults.Results.Where(e => PathContainsAStartNode(e.Path, startNodes.Media)); } } catch (Exception ex) { LogHelper.Error <WebApiHandler>("Could not remove inaccessible nodes from search results.", ex); } return response; } )); }
private Task <HttpResponseMessage> RemoveInaccessibleNodesFromContentSearchResults(HttpRequestMessage request, CancellationToken cancellationToken) { if (!request.RequestUri.Query.ToLower().Contains("type=document")) { return(base.SendAsync(request, cancellationToken)); } IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser; int[] startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id).Content; if (user.UserType.Alias == "admin" || startNodes == null) { return(base.SendAsync(request, cancellationToken)); } return(base.SendAsync(request, cancellationToken) .ContinueWith(task => { HttpResponseMessage response = task.Result; if (!response.IsSuccessStatusCode) { return response; } try { HttpContent data = response.Content; ObjectContent dataContent = ((ObjectContent)(data)); IEnumerable <EntityBasic> entities = dataContent.Value as IEnumerable <EntityBasic>; entities = entities.Where(e => PathContainsAStartNode(e.Path, startNodes)); dataContent.Value = entities; } catch (Exception ex) { LogHelper.Error <WebApiHandler>("Could not remove inaccessible nodes from search results.", ex); } return response; } )); }
private Task <HttpResponseMessage> HandleRootChildFolders(HttpRequestMessage request, CancellationToken cancellationToken) { if (request.RequestUri.Query.Contains("id=-1")) { IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser; ApplicationContext appContext = ContextHelpers.EnsureApplicationContext(); int[] startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id, appContext, appContext.DatabaseContext).Media; if (user.UserType.Alias == "admin" || startNodes == null) { return(base.SendAsync(request, cancellationToken)); } return(base.SendAsync(request, cancellationToken) .ContinueWith(task => { HttpResponseMessage response = task.Result; if (!response.IsSuccessStatusCode) { return response; } try { HttpContent data = response.Content; ObjectContent dataContent = ((ObjectContent)(data)); IEnumerable <int> folderTypes = appContext.Services.ContentTypeService.GetAllMediaTypes().ToArray().Where(x => x.Alias.EndsWith("Folder")).Select(x => x.Id); IMedia[] children = appContext.Services.MediaService.GetByIds(startNodes).ToArray(); dataContent.Value = children.Where(x => folderTypes.Contains(x.ContentTypeId)).Select(Mapper.Map <IMedia, ContentItemBasic <ContentPropertyBasic, IMedia> >); } catch (Exception ex) { LogHelper.Error <WebApiHandler>("Could not replace start nodes.", ex); } return response; } )); } return(base.SendAsync(request, cancellationToken)); }
private Task <HttpResponseMessage> RemoveInacessibleContentNodesFromPath(HttpRequestMessage request, CancellationToken cancellationToken) { IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser; int[] startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id).Content; if (user.UserType.Alias == "admin" || startNodes == null) { return(base.SendAsync(request, cancellationToken)); } return(base.SendAsync(request, cancellationToken) .ContinueWith(task => { HttpResponseMessage response = task.Result; if (!response.IsSuccessStatusCode) { return response; } try { HttpContent data = response.Content; ContentItemDisplay content = ((ObjectContent)(data)).Value as ContentItemDisplay; if (!PathContainsAStartNode(content.Path, startNodes)) { response.StatusCode = HttpStatusCode.Forbidden; // prevent users from editing a node they shouldn't } content.Path = RemoveStartNodeAncestors(content.Path, startNodes); } catch (Exception ex) { LogHelper.Error <WebApiHandler>("Could not update path.", ex); } return response; } )); }
private Task <HttpResponseMessage> RemoveInacessibleNodesFromPathPostMoveAndCopy(HttpRequestMessage request, CancellationToken cancellationToken) { ApplicationContext appContext = ContextHelpers.EnsureApplicationContext(); IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser; int[] startNodes; if (request.RequestUri.AbsolutePath.ToLower().Contains("/content/")) { startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id, appContext, appContext.DatabaseContext).Content; } else if (request.RequestUri.AbsolutePath.ToLower().Contains("/media/")) { startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id, appContext, appContext.DatabaseContext).Media; } else { return(base.SendAsync(request, cancellationToken)); } if (user.UserType.Alias == "admin" || startNodes == null) { return(base.SendAsync(request, cancellationToken)); } //// prevent moving/copying into inaccessible locations // do some hackery to read the post data more than once - http://stackoverflow.com/questions/12007689/cannot-read-body-data-from-web-api-post MediaTypeHeaderValue contentType = request.Content.Headers.ContentType; MoveOrCopy postModel = request.Content.ReadAsAsync <MoveOrCopy>().Result; string contentInString = JsonConvert.SerializeObject(postModel); request.Content = new StringContent(contentInString); request.Content.Headers.ContentType = contentType; IUmbracoEntity parent = appContext.Services.EntityService.Get(postModel.ParentId); if (!PathContainsAStartNode(parent.Path, startNodes)) { // take error notification from https://github.com/umbraco/Umbraco-CMS/blob/a2a4ad39476f4a18c8fe2c04d42f6fa635551b63/src/Umbraco.Web/Editors/MediaController.cs#L656 SimpleNotificationModel notificationModel = new SimpleNotificationModel(); notificationModel.AddErrorNotification(appContext.Services.TextService.Localize("moveOrCopy/notValid", CultureInfo.CurrentCulture), ""); throw new HttpResponseException(request.CreateValidationErrorResponse(notificationModel)); } else { // perform default request return(base.SendAsync(request, cancellationToken) .ContinueWith(task => { HttpResponseMessage response = task.Result; if (!response.IsSuccessStatusCode) { return response; } try { string path = response.Content.ReadAsStringAsync().Result; path = RemoveStartNodeAncestors(path, startNodes); response.Content = new StringContent(path, Encoding.UTF8, "application/json"); } catch (Exception ex) { LogHelper.Error <WebApiHandler>("Could not update path.", ex); } return response; } )); } }
private Task <HttpResponseMessage> RemoveInaccessibleAncestorsFromBreadcrumbs(HttpRequestMessage request, CancellationToken cancellationToken) { IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser; int[] startNodes; if (request.RequestUri.Query.Contains("type=document")) { startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id).Content; } else if (request.RequestUri.Query.Contains("type=media")) { startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id).Media; } else { return(base.SendAsync(request, cancellationToken)); } if (user.UserType.Alias == "admin" || startNodes == null) { return(base.SendAsync(request, cancellationToken)); } return(base.SendAsync(request, cancellationToken) .ContinueWith(task => { HttpResponseMessage response = task.Result; if (!response.IsSuccessStatusCode) { return response; } try { HttpContent data = response.Content; ObjectContent dataContent = ((ObjectContent)(data)); IEnumerable <EntityBasic> entities = dataContent.Value as IEnumerable <EntityBasic>; List <EntityBasic> entitiesList = entities.ToList(); if (Settings.LimitPickersToStartNodes) { entitiesList = entitiesList.Where(e => PathContainsAStartNode(e.Path, startNodes)).ToList(); } else { foreach (EntityBasic e in entitiesList) { e.AdditionalData.Add("Hidden", !PathContainsAStartNode(e.Path, startNodes)); } } dataContent.Value = entitiesList; } catch (Exception ex) { LogHelper.Error <WebApiHandler>("Could not remove ancestors from path.", ex); } return response; } )); }