Fix schema synchronizer.

backend/src/Squidex.Domain.Apps.Core.Operations/ConvertContent/ValueConverters.cs

@@ -106,11 +106,17 @@ namespace Squidex.Domain.Apps.Core.ConvertContent
 
                         if (parent != null)
                         {
-                            return path.Length == 2 && path[0] == parent.Name && path[1] == field.Name;
+                            if (path.Length == 2 && path[0] == parent.Name && path[1] == field.Name)
+                            {
+                                return true;
+                            }
                         }
                         else
                         {
-                            return path.Length == 1 && path[0] == field.Name;
+                            if (path.Length == 1 && path[0] == field.Name)
+                            {
+                                return true;
+                            }
                         }
                     }
 

backend/src/Squidex.Domain.Apps.Core.Operations/EventSynchronization/SchemaSynchronizer.cs

@@ -128,7 +128,7 @@ namespace Squidex.Domain.Apps.Core.EventSynchronization
 
                     if (canUpdate(sourceField, targetField))
                     {
-                        if (!sourceField.RawProperties.Equals(targetField.RawProperties))
+                        if (!sourceField.RawProperties.Equals(targetField.RawProperties as object))
                         {
                             yield return E(new FieldUpdated { FieldId = id, Properties = targetField.RawProperties });
                         }

backend/src/Squidex.Domain.Apps.Entities/Context.cs

@@ -25,7 +25,7 @@ namespace Squidex.Domain.Apps.Entities
 
         public ClaimsPrincipal User { get; }
 
-        public ClaimsPermissions Permissions { get; private set; } = ClaimsPermissions.Empty;
+        public ClaimsPermissions Permissions { get; } = ClaimsPermissions.Empty;
 
         public bool IsFrontendClient { get; private set; }
 
@@ -35,7 +35,9 @@ namespace Squidex.Domain.Apps.Entities
 
             User = user;
 
-            UpdatePermissions();
+            Permissions = User.Permissions();
+
+            IsFrontendClient = User.IsInClient(DefaultClients.Frontend);
         }
 
         public Context(ClaimsPrincipal user, IAppEntity app)
@@ -49,13 +51,6 @@ namespace Squidex.Domain.Apps.Entities
             return new Context(new ClaimsPrincipal(new ClaimsIdentity()));
         }
 
-        public void UpdatePermissions()
-        {
-            Permissions = User.Permissions();
-
-            IsFrontendClient = User.IsInClient(DefaultClients.Frontend);
-        }
-
         public Context Clone()
         {
             var clone = new Context(User, App);

backend/src/Squidex.Web/ContextExtensions.cs

@@ -5,29 +5,20 @@
 //  All rights reserved. Licensed under the MIT license.
 // ==========================================================================
 
-using System;
 using Microsoft.AspNetCore.Http;
-using Squidex.Domain.Apps.Entities;
+using RequestContext = Squidex.Domain.Apps.Entities.Context;
 
 namespace Squidex.Web
 {
     public static class ContextExtensions
     {
-        public static Context Context(this HttpContext httpContext)
+        public static RequestContext Context(this HttpContext httpContext)
         {
-            var context = httpContext.Features.Get<Context>();
+            var context = httpContext.Features.Get<RequestContext>();
 
             if (context == null)
             {
-                context = new Context(httpContext.User);
+                context = RequestContext.Anonymous();
-
-                foreach (var (key, value) in httpContext.Request.Headers)
-                {
-                    if (key.StartsWith("X-", StringComparison.OrdinalIgnoreCase))
-                    {
-                        context.Headers.Add(key, value.ToString());
-                    }
-                }
 
                 httpContext.Features.Set(context);
             }

backend/src/Squidex.Web/Pipeline/AppResolver.cs

@@ -5,10 +5,12 @@
 //  All rights reserved. Licensed under the MIT license.
 // ==========================================================================
 
+using System;
 using System.Linq;
 using System.Security.Claims;
 using System.Threading.Tasks;
 using Microsoft.AspNetCore.Authorization;
+using Microsoft.AspNetCore.Http;
 using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Filters;
 using Squidex.Domain.Apps.Entities;
@@ -69,10 +71,7 @@ namespace Squidex.Web.Pipeline
                     }
                 }
 
