lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-10-15 19:54:57 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Moving the admin filter and antiforgery bits back up to Orchard.Mvc

Browse Source 
--HG--
extra : convert_revision : svn%3A5ff7c347-ad56-4c35-b696-ccb81de16e03/trunk%4044520
This commit is contained in:
skewed
2009-12-23 20:04:49 +00:00
parent ed7388c862
commit 0e2d64f401
26 changed files with 76 additions and 98 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/Orchard.Web/Core/Common/Mvc/Html/AntiForgeryTokenExtensions.cs
View File

@@ -1,15 +0,0 @@
using System.Web.Mvc;
using Orchard.ContentManagement;
using Orchard.Core.Settings.Models;
using Orchard.Mvc.Html;
using Orchard.Settings;
namespace Orchard.Core.Common.Mvc.Html {
public static class AntiForgeryTokenExtensions {
public static MvcHtmlString AntiForgeryTokenOrchard(this HtmlHelper htmlHelper)
{
var siteSalt = htmlHelper.Resolve<ISiteService>().GetSiteSettings().ContentItem.As<SiteSettings>().Record.SiteSalt;
return htmlHelper.AntiForgeryToken(siteSalt);
}
}
}

35
src/Orchard.Web/Core/Common/Mvc/Html/BeginFormExtensions.cs
View File

@@ -1,35 +0,0 @@
using System.Collections.Generic;
using System.Web.Mvc;
using System.Web.Mvc.Html;
using System.Web.Routing;
namespace Orchard.Core.Common.Mvc.Html {
public static class BeginFormExtensions {
public static MvcForm BeginFormAntiForgeryPost(this HtmlHelper htmlHelper)
{
return htmlHelper.BeginFormAntiForgeryPost(htmlHelper.ViewContext.HttpContext.Request.RawUrl, FormMethod.Post, new RouteValueDictionary());
}
//TODO: (erikpo) Uncomment when needed (not currently needed)
//public static MvcForm BeginFormAntiForgeryPost(this HtmlHelper htmlHelper, string formAction) {
// return htmlHelper.BeginFormAntiForgeryPost(formAction, FormMethod.Post, new RouteValueDictionary());
//}
//public static MvcForm BeginFormAntiForgeryPost(this HtmlHelper htmlHelper, string formAction, FormMethod formMethod) {
// return htmlHelper.BeginFormAntiForgeryPost(formAction, formMethod, new RouteValueDictionary());
//}
//public static MvcForm BeginFormAntiForgeryPost(this HtmlHelper htmlHelper, string formAction, FormMethod formMethod, object htmlAttributes) {
// return htmlHelper.BeginFormAntiForgeryPost(formAction, formMethod, new RouteValueDictionary(htmlAttributes));
//}
public static MvcForm BeginFormAntiForgeryPost(this HtmlHelper htmlHelper, string formAction, FormMethod formMethod, IDictionary<string, object> htmlAttributes)
{
TagBuilder tagBuilder = new TagBuilder("form");
tagBuilder.MergeAttributes(htmlAttributes);
tagBuilder.MergeAttribute("action", formAction);
tagBuilder.MergeAttribute("method", HtmlHelper.GetFormMethodString(formMethod), true);
htmlHelper.ViewContext.HttpContext.Response.Output.Write(tagBuilder.ToString(TagRenderMode.StartTag));
return new MvcFormAntiForgeryPost(htmlHelper);
}
}
}

6
src/Orchard.Web/Core/Common/Permissions.cs
View File

@@ -4,17 +4,13 @@ using Orchard.Security.Permissions;
namespace Orchard.Core.Common {
public class Permissions : IPermissionProvider {
public static readonly Permission ChangeOwner = new Permission { Name = "ChangeOwner", Description = "Change the owner of content items" };
public static readonly Permission AccessAdmin = new Permission { Name = "AccessAdmin", Description = "Access the application admin area" };
public string PackageName {
get { return "Common"; }
}
public IEnumerable<Permission> GetPermissions() {
return new[] {
ChangeOwner,
AccessAdmin
};
return new[] { ChangeOwner };
}
}
}

5
src/Orchard.Web/Core/Orchard.Core.csproj
View File

@@ -61,11 +61,6 @@
<Reference Include="System.Web.Mobile" />
</ItemGroup>
<ItemGroup>
<Compile Include="Common\Mvc\Filters\AdminFilter.cs" />
<Compile Include="Common\Mvc\Filters\AntiForgeryAuthorizationFilter.cs" />
<Compile Include="Common\Mvc\Html\AntiForgeryTokenExtensions.cs" />
<Compile Include="Common\Mvc\Html\BeginFormExtensions.cs" />
<Compile Include="Common\Mvc\Html\MvcFormAntiForgeryPost.cs" />
<Compile Include="Common\Permissions.cs" />
<Compile Include="Common\Utilities\LazyField.cs" />
<Compile Include="Common\Providers\CommonAspectHandler.cs" />

6
src/Orchard.Web/Core/Settings/Models/SiteSettings.cs
View File

@@ -14,6 +14,12 @@ namespace Orchard.Core.Settings.Models {
get { return Record.SiteName; }
set { Record.SiteName = value; }
}
public string SiteSalt {
get { return Record.SiteSalt; }
}
public string SiteUrl {
get { return Record.SiteUrl; }
}
public string SuperUser {
get { return Record.SuperUser; }
set { Record.SuperUser = value; }

1
src/Orchard.Web/Core/Web.config
View File

@@ -73,7 +73,6 @@
<add namespace="System.Web.Routing"/>
<add namespace="System.Linq"/>
<add namespace="System.Collections.Generic"/>
<add namespace="Orchard.Core.Common.Mvc.Html" />
<add namespace="Orchard.Mvc.Html" />
</namespaces>
</pages>

1
src/Orchard.Web/Packages/Orchard.Blogs/Web.config
View File

@@ -73,7 +73,6 @@
<add namespace="System.Web.Routing"/>
<add namespace="System.Linq"/>
<add namespace="System.Collections.Generic"/>
<add namespace="Orchard.Core.Common.Mvc.Html" />
<add namespace="Orchard.Mvc.Html" />
</namespaces>
</pages>

1
src/Orchard.Web/Packages/Orchard.CmsPages/Web.config
View File

@@ -73,7 +73,6 @@
<add namespace="System.Web.Routing"/>
<add namespace="System.Linq"/>
<add namespace="System.Collections.Generic"/>
<add namespace="Orchard.Core.Common.Mvc.Html" />
<add namespace="Orchard.Mvc.Html" />
</namespaces>
</pages>

4
src/Orchard.Web/Packages/Orchard.Comments/Orchard.Comments.csproj
View File

@@ -35,10 +35,6 @@
<SpecificVersion>False</SpecificVersion>
<HintPath>..\..\..\..\lib\joel.net.akismet\Joel.Net.Akismet.dll</HintPath>
</Reference>
<Reference Include="Orchard.Core, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
<SpecificVersion>False</SpecificVersion>
<HintPath>..\..\Core\bin\Orchard.Core.dll</HintPath>
</Reference>
<Reference Include="System" />
<Reference Include="System.Data" />
<Reference Include="System.ComponentModel.DataAnnotations">

1
src/Orchard.Web/Packages/Orchard.Comments/Web.config
View File

@@ -76,7 +76,6 @@
<add namespace="System.Web.Routing"/>
<add namespace="System.Linq"/>
<add namespace="System.Collections.Generic"/>
<add namespace="Orchard.Core.Common.Mvc.Html" />
<add namespace="Orchard.Mvc.Html" />
</namespaces>
</pages>

1
src/Orchard.Web/Packages/Orchard.Media/Web.config
View File

@@ -76,7 +76,6 @@
<add namespace="System.Web.Routing"/>
<add namespace="System.Linq"/>
<add namespace="System.Collections.Generic"/>
<add namespace="Orchard.Core.Common.Mvc.Html" />
<add namespace="Orchard.Mvc.Html" />
</namespaces>
</pages>

4
src/Orchard.Web/Packages/Orchard.Roles/Orchard.Roles.csproj
View File

@@ -31,10 +31,6 @@
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Orchard.Core, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
<SpecificVersion>False</SpecificVersion>
<HintPath>..\..\Core\bin\Orchard.Core.dll</HintPath>
</Reference>
<Reference Include="System" />
<Reference Include="System.Data" />
<Reference Include="System.ComponentModel.DataAnnotations">

1
src/Orchard.Web/Packages/Orchard.Roles/Web.config
View File

@@ -73,7 +73,6 @@
<add namespace="System.Web.Routing"/>
<add namespace="System.Linq"/>
<add namespace="System.Collections.Generic"/>
<add namespace="Orchard.Core.Common.Mvc.Html" />
<add namespace="Orchard.Mvc.Html" />
</namespaces>
</pages>

1
src/Orchard.Web/Packages/Orchard.Sandbox/Web.config
View File

@@ -73,7 +73,6 @@
<add namespace="System.Web.Routing"/>
<add namespace="System.Linq"/>
<add namespace="System.Collections.Generic"/>
<add namespace="Orchard.Core.Common.Mvc.Html" />
<add namespace="Orchard.Mvc.Html" />
</namespaces>
</pages>

4
src/Orchard.Web/Packages/Orchard.Tags/Orchard.Tags.csproj
View File

@@ -31,10 +31,6 @@
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Orchard.Core, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
<SpecificVersion>False</SpecificVersion>
<HintPath>..\..\Core\bin\Orchard.Core.dll</HintPath>
</Reference>
<Reference Include="System" />
<Reference Include="System.Data" />
<Reference Include="System.ComponentModel.DataAnnotations">

1
src/Orchard.Web/Packages/Orchard.Tags/Web.config
View File

@@ -76,7 +76,6 @@
<add namespace="System.Web.Routing"/>
<add namespace="System.Linq"/>
<add namespace="System.Collections.Generic"/>
<add namespace="Orchard.Core.Common.Mvc.Html" />
<add namespace="Orchard.Mvc.Html" />
</namespaces>
</pages>

4
src/Orchard.Web/Packages/Orchard.Users/Orchard.Users.csproj
View File

@@ -31,10 +31,6 @@
<WarningLevel>4</WarningLevel>
</PropertyGroup>
<ItemGroup>
<Reference Include="Orchard.Core, Version=1.0.0.0, Culture=neutral, processorArchitecture=MSIL">
<SpecificVersion>False</SpecificVersion>
<HintPath>..\..\Core\bin\Orchard.Core.dll</HintPath>
</Reference>
<Reference Include="System" />
<Reference Include="System.Data" />
<Reference Include="System.ComponentModel.DataAnnotations">

1
src/Orchard.Web/Packages/Orchard.Users/Web.config
View File

@@ -73,7 +73,6 @@
<add namespace="System.Web.Routing"/>
<add namespace="System.Linq"/>
<add namespace="System.Collections.Generic"/>
<add namespace="Orchard.Core.Common.Mvc.Html" />
<add namespace="Orchard.Mvc.Html" />
</namespaces>
</pages>

1
src/Orchard.Web/Web.config
View File

@@ -127,7 +127,6 @@
<add namespace="System.Web.Routing"/>
<add namespace="System.Linq"/>
<add namespace="System.Collections.Generic"/>
<add namespace="Orchard.Core.Common.Mvc.Html" />
<add namespace="Orchard.Mvc.Html" />
</namespaces>
</pages>

8
src/Orchard.Web/Core/Common/Mvc/Filters/AdminFilter.cs → src/Orchard/Mvc/Filters/AdminFilter.cs
View File

@@ -1,13 +1,10 @@
using System.Globalization;
using System.IO;
using System.Web.Mvc;
using Orchard.ContentManagement;
using Orchard.Core.Settings.Models;
using Orchard.Mvc.Filters;
using Orchard.Security;
using Orchard.Settings;
namespace Orchard.Core.Common.Mvc.Filters {
namespace Orchard.Mvc.Filters {
public class AdminFilter : FilterProvider, IActionFilter
{
private readonly IAuthorizer _authorizer;
@@ -21,8 +18,7 @@ namespace Orchard.Core.Common.Mvc.Filters {
public void OnActionExecuting(ActionExecutingContext filterContext)
{
//todo: (heskew) get at the SiteUrl the "right" way. or is this the right way :|
var siteUrl = _siteService.GetSiteSettings().ContentItem.As<SiteSettings>().Record.SiteUrl;
var siteUrl = _siteService.GetSiteSettings().SiteUrl;
//todo: (heskew) get at the admin path in a less hacky way
if (filterContext.HttpContext.Request.RawUrl.StartsWith(Path.Combine(siteUrl, "admin").Replace("\\", "/"), true, CultureInfo.InvariantCulture)
&& !_authorizer.Authorize(Permissions.AccessAdmin, "Can't access the admin")) {

7
src/Orchard.Web/Core/Common/Mvc/Filters/AntiForgeryAuthorizationFilter.cs → src/Orchard/Mvc/Filters/AntiForgeryAuthorizationFilter.cs
View File

@@ -1,10 +1,7 @@
using System.Web.Mvc;
using Orchard.ContentManagement;
using Orchard.Core.Settings.Models;
using Orchard.Mvc.Filters;
using Orchard.Settings;
namespace Orchard.Core.Common.Mvc.Filters {
namespace Orchard.Mvc.Filters {
public class AntiForgeryAuthorizationFilter : FilterProvider, IAuthorizationFilter {
private readonly ISiteService _siteService;
@@ -16,7 +13,7 @@ namespace Orchard.Core.Common.Mvc.Filters {
if (!(filterContext.HttpContext.Request.HttpMethod == "POST" && filterContext.RequestContext.HttpContext.Request.IsAuthenticated))
return;
var siteSalt = _siteService.GetSiteSettings().ContentItem.As<SiteSettings>().Record.SiteSalt;
var siteSalt = _siteService.GetSiteSettings().SiteSalt;
ValidateAntiForgeryTokenAttribute validator = new ValidateAntiForgeryTokenAttribute { Salt = siteSalt };
validator.OnAuthorization(filterContext);

