Merge pull request umbraco#124 from AndyButland/wip-u4-2759

nul800sebastiaan · nul800sebastiaan · commit 7765acb130ea · 2013-09-01T17:23:53.000+02:00
U4-2759 - member authorise attribute was not restricting for group
diff --git a/src/Umbraco.Web/Security/WebSecurity.cs b/src/Umbraco.Web/Security/WebSecurity.cs
@@ -70,15 +70,15 @@ public bool IsMemberAuthorized(
                 var allowGroupsList = allowGroups as IList<string> ?? allowGroups.ToList();
                 if (allowAction && allowGroupsList.Any(allowGroup => allowGroup != string.Empty))
                 {
-                    // Allow only if member's type is in list
+                    // Allow only if member is assigned to a group in the list
                     var groups = Roles.GetRolesForUser(member.LoginName);
-                    allowAction = groups.Select(s => s.ToLowerInvariant()).Intersect(groups.Select(myGroup => myGroup.ToLowerInvariant())).Any();
+                    allowAction = allowGroupsList.Select(s => s.ToLowerInvariant()).Intersect(groups.Select(myGroup => myGroup.ToLowerInvariant())).Any();
                 }
 
                 // If specific members defined, check member is of one of those
                 if (allowAction && allowMembers.Any())
                 {
-                    // Allow only if member's type is in list
+                    // Allow only if member's Id is in the list
                     allowAction = allowMembers.Contains(member.Id);
                 }
             }

Original file line number	Diff line number	Diff line change
`@@ -70,15 +70,15 @@ public bool IsMemberAuthorized(`
`70`	`70`	`var allowGroupsList = allowGroups as IList<string> ?? allowGroups.ToList();`
`71`	`71`	`if (allowAction && allowGroupsList.Any(allowGroup => allowGroup != string.Empty))`
`72`	`72`	`{`
`73`		`- // Allow only if member's type is in list`
	`73`	`+ // Allow only if member is assigned to a group in the list`
`74`	`74`	`var groups = Roles.GetRolesForUser(member.LoginName);`
`75`		`- allowAction = groups.Select(s => s.ToLowerInvariant()).Intersect(groups.Select(myGroup => myGroup.ToLowerInvariant())).Any();`
	`75`	`+ allowAction = allowGroupsList.Select(s => s.ToLowerInvariant()).Intersect(groups.Select(myGroup => myGroup.ToLowerInvariant())).Any();`
`76`	`76`	`}`
`77`	`77`
`78`	`78`	`// If specific members defined, check member is of one of those`
`79`	`79`	`if (allowAction && allowMembers.Any())`
`80`	`80`	`{`
`81`		`- // Allow only if member's type is in list`
	`81`	`+ // Allow only if member's Id is in the list`
`82`	`82`	`allowAction = allowMembers.Contains(member.Id);`
`83`	`83`	`}`
`84`	`84`	`}`