Merge branch 'refs/heads/v14/dev' into release/14.0

Author: iOvergaard

src/Umbraco.Cms.Api.Management/Controllers/UserGroup/ByKeyUserGroupController.cs

@@ -3,7 +3,6 @@
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Umbraco.Cms.Api.Management.Factories;
-using Umbraco.Cms.Api.Management.Security.Authorization.UserGroup;
 using Umbraco.Cms.Api.Management.ViewModels.UserGroup;
 using Umbraco.Cms.Core.Models.Membership;
 using Umbraco.Cms.Core.Security.Authorization;

src/Umbraco.Cms.Api.Management/Controllers/UserGroup/UserGroupControllerBase.cs

@@ -29,11 +29,15 @@ protected IActionResult UserGroupOperationStatusResult(UserGroupOperationStatus
                 .WithTitle("Duplicate alias")
                 .WithDetail("A user group already exists with the attempted alias.")
                 .Build()),
+            UserGroupOperationStatus.CanNotUpdateAliasIsSystemUserGroup => BadRequest(problemDetailsBuilder
+                .WithTitle("System user group")
+                .WithDetail("Changing the alias is not allowed on a system user group.")
+                .Build()),
             UserGroupOperationStatus.MissingUser => Unauthorized(problemDetailsBuilder
                 .WithTitle("Missing user")
                 .WithDetail("A performing user was not found when attempting the operation.")
                 .Build()),
-            UserGroupOperationStatus.IsSystemUserGroup => BadRequest(problemDetailsBuilder
+            UserGroupOperationStatus.CanNotDeleteIsSystemUserGroup => BadRequest(problemDetailsBuilder
                 .WithTitle("System user group")
                 .WithDetail("The operation is not allowed on a system user group.")
                 .Build()),

src/Umbraco.Cms.Api.Management/Controllers/Webhook/CreateWebhookController.cs

@@ -2,9 +2,9 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
+using Umbraco.Cms.Api.Management.Factories;
 using Umbraco.Cms.Api.Management.ViewModels.Webhook;
 using Umbraco.Cms.Core;
-using Umbraco.Cms.Core.Mapping;
 using Umbraco.Cms.Core.Models;
 using Umbraco.Cms.Core.Services;
 using Umbraco.Cms.Core.Services.OperationStatus;
@@ -17,13 +17,13 @@ namespace Umbraco.Cms.Api.Management.Controllers.Webhook;
 public class CreateWebhookController : WebhookControllerBase
 {
     private readonly IWebhookService _webhookService;
-    private readonly IUmbracoMapper _umbracoMapper;
+    private readonly IWebhookPresentationFactory _webhookPresentationFactory;
 
     public CreateWebhookController(
-        IWebhookService webhookService, IUmbracoMapper umbracoMapper)
+        IWebhookService webhookService, IWebhookPresentationFactory webhookPresentationFactory)
     {
         _webhookService = webhookService;
-        _umbracoMapper = umbracoMapper;
+        _webhookPresentationFactory = webhookPresentationFactory;
     }
 
     [HttpPost]
@@ -35,7 +35,7 @@ public async Task<IActionResult> Create(
         CancellationToken cancellationToken,
         CreateWebhookRequestModel createWebhookRequestModel)
     {
-        IWebhook created = _umbracoMapper.Map<IWebhook>(createWebhookRequestModel)!;
+        IWebhook created = _webhookPresentationFactory.CreateWebhook(createWebhookRequestModel);
 
         Attempt<IWebhook, WebhookOperationStatus> result = await _webhookService.CreateAsync(created);
 

src/Umbraco.Cms.Api.Management/Controllers/Webhook/DeleteWebhookController.cs

@@ -24,7 +24,7 @@ public DeleteWebhookController(IWebhookService webhookService, IBackOfficeSecuri
         _backOfficeSecurityAccessor = backOfficeSecurityAccessor;
     }
 
-    [HttpDelete($"{{{nameof(id)}}}")]
+    [HttpDelete("{id:guid}")]
     [MapToApiVersion("1.0")]
     [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status400BadRequest)]
     [ProducesResponseType(typeof(ProblemDetails), StatusCodes.Status404NotFound)]

src/Umbraco.Cms.Api.Management/Controllers/Webhook/UpdateWebhookController.cs

@@ -2,14 +2,12 @@
 using Microsoft.AspNetCore.Authorization;
 using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
+using Umbraco.Cms.Api.Management.Factories;
 using Umbraco.Cms.Api.Management.ViewModels.Webhook;
 using Umbraco.Cms.Core;
-using Umbraco.Cms.Core.Mapping;
 using Umbraco.Cms.Core.Models;
-using Umbraco.Cms.Core.Security;
 using Umbraco.Cms.Core.Services;
 using Umbraco.Cms.Core.Services.OperationStatus;
-using Umbraco.Cms.Core.Webhooks;
 using Umbraco.Cms.Web.Common.Authorization;
 
