lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-07-15 18:55:14 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Applying security checks to remote publishing

Browse Source 
--HG--
branch : dev
This commit is contained in:
Sebastien Ros 2010-12-09 16:57:04 -08:00
parent 8cd4727bb5
commit 4a9fb5a857
1 changed files with 6 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
src/Orchard.Web/Modules/Orchard.Blogs/Services/XmlRpcHandler.cs
View File

@ -123,7 +123,7 @@ namespace Orchard.Blogs.Services {
string password) {
var user = _membershipService.ValidateUser(userName, password);
_authorizationService.CheckAccess(StandardPermissions.AccessFrontEnd, user, null);
_authorizationService.CheckAccess(Permissions.EditOthersBlogPost, user, null);
var array = new XRpcArray();
foreach (var blog in _blogService.Get()) {
@ -144,7 +144,7 @@ namespace Orchard.Blogs.Services {
int numberOfPosts) {
var user = _membershipService.ValidateUser(userName, password);
_authorizationService.CheckAccess(StandardPermissions.AccessFrontEnd, user, null);
_authorizationService.CheckAccess(Permissions.EditOthersBlogPost, user, null);
var blog = _contentManager.Get<BlogPart>(Convert.ToInt32(blogId));
if (blog == null)
@ -166,7 +166,7 @@ namespace Orchard.Blogs.Services {
IEnumerable<IXmlRpcDriver> drivers) {
var user = _membershipService.ValidateUser(userName, password);
_authorizationService.CheckAccess(Permissions.EditOwnBlogPost, user, null);
_authorizationService.CheckAccess(publish ? Permissions.PublishOthersBlogPost : Permissions.EditOthersBlogPost, user, null);
var blog = _contentManager.Get<BlogPart>(Convert.ToInt32(blogId));
if (blog == null)
@ -216,7 +216,7 @@ namespace Orchard.Blogs.Services {
IEnumerable<IXmlRpcDriver> drivers) {
var user = _membershipService.ValidateUser(userName, password);
_authorizationService.CheckAccess(StandardPermissions.AccessFrontEnd, user, null);
_authorizationService.CheckAccess(Permissions.EditOthersBlogPost, user, null);
var blogPost = _blogPostService.Get(postId, VersionOptions.Latest);
if (blogPost == null)
@ -231,15 +231,13 @@ namespace Orchard.Blogs.Services {
}
private bool MetaWeblogEditPost(int postId, string userName, string password, XRpcStruct content, bool publish, IEnumerable<IXmlRpcDriver> drivers) {
var user = _membershipService.ValidateUser(userName, password);
_authorizationService.CheckAccess(StandardPermissions.AccessFrontEnd, user, null);
_authorizationService.CheckAccess(publish ? Permissions.PublishOthersBlogPost : Permissions.EditOthersBlogPost, user, null);
var blogPost = _blogPostService.Get(postId, VersionOptions.DraftRequired);
if (blogPost == null)
throw new ArgumentException();
var title = content.Optional<string>("title");
var description = content.Optional<string>("description");
var slug = content.Optional<string>("wp_slug");
@ -259,7 +257,7 @@ namespace Orchard.Blogs.Services {
private bool MetaWeblogDeletePost(string appkey, string postId, string userName, string password, bool publish, IEnumerable<IXmlRpcDriver> drivers) {
var user = _membershipService.ValidateUser(userName, password);
_authorizationService.CheckAccess(StandardPermissions.AccessFrontEnd, user, null);
_authorizationService.CheckAccess(Permissions.DeleteOthersBlogPost, user, null);
var blogPost = _blogPostService.Get(Convert.ToInt32(postId), VersionOptions.Latest);
if (blogPost == null)