diff --git a/src/Orchard.Specs/Bindings/ContentRights.cs b/src/Orchard.Specs/Bindings/ContentRights.cs index 837659ad2..9d47cc7d6 100644 --- a/src/Orchard.Specs/Bindings/ContentRights.cs +++ b/src/Orchard.Specs/Bindings/ContentRights.cs @@ -59,11 +59,11 @@ namespace Orchard.Specs.Bindings { private static Permission GetPermissionForAction(string action) { switch ( action ) { case "publish": - return Permissions.PublishOthersContent; + return Permissions.PublishContent; case "edit": - return Permissions.EditOthersContent; + return Permissions.EditContent; case "delete": - return Permissions.DeleteOthersContent; + return Permissions.DeleteContent; default: return null; } diff --git a/src/Orchard.Specs/ContentRights.feature b/src/Orchard.Specs/ContentRights.feature index b431535cf..b4bd77f9b 100644 --- a/src/Orchard.Specs/ContentRights.feature +++ b/src/Orchard.Specs/ContentRights.feature @@ -11,7 +11,7 @@ Scenario: Administrators can manage a Page Scenario: Users can't create a Page if they don't have the PublishContent permission Given I have installed Orchard - When I have a role "CustomRole" with permissions "EditOthersContent, DeleteOthersContent" + When I have a role "CustomRole" with permissions "EditContent, DeleteContent" And I have a user "user1" with roles "CustomRole" Then "user1" should not be able to "publish" a "Page" owned by "user1" And "user1" should be able to "edit" a "Page" owned by "user1" @@ -19,7 +19,7 @@ Scenario: Users can't create a Page if they don't have the PublishContent permis Scenario: Users can create a Page of others if they have PublishContent permission Given I have installed Orchard - When I have a role "CustomRole" with permissions "PublishOthersContent" + When I have a role "CustomRole" with permissions "PublishContent" And I have a user "user1" with roles "CustomRole" And I have a user "user2" with roles "Administrator" Then "user1" should be able to "publish" a "Page" owned by "user2" @@ -44,7 +44,7 @@ Scenario: Users can create and edit a Page even if they only have the PublishOwn Scenario: Users can't edit a Page if they don't have the EditContent permission Given I have installed Orchard - When I have a role "CustomRole" with permissions "DeleteOthersContent" + When I have a role "CustomRole" with permissions "DeleteContent" And I have a user "user1" with roles "CustomRole" Then "user1" should not be able to "publish" a "Page" owned by "user1" And "user1" should not be able to "edit" a "Page" owned by "user1" diff --git a/src/Orchard.Specs/ContentRights.feature.cs b/src/Orchard.Specs/ContentRights.feature.cs index 62be6baa1..425353fd5 100644 --- a/src/Orchard.Specs/ContentRights.feature.cs +++ b/src/Orchard.Specs/ContentRights.feature.cs @@ -82,7 +82,7 @@ this.ScenarioSetup(scenarioInfo); #line 13 testRunner.Given("I have installed Orchard"); #line 14 - testRunner.When("I have a role \"CustomRole\" with permissions \"EditOthersContent, DeleteOthersConte" + + testRunner.When("I have a role \"CustomRole\" with permissions \"EditContent, DeleteConte" + "nt\""); #line 15 testRunner.And("I have a user \"user1\" with roles \"CustomRole\""); @@ -106,7 +106,7 @@ this.ScenarioSetup(scenarioInfo); #line 21 testRunner.Given("I have installed Orchard"); #line 22 - testRunner.When("I have a role \"CustomRole\" with permissions \"PublishOthersContent\""); + testRunner.When("I have a role \"CustomRole\" with permissions \"PublishContent\""); #line 23 testRunner.And("I have a user \"user1\" with roles \"CustomRole\""); #line 24 @@ -179,7 +179,7 @@ this.ScenarioSetup(scenarioInfo); #line 46 testRunner.Given("I have