#17289: only allowing default tenant site administrator to install packages by default. Others can be granted permission.

--HG--
branch : dev
rename : src/Orchard.Tests.Modules/Packaging/Hello.World.csproj.txt => src/Orchard.Tests.Modules/Packaging/Services/Hello.World.csproj.txt
rename : src/Orchard.Tests.Modules/Packaging/HelloDriver.cs.txt => src/Orchard.Tests.Modules/Packaging/Services/HelloDriver.cs.txt
rename : src/Orchard.Tests.Modules/Packaging/PackageBuilderTests.cs => src/Orchard.Tests.Modules/Packaging/Services/PackageBuilderTests.cs

src/Orchard.Web/Modules/Orchard.MultiTenancy/AdminMenu.cs

@@ -1,4 +1,5 @@
-using Orchard.Environment.Configuration;
+using Orchard.Environment;
+using Orchard.Environment.Configuration;
 using Orchard.Localization;
 using Orchard.Security;
 using Orchard.UI.Navigation;
@@ -16,7 +17,7 @@ namespace Orchard.MultiTenancy {
         public string MenuName { get { return "admin"; } }
 
         public void GetNavigation(NavigationBuilder builder) {
-            if ( _shellSettings.Name != "Default" )
+            if (_shellSettings.Name != ShellSettings.DefaultName)
                 return;
 
             builder.Add(T("Tenants"), "100",

src/Orchard.Web/Modules/Orchard.MultiTenancy/Controllers/AdminController.cs

@@ -1,6 +1,7 @@
 using System;
 using System.Linq;
 using System.Web.Mvc;
+using Orchard.Environment;
 using Orchard.Environment.Configuration;
 using Orchard.Localization;
 using Orchard.MultiTenancy.Services;
@@ -158,7 +159,7 @@ namespace Orchard.MultiTenancy.Controllers {
         }
 
         private bool EnsureDefaultTenant() {
-            return _thisShellSettings.Name == "Default";
+            return _thisShellSettings.Name == ShellSettings.DefaultName;
         }
     }
 }

src/Orchard.Web/Modules/Orchard.Packaging/Commands/PackagingCommands.cs

@@ -93,7 +93,6 @@ namespace Orchard.Packaging.Commands {
                 // Exceptions area thrown by NuGet as error messages
                 throw new OrchardException(T(HttpUtility.HtmlDecode(T("Could not unintall the package: {0}", e.Message).Text)));
             }
-
         }
     }
-}
+}

src/Orchard.Web/Modules/Orchard.Packaging/Controllers/DownloadStreamResult.cs

@@ -1,23 +0,0 @@
-using System.IO;
-using System.Web.Mvc;
-
-namespace Orchard.Packaging.Controllers {
-    public class DownloadStreamResult : ActionResult {
-        public string FileName { get; set; }
-        public string ContentType { get; set; }
-        public Stream Stream { get; set; }
-
-        public DownloadStreamResult(string fileName, string contentType, Stream stream) {
-            FileName = fileName;
-            ContentType = contentType;
-            Stream = stream;
-        }
-
-        public override void ExecuteResult(ControllerContext context) {
-            context.HttpContext.Response.ContentType = ContentType;
-            context.HttpContext.Response.AddHeader("content-disposition", "attachment; filename=\"" + FileName + "\"");
-            Stream.Seek(0, SeekOrigin.Begin);
-            Stream.CopyTo(context.HttpContext.Response.OutputStream);
-        }
-    }
-}

src/Orchard.Web/Modules/Orchard.Packaging/Controllers/GalleryController.cs

@@ -1,6 +1,5 @@
 using System;
 using System.Collections.Generic;
-using System.Data.Services.Client;
 using System.Linq;
 using System.Web.Hosting;
 using System.Web.Mvc;
@@ -12,7 +11,6 @@ using Orchard.Logging;
 using Orchard.Packaging.Models;
 using Orchard.Packaging.Services;
 using Orchard.Packaging.ViewModels;
-using Orchard.Security;
 using Orchard.Themes;
 using Orchard.UI.Admin;
 using Orchard.UI.Notify;
@@ -23,15 +21,19 @@ namespace Orchard.Packaging.Controllers {
     [Themed, Admin]
     public class GalleryController : Controller {
 