 namespace Umbraco.Cms.Api.Management.Controllers.Webhook;
@@ -19,14 +17,14 @@ namespace Umbraco.Cms.Api.Management.Controllers.Webhook;
 public class UpdateWebhookController : WebhookControllerBase
 {
     private readonly IWebhookService _webhookService;
-    private readonly IUmbracoMapper _umbracoMapper;
+    private readonly IWebhookPresentationFactory _webhookPresentationFactory;
+
 
     public UpdateWebhookController(
-        IWebhookService webhookService,
-        IUmbracoMapper umbracoMapper)
+        IWebhookService webhookService, IWebhookPresentationFactory webhookPresentationFactory)
     {
         _webhookService = webhookService;
-        _umbracoMapper = umbracoMapper;
+        _webhookPresentationFactory = webhookPresentationFactory;
     }
 
     [HttpPut("{id:guid}")]
@@ -45,7 +43,7 @@ public async Task<IActionResult> Update(
             return WebhookNotFound();
         }
 
-        IWebhook updated = _umbracoMapper.Map(updateWebhookRequestModel, current);
+        IWebhook updated = _webhookPresentationFactory.CreateWebhook(updateWebhookRequestModel, id);
 
         Attempt<IWebhook, WebhookOperationStatus> result = await _webhookService.UpdateAsync(updated);
 

src/Umbraco.Cms.Api.Management/Factories/IWebhookPresentationFactory.cs

@@ -10,5 +10,5 @@ public interface IWebhookPresentationFactory
 
     IWebhook CreateWebhook(CreateWebhookRequestModel webhookRequestModel);
 
-    IWebhook CreateWebhook(UpdateWebhookRequestModel webhookRequestModel);
+    IWebhook CreateWebhook(UpdateWebhookRequestModel webhookRequestModel, Guid existingWebhookKey);
 }

src/Umbraco.Cms.Api.Management/Factories/UserGroupPresentationFactory.cs

@@ -51,8 +51,9 @@ public async Task<UserGroupResponseModel> CreateAsync(IUserGroup userGroup)
 
         return new UserGroupResponseModel
         {
-            Name = userGroup.Name ?? string.Empty,
             Id = userGroup.Key,
+            Name = userGroup.Name ?? string.Empty,
+            Alias = userGroup.Alias,
             DocumentStartNode = ReferenceByIdModel.ReferenceOrNull(contentStartNodeKey),
             DocumentRootAccess = contentRootAccess,
             MediaStartNode = ReferenceByIdModel.ReferenceOrNull(mediaStartNodeKey),
@@ -63,7 +64,8 @@ public async Task<UserGroupResponseModel> CreateAsync(IUserGroup userGroup)
             FallbackPermissions = userGroup.Permissions,
             Permissions = await _permissionPresentationFactory.CreateAsync(userGroup.GranularPermissions),
             Sections = userGroup.AllowedSections.Select(SectionMapper.GetName),
-            IsSystemGroup = userGroup.IsSystemUserGroup()
+            IsDeletable = !userGroup.IsSystemUserGroup(),
+            AliasCanBeChanged = !userGroup.IsSystemUserGroup(),
         };
     }
 
@@ -83,8 +85,9 @@ public async Task<UserGroupResponseModel> CreateAsync(IReadOnlyUserGroup userGro
 
         return new UserGroupResponseModel
         {
-            Name = userGroup.Name ?? string.Empty,
             Id = userGroup.Key,
+            Name = userGroup.Name ?? string.Empty,
+            Alias = userGroup.Alias,
             DocumentStartNode = ReferenceByIdModel.ReferenceOrNull(contentStartNodeKey),
             MediaStartNode = ReferenceByIdModel.ReferenceOrNull(mediaStartNodeKey),
             Icon = userGroup.Icon,
@@ -93,6 +96,8 @@ public async Task<UserGroupResponseModel> CreateAsync(IReadOnlyUserGroup userGro
             FallbackPermissions = userGroup.Permissions,
             Permissions = await _permissionPresentationFactory.CreateAsync(userGroup.GranularPermissions),
             Sections = userGroup.AllowedSections.Select(SectionMapper.GetName),
+            IsDeletable = !userGroup.IsSystemUserGroup(),
+            AliasCanBeChanged = !userGroup.IsSystemUserGroup(),
         };
     }
 