installed Orchard"); #line 47 - testRunner.When("I have a role \"CustomRole\" with permissions \"DeleteOthersContent\""); + testRunner.When("I have a role \"CustomRole\" with permissions \"DeleteContent\""); #line 48 testRunner.And("I have a user \"user1\" with roles \"CustomRole\""); #line 49 diff --git a/src/Orchard.Web/Core/Contents/Controllers/AdminController.cs b/src/Orchard.Web/Core/Contents/Controllers/AdminController.cs index 13a69af8d..e2a09b931 100644 --- a/src/Orchard.Web/Core/Contents/Controllers/AdminController.cs +++ b/src/Orchard.Web/Core/Contents/Controllers/AdminController.cs @@ -138,7 +138,7 @@ namespace Orchard.Core.Contents.Controllers { break; case ContentsBulkAction.PublishNow: foreach (var item in itemIds.Select(itemId => _contentManager.GetLatest(itemId))) { - if (!accessChecked && !Services.Authorizer.Authorize(Permissions.PublishOthersContent, item, T("Couldn't publish selected content."))) + if (!accessChecked && !Services.Authorizer.Authorize(Permissions.PublishContent, item, T("Couldn't publish selected content."))) return new HttpUnauthorizedResult(); accessChecked = true; @@ -149,7 +149,7 @@ namespace Orchard.Core.Contents.Controllers { break; case ContentsBulkAction.Unpublish: foreach (var item in itemIds.Select(itemId => _contentManager.GetLatest(itemId))) { - if (!accessChecked && !Services.Authorizer.Authorize(Permissions.PublishOthersContent, item, T("Couldn't unpublish selected content."))) + if (!accessChecked && !Services.Authorizer.Authorize(Permissions.PublishContent, item, T("Couldn't unpublish selected content."))) return new HttpUnauthorizedResult(); accessChecked = true; @@ -160,7 +160,7 @@ namespace Orchard.Core.Contents.Controllers { break; case ContentsBulkAction.Remove: foreach (var item in itemIds.Select(itemId => _contentManager.GetLatest(itemId))) { - if (!accessChecked && !Services.Authorizer.Authorize(Permissions.DeleteOthersContent, item, T("Couldn't remove selected content."))) + if (!accessChecked && !Services.Authorizer.Authorize(Permissions.DeleteContent, item, T("Couldn't remove selected content."))) return new HttpUnauthorizedResult(); accessChecked = true; @@ -190,7 +190,7 @@ namespace Orchard.Core.Contents.Controllers { var contentItem = _contentManager.New(id); - if (!Services.Authorizer.Authorize(Permissions.PublishOthersContent, contentItem, T("Cannot create content"))) + if (!Services.Authorizer.Authorize(Permissions.PublishContent, contentItem, T("Cannot create content"))) return new HttpUnauthorizedResult(); dynamic model = _contentManager.BuildEditor(contentItem); @@ -219,7 +219,7 @@ namespace Orchard.Core.Contents.Controllers { private ActionResult CreatePOST(string id, Action conditionallyPublish) { var contentItem = _contentManager.New(id); - if (!Services.Authorizer.Authorize(Permissions.PublishOthersContent, contentItem, T("Couldn't create content"))) + if (!Services.Authorizer.Authorize(Permissions.PublishContent, contentItem, T("Couldn't create content"))) return new HttpUnauthorizedResult(); _contentManager.Create(contentItem, VersionOptions.Draft); @@ -245,7 +245,7 @@ namespace Orchard.Core.Contents.Controllers { if (contentItem == null) return HttpNotFound(); - if (!Services.Authorizer.Authorize(Permissions.EditOthersContent, contentItem, T("Cannot edit content"))) + if (!Services.Authorizer.Authorize(Permissions.EditContent, contentItem, T("Cannot edit content"))) return new HttpUnauthorizedResult(); dynamic model = _contentManager.BuildEditor(contentItem); @@ -270,7 +270,7 @@ namespace Orchard.Core.Contents.Controllers { if (content == null) return HttpNotFound(); - if (!Services.Authorizer.Authorize(Permissions.PublishOthersContent, content, T("Couldn't publish content"))) + if (!Services.Authorizer.Authorize(Permissions.PublishContent, content, T("Couldn't publish content"))) return new HttpUnauthorizedResult(); return EditPOST(id, returnUrl, contentItem => _contentManager.Publish(contentItem)); @@ -282,7 +282,7 @@ namespace Orchard.Core.Contents.Controllers { if (contentItem == null) return HttpNotFound(); - if (!Services.Authorizer.Authorize(Permissions.EditOthersContent, contentItem, T("Couldn't edit content"))) + if (!Services.Authorizer.Authorize(Permissions.EditContent, contentItem, T("Couldn't edit content"))) return new HttpUnauthorizedResult(); dynamic model = _contentManager.UpdateEditor(contentItem, this); @@ -304,7 +304,7 @@ namespace Orchard.Core.Contents.Controllers { public ActionResult Remove(int id, string returnUrl) { var contentItem = _contentManager.Get(id, VersionOptions.Latest); - if (!Services.Authorizer.Authorize(Permissions.DeleteOthersContent, contentItem, T("Couldn't remove content"))) + if (!Services.Authorizer.Authorize(Permissions.DeleteContent, contentItem, T("Couldn't remove content"))) return new HttpUnauthorizedResult(); if (contentItem != null) { @@ -323,7 +323,7 @@ namespace Orchard.Core.Contents.Controllers { if (contentItem == null) return HttpNotFound(); - if (!Services.Authorizer.Authorize(Permissions.PublishOthersContent, contentItem, T("Couldn't publish content"))) + if (!Services.Authorizer.Authorize(Permissions.PublishContent, contentItem, T("Couldn't publish content"))) return new HttpUnauthorizedResult(); _contentManager.Publish(contentItem); @@ -339,7 +339,7 @@ namespace Orchard.Core.Contents.Controllers { if (contentItem == null) return HttpNotFound(); - if (!Services.Authorizer.Authorize(Permissions.PublishOthersContent, contentItem, T("Couldn't unpublish content"))) + if (!Services.Authorizer.Authorize(Permissions.PublishContent, contentItem, T("Couldn't unpublish content"))) return new HttpUnauthorizedResult(); _contentManager.Unpublish(contentItem); diff --git a/src/Orchard.Web/Core/Contents/Controllers/ItemController.cs b/src/Orchard.Web/Core/Contents/Controllers/ItemController.cs index 429e84833..12b8334a3 100644 --- a/src/Orchard.Web/Core/Contents/Controllers/ItemController.cs +++ b/src/Orchard.Web/Core/Contents/Controllers/ItemController.cs @@ -37,7 +37,7 @@ namespace Orchard.Core.Contents.Controllers { var contentItem = _contentManager.Get(id, versionOptions); - if (!Services.Authorizer.Authorize(Permissions.EditOthersContent, contentItem, T("Cannot edit content"))) + if (!Services.Authorizer.Authorize(Permissions.EditContent, contentItem, T("Cannot edit content"))) return new HttpUnauthorizedResult(); dynamic model = _contentManager.BuildDisplay(contentItem); diff --git a/src/Orchard.Web/Core/Contents/DynamicPermissions.cs b/src/Orchard.Web/Core/Contents/DynamicPermissions.cs index 41ab490f7..b1f42d39f 100644 --- a/src/Orchard.Web/Core/Contents/DynamicPermissions.cs +++ b/src/Orchard.Web/Core/Contents/DynamicPermissions.cs @@ -9,19 +9,19 @@ using Orchard.Security.Permissions; namespace Orchard.Core.Contents { public class DynamicPermissions : IPermissionProvider { - private static readonly Permission PublishContent = new Permission { Description = "Publish or unpublish {0} for others", Name = "Publish_{0}", ImpliedBy = new[] { Permissions.PublishOthersContent } }; + private static readonly Permission PublishContent = new Permission { Description = "Publish or unpublish {0} for others", Name = "Publish_{0}", ImpliedBy = new[] { Permissions.PublishContent } }; private static readonly Permission PublishOwnContent = new Permission { Description = "Publish or unpublish {0}", Name = "PublishOwn_{0}", ImpliedBy = new[] { PublishContent, Permissions.PublishOwnContent } }; - private static readonly Permission EditContent = new Permission { Description = "Edit {0} for others", Name = "Edit_{0}", ImpliedBy = new[] { PublishContent, Permissions.PublishOthersContent } }; + private static readonly Permission EditContent = new Permission { Description = "Edit {0} for others", Name = "Edit_{0}", ImpliedBy = new[] { PublishContent, Permissions.PublishContent } }; private static readonly Permission EditOwnContent = new Permission { Description = "Edit {0}", Name = "EditOwn_{0}", ImpliedBy = new[] { EditContent, PublishOwnContent, Permissions.EditOwnContent } }; - private static readonly Permission DeleteContent = new Permission { Description = "Delete {0} for others", Name = "Delete_{0}", ImpliedBy = new[] { Permissions.DeleteOthersContent } }; + private static readonly Permission DeleteContent = new Permission { Description = "Delete {0} for others", Name = "Delete_{0}", ImpliedBy = new[] { Permissions.DeleteContent } }; private static readonly Permission DeleteOwnContent = new Permission { Description = "Delete {0}", Name = "DeleteOwn_{0}", ImpliedBy = new[] { DeleteContent, Permissions.DeleteOwnContent } }; public static readonly Dictionary PermissionTemplates = new Dictionary { - {Permissions.PublishOthersContent.Name, PublishContent}, + {Permissions.PublishContent.Name, PublishContent}, {Permissions.PublishOwnContent.Name, PublishOwnContent}, - {Permissions.EditOthersContent.Name, EditContent}, + {Permissions.EditContent.Name, EditContent}, {Permissions.EditOwnContent.Name, EditOwnContent}, - {Permissions.DeleteOthersContent.Name, DeleteContent}, + {Permissions.DeleteContent.Name, DeleteContent}, {Permissions.DeleteOwnContent.Name, DeleteOwnContent} }; diff --git a/src/Orchard.Web/Core/Contents/Permissions.cs b/src/Orchard.Web/Core/Contents/Permissions.cs index 139ba1cad..2c1cdac1e 100644 --- a/src/Orchard.Web/Core/Contents/Permissions.cs +++ b/src/Orchard.Web/Core/Contents/Permissions.cs @@ -4,12 +4,20 @@ using Orchard.Security.Permissions; namespace Orchard.Core.Contents { public class Permissions : IPermissionProvider { - public static readonly Permission PublishOthersContent = new Permission { Description = "Publish or unpublish content for others", Name = "PublishOthersContent" }; - public static readonly Permission PublishOwnContent = new Permission { Description = "Publish or unpublish own content", Name = "PublishOwnContent", ImpliedBy = new[] { PublishOthersContent } }; - public static readonly Permission EditOthersContent = new Permission { Description = "Edit content for others", Name = "EditOthersContent", ImpliedBy = new[] { PublishOthersContent } }; - public static readonly Permission EditOwnContent = new Permission { Description = "Edit own content", Name = "EditOwnContent", ImpliedBy = new[] { EditOthersContent, PublishOwnContent } }; - public static readonly Permission DeleteOthersContent = new Permission { Description = "Delete content for others", Name = "DeleteOthersContent" }; - public static readonly Permission DeleteOwnContent = new Permission { Description = "Delete own content", Name = "DeleteOwnContent", ImpliedBy = new[] { DeleteOthersContent } }; + + // Note - in code you should demand PublishContent, EditContent, or DeleteContent + // Do not demand the "Own" variation - those are applied automatically when you demand the main three + + // Also - the internal name EditContent