Adding and implementing ImportAuditTrail permission.

2025-10-15 19:54:57 +08:00 · 2014-07-12 23:49:20 -07:00
parent 5201422317
commit 655467d823
2 changed files with 21 additions and 5 deletions
--- a/src/Orchard.Web/Modules/Orchard.AuditTrail/ImportExport/AuditTrailImportHandler.cs
+++ b/src/Orchard.Web/Modules/Orchard.AuditTrail/ImportExport/AuditTrailImportHandler.cs
@@ -3,16 +3,22 @@ using Orchard.AuditTrail.Models;
 using Orchard.ContentManagement;
 using Orchard.Data;
 using Orchard.Environment.Extensions;
+using Orchard.Logging;
 using Orchard.Recipes.Models;
 using Orchard.Recipes.Services;
+using Orchard.Security;

 namespace Orchard.AuditTrail.ImportExport {
    [OrchardFeature("Orchard.AuditTrail.ImportExport")]
    public class AuditTrailImportHandler : Component, IRecipeHandler {
        private readonly IRepository<AuditTrailEventRecord> _auditTrailEventRepository;
+        private readonly IAuthorizer _authorizer;
+        private readonly IWorkContextAccessor _wca;

-        public AuditTrailImportHandler(IRepository<AuditTrailEventRecord> auditTrailEventRepository) {
+        public AuditTrailImportHandler(IRepository<AuditTrailEventRecord> auditTrailEventRepository, IAuthorizer authorizer, IWorkContextAccessor wca) {
            _auditTrailEventRepository = auditTrailEventRepository;
+            _authorizer = authorizer;
+            _wca = wca;
        }

        public void ExecuteRecipeStep(RecipeContext recipeContext) {
@@ -20,6 +26,12 @@ namespace Orchard.AuditTrail.ImportExport {
                return;
            }

+            if (!_authorizer.Authorize(Permissions.ImportAuditTrail)) {
+                Logger.Warning("Blocked {0} from importing an audit trail because this user does not have the ImportauditTrail permission.", _wca.GetContext().CurrentUser.UserName);
+                recipeContext.Executed = false;
+                return;
+            }
+
            foreach (var eventElement in recipeContext.RecipeStep.Step.Elements()) {
                var record = new AuditTrailEventRecord {
                    EventName = eventElement.Attr<string>("Name"),
--- a/src/Orchard.Web/Modules/Orchard.AuditTrail/Permissions.cs
+++ b/src/Orchard.Web/Modules/Orchard.AuditTrail/Permissions.cs
@@ -6,19 +6,23 @@ namespace Orchard.AuditTrail {
    public class Permissions : IPermissionProvider {
        public static readonly Permission ViewAuditTrail = new Permission { Description = "View audit trail", Name = "ViewAuditTrail" };
        public static readonly Permission ManageAuditTrailSettings = new Permission { Description = "Manage audit trail settings", Name = "ManageAuditTrailSettings" };
+        public static readonly Permission ImportAuditTrail = new Permission { Description = "Import audit trail", Name = "ImportAuditTrail" };

        public virtual Feature Feature { get; set; }

        public IEnumerable<Permission> GetPermissions() {
            yield return ViewAuditTrail;
            yield return ManageAuditTrailSettings;
+            yield return ImportAuditTrail;
        }

        public IEnumerable<PermissionStereotype> GetDefaultStereotypes() {
-            return new[] {
-                new PermissionStereotype {
-                    Name = "Administrator",
-                    Permissions = new[] {ViewAuditTrail, ManageAuditTrailSettings}
+            yield return new PermissionStereotype {
+                Name = "Administrator",
+                Permissions = new[] {
+                    ViewAuditTrail, 
+                    ManageAuditTrailSettings,
+                    /* Not even an administrator will get the ImportAuditTrail permission. */
                }
            };
        }