+        private readonly IPackagingServices _packagingServices;
         private readonly IPackageManager _packageManager;
         private readonly IPackagingSourceManager _packagingSourceManager;
         private readonly INotifier _notifier;
 
         public GalleryController(
+            IPackagingServices packagingServices,
             IPackageManager packageManager,
             IPackagingSourceManager packagingSourceManager,
             INotifier notifier,
             IOrchardServices services) {
+
+            _packagingServices = packagingServices;
             _packageManager = packageManager;
             _packagingSourceManager = packagingSourceManager;
             _notifier = notifier;
@@ -46,7 +48,7 @@ namespace Orchard.Packaging.Controllers {
         public ILogger Logger { get; set; }
 
         public ActionResult Sources() {
-            if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to list sources")))
+            if (!_packagingServices.CanManagePackages())
                 return new HttpUnauthorizedResult();
 
             return View(new PackagingSourcesViewModel {
@@ -55,7 +57,7 @@ namespace Orchard.Packaging.Controllers {
         }
 
         public ActionResult Remove(int id) {
-            if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to remove sources")))
+            if (!_packagingServices.CanManagePackages())
                 return new HttpUnauthorizedResult();
 
             _packagingSourceManager.RemoveSource(id);
@@ -64,7 +66,7 @@ namespace Orchard.Packaging.Controllers {
         }
 
         public ActionResult AddSource() {
-            if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to add sources")))
+            if (!_packagingServices.CanManagePackages())
                 return new HttpUnauthorizedResult();
 
             return View(new PackagingAddSourceViewModel());
@@ -72,7 +74,7 @@ namespace Orchard.Packaging.Controllers {
 
         [HttpPost]
         public ActionResult AddSource(string url) {
-            if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to add sources")))
+            if (!_packagingServices.CanManagePackages())
                 return new HttpUnauthorizedResult();
 
             try {
@@ -126,7 +128,7 @@ namespace Orchard.Packaging.Controllers {
         }
 
         protected ActionResult ListExtensions(int? sourceId, string extensionType, string returnView, Func<PackagingSource, PackagingEntry[]> getList) {
-            if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to list {0}", extensionType)))
+            if (!_packagingServices.CanManagePackages())
                 return new HttpUnauthorizedResult();
 
             var selectedSource = _packagingSourceManager.GetSources().Where(s => s.Id == sourceId).FirstOrDefault();
@@ -156,7 +158,7 @@ namespace Orchard.Packaging.Controllers {
         }
 
         public ActionResult Install(string packageId, string version, int sourceId, string redirectTo) {
-            if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to install packages")))
+            if (!_packagingServices.CanManagePackages())
                 return new HttpUnauthorizedResult();
 
             var source = _packagingSourceManager.GetSources().Where(s => s.Id == sourceId).FirstOrDefault();

src/Orchard.Web/Modules/Orchard.Packaging/Controllers/PackagingServicesController.cs

@@ -10,7 +10,6 @@ using Orchard.FileSystems.AppData;
 using Orchard.Localization;
 using Orchard.Mvc.Extensions;
 using Orchard.Packaging.Services;
-using Orchard.Security;
 using Orchard.Themes;
 using Orchard.UI.Admin;
 using Orchard.UI.Notify;
@@ -22,15 +21,19 @@ namespace Orchard.Packaging.Controllers {
     [Themed, Admin]
     public class PackagingServicesController : Controller {
 