42
src/Orchard/Mvc/Html/HtmlHelperExtensions.cs
View File

@@ -6,6 +6,7 @@ using System.Text;
using System.Web.Mvc;
using System.Web.Mvc.Html;
using System.Web.Routing;
using Orchard.Settings;
using Orchard.Utility;
namespace Orchard.Mvc.Html {
@@ -176,5 +177,46 @@ namespace Orchard.Mvc.Html {
}
#endregion
#region BeginFormAntiForgeryPost
public static MvcForm BeginFormAntiForgeryPost(this HtmlHelper htmlHelper) {
return htmlHelper.BeginFormAntiForgeryPost(htmlHelper.ViewContext.HttpContext.Request.RawUrl, FormMethod.Post, new RouteValueDictionary());
}
//TODO: (erikpo) Uncomment when needed (not currently needed)
//public static MvcForm BeginFormAntiForgeryPost(this HtmlHelper htmlHelper, string formAction) {
// return htmlHelper.BeginFormAntiForgeryPost(formAction, FormMethod.Post, new RouteValueDictionary());
//}
//public static MvcForm BeginFormAntiForgeryPost(this HtmlHelper htmlHelper, string formAction, FormMethod formMethod) {
// return htmlHelper.BeginFormAntiForgeryPost(formAction, formMethod, new RouteValueDictionary());
//}
//public static MvcForm BeginFormAntiForgeryPost(this HtmlHelper htmlHelper, string formAction, FormMethod formMethod, object htmlAttributes) {
// return htmlHelper.BeginFormAntiForgeryPost(formAction, formMethod, new RouteValueDictionary(htmlAttributes));
//}
public static MvcForm BeginFormAntiForgeryPost(this HtmlHelper htmlHelper, string formAction, FormMethod formMethod, IDictionary<string, object> htmlAttributes) {
TagBuilder tagBuilder = new TagBuilder("form");
tagBuilder.MergeAttributes(htmlAttributes);
tagBuilder.MergeAttribute("action", formAction);
tagBuilder.MergeAttribute("method", HtmlHelper.GetFormMethodString(formMethod), true);
htmlHelper.ViewContext.HttpContext.Response.Output.Write(tagBuilder.ToString(TagRenderMode.StartTag));
return new MvcFormAntiForgeryPost(htmlHelper);
}
#endregion
#region AntiForgeryTokenOrchard
public static MvcHtmlString AntiForgeryTokenOrchard(this HtmlHelper htmlHelper)
{
var siteSalt = htmlHelper.Resolve<ISiteService>().GetSiteSettings().SiteSalt;
return htmlHelper.AntiForgeryToken(siteSalt);
}
#endregion
}
}

2
src/Orchard.Web/Core/Common/Mvc/Html/MvcFormAntiForgeryPost.cs → src/Orchard/Mvc/Html/MvcFormAntiForgeryPost.cs
View File

@@ -1,7 +1,7 @@
using System.Web.Mvc;
using System.Web.Mvc.Html;
namespace Orchard.Core.Common.Mvc.Html {
namespace Orchard.Mvc.Html {
public class MvcFormAntiForgeryPost : MvcForm {
private readonly HtmlHelper _htmlHelper;

4
src/Orchard/Orchard.csproj
View File

@@ -184,8 +184,12 @@
<Compile Include="Extensions\ExtensionDescriptor.cs" />
<Compile Include="Extensions\ExtensionEntry.cs" />
<Compile Include="IOrchardServices.cs" />
<Compile Include="Mvc\Filters\AdminFilter.cs" />
<Compile Include="Mvc\Filters\AntiForgeryAuthorizationFilter.cs" />
<Compile Include="Mvc\Html\FileRegistrationContext.cs" />
<Compile Include="Mvc\Html\MvcFormAntiForgeryPost.cs" />
<Compile Include="Mvc\Html\SiteServiceExtensions.cs" />
<Compile Include="Permissions.cs" />
<Compile Include="Themes\ExtensionManagerExtensions.cs" />
<Compile Include="Extensions\Helpers\PathHelpers.cs" />
<Compile Include="Extensions\IExtensionManager.cs" />

16
src/Orchard/Permissions.cs Normal file
View File

@@ -0,0 +1,16 @@
using System.Collections.Generic;
using Orchard.Security.Permissions;
namespace Orchard {
public class Permissions : IPermissionProvider {
public static readonly Permission AccessAdmin = new Permission { Name = "AccessAdmin", Description = "Access the application admin area" };
public string PackageName {
get { return "Orchard"; }
}
public IEnumerable<Permission> GetPermissions() {
return new[] { AccessAdmin };
}
}
}

2
src/Orchard/Settings/ISite.cs
View File

@@ -7,6 +7,8 @@ namespace Orchard.Settings {
public interface ISite : IContent {
string PageTitleSeparator { get; }
string SiteName { get; }
string SiteSalt { get; }
string SiteUrl { get; }
string SuperUser { get; }
}
}