Skip to content

Commit

Permalink
Moved endpoint to new controller to avoid issue with too hard access …
Browse files Browse the repository at this point in the history
…requirements (#11264)

* Fixed #11258

Moved endpoint and obsoleted the old one to avoid breaking changes..
The issue is the auth policies cannot be overridden.. You need all of them, and the controller requires you to have access to member types

* Update src/Umbraco.Web.BackOffice/Controllers/MemberTypeQueryController.cs

Co-authored-by: Nikolaj Geisle <[email protected]>

Co-authored-by: Nikolaj Geisle <[email protected]>
  • Loading branch information
bergmania and Zeegaan authored Oct 6, 2021
1 parent d311cc3 commit 114ab93
Show file tree
Hide file tree
Showing 4 changed files with 49 additions and 2 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -279,6 +279,10 @@ internal async Task<Dictionary<string, object>> GetServerVariablesAsync()
"memberTypeApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl<MemberTypeController>(
controller => controller.GetAllTypes())
},
{
"memberTypeQueryApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl<MemberTypeQueryController>(
controller => controller.GetAllTypes())
},
{
"memberGroupApiBaseUrl", _linkGenerator.GetUmbracoApiServiceBaseUrl<MemberGroupController>(
controller => controller.GetAllGroups())
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -182,6 +182,7 @@ public MemberTypeDisplay GetEmpty()
/// <summary>
/// Returns all member types
/// </summary>
[Obsolete("Use MemberTypeQueryController.GetAllTypes instead as it only requires AuthorizationPolicies.TreeAccessMembersOrMemberTypes and not both this and AuthorizationPolicies.TreeAccessMemberTypes")]
[Authorize(Policy = AuthorizationPolicies.TreeAccessMembersOrMemberTypes)]
public IEnumerable<ContentTypeBasic> GetAllTypes()
{
Expand Down
Original file line number Diff line number Diff line change
@@ -0,0 +1,42 @@
using System;
using System.Collections.Generic;
using System.Linq;
using Microsoft.AspNetCore.Authorization;
using Umbraco.Cms.Core.Mapping;
using Umbraco.Cms.Core.Models;
using Umbraco.Cms.Core.Models.ContentEditing;
using Umbraco.Cms.Core.Services;
using Umbraco.Cms.Web.Common.Attributes;
using Umbraco.Cms.Web.Common.Authorization;
using Constants = Umbraco.Cms.Core.Constants;

namespace Umbraco.Cms.Web.BackOffice.Controllers
{
/// <summary>
/// An API controller used for dealing with member types
/// </summary>
[PluginController(Constants.Web.Mvc.BackOfficeApiArea)]
[Authorize(Policy = AuthorizationPolicies.TreeAccessMembersOrMemberTypes)]
public class MemberTypeQueryController : BackOfficeNotificationsController
{
private readonly IMemberTypeService _memberTypeService;
private readonly IUmbracoMapper _umbracoMapper;


public MemberTypeQueryController(
IMemberTypeService memberTypeService,
IUmbracoMapper umbracoMapper)
{
_memberTypeService = memberTypeService ?? throw new ArgumentNullException(nameof(memberTypeService));
_umbracoMapper = umbracoMapper ?? throw new ArgumentNullException(nameof(umbracoMapper));
}

/// <summary>
/// Returns all member types
/// </summary>
public IEnumerable<ContentTypeBasic> GetAllTypes() =>
_memberTypeService.GetAll()
.Select(_umbracoMapper.Map<IMemberType, ContentTypeBasic>);

}
}
Original file line number Diff line number Diff line change
Expand Up @@ -46,10 +46,10 @@ function memberTypeResource($q, $http, umbRequestHelper, umbDataFormatter, local
return umbRequestHelper.resourcePromise(
$http.get(
umbRequestHelper.getApiUrl(
"memberTypeApiBaseUrl",
"memberTypeQueryApiBaseUrl",
"GetAllTypes")),
'Failed to retrieve data for member types id');
},
},

getById: function (id) {

Expand Down

0 comments on commit 114ab93

Please sign in to comment.