+        private readonly IPackagingServices _packagingServices;
         private readonly IPackageManager _packageManager;
         private readonly IAppDataFolderRoot _appDataFolderRoot;
         private readonly INotifier _notifier;
 
         public PackagingServicesController(
+            IPackagingServices packagingServices,
             IPackageManager packageManager,
             INotifier notifier,
             IAppDataFolderRoot appDataFolderRoot,
             IOrchardServices services) {
+
+            _packagingServices = packagingServices;
             _packageManager = packageManager;
             _notifier = notifier;
             _appDataFolderRoot = appDataFolderRoot;
@@ -43,7 +46,7 @@ namespace Orchard.Packaging.Controllers {
         public IOrchardServices Services { get; set; }
 
         public ActionResult AddTheme(string returnUrl) {
-            if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to add themes")))
+            if (!_packagingServices.CanManagePackages())
                 return new HttpUnauthorizedResult();
 
             return View();
@@ -51,7 +54,7 @@ namespace Orchard.Packaging.Controllers {
 
         [HttpPost, ActionName("AddTheme")]
         public ActionResult AddThemePOST(string returnUrl) {
-            if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to add themes")))
+            if (!_packagingServices.CanManagePackages())
                 return new HttpUnauthorizedResult();
 
             return InstallPackage(returnUrl, Request.RawUrl);
@@ -59,14 +62,14 @@ namespace Orchard.Packaging.Controllers {
 
         [HttpPost, ActionName("RemoveTheme")]
         public ActionResult RemoveThemePOST(string themeId, string returnUrl, string retryUrl) {
-            if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to remove themes")))
+            if (!_packagingServices.CanManagePackages())
                 return new HttpUnauthorizedResult();
 
             return UninstallPackage(PackageBuilder.BuildPackageId(themeId, DefaultExtensionTypes.Theme), returnUrl, retryUrl);
         }
 
         public ActionResult AddModule(string returnUrl) {
-            if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to add modules")))
+            if (!_packagingServices.CanManagePackages())
                 return new HttpUnauthorizedResult();
 
             return View();
@@ -74,14 +77,14 @@ namespace Orchard.Packaging.Controllers {
 
         [HttpPost, ActionName("AddModule")]
         public ActionResult AddModulePOST(string returnUrl) {
-            if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to add modules")))
+            if (!_packagingServices.CanManagePackages())
                 return new HttpUnauthorizedResult();
 
             return InstallPackage(returnUrl, Request.RawUrl);
         }
 
         public ActionResult InstallPackage(string returnUrl, string retryUrl) {
-            if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to install packages")))
+            if (!_packagingServices.CanManagePackages())
                 return new HttpUnauthorizedResult();
 
             try {
@@ -114,7 +117,7 @@ namespace Orchard.Packaging.Controllers {
         }
 
         public ActionResult UninstallPackage(string id, string returnUrl, string retryUrl) {
-            if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to uninstall packages")))
+            if (!_packagingServices.CanManagePackages())
                 return new HttpUnauthorizedResult();
 
