lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-10-15 19:54:57 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

The AlwaysAccessible attribute now can be added to controllers (not just to actions), fixes #4504

Browse Source
This commit is contained in:
Lombiq
2015-07-25 13:05:41 +02:00
parent 34be0b302f
commit 5420a038ba
1 changed files with 4 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
src/Orchard/Security/SecurityFilter.cs
View File

@@ -19,6 +19,10 @@ namespace Orchard.Security {
var accessFrontEnd = filterContext.ActionDescriptor.GetCustomAttributes(typeof (AlwaysAccessibleAttribute), true).Any();
if (!accessFrontEnd && filterContext.ActionDescriptor.ControllerDescriptor.ControllerType.GetCustomAttributes(typeof(AlwaysAccessibleAttribute), true).Any()) {
accessFrontEnd = true;
}
if (!AdminFilter.IsApplied(filterContext.RequestContext) && !accessFrontEnd && !_authorizer.Authorize(StandardPermissions.AccessFrontEnd)) {
filterContext.Result = new HttpUnauthorizedResult();
}