public static void ValidateMediaUploadAccess(int userId, IMediaService sender, Umbraco.Core.Events.SaveEventArgs <Umbraco.Core.Models.IMedia> e)
{
IMedia firstItem = e.SavedEntities.FirstOrDefault();
if (firstItem.HasIdentity)
{
return;
}
int[] startNodes = StartNodeRepository.GetCachedStartNodesByUserId(userId).Media;
if (startNodes == null || firstItem.Path == null)
{
return;
}
if (!PathContainsAStartNode(firstItem.Path, startNodes))
{
e.CanCancel = true;
e.CancelOperation(new Umbraco.Core.Events.EventMessage("Permission Denied", "You do not have permission to upload files to this folder."));
foreach (var m in e.SavedEntities)
{
sender.Delete(m);
}
}
}
public UserStartNodes GetById(int userId)
{
StartNodeCollection startNodes = StartNodeRepository.GetCachedStartNodesByUserId(userId, ApplicationContext, DatabaseContext);
UserStartNodes userStartNodes = new UserStartNodes();
userStartNodes.UserId = userId;
userStartNodes.Content = (startNodes.Content != null) ? string.Join(",", startNodes.Content) : "";
userStartNodes.Media = (startNodes.Media != null) ? string.Join(",", startNodes.Media) : "";
return(userStartNodes);
}
public static void RenderContentStartNodes(int userId, TreeControllerBase sender, TreeNodesRenderingEventArgs e)
{
StartNodeCollection startNodes = StartNodeRepository.GetCachedStartNodesByUserId(userId, sender.ApplicationContext, sender.DatabaseContext);
if (startNodes.Content == null)
{
return;
}
if (startNodes.Content.Any())
{
// Remove default start nodes
e.Nodes.Clear();
IEnumerable <IUmbracoEntity> startNodesEntities = sender.Services.EntityService.GetAll(Umbraco.Core.Models.UmbracoObjectTypes.Document, startNodes.Content);
// Feels like a lot of duct tape. A lot taken from:
// https://github.com/umbraco/Umbraco-CMS/blob/5397f2c53acbdeb0805e1fe39fda938f571d295a/src/Umbraco.Web/Trees/ContentTreeController.cs#L75
foreach (IUmbracoEntity startNodeEntity in startNodesEntities)
{
UmbracoEntity entity = (UmbracoEntity)startNodeEntity;
// Not as safe as the approach in core
// https://github.com/umbraco/Umbraco-CMS/blob/5397f2c53acbdeb0805e1fe39fda938f571d295a/src/Umbraco.Core/Models/UmbracoEntityExtensions.cs#L34
bool isContainer = (entity.AdditionalData.ContainsKey("IsContainer") && entity.AdditionalData["IsContainer"].ToString() == "True");
TreeNode node = sender.CreateTreeNode(
startNodeEntity.Id.ToInvariantString(),
"-1",
e.QueryStrings,
startNodeEntity.Name,
entity.ContentTypeIcon,
entity.HasChildren && (isContainer == false)
);
AddQueryStringsToAdditionalData(node, e.QueryStrings);
if (e.QueryStrings.Get("isDialog") == "true")
{
node.RoutePath = "#";
}
// TODO: How should we order nodes?
