The AlwaysAccessible attribute now can be added to controllers (not just to actions), fixes #4504

2025-10-15 19:54:57 +08:00 · 2015-07-25 13:05:41 +02:00
parent 34be0b302f
commit 5420a038ba
1 changed files with 4 additions and 0 deletions
--- a/src/Orchard/Security/SecurityFilter.cs
+++ b/src/Orchard/Security/SecurityFilter.cs
@@ -19,6 +19,10 @@ namespace Orchard.Security {
            var accessFrontEnd = filterContext.ActionDescriptor.GetCustomAttributes(typeof (AlwaysAccessibleAttribute), true).Any();
            if (!accessFrontEnd && filterContext.ActionDescriptor.ControllerDescriptor.ControllerType.GetCustomAttributes(typeof(AlwaysAccessibleAttribute), true).Any()) {
                accessFrontEnd = true;
            }
            if (!AdminFilter.IsApplied(filterContext.RequestContext) && !accessFrontEnd && !_authorizer.Authorize(StandardPermissions.AccessFrontEnd)) {
                filterContext.Result = new HttpUnauthorizedResult();
            }