lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-12-02 11:44:41 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

#19245: Adding missing permission check in ItemController for containers.

Browse Source 
Work Item: 19245

--HG--
branch : 1.x
This commit is contained in:
Piotr Szmyd
2013-06-21 22:36:05 +02:00
parent ab5153ea8b
commit 5e6fe8e253
1 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/Orchard.Web/Core/Containers/Controllers/ItemController.cs
View File

@@ -6,6 +6,7 @@ using Orchard.ContentManagement;
using Orchard.Core.Common.Models; using Orchard.Core.Common.Models;
using Orchard.Core.Containers.Extensions; using Orchard.Core.Containers.Extensions;
using Orchard.Core.Containers.Models; using Orchard.Core.Containers.Models;
using Orchard.Core.Contents;
using Orchard.Core.Feeds; using Orchard.Core.Feeds;
using Orchard.DisplayManagement; using Orchard.DisplayManagement;
using Orchard.Mvc; using Orchard.Mvc;
@@ -25,28 +26,38 @@ namespace Orchard.Core.Containers.Controllers {
IContentManager contentManager, IContentManager contentManager,
IShapeFactory shapeFactory, IShapeFactory shapeFactory,
ISiteService siteService, ISiteService siteService,
IFeedManager feedManager) { IFeedManager feedManager,
IOrchardServices services) {
_contentManager = contentManager; _contentManager = contentManager;
_siteService = siteService; _siteService = siteService;
_feedManager = feedManager; _feedManager = feedManager;
Shape = shapeFactory; Shape = shapeFactory;
Services = services;
T = NullLocalizer.Instance; T = NullLocalizer.Instance;
} }
dynamic Shape { get; set; } dynamic Shape { get; set; }
public IOrchardServices Services { get; private set; }
public Localizer T { get; set; } public Localizer T { get; set; }
[Themed] [Themed]
public ActionResult Display(int id, PagerParameters pagerParameters) { public ActionResult Display(int id, PagerParameters pagerParameters) {
var container = _contentManager
.Get(id, VersionOptions.Published)
.As<ContainerPart>();
var container = _contentManager.Get(id).As<ContainerPart>(); if (container == null) {
if (container==null)
return HttpNotFound(T("Container not found").Text); return HttpNotFound(T("Container not found").Text);
}
if (!Services.Authorizer.Authorize(Permissions.ViewContent, container, T("Cannot view content"))) {
return new HttpUnauthorizedResult();
}
// TODO: (PH) Find a way to apply PagerParameters via a driver so we can lose this controller // TODO: (PH) Find a way to apply PagerParameters via a driver so we can lose this controller
container.PagerParameters = pagerParameters; container.PagerParameters = pagerParameters;
var model = _contentManager.BuildDisplay(container, "Detail"); var model = _contentManager.BuildDisplay(container);
return new ShapeResult(this, model); return new ShapeResult(this, model);
} }