is used instead of EditOthersContent + // because demanding "EditContent" is correct and looks right, + // but demanding "EditOthersContent" looks wrong so wasn't used when it should have been + + public static readonly Permission PublishContent = new Permission { Description = "Publish or unpublish content for others", Name = "PublishContent" }; + public static readonly Permission PublishOwnContent = new Permission { Description = "Publish or unpublish own content", Name = "PublishOwnContent", ImpliedBy = new[] { PublishContent } }; + public static readonly Permission EditContent = new Permission { Description = "Edit content for others", Name = "EditContent", ImpliedBy = new[] { PublishContent } }; + public static readonly Permission EditOwnContent = new Permission { Description = "Edit own content", Name = "EditOwnContent", ImpliedBy = new[] { EditContent, PublishOwnContent } }; + public static readonly Permission DeleteContent = new Permission { Description = "Delete content for others", Name = "DeleteContent" }; + public static readonly Permission DeleteOwnContent = new Permission { Description = "Delete own content", Name = "DeleteOwnContent", ImpliedBy = new[] { DeleteContent } }; public static readonly Permission MetaListContent = new Permission { ImpliedBy = new[] { EditOwnContent, PublishOwnContent, DeleteOwnContent } }; @@ -18,11 +26,11 @@ namespace Orchard.Core.Contents { public IEnumerable GetPermissions() { return new [] { EditOwnContent, - EditOthersContent, + EditContent, PublishOwnContent, - PublishOthersContent, + PublishContent, DeleteOwnContent, - DeleteOthersContent, + DeleteContent, }; } @@ -30,11 +38,11 @@ namespace Orchard.Core.Contents { return new[] { new PermissionStereotype { Name = "Administrator", - Permissions = new[] {PublishOthersContent,EditOthersContent,DeleteOthersContent} + Permissions = new[] {PublishContent,EditContent,DeleteContent} }, new PermissionStereotype { Name = "Editor", - Permissions = new[] {PublishOthersContent,EditOthersContent,DeleteOthersContent} + Permissions = new[] {PublishContent,EditContent,DeleteContent} }, new PermissionStereotype { Name = "Moderator", diff --git a/src/Orchard.Web/Core/Contents/Security/AuthorizationEventHandler.cs b/src/Orchard.Web/Core/Contents/Security/AuthorizationEventHandler.cs index af03f52eb..187fbde3f 100644 --- a/src/Orchard.Web/Core/Contents/Security/AuthorizationEventHandler.cs +++ b/src/Orchard.Web/Core/Contents/Security/AuthorizationEventHandler.cs @@ -54,11 +54,11 @@ namespace Orchard.Core.Contents.Security } private static Permission GetOwnerVariation(Permission permission) { - if (permission.Name == Permissions.PublishOthersContent.Name) + if (permission.Name == Permissions.PublishContent.Name) return Permissions.PublishOwnContent; - if (permission.Name == Permissions.EditOthersContent.Name) + if (permission.Name == Permissions.EditContent.Name) return Permissions.EditOwnContent; - if (permission.Name == Permissions.DeleteOthersContent.Name) + if (permission.Name == Permissions.DeleteContent.Name) return Permissions.DeleteOwnContent; return null; } diff --git a/src/Orchard.Web/Core/Contents/Views/Content.ControlWrapper.cshtml b/src/Orchard.Web/Core/Contents/Views/Content.ControlWrapper.cshtml index ae070a131..c34821b5b 100644 --- a/src/Orchard.Web/Core/Contents/Views/Content.ControlWrapper.cshtml +++ b/src/Orchard.Web/Core/Contents/Views/Content.ControlWrapper.cshtml @@ -1,6 +1,6 @@ @using Orchard.ContentManagement; @using Orchard.Core.Contents; -@if (AuthorizedFor(Permissions.EditOthersContent)) { +@if (AuthorizedFor(Permissions.EditContent)) {