-                var requestContext = context.HttpContext.Context();
+                var requestContext = SetContext(context.HttpContext, app);
-
-                requestContext.App = app;
-                requestContext.UpdatePermissions();
 
                 if (!AllowAnonymous(context) && !HasPermission(appName, requestContext))
                 {
@@ -83,10 +82,31 @@ namespace Squidex.Web.Pipeline
                 context.HttpContext.Features.Set<IAppFeature>(new AppFeature(app.NamedId()));
                 context.HttpContext.Response.Headers.Add("X-AppId", app.Id.ToString());
             }
+            else
+            {
+                SetContext(context.HttpContext, null!);
+            }
 
             await next();
         }
 
+        private Context SetContext(HttpContext httpContext, IAppEntity app)
+        {
+            var requestContext = new Context(httpContext.User, app);
+
+            foreach (var (key, value) in httpContext.Request.Headers)
+            {
+                if (key.StartsWith("X-", StringComparison.OrdinalIgnoreCase))
+                {
+                    requestContext.Headers.Add(key, value.ToString());
+                }
+            }
+
+            httpContext.Features.Set(requestContext);
+
+            return requestContext;
+        }
+
         private static bool HasPermission(string appName, Context requestContext)
         {
             return requestContext.Permissions.Includes(Permissions.ForApp(Permissions.App, appName));

backend/tests/Squidex.Domain.Apps.Core.Tests/Operations/EventSynchronization/SchemaSynchronizerTests.cs

@@ -235,7 +235,7 @@ namespace Squidex.Domain.Apps.Core.Operations.EventSynchronization
         [Fact]
         public void Should_create_events_if_field_updated()
         {
-            var properties = new StringFieldProperties { IsRequired = true };
+            var properties = new StringFieldProperties { Pattern = "a-z" };
 
             var sourceSchema =
                 new Schema("source")

backend/tests/Squidex.Web.Tests/ApiPermissionAttributeTests.cs

@@ -14,6 +14,7 @@ using Microsoft.AspNetCore.Mvc;
 using Microsoft.AspNetCore.Mvc.Abstractions;
 using Microsoft.AspNetCore.Mvc.Filters;
 using Microsoft.AspNetCore.Routing;
+using Squidex.Domain.Apps.Entities;
 using Squidex.Infrastructure;
 using Squidex.Shared;
 using Squidex.Shared.Identity;
@@ -66,6 +67,8 @@ namespace Squidex.Web
 
             user.AddClaim(new Claim(SquidexClaimTypes.Permissions, "squidex.apps.my-app"));
 
+            SetContext();
+
             var sut = new ApiPermissionAttribute(Permissions.AppSchemasCreate);
 
             await sut.OnActionExecutionAsync(actionExecutingContext, next);
@@ -82,6 +85,8 @@ namespace Squidex.Web
 
             user.AddClaim(new Claim(SquidexClaimTypes.Permissions, "squidex.apps.my-app.schemas.my-schema"));
 
+            SetContext();
+
             var sut = new ApiPermissionAttribute(Permissions.AppSchemasUpdate);
 
             await sut.OnActionExecutionAsync(actionExecutingContext, next);
@@ -97,6 +102,8 @@ namespace Squidex.Web
 
             user.AddClaim(new Claim(SquidexClaimTypes.Permissions, "squidex.apps.other-app"));
 
+            SetContext();
+
             var sut = new ApiPermissionAttribute(Permissions.AppSchemasCreate);
 
             await sut.OnActionExecutionAsync(actionExecutingContext, next);
@@ -110,6 +117,8 @@ namespace Squidex.Web
         {
             user.AddClaim(new Claim(SquidexClaimTypes.Permissions, "squidex.apps.other-app"));
 
+            SetContext();
+
             var sut = new ApiPermissionAttribute(Permissions.AppSchemasCreate);
 
             await sut.OnActionExecutionAsync(actionExecutingContext, next);
@@ -121,6 +130,8 @@ namespace Squidex.Web
         [Fact]
         public async Task Should_return_forbidden_when_user_has_no_permission()
         {
+            SetContext();
+
             var sut = new ApiPermissionAttribute(Permissions.AppSchemasCreate);
 
             await sut.OnActionExecutionAsync(actionExecutingContext, next);
@@ -128,5 +139,10 @@ namespace Squidex.Web
             Assert.Equal(403, (actionExecutingContext.Result as StatusCodeResult)?.StatusCode);
             Assert.False(isNextCalled);
         }
+
+        private void SetContext()
+        {
+            actionExecutingContext.HttpContext.Features.Set(new Context(new ClaimsPrincipal(actionExecutingContext.HttpContext.User)));
+        }
     }
 }