#17322: Restricting access to webconsole to default tenant.

--HG-- branch : 1.x
2025-10-27 04:19:04 +08:00 · 2011-04-06 14:50:17 -07:00
parent ea11a4d2c9
commit 5e10feb156
3 changed files with 41 additions and 32 deletions
--- a/src/Orchard.Web/Modules/Orchard.Experimental/Controllers/CommandsController.cs
+++ b/src/Orchard.Web/Modules/Orchard.Experimental/Controllers/CommandsController.cs
@@ -4,10 +4,12 @@ using System.IO;
 using System.Linq;
 using System.Web.Mvc;
 using Orchard.Commands;
+using Orchard.Environment.Configuration;
 using Orchard.Experimental.ViewModels;
 using Orchard.Environment.Extensions;
 using Orchard.Localization;
 using Orchard.Logging;
+using Orchard.Security;
 using Orchard.Themes;
 using Orchard.UI.Admin;
 using Orchard.Utility.Extensions;
@@ -15,11 +17,15 @@ using Orchard.Utility.Extensions;
 namespace Orchard.Experimental.Controllers {
    [Themed, Admin, OrchardFeature("Orchard.Experimental.WebCommandLine")]
    public class CommandsController : Controller {
+        private readonly ShellSettings _shellSettings;
        private readonly ICommandManager _commandManager;

-        public CommandsController(ICommandManager commandManager, IOrchardServices services) {
+        public CommandsController(ShellSettings shellSettings, ICommandManager commandManager, IOrchardServices services) {
+            _shellSettings = shellSettings;
            _commandManager = commandManager;
+
            Services = services;
+
            T = NullLocalizer.Instance;
            Logger = NullLogger.Instance;
        }
@@ -33,11 +39,17 @@ namespace Orchard.Experimental.Controllers {
        }

        public ActionResult Execute() {
+            if (_shellSettings.Name != ShellSettings.DefaultName || !Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to use the web console")))
+                return new HttpUnauthorizedResult();
+
            return View("Execute", new CommandsExecuteViewModel());
        }

        [HttpPost]
        public ActionResult Execute(CommandsExecuteViewModel model) {
+            if (_shellSettings.Name != ShellSettings.DefaultName || !Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to use the web console")))
+                return new HttpUnauthorizedResult();
+
            try {
                using (var writer = new StringWriter()) {
                    var commandLine = model.CommandLine.Trim();
--- a/src/Orchard.Web/Modules/Orchard.Media/Controllers/AdminController.cs
+++ b/src/Orchard.Web/Modules/Orchard.Media/Controllers/AdminController.cs
@@ -1,7 +1,6 @@
 using System;
 using System.Collections.Generic;
 using System.IO;
-using System.Web;
 using System.Web.Mvc;
 using Orchard.Core.Contents.Controllers;
 using Orchard.Localization;
--- a/src/Orchard.Web/Modules/Orchard.MultiTenancy/Controllers/AdminController.cs
+++ b/src/Orchard.Web/Modules/Orchard.MultiTenancy/Controllers/AdminController.cs
@@ -8,7 +8,6 @@ using Orchard.Logging;
 using Orchard.MultiTenancy.Services;
 using Orchard.MultiTenancy.ViewModels;
 using Orchard.Security;
-using Orchard.UI.Notify;
 using Orchard.Utility.Extensions;

 namespace Orchard.MultiTenancy.Controllers {
@@ -105,7 +104,6 @@ namespace Orchard.MultiTenancy.Controllers {

        [HttpPost, ActionName("Edit")]
        public ActionResult EditPost(TenantEditViewModel viewModel) {
-           
            if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Couldn't edit tenant")))
                return new HttpUnauthorizedResult();