             try {

src/Orchard.Web/Modules/Orchard.Packaging/Orchard.Packaging.csproj

@@ -61,23 +61,23 @@
     <Compile Include="AdminMenu.cs" />
     <Compile Include="Commands\PackagingCommands.cs" />
     <Compile Include="Controllers\PackagingServicesController.cs" />
-    <Compile Include="Controllers\DownloadStreamResult.cs" />
     <Compile Include="Controllers\GalleryController.cs" />
     <Compile Include="DefaultPackagingUpdater.cs" />
     <Compile Include="Migrations.cs" />
     <Compile Include="Models\PackagingSource.cs" />
+    <Compile Include="Permissions.cs" />
     <Compile Include="ResourceManifest.cs" />
     <Compile Include="Service References\GalleryServer\Reference.cs">
       <AutoGen>True</AutoGen>
       <DesignTime>True</DesignTime>
       <DependentUpon>Reference.datasvcmap</DependentUpon>
     </Compile>
-    <Compile Include="Services\AtomExtensions.cs" />
     <Compile Include="Services\ExtensionReferenceRepository.cs" />
     <Compile Include="Services\FileBaseProjectSystem.cs" />
     <Compile Include="Services\IPackageBuilder.cs" />
     <Compile Include="Services\IPackageInstaller.cs" />
     <Compile Include="Services\IPackageManager.cs" />
+    <Compile Include="Services\IPackagingServices.cs" />
     <Compile Include="Services\IPackagingSourceManager.cs" />
     <Compile Include="Services\NugetLogger.cs" />
     <Compile Include="Services\PackageBuilder.cs" />
@@ -85,6 +85,7 @@
     <Compile Include="Services\PackageInstaller.cs" />
     <Compile Include="Services\PackageManager.cs" />
     <Compile Include="Services\PackagingEntry.cs" />
+    <Compile Include="Services\PackagingServices.cs" />
     <Compile Include="Services\PackagingSourceManager.cs" />
     <Compile Include="ViewModels\PackagingAddSourceViewModel.cs" />
     <Compile Include="ViewModels\PackagingHarvestViewModel.cs" />

src/Orchard.Web/Modules/Orchard.Packaging/Permissions.cs

@@ -0,0 +1,20 @@
+using System.Collections.Generic;
+using Orchard.Environment.Extensions.Models;
+using Orchard.Security.Permissions;
+
+namespace Orchard.Packaging {
+    public class Permissions : IPermissionProvider {
+        public static readonly Permission ManagePackages = new Permission { Description = "Manage packages", Name = "ManagePackages" };
+
+        public virtual Feature Feature { get; set; }
+
+        public IEnumerable<Permission> GetPermissions() {
+            return new[] { ManagePackages };
+        }
+
+        public IEnumerable<PermissionStereotype> GetDefaultStereotypes() {
+            // By default no one can manage packages except the default site administrator
+            return new List<PermissionStereotype>();
+        }
+    }
+}

src/Orchard.Web/Modules/Orchard.Packaging/Services/AtomExtensions.cs

@@ -1,16 +0,0 @@
-using System.Xml.Linq;
-using Orchard.Environment.Extensions;
-
-namespace Orchard.Packaging.Services {
-    [OrchardFeature("PackagingServices")]
-    internal static class AtomExtensions {
-        public static string Atom(this XElement entry, string localName) {
-            XElement element = entry.Element(AtomXName(localName));
-            return element != null ? element.Value : null;
-        }
-
-        public static XName AtomXName(string localName) {
-            return XName.Get(localName, "http://www.w3.org/2005/Atom");
-        }
-    }
-}

src/Orchard.Web/Modules/Orchard.Packaging/Services/IPackagingServices.cs

@@ -0,0 +1,13 @@
+namespace Orchard.Packaging.Services {
+    /// <summary>
+    /// Provides generic packaging related methods.
+    /// </summary>
+    public interface IPackagingServices : IDependency {
+
+        /// <summary>
+        /// Verifies if the current user is allowed to manage packages. The super user of the default tenant site is always allowed.
+        /// </summary>
+        /// <returns>True if the allowed; false otherwise.</returns>
+        bool CanManagePackages();
+    }
+}

src/Orchard.Web/Modules/Orchard.Packaging/Services/PackageManager.cs

@@ -1,11 +1,9 @@
 using System;
 using System.Linq;
-using System.Web.Hosting;
 using NuGet;
 using Orchard.Environment.Extensions;
 using Orchard.Environment.Extensions.Models;
 using Orchard.Localization;
-using Orchard.UI.Notify;
 
 namespace Orchard.Packaging.Services {
     [OrchardFeature("PackagingServices")]
@@ -13,17 +11,14 @@ namespace Orchard.Packaging.Services {
         private readonly IExtensionManager _extensionManager;
         private readonly IPackageBuilder _packageBuilder;
         private readonly IPackageInstaller _packageExpander;
-        private readonly INotifier _notifier;
 
         public PackageManager(
             IExtensionManager extensionManager,
             IPackageBuilder packageBuilder,
-            IPackageInstaller packageExpander,
-            INotifier notifier) {
+            IPackageInstaller packageExpander) {
             _extensionManager = extensionManager;
             _packageBuilder = packageBuilder;
             _packageExpander = packageExpander;
-            _notifier = notifier;
 
