From 478ca3d79d1645edc8ab241f1afa04884269372b Mon Sep 17 00:00:00 2001 From: Nathan Heskew Date: Tue, 2 Mar 2010 05:49:36 -0800 Subject: [PATCH] Giving UI permission checking to the views (via Orchard.Mvc.ViewUserControl and Orchard.Mvc.ViewPage) - Pulled conditional template part inclusion from Page, Blog and BlogPost drivers in favor of doing UI trimming on the front - Wrapped the respective manage template markup with the appropriate permission checks --HG-- branch : dev --- .../Orchard.Blogs/Controllers/BlogDriver.cs | 2 +- .../Controllers/BlogPostDriver.cs | 2 +- .../Parts/Blogs.Blog.Manage.ascx | 7 ++-- .../Parts/Blogs.BlogPost.Manage.ascx | 7 ++-- .../Orchard.Pages/Controllers/PageDriver.cs | 2 +- .../Parts/Pages.Page.Manage.ascx | 7 ++-- src/Orchard/Mvc/ViewPage.cs | 33 +++++------------ src/Orchard/Mvc/ViewUserControl.cs | 35 +++++++++++++++++++ src/Orchard/Orchard.csproj | 3 ++ 9 files changed, 64 insertions(+), 34 deletions(-) create mode 100644 src/Orchard/Mvc/ViewUserControl.cs diff --git a/src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogDriver.cs b/src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogDriver.cs index 48154ee3b..ea83dc2bc 100644 --- a/src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogDriver.cs +++ b/src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogDriver.cs @@ -82,7 +82,7 @@ namespace Orchard.Blogs.Controllers { return Combined( ContentItemTemplate("Items/Blogs.Blog").LongestMatch(displayType, "Summary", "DetailAdmin", "SummaryAdmin"), - Services.Authorizer.Authorize(Permissions.ManageBlogs) ? ContentPartTemplate(blog, "Parts/Blogs.Blog.Manage").Location("primary:manage") : null, + ContentPartTemplate(blog, "Parts/Blogs.Blog.Manage").Location("primary:manage"), ContentPartTemplate(blog, "Parts/Blogs.Blog.Metadata").Location("primary:metadata"), ContentPartTemplate(blog, "Parts/Blogs.Blog.Description").Location("primary"), blogPosts == null ? null : ContentPartTemplate(blogPosts, "Parts/Blogs.BlogPost.List", "").Location("primary")); diff --git a/src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostDriver.cs b/src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostDriver.cs index ecfc9a223..72f4cf1cd 100644 --- a/src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostDriver.cs +++ b/src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostDriver.cs @@ -66,7 +66,7 @@ namespace Orchard.Blogs.Controllers { protected override DriverResult Display(BlogPost post, string displayType) { return Combined( ContentItemTemplate("Items/Blogs.BlogPost").LongestMatch(displayType, "Summary", "SummaryAdmin"), - Services.Authorizer.Authorize(Permissions.EditOthersBlogPost) ? ContentPartTemplate(post, "Parts/Blogs.BlogPost.Manage").Location("primary:manage") : null, + ContentPartTemplate(post, "Parts/Blogs.BlogPost.Manage").Location("primary:manage"), ContentPartTemplate(post, "Parts/Blogs.BlogPost.Metadata").Location("primary:metadata")); } diff --git a/src/Orchard.Web/Modules/Orchard.Blogs/Views/DisplayTemplates/Parts/Blogs.Blog.Manage.ascx b/src/Orchard.Web/Modules/Orchard.Blogs/Views/DisplayTemplates/Parts/Blogs.Blog.Manage.ascx index 908c21e94..76a2e9b39 100644 --- a/src/Orchard.Web/Modules/Orchard.Blogs/Views/DisplayTemplates/Parts/Blogs.Blog.Manage.ascx +++ b/src/Orchard.Web/Modules/Orchard.Blogs/Views/DisplayTemplates/Parts/Blogs.Blog.Manage.ascx @@ -1,6 +1,9 @@ <%@ Control Language="C#" Inherits="Orchard.Mvc.ViewUserControl" %> +<%@ Import Namespace="Orchard.Blogs"%> <%@ Import Namespace="Orchard.Blogs.Extensions"%> -<%@ Import Namespace="Orchard.Blogs.Models"%> +<%@ Import Namespace="Orchard.Blogs.Models"%><% +if (AuthorizedFor(Permissions.ManageBlogs)) { %>
<%=_Encoded("Edit") %> -
\ No newline at end of file +<% +} %> \ No newline at end of file diff --git a/src/Orchard.Web/Modules/Orchard.Blogs/Views/DisplayTemplates/Parts/Blogs.BlogPost.Manage.ascx b/src/Orchard.Web/Modules/Orchard.Blogs/Views/DisplayTemplates/Parts/Blogs.BlogPost.Manage.ascx index 43f3a2823..6998bc4ce 100644 --- a/src/Orchard.Web/Modules/Orchard.Blogs/Views/DisplayTemplates/Parts/Blogs.BlogPost.Manage.ascx +++ b/src/Orchard.Web/Modules/Orchard.Blogs/Views/DisplayTemplates/Parts/Blogs.BlogPost.Manage.ascx @@ -1,6 +1,9 @@ <%@ Control Language="C#" Inherits="Orchard.Mvc.ViewUserControl" %> +<%@ Import Namespace="Orchard.Blogs"%> <%@ Import Namespace="Orchard.Blogs.Extensions"%> -<%@ Import Namespace="Orchard.Blogs.Models"%> +<%@ Import Namespace="Orchard.Blogs.Models"%><% +if (AuthorizedFor(Permissions.EditOthersBlogPost)) { %>
<%=_Encoded("Edit") %> -
\ No newline at end of file +<% +} %> \ No newline at end of file diff --git a/src/Orchard.Web/Modules/Orchard.Pages/Controllers/PageDriver.cs b/src/Orchard.Web/Modules/Orchard.Pages/Controllers/PageDriver.cs index 407a10604..0ca41ec5c 100644 --- a/src/Orchard.Web/Modules/Orchard.Pages/Controllers/PageDriver.cs +++ b/src/Orchard.Web/Modules/Orchard.Pages/Controllers/PageDriver.cs @@ -62,7 +62,7 @@ namespace Orchard.Pages.Controllers { protected override DriverResult Display(Page page, string displayType) { return Combined( ContentItemTemplate("Items/Pages.Page").LongestMatch(displayType, "Summary", "SummaryAdmin"), - Services.Authorizer.Authorize(Permissions.EditOthersPages) ? ContentPartTemplate(page, "Parts/Pages.Page.Manage").Location("primary:manage") : null, + ContentPartTemplate(page, "Parts/Pages.Page.Manage").Location("primary:manage"), ContentPartTemplate(page, "Parts/Pages.Page.Metadata").Location("primary:metadata")); } diff --git a/src/Orchard.Web/Modules/Orchard.Pages/Views/DisplayTemplates/Parts/Pages.Page.Manage.ascx b/src/Orchard.Web/Modules/Orchard.Pages/Views/DisplayTemplates/Parts/Pages.Page.Manage.ascx index 15a9f3dc0..95954b82e 100644 --- a/src/Orchard.Web/Modules/Orchard.Pages/Views/DisplayTemplates/Parts/Pages.Page.Manage.ascx +++ b/src/Orchard.Web/Modules/Orchard.Pages/Views/DisplayTemplates/Parts/Pages.Page.Manage.ascx @@ -1,6 +1,9 @@ <%@ Control Language="C#" Inherits="Orchard.Mvc.ViewUserControl" %> +<%@ Import Namespace="Orchard.Pages"%> <%@ Import Namespace="Orchard.Mvc.ViewModels"%> -<%@ Import Namespace="Orchard.Mvc.Html" %> +<%@ Import Namespace="Orchard.Mvc.Html" %><% +if (AuthorizedFor(Permissions.EditOthersPages)) { %>
" class="edit"><%=_Encoded("Edit")%> -