@Html.ItemEditLinkWithReturnUrl(T("Edit").Text, (ContentItem)Model.ContentItem)
@Display(Model.Child) diff --git a/src/Orchard.Web/Modules/Orchard.ArchiveLater/Services/ArchiveLaterService.cs b/src/Orchard.Web/Modules/Orchard.ArchiveLater/Services/ArchiveLaterService.cs index 3cc1a7b54..ef55b7f2e 100644 --- a/src/Orchard.Web/Modules/Orchard.ArchiveLater/Services/ArchiveLaterService.cs +++ b/src/Orchard.Web/Modules/Orchard.ArchiveLater/Services/ArchiveLaterService.cs @@ -24,7 +24,7 @@ namespace Orchard.ArchiveLater.Services { public Localizer T { get; set; } void IArchiveLaterService.ArchiveLater(ContentItem contentItem, DateTime scheduledArchiveUtc) { - if (!Services.Authorizer.Authorize(Permissions.PublishOthersContent, contentItem, T("Couldn't archive selected content."))) + if (!Services.Authorizer.Authorize(Permissions.PublishContent, contentItem, T("Couldn't archive selected content."))) return; RemoveArchiveLaterTasks(contentItem); diff --git a/src/Orchard.Web/Modules/Orchard.Localization/Views/Parts/Localization.ContentTranslations.Summary.cshtml b/src/Orchard.Web/Modules/Orchard.Localization/Views/Parts/Localization.ContentTranslations.Summary.cshtml index 2b6cb48f0..e11e22c17 100644 --- a/src/Orchard.Web/Modules/Orchard.Localization/Views/Parts/Localization.ContentTranslations.Summary.cshtml +++ b/src/Orchard.Web/Modules/Orchard.Localization/Views/Parts/Localization.ContentTranslations.Summary.cshtml @@ -1,6 +1,6 @@ @using Orchard.Core.Contents; @using Orchard.Localization.Models; -@if (AuthorizedFor(Permissions.PublishOthersContent)) { +@if (AuthorizedFor(Permissions.PublishContent)) { Style.Require("LocalizationAdmin"); IEnumerable localizations = Model.Localizations; var localizationLinks = Html.UnorderedList(localizations, (c, i) => Html.ItemEditLink(c.Culture.Culture, c), "localizations"); diff --git a/src/Orchard.Web/Modules/Orchard.Localization/Views/Parts/Localization.ContentTranslations.SummaryAdmin.cshtml b/src/Orchard.Web/Modules/Orchard.Localization/Views/Parts/Localization.ContentTranslations.SummaryAdmin.cshtml index c5e2fd5f2..ed47211d7 100644 --- a/src/Orchard.Web/Modules/Orchard.Localization/Views/Parts/Localization.ContentTranslations.SummaryAdmin.cshtml +++ b/src/Orchard.Web/Modules/Orchard.Localization/Views/Parts/Localization.ContentTranslations.SummaryAdmin.cshtml @@ -1,6 +1,6 @@ @using Orchard.Core.Contents; @using Orchard.Localization.Models; -@if (AuthorizedFor(Permissions.PublishOthersContent)) { +@if (AuthorizedFor(Permissions.PublishContent)) { Style.Require("LocalizationAdmin"); IEnumerable localizations = Model.Localizations; var localizationLinks = Html.UnorderedList(localizations, (c, i) => Html.ItemEditLink(c.Culture.Culture, c), "localizations"); diff --git a/src/Orchard.Web/Modules/Orchard.PublishLater/Services/PublishLaterService.cs b/src/Orchard.Web/Modules/Orchard.PublishLater/Services/PublishLaterService.cs index f0e650a74..94a69b005 100644 --- a/src/Orchard.Web/Modules/Orchard.PublishLater/Services/PublishLaterService.cs +++ b/src/Orchard.Web/Modules/Orchard.PublishLater/Services/PublishLaterService.cs @@ -21,7 +21,7 @@ namespace Orchard.PublishLater.Services { public Localizer T { get; set; } void IPublishLaterService.Publish(ContentItem contentItem, DateTime scheduledPublishUtc) { - if (!Services.Authorizer.Authorize(Permissions.PublishOthersContent, contentItem, T("Couldn't publish selected content."))) + if (!Services.Authorizer.Authorize(Permissions.PublishContent, contentItem, T("Couldn't publish selected content."))) return; _publishingTaskManager.Publish(contentItem, scheduledPublishUtc);