             T = NullLocalizer.Instance;
         }

src/Orchard.Web/Modules/Orchard.Packaging/Services/PackagingServices.cs

@@ -0,0 +1,39 @@
+using Orchard.Environment;
+using Orchard.Environment.Configuration;
+using Orchard.Localization;
+
+namespace Orchard.Packaging.Services {
+    /// <summary>
+    /// Provides generic packaging related methods.
+    /// </summary>
+    public class PackagingServices : IPackagingServices {
+        private readonly IOrchardServices _orchardServices;
+        private readonly ShellSettings _shellSettings;
+
+        public PackagingServices(IOrchardServices orchardServices,
+            ShellSettings shellSettings) {
+            _orchardServices = orchardServices;
+            _shellSettings = shellSettings;
+
+            T = NullLocalizer.Instance;
+        }
+
+        public Localizer T { get; set; }
+
+        /// <summary>
+        /// Verifies if the current user is allowed to manage packages. The super user of the default tenant site is always allowed.
+        /// </summary>
+        /// <returns>True if the allowed; False otherwise.</returns>
+        public bool CanManagePackages() {
+            // Check if super user for default tenant site
+            if (_shellSettings.Name == ShellSettings.DefaultName
+                && _orchardServices.WorkContext.CurrentUser.UserName == _orchardServices.WorkContext.CurrentSite.SuperUser) {
+
+                return true;
+            }
+
+            // Check if it has permission explicitly assigned
+            return _orchardServices.Authorizer.Authorize(Permissions.ManagePackages, T("Not authorized to manage packages."));
+        }
+    }
+}

src/Orchard.Web/Modules/Orchard.Setup/Controllers/SetupController.cs

@@ -1,7 +1,7 @@
 using System;
 using System.Web.Mvc;
 using Orchard.Environment;
-using Orchard.FileSystems.AppData;
+using Orchard.Environment.Configuration;
 using Orchard.Setup.Services;
 using Orchard.Setup.ViewModels;
 using Orchard.Localization;
@@ -11,13 +11,11 @@ using Orchard.UI.Notify;
 namespace Orchard.Setup.Controllers {
     [ValidateInput(false), Themed]
     public class SetupController : Controller {
-        private readonly IAppDataFolder _appDataFolder;
         private readonly IViewsBackgroundCompilation _viewsBackgroundCompilation;
         private readonly INotifier _notifier;
         private readonly ISetupService _setupService;
 
-        public SetupController(INotifier notifier, ISetupService setupService, IAppDataFolder appDataFolder, IViewsBackgroundCompilation viewsBackgroundCompilation) {
-            _appDataFolder = appDataFolder;
+        public SetupController(INotifier notifier, ISetupService setupService, IViewsBackgroundCompilation viewsBackgroundCompilation) {
             _viewsBackgroundCompilation = viewsBackgroundCompilation;
             _notifier = notifier;
             _setupService = setupService;
@@ -38,7 +36,7 @@ namespace Orchard.Setup.Controllers {
             // We use this opportunity to start a background task to "pre-compile" all the known
             // views in the app folder, so that the application is more reponsive when the user
             // hits the homepage and admin screens for the first time.
-            if (StringComparer.OrdinalIgnoreCase.Equals(initialSettings.Name, "Default")) {
+            if (StringComparer.OrdinalIgnoreCase.Equals(initialSettings.Name, ShellSettings.DefaultName)) {
                 _viewsