From 29f976265ad5bbf198a47908be2696a799f6c5e7 Mon Sep 17 00:00:00 2001 From: Suha Can Date: Wed, 8 Dec 2010 13:52:59 -0800 Subject: [PATCH] 16960 Add root permission and remove permissions that would effectively enable elevation to root 16970 Merge content type permissions --HG-- branch : dev --- .../Controllers/AdminController.cs | 32 +++++++++---------- .../Orchard.ContentTypes/Permissions.cs | 2 -- .../RolesBasedAuthorizationService.cs | 2 ++ src/Orchard/Security/StandardPermissions.cs | 4 ++- 4 files changed, 21 insertions(+), 19 deletions(-) diff --git a/src/Orchard.Web/Modules/Orchard.ContentTypes/Controllers/AdminController.cs b/src/Orchard.Web/Modules/Orchard.ContentTypes/Controllers/AdminController.cs index 518088b48..10654534e 100644 --- a/src/Orchard.Web/Modules/Orchard.ContentTypes/Controllers/AdminController.cs +++ b/src/Orchard.Web/Modules/Orchard.ContentTypes/Controllers/AdminController.cs @@ -36,7 +36,7 @@ namespace Orchard.ContentTypes.Controllers { } public ActionResult Create() { - if (!Services.Authorizer.Authorize(Permissions.CreateContentTypes, T("Not allowed to create a content type."))) + if (!Services.Authorizer.Authorize(Permissions.EditContentTypes, T("Not allowed to create a content type."))) return new HttpUnauthorizedResult(); return View(new CreateTypeViewModel()); @@ -44,7 +44,7 @@ namespace Orchard.ContentTypes.Controllers { [HttpPost, ActionName("Create")] public ActionResult CreatePOST(CreateTypeViewModel viewModel) { - if (!Services.Authorizer.Authorize(Permissions.CreateContentTypes, T("Not allowed to create a content type."))) + if (!Services.Authorizer.Authorize(Permissions.EditContentTypes, T("Not allowed to create a content type."))) return new HttpUnauthorizedResult(); viewModel.DisplayName = viewModel.DisplayName ?? String.Empty; @@ -81,7 +81,7 @@ namespace Orchard.ContentTypes.Controllers { } public ActionResult Edit(string id) { - if (!Services.Authorizer.Authorize(Permissions.CreateContentTypes, T("Not allowed to edit a content type."))) + if (!Services.Authorizer.Authorize(Permissions.EditContentTypes, T("Not allowed to edit a content type."))) return new HttpUnauthorizedResult(); var typeViewModel = _contentDefinitionService.GetType(id); @@ -94,7 +94,7 @@ namespace Orchard.ContentTypes.Controllers { [HttpPost, ActionName("Edit")] public ActionResult EditPOST(string id) { - if (!Services.Authorizer.Authorize(Permissions.CreateContentTypes, T("Not allowed to edit a content type."))) + if (!Services.Authorizer.Authorize(Permissions.EditContentTypes, T("Not allowed to edit a content type."))) return new HttpUnauthorizedResult(); var typeViewModel = _contentDefinitionService.GetType(id); @@ -131,7 +131,7 @@ namespace Orchard.ContentTypes.Controllers { } public ActionResult AddPartsTo(string id) { - if (!Services.Authorizer.Authorize(Permissions.CreateContentTypes, T("Not allowed to edit a content type."))) + if (!Services.Authorizer.Authorize(Permissions.EditContentTypes, T("Not allowed to edit a content type."))) return new HttpUnauthorizedResult(); var typeViewModel = _contentDefinitionService.GetType(id); @@ -151,7 +151,7 @@ namespace Orchard.ContentTypes.Controllers { [HttpPost, ActionName("AddPartsTo")] public ActionResult AddPartsToPOST(string id) { - if (!Services.Authorizer.Authorize(Permissions.CreateContentTypes, T("Not allowed to edit a content type."))) + if (!Services.Authorizer.Authorize(Permissions.EditContentTypes, T("Not allowed to edit a content type."))) return new HttpUnauthorizedResult(); var typeViewModel = _contentDefinitionService.GetType(id); @@ -178,7 +178,7 @@ namespace Orchard.ContentTypes.Controllers { } public ActionResult RemovePartFrom(string id) { - if (!Services.Authorizer.Authorize(Permissions.CreateContentTypes, T("Not allowed to edit a content type."))) + if (!Services.Authorizer.Authorize(Permissions.EditContentTypes, T("Not allowed to edit a content type."))) return new HttpUnauthorizedResult(); var typeViewModel = _contentDefinitionService.GetType(id); @@ -195,7 +195,7 @@ namespace Orchard.ContentTypes.Controllers { [HttpPost, ActionName("RemovePartFrom")] public ActionResult RemovePartFromPOST(string id) { - if (!Services.Authorizer.Authorize(Permissions.CreateContentTypes, T("Not allowed to edit a content type."))) + if (!Services.Authorizer.Authorize(Permissions.EditContentTypes, T("Not allowed to edit a content type."))) return new HttpUnauthorizedResult(); var typeViewModel = _contentDefinitionService.GetType(id); @@ -231,7 +231,7 @@ namespace Orchard.ContentTypes.Controllers { } public ActionResult CreatePart() { - if (!Services.Authorizer.Authorize(Permissions.CreateContentTypes, T("Not allowed to create a content part."))) + if (!Services.Authorizer.Authorize(Permissions.EditContentTypes, T("Not allowed to create a content part."))) return new HttpUnauthorizedResult(); return View(new CreatePartViewModel()); @@ -239,7 +239,7 @@ namespace Orchard.ContentTypes.Controllers { [HttpPost, ActionName("CreatePart")] public ActionResult CreatePartPOST(CreatePartViewModel viewModel) { - if (!Services.Authorizer.Authorize(Permissions.CreateContentTypes, T("Not allowed to create a content part."))) + if (!Services.Authorizer.Authorize(Permissions.EditContentTypes, T("Not allowed to create a content part."))) return new HttpUnauthorizedResult(); if (!ModelState.IsValid) @@ -257,7 +257,7 @@ namespace Orchard.ContentTypes.Controllers { } public ActionResult EditPart(string id) { - if (!Services.Authorizer.Authorize(Permissions.CreateContentTypes, T("Not allowed to edit a content part."))) + if (!Services.Authorizer.Authorize(Permissions.EditContentTypes, T("Not allowed to edit a content part."))) return new HttpUnauthorizedResult(); var partViewModel = _contentDefinitionService.GetPart(id); @@ -270,7 +270,7 @@ namespace Orchard.ContentTypes.Controllers { [HttpPost, ActionName("EditPart")] public ActionResult EditPartPOST(string id) { - if (!Services.Authorizer.Authorize(Permissions.CreateContentTypes, T("Not allowed to edit a content part."))) + if (!Services.Authorizer.Authorize(Permissions.EditContentTypes, T("Not allowed to edit a content part."))) return new HttpUnauthorizedResult(); var partViewModel = _contentDefinitionService.GetPart(id); @@ -294,7 +294,7 @@ namespace Orchard.ContentTypes.Controllers { } public ActionResult AddFieldTo(string id) { - if (!Services.Authorizer.Authorize(Permissions.CreateContentTypes, T("Not allowed to edit a content part."))) + if (!Services.Authorizer.Authorize(Permissions.EditContentTypes, T("Not allowed to edit a content part."))) return new HttpUnauthorizedResult(); var partViewModel = _contentDefinitionService.GetPart(id); @@ -318,7 +318,7 @@ namespace Orchard.ContentTypes.Controllers { [HttpPost, ActionName("AddFieldTo")] public ActionResult AddFieldToPOST(string id) { - if (!Services.Authorizer.Authorize(Permissions.CreateContentTypes, T("Not allowed to edit a content part."))) + if (!Services.Authorizer.Authorize(Permissions.EditContentTypes, T("Not allowed to edit a content part."))) return new HttpUnauthorizedResult(); var partViewModel = _contentDefinitionService.GetPart(id); @@ -365,7 +365,7 @@ namespace Orchard.ContentTypes.Controllers { public ActionResult RemoveFieldFrom(string id) { - if (!Services.Authorizer.Authorize(Permissions.CreateContentTypes, T("Not allowed to edit a content part."))) + if (!Services.Authorizer.Authorize(Permissions.EditContentTypes, T("Not allowed to edit a content part."))) return new HttpUnauthorizedResult(); var partViewModel = _contentDefinitionService.GetPart(id); @@ -382,7 +382,7 @@ namespace Orchard.ContentTypes.Controllers { [HttpPost, ActionName("RemoveFieldFrom")] public ActionResult RemoveFieldFromPOST(string id) { - if (!Services.Authorizer.Authorize(Permissions.CreateContentTypes, T("Not allowed to edit a content part."))) + if (!Services.Authorizer.Authorize(Permissions.EditContentTypes, T("Not allowed to edit a content part."))) return new HttpUnauthorizedResult(); var partViewModel = _contentDefinitionService.GetPart(id); diff --git a/src/Orchard.Web/Modules/Orchard.ContentTypes/Permissions.cs b/src/Orchard.Web/Modules/Orchard.ContentTypes/Permissions.cs index aa1aeaf26..af64cccc7 100644 --- a/src/Orchard.Web/Modules/Orchard.ContentTypes/Permissions.cs +++ b/src/Orchard.Web/Modules/Orchard.ContentTypes/Permissions.cs @@ -4,14 +4,12 @@ using Orchard.Security.Permissions; namespace Orchard.ContentTypes { public class Permissions : IPermissionProvider { - public static readonly Permission CreateContentTypes = new Permission { Name = "CreateContentTypes", Description = "Create custom content types." }; public static readonly Permission EditContentTypes = new Permission { Name = "EditContentTypes", Description = "Edit content types." }; public virtual Feature Feature { get; set; } public IEnumerable GetPermissions() { return new [] { - CreateContentTypes, EditContentTypes, }; } diff --git a/src/Orchard.Web/Modules/Orchard.Roles/Services/RolesBasedAuthorizationService.cs b/src/Orchard.Web/Modules/Orchard.Roles/Services/RolesBasedAuthorizationService.cs index 1f8d67b2b..60ede71b2 100644 --- a/src/Orchard.Web/Modules/Orchard.Roles/Services/RolesBasedAuthorizationService.cs +++ b/src/Orchard.Web/Modules/Orchard.Roles/Services/RolesBasedAuthorizationService.cs @@ -114,6 +114,8 @@ namespace Orchard.Roles.Services { } } } + + yield return StandardPermissions.SiteOwner.Name; } } diff --git a/src/Orchard/Security/StandardPermissions.cs b/src/Orchard/Security/StandardPermissions.cs index f4123fe6d..f6a862d06 100644 --- a/src/Orchard/Security/StandardPermissions.cs +++ b/src/Orchard/Security/StandardPermissions.cs @@ -8,6 +8,7 @@ namespace Orchard.Security { public class StandardPermissions : IPermissionProvider { public static readonly Permission AccessAdminPanel = new Permission { Name = "AccessAdminPanel", Description = "Access admin panel" }; public static readonly Permission AccessFrontEnd = new Permission { Name = "AccessFrontEnd", Description = "Access site front-end" }; + public static readonly Permission SiteOwner = new Permission { Name = "SiteOwner", Description = "Site Owners Permission" }; public Feature Feature { get { @@ -31,6 +32,7 @@ namespace Orchard.Security { return new[] { AccessAdminPanel, AccessFrontEnd, + SiteOwner }; } @@ -38,7 +40,7 @@ namespace Orchard.Security { return new[] { new PermissionStereotype { Name = "Administrator", - Permissions = new[] {AccessAdminPanel} + Permissions = new[] {SiteOwner, AccessAdminPanel} }, new PermissionStereotype { Name = "Anonymous",