e.Nodes.Add(node);
}
}
}
private Task <HttpResponseMessage> HandleListViewStartNodes(HttpRequestMessage request, CancellationToken cancellationToken)
{
// do at root in the media section or in the picker when it should be limited
if (request.RequestUri.Query.Contains("id=-1") && (request.RequestUri.Query.Contains("pageNumber=1") || Settings.LimitPickersToStartNodes))
{
IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser;
ApplicationContext appContext = ContextHelpers.EnsureApplicationContext();
int[] startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id, appContext, appContext.DatabaseContext).Media;
if (user.UserType.Alias == "admin" || startNodes == null)
{
return(base.SendAsync(request, cancellationToken));
}
return(base.SendAsync(request, cancellationToken)
.ContinueWith(task =>
{
HttpResponseMessage response = task.Result;
if (!response.IsSuccessStatusCode)
{
return response;
}
try
{
HttpContent data = response.Content;
ObjectContent dataContent = ((ObjectContent)(data));
int itemCount = startNodes.Length;
IMedia[] startIMedia = appContext.Services.MediaService.GetByIds(startNodes).ToArray();
var pagedResult = new PagedResult <ContentItemBasic <ContentPropertyBasic, IMedia> >(itemCount, 1, itemCount);
pagedResult.Items = startIMedia
.Select(Mapper.Map <IMedia, ContentItemBasic <ContentPropertyBasic, IMedia> >);
dataContent.Value = pagedResult;
}
catch (Exception ex)
{
LogHelper.Error <WebApiHandler>("Could not replace start nodes.", ex);
}
return response;
}
));
}
return(base.SendAsync(request, cancellationToken));
}
private Task <HttpResponseMessage> RemoveInaccessibleNodesFromSearchResults(HttpRequestMessage request, CancellationToken cancellationToken)
{
IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser;
StartNodeCollection startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id);
if (user.UserType.Alias == "admin")
{
return(base.SendAsync(request, cancellationToken));
}
return(base.SendAsync(request, cancellationToken)
.ContinueWith(task =>
{
HttpResponseMessage response = task.Result;
if (!response.IsSuccessStatusCode)
{
return response;
}
try
{
HttpContent data = response.Content;
ObjectContent dataContent = ((ObjectContent)(data));
IEnumerable <EntityTypeSearchResult> entities = dataContent.Value as IEnumerable <EntityTypeSearchResult>;
EntityTypeSearchResult contentResults = entities.FirstOrDefault(e => e.EntityType == "Document");
EntityTypeSearchResult mediaResults = entities.FirstOrDefault(e => e.EntityType == "Media");
if (startNodes.Content != null && contentResults.Results.Any())
{
contentResults.Results = contentResults.Results.Where(e => PathContainsAStartNode(e.Path, startNodes.Content));
}
if (startNodes.Media != null && mediaResults.Results.Any())
{
mediaResults.Results = mediaResults.Results.Where(e => PathContainsAStartNode(e.Path, startNodes.Media));
}
}
catch (Exception ex)
{
LogHelper.Error <WebApiHandler>("Could not remove inaccessible nodes from search results.", ex);
}
return response;
}
));
}
public static void RenderMediaStartNodes(int userId, TreeControllerBase sender, TreeNodesRenderingEventArgs e)
{
StartNodeCollection startNodes = StartNodeRepository.GetCachedStartNodesByUserId(userId, sender.ApplicationContext, sender.DatabaseContext);
if (startNodes.Media == null)
{
return;
}
if (startNodes.Media.Any())
{
// Remove default start nodes
e.Nodes.Clear();
IEnumerable <IUmbracoEntity> startNodesEntities = sender.Services.EntityService.GetAll(Umbraco.Core.Models.UmbracoObjectTypes.Media, startNodes.Media);
foreach (IUmbracoEntity startNodeEntity in startNodesEntities)
{
UmbracoEntity entity = (UmbracoEntity)startNodeEntity;
bool isContainer = (entity.AdditionalData.ContainsKey("IsContainer") && entity.AdditionalData["IsContainer"].ToString() == "True");
TreeNode node = sender.CreateTreeNode(
startNodeEntity.Id.ToInvariantString(),
"-1",
e.QueryStrings,
startNodeEntity.Name,
entity.ContentTypeIcon,
entity.HasChildren && (isContainer == false)
);
node.AdditionalData.Add("contentType", entity.ContentTypeAlias);
if (isContainer)
{
node.SetContainerStyle();
node.AdditionalData.Add("isContainer", true);
}
// TODO: How should we order nodes?
