lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-10-15 19:54:57 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

16974 Create and edit actions don't use the correct permissions

Browse Source 
--HG--
branch : dev
This commit is contained in:
Suha Can
2010-12-08 18:58:04 -08:00
parent d8a02d4f3e
commit 429fabd93c
2 changed files with 26 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostAdminController.cs
View File

@@ -53,6 +53,9 @@ namespace Orchard.Blogs.Controllers {
[HttpPost, ActionName("Create")]
[FormValueRequired("submit.Publish")]
public ActionResult CreateAndPublishPOST() {
if (!Services.Authorizer.Authorize(Permissions.PublishOwnBlogPost, T("Couldn't create blog post")))
return new HttpUnauthorizedResult();
return CreatePOST(contentItem => Services.ContentManager.Publish(contentItem));
}
@@ -109,6 +112,18 @@ namespace Orchard.Blogs.Controllers {
[HttpPost, ActionName("Edit")]
[FormValueRequired("submit.Publish")]
public ActionResult EditAndPublishPOST(int blogId, int postId, string returnUrl) {
var blog = _blogService.Get(blogId, VersionOptions.Latest);
if (blog == null)
return HttpNotFound();
// Get draft (create a new version if needed)
var blogPost = _blogPostService.Get(postId, VersionOptions.DraftRequired);
if (blogPost == null)
return HttpNotFound();
if (!Services.Authorizer.Authorize(Permissions.PublishOwnBlogPost, blogPost, T("Couldn't publish blog post")))
return new HttpUnauthorizedResult();
return EditPOST(blogId, postId, returnUrl, contentItem => Services.ContentManager.Publish(contentItem));
}