\ No newline at end of file +<% +} %> \ No newline at end of file diff --git a/src/Orchard/Mvc/ViewPage.cs b/src/Orchard/Mvc/ViewPage.cs index 1301a1439..f8b2ba7be 100644 --- a/src/Orchard/Mvc/ViewPage.cs +++ b/src/Orchard/Mvc/ViewPage.cs @@ -1,5 +1,8 @@ using System.Web.Mvc; using Orchard.Localization; +using Orchard.Mvc.Html; +using Orchard.Security; +using Orchard.Security.Permissions; namespace Orchard.Mvc { public class ViewPage : System.Web.Mvc.ViewPage { @@ -7,13 +10,13 @@ namespace Orchard.Mvc { T = NullLocalizer.Instance; } + public Localizer T { get; set; } + public override void RenderView(ViewContext viewContext) { T = LocalizationUtilities.Resolve(viewContext, AppRelativeVirtualPath); base.RenderView(viewContext); } - public Localizer T { get; set; } - public MvcHtmlString H(string value) { return MvcHtmlString.Create(Html.Encode(value)); } @@ -24,29 +27,9 @@ namespace Orchard.Mvc { public MvcHtmlString _Encoded(string textHint, params object[] formatTokens) { return MvcHtmlString.Create(Html.Encode(T(textHint, formatTokens))); } - } - public class ViewUserControl : System.Web.Mvc.ViewUserControl { - public ViewUserControl() { - T = NullLocalizer.Instance; - } - - public override void RenderView(ViewContext viewContext) { - T = LocalizationUtilities.Resolve(viewContext, AppRelativeVirtualPath); - base.RenderView(viewContext); - } - - public Localizer T { get; set; } - - public MvcHtmlString H(string value) { - return MvcHtmlString.Create(Html.Encode(value)); - } - - public MvcHtmlString _Encoded(string textHint) { - return MvcHtmlString.Create(Html.Encode(T(textHint))); - } - public MvcHtmlString _Encoded(string textHint, params object[] formatTokens) { - return MvcHtmlString.Create(Html.Encode(T(textHint, formatTokens))); + public bool AuthorizedFor(Permission permission) { + return Html.Resolve().Authorize(permission); } } -} +} \ No newline at end of file diff --git a/src/Orchard/Mvc/ViewUserControl.cs b/src/Orchard/Mvc/ViewUserControl.cs new file mode 100644 index 000000000..a82983efb --- /dev/null +++ b/src/Orchard/Mvc/ViewUserControl.cs @@ -0,0 +1,35 @@ +using System.Web.Mvc; +using Orchard.Localization; +using Orchard.Mvc.Html; +using Orchard.Security; +using Orchard.Security.Permissions; + +namespace Orchard.Mvc { + public class ViewUserControl : System.Web.Mvc.ViewUserControl { + public ViewUserControl() { + T = NullLocalizer.Instance; + } + + public Localizer T { get; set; } + + public override void RenderView(ViewContext viewContext) { + T = LocalizationUtilities.Resolve(viewContext, AppRelativeVirtualPath); + base.RenderView(viewContext); + } + + public MvcHtmlString H(string value) { + return MvcHtmlString.Create(Html.Encode(value)); + } + + public MvcHtmlString _Encoded(string textHint) { + return MvcHtmlString.Create(Html.Encode(T(textHint))); + } + public MvcHtmlString _Encoded(string textHint, params object[] formatTokens) { + return MvcHtmlString.Create(Html.Encode(T(textHint, formatTokens))); + } + + public bool AuthorizedFor(Permission permission) { + return Html.Resolve().Authorize(permission); + } + } +} \ No newline at end of file diff --git a/src/Orchard/Orchard.csproj b/src/Orchard/Orchard.csproj index 1f63a6418..595e0689e 100644 --- a/src/Orchard/Orchard.csproj +++ b/src/Orchard/Orchard.csproj @@ -154,6 +154,9 @@ + + ASPXCodeBehind +