@@ -107,6 +112,7 @@ public async Task<IEnumerable<UserGroupResponseModel>> CreateMultipleAsync(IEnum
 
         return userGroupViewModels;
     }
+
     /// <inheritdoc />
     public async Task<IEnumerable<UserGroupResponseModel>> CreateMultipleAsync(IEnumerable<IReadOnlyUserGroup> userGroups)
     {
@@ -122,18 +128,21 @@ public async Task<IEnumerable<UserGroupResponseModel>> CreateMultipleAsync(IEnum
     /// <inheritdoc />
     public async Task<Attempt<IUserGroup, UserGroupOperationStatus>> CreateAsync(CreateUserGroupRequestModel requestModel)
     {
-        var cleanedName = requestModel.Name.CleanForXss('[', ']', '(', ')', ':');
-
         var group = new UserGroup(_shortStringHelper)
         {
-            Name = cleanedName,
-            Alias = cleanedName,
+            Name = CleanUserGroupNameOrAliasForXss(requestModel.Name),
+            Alias = CleanUserGroupNameOrAliasForXss(requestModel.Alias),
             Icon = requestModel.Icon,
             HasAccessToAllLanguages = requestModel.HasAccessToAllLanguages,
             Permissions = requestModel.FallbackPermissions,
-            GranularPermissions = await _permissionPresentationFactory.CreatePermissionSetsAsync(requestModel.Permissions)
+            GranularPermissions = await _permissionPresentationFactory.CreatePermissionSetsAsync(requestModel.Permissions),
         };
 
+        if (requestModel.Id.HasValue)
+        {
+            group.Key = requestModel.Id.Value;
+        }
+
         Attempt<UserGroupOperationStatus> assignmentAttempt = AssignStartNodesToUserGroup(requestModel, group);
         if (assignmentAttempt.Success is false)
         {
@@ -186,7 +195,8 @@ public async Task<Attempt<IUserGroup, UserGroupOperationStatus>> UpdateAsync(IUs
             current.AddAllowedSection(SectionMapper.GetAlias(sectionName));
         }
 
-        current.Name = request.Name.CleanForXss('[', ']', '(', ')', ':');
+        current.Name = CleanUserGroupNameOrAliasForXss(request.Name);
+        current.Alias = CleanUserGroupNameOrAliasForXss(request.Alias);
         current.Icon = request.Icon;
         current.HasAccessToAllLanguages = request.HasAccessToAllLanguages;
 
@@ -196,6 +206,9 @@ public async Task<Attempt<IUserGroup, UserGroupOperationStatus>> UpdateAsync(IUs
         return Attempt.SucceedWithStatus(UserGroupOperationStatus.Success, current);
     }
 
+    private static string CleanUserGroupNameOrAliasForXss(string input)
+        => input.CleanForXss('[', ']', '(', ')', ':');
+
     private async Task<Attempt<IEnumerable<string>, UserGroupOperationStatus>> MapLanguageIdsToIsoCodeAsync(IEnumerable<int> ids)
     {
         IEnumerable<ILanguage> languages = await _languageService.GetAllAsync();

src/Umbraco.Cms.Api.Management/Factories/UserPresentationFactory.cs

@@ -3,6 +3,7 @@
 using Umbraco.Cms.Api.Management.Security;
 using Umbraco.Cms.Api.Management.ViewModels.User;
 using Umbraco.Cms.Api.Management.ViewModels.User.Current;
+using Umbraco.Cms.Core;
 using Umbraco.Cms.Api.Management.ViewModels.User.Item;
 using Umbraco.Cms.Core.Cache;
 using Umbraco.Cms.Core.Configuration.Models;
@@ -70,7 +71,9 @@ public UserResponseModel CreateResponseModel(IUser user)
             State = user.UserState,
             UserGroupIds = new HashSet<Guid>(user.Groups.Select(x => x.Key)),
             DocumentStartNodeIds = GetKeysFromIds(user.StartContentIds, UmbracoObjectTypes.Document),
+            HasDocumentRootAccess = HasRootAccess(user.StartContentIds),
             MediaStartNodeIds = GetKeysFromIds(user.StartMediaIds, UmbracoObjectTypes.Media),
+            HasMediaRootAccess = HasRootAccess(user.StartMediaIds),
             FailedLoginAttempts = user.FailedPasswordAttempts,
             LastLoginDate = user.LastLoginDate,
             LastLockoutDate = user.LastLockoutDate,
@@ -159,7 +162,9 @@ public async Task<UserUpdateModel> CreateUpdateModelAsync(Guid existingUserKey,
             UserName = updateModel.UserName,
             LanguageIsoCode = updateModel.LanguageIsoCode,
             ContentStartNodeKeys = updateModel.DocumentStartNodeIds,
+            HasContentRootAccess = updateModel.HasDocumentRootAccess,
             MediaStartNodeKeys = updateModel.MediaStartNodeIds,
+            HasMediaRootAccess = updateModel.HasMediaRootAccess
         };
 