e.Nodes.Add(node);
}
}
}
private Task <HttpResponseMessage> RemoveInaccessibleNodesFromContentSearchResults(HttpRequestMessage request, CancellationToken cancellationToken)
{
if (!request.RequestUri.Query.ToLower().Contains("type=document"))
{
return(base.SendAsync(request, cancellationToken));
}
IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser;
int[] startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id).Content;
if (user.UserType.Alias == "admin" || startNodes == null)
{
return(base.SendAsync(request, cancellationToken));
}
return(base.SendAsync(request, cancellationToken)
.ContinueWith(task =>
{
HttpResponseMessage response = task.Result;
if (!response.IsSuccessStatusCode)
{
return response;
}
try
{
HttpContent data = response.Content;
ObjectContent dataContent = ((ObjectContent)(data));
IEnumerable <EntityBasic> entities = dataContent.Value as IEnumerable <EntityBasic>;
entities = entities.Where(e => PathContainsAStartNode(e.Path, startNodes));
dataContent.Value = entities;
}
catch (Exception ex)
{
LogHelper.Error <WebApiHandler>("Could not remove inaccessible nodes from search results.", ex);
}
return response;
}
));
}
internal static void RestrictContentStartNodeOptions(int userId, TreeControllerBase sender, MenuRenderingEventArgs e, string section)
{
int[] startNodes = null;
if (section == "content")
{
startNodes = StartNodeRepository.GetCachedStartNodesByUserId(userId, sender.ApplicationContext, sender.DatabaseContext).Content;
}
else if (section == "media")
{
startNodes = StartNodeRepository.GetCachedStartNodesByUserId(userId, sender.ApplicationContext, sender.DatabaseContext).Media;
}
if (startNodes == null || !startNodes.Contains(int.Parse(e.NodeId)))
{
return;
}
string[] preventedActionAliases = Settings.RemoveActionsForStartNodes;
e.Menu.Items.RemoveAll(i => preventedActionAliases.Contains(i.Alias));
}
private Task <HttpResponseMessage> HandleRootChildFolders(HttpRequestMessage request, CancellationToken cancellationToken)
{
if (request.RequestUri.Query.Contains("id=-1"))
{
IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser;
ApplicationContext appContext = ContextHelpers.EnsureApplicationContext();
int[] startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id, appContext, appContext.DatabaseContext).Media;
if (user.UserType.Alias == "admin" || startNodes == null)
{
return(base.SendAsync(request, cancellationToken));
}
return(base.SendAsync(request, cancellationToken)
.ContinueWith(task =>
{
HttpResponseMessage response = task.Result;
if (!response.IsSuccessStatusCode)
{
return response;
}
try
{
HttpContent data = response.Content;
ObjectContent dataContent = ((ObjectContent)(data));
IEnumerable <int> folderTypes = appContext.Services.ContentTypeService.GetAllMediaTypes().ToArray().Where(x => x.Alias.EndsWith("Folder")).Select(x => x.Id);
IMedia[] children = appContext.Services.MediaService.GetByIds(startNodes).ToArray();
dataContent.Value = children.Where(x => folderTypes.Contains(x.ContentTypeId)).Select(Mapper.Map <IMedia, ContentItemBasic <ContentPropertyBasic, IMedia> >);
}
catch (Exception ex)
{
LogHelper.Error <WebApiHandler>("Could not replace start nodes.", ex);
}
return response;
}
));
}
return(base.SendAsync(request, cancellationToken));
}
private Task <HttpResponseMessage> RemoveInacessibleContentNodesFromPath(HttpRequestMessage request, CancellationToken cancellationToken)
{
IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser;
int[] startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id).Content;
if (user.UserType.Alias == "admin" || startNodes == null)
{
return(base.SendAsync(request, cancellationToken));
}
return(base.SendAsync(request, cancellationToken)
.ContinueWith(task =>
{
HttpResponseMessage response = task.Result;
if (!response.IsSuccessStatusCode)
{
return response;
}
try
{
HttpContent data = response.Content;
ContentItemDisplay content = ((ObjectContent)(data)).Value as ContentItemDisplay;
if (!PathContainsAStartNode(content.Path, startNodes))
{
response.StatusCode = HttpStatusCode.Forbidden; // prevent users from editing a node they shouldn't
}
content.Path = RemoveStartNodeAncestors(content.Path, startNodes);
}
catch (Exception ex)
{
LogHelper.Error <WebApiHandler>("Could not update path.", ex);
