We have moved to GitHub Issues
Created by Markus Johansson 07 Jan 2014, 08:11:18 Updated by Shannon Deminick 24 Mar 2014, 04:40:01
Just posted this on the forum: http://our.umbraco.org/forum/umbraco-7/using-umbraco-7/47267-Issue-with-security
I also think that package developers should be able to leverage Umbraco.Web.WebApi.Filters.UmbracoApplicationAuthorizeAttribute or is there any reson to keep it sealed?
Not to speak of EnsureUserPermissionForContentAttribute and all the others under Umbraco.Web.WebApi.Filters. It's silly to make us have to duplicate all that code to make just as secure extensions to the backoffice. Why wouldn't you want us to make secure extensions?
@Lars - We don't do these things on purpose to make you write duplicate code or to make insecure extensions :P
Most things are created internally until we know we need to, or want to expose them, and support them as public APIs. The other reason why this has been left internal and sealed is because we need to change the security model eventually - there should be security assigned to trees not sections for various reason. The more public APIs we need to support that will become deprecated or need to change, the more breaking changes there are and the slower things are able to evolve.
I will make these attributes public for 7.1
Assignee: Shannon Deminick
Backwards Compatible: True
Affected versions: 7.0.1
Due in version: 7.1.0