         model.UserGroupKeys = updateModel.UserGroupIds;
@@ -172,8 +177,10 @@ public async Task<CurrentUserResponseModel> CreateCurrentUserResponseModelAsync(
         var presentationUser = CreateResponseModel(user);
         var presentationGroups = await _userGroupPresentationFactory.CreateMultipleAsync(user.Groups);
         var languages = presentationGroups.SelectMany(x => x.Languages).Distinct().ToArray();
-        var mediaStartNodeKeys = GetKeysFromIds(user.CalculateMediaStartNodeIds(_entityService, _appCaches), UmbracoObjectTypes.Media);
-        var documentStartNodeKeys = GetKeysFromIds(user.CalculateContentStartNodeIds(_entityService, _appCaches), UmbracoObjectTypes.Document);
+        var mediaStartNodeIds = user.CalculateMediaStartNodeIds(_entityService, _appCaches);
+        var mediaStartNodeKeys = GetKeysFromIds(mediaStartNodeIds, UmbracoObjectTypes.Media);
+        var contentStartNodeIds = user.CalculateContentStartNodeIds(_entityService, _appCaches);
+        var documentStartNodeKeys = GetKeysFromIds(contentStartNodeIds, UmbracoObjectTypes.Document);
 
         var permissions = presentationGroups.SelectMany(x => x.Permissions).ToHashSet();
         var fallbackPermissions = presentationGroups.SelectMany(x => x.FallbackPermissions).ToHashSet();
@@ -192,7 +199,9 @@ public async Task<CurrentUserResponseModel> CreateCurrentUserResponseModelAsync(
             AvatarUrls = presentationUser.AvatarUrls,
             LanguageIsoCode = presentationUser.LanguageIsoCode,
             MediaStartNodeIds = mediaStartNodeKeys,
+            HasMediaRootAccess = HasRootAccess(mediaStartNodeIds),
             DocumentStartNodeIds = documentStartNodeKeys,
+            HasDocumentRootAccess = HasRootAccess(contentStartNodeIds),
             Permissions = permissions,
             FallbackPermissions = fallbackPermissions,
             HasAccessToAllLanguages = hasAccessToAllLanguages,
@@ -214,5 +223,6 @@ private ISet<Guid> GetKeysFromIds(IEnumerable<int>? ids, UmbracoObjectTypes type
             : new HashSet<Guid>(keys);
     }
 
-
+    private bool HasRootAccess(IEnumerable<int>? startNodeIds)
+        => startNodeIds?.Contains(Constants.System.Root) is true;
 }

src/Umbraco.Cms.Api.Management/Factories/WebhookPresentationFactory.cs

@@ -28,13 +28,19 @@ public WebhookResponseModel CreateResponseModel(IWebhook webhook)
 
     public IWebhook CreateWebhook(CreateWebhookRequestModel webhookRequestModel)
     {
-        var target = new Webhook(webhookRequestModel.Url, webhookRequestModel.Enabled, webhookRequestModel.ContentTypeKeys, webhookRequestModel.Events, webhookRequestModel.Headers);
+        var target = new Webhook(webhookRequestModel.Url, webhookRequestModel.Enabled, webhookRequestModel.ContentTypeKeys, webhookRequestModel.Events, webhookRequestModel.Headers)
+        {
+            Key = webhookRequestModel.Id ?? Guid.NewGuid(),
+        };
         return target;
     }
 
-    public IWebhook CreateWebhook(UpdateWebhookRequestModel webhookRequestModel)
+    public IWebhook CreateWebhook(UpdateWebhookRequestModel webhookRequestModel, Guid existingWebhookkey)
     {
-        var target = new Webhook(webhookRequestModel.Url, webhookRequestModel.Enabled, webhookRequestModel.ContentTypeKeys, webhookRequestModel.Events, webhookRequestModel.Headers);
+        var target = new Webhook(webhookRequestModel.Url, webhookRequestModel.Enabled, webhookRequestModel.ContentTypeKeys, webhookRequestModel.Events, webhookRequestModel.Headers)
+        {
+            Key = existingWebhookkey,
+        };
         return target;
     }
 

src/Umbraco.Cms.Api.Management/Filters/RequireTreeRootAccessAttribute.cs

@@ -16,10 +16,6 @@ public override void OnActionExecuting(ActionExecutingContext context)
         IUser? user = backOfficeSecurityAccessor.BackOfficeSecurity?.CurrentUser;
 
         var startNodeIds = user != null ? GetUserStartNodeIds(user, context) : Array.Empty<int>();
-
-        // TODO: remove this once we have backoffice auth in place
-        startNodeIds = new[] { Constants.System.Root };
-
         if (startNodeIds.Contains(Constants.System.Root))
         {
             return;