}
return response;
}
));
}
private Task <HttpResponseMessage> RemoveInacessibleNodesFromPathPostMoveAndCopy(HttpRequestMessage request, CancellationToken cancellationToken)
{
ApplicationContext appContext = ContextHelpers.EnsureApplicationContext();
IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser;
int[] startNodes;
if (request.RequestUri.AbsolutePath.ToLower().Contains("/content/"))
{
startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id, appContext, appContext.DatabaseContext).Content;
}
else if (request.RequestUri.AbsolutePath.ToLower().Contains("/media/"))
{
startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id, appContext, appContext.DatabaseContext).Media;
}
else
{
return(base.SendAsync(request, cancellationToken));
}
if (user.UserType.Alias == "admin" || startNodes == null)
{
return(base.SendAsync(request, cancellationToken));
}
//// prevent moving/copying into inaccessible locations
// do some hackery to read the post data more than once - http://stackoverflow.com/questions/12007689/cannot-read-body-data-from-web-api-post
MediaTypeHeaderValue contentType = request.Content.Headers.ContentType;
MoveOrCopy postModel = request.Content.ReadAsAsync <MoveOrCopy>().Result;
string contentInString = JsonConvert.SerializeObject(postModel);
request.Content = new StringContent(contentInString);
request.Content.Headers.ContentType = contentType;
IUmbracoEntity parent = appContext.Services.EntityService.Get(postModel.ParentId);
if (!PathContainsAStartNode(parent.Path, startNodes))
{
// take error notification from https://github.com/umbraco/Umbraco-CMS/blob/a2a4ad39476f4a18c8fe2c04d42f6fa635551b63/src/Umbraco.Web/Editors/MediaController.cs#L656
SimpleNotificationModel notificationModel = new SimpleNotificationModel();
notificationModel.AddErrorNotification(appContext.Services.TextService.Localize("moveOrCopy/notValid", CultureInfo.CurrentCulture), "");
throw new HttpResponseException(request.CreateValidationErrorResponse(notificationModel));
}
else
{
// perform default request
return(base.SendAsync(request, cancellationToken)
.ContinueWith(task =>
{
HttpResponseMessage response = task.Result;
if (!response.IsSuccessStatusCode)
{
return response;
}
try
{
string path = response.Content.ReadAsStringAsync().Result;
path = RemoveStartNodeAncestors(path, startNodes);
response.Content = new StringContent(path, Encoding.UTF8, "application/json");
}
catch (Exception ex)
{
LogHelper.Error <WebApiHandler>("Could not update path.", ex);
}
return response;
}
));
}
}
private Task <HttpResponseMessage> RemoveInaccessibleAncestorsFromBreadcrumbs(HttpRequestMessage request, CancellationToken cancellationToken)
{
IUser user = ContextHelpers.EnsureUmbracoContext().Security.CurrentUser;
int[] startNodes;
if (request.RequestUri.Query.Contains("type=document"))
{
startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id).Content;
}
else if (request.RequestUri.Query.Contains("type=media"))
{
startNodes = StartNodeRepository.GetCachedStartNodesByUserId(user.Id).Media;
}
else
{
return(base.SendAsync(request, cancellationToken));
}
if (user.UserType.Alias == "admin" || startNodes == null)
{
return(base.SendAsync(request, cancellationToken));
}
return(base.SendAsync(request, cancellationToken)
.ContinueWith(task =>
{
HttpResponseMessage response = task.Result;
if (!response.IsSuccessStatusCode)
{
return response;
}
try
{
HttpContent data = response.Content;
ObjectContent dataContent = ((ObjectContent)(data));
IEnumerable <EntityBasic> entities = dataContent.Value as IEnumerable <EntityBasic>;
List <EntityBasic> entitiesList = entities.ToList();
if (Settings.LimitPickersToStartNodes)
{
entitiesList = entitiesList.Where(e => PathContainsAStartNode(e.Path, startNodes)).ToList();
}
else
{
foreach (EntityBasic e in entitiesList)
{
e.AdditionalData.Add("Hidden", !PathContainsAStartNode(e.Path, startNodes));
}
}
dataContent.Value = entitiesList;
}
catch (Exception ex)
{
LogHelper.Error <WebApiHandler>("Could not remove ancestors from path.", ex);
}
return response;
}
));
}
public UserStartNodes Save(UserStartNodes userStartNodes)
{
StartNodeRepository.Save(userStartNodes, ApplicationContext, DatabaseContext);
return(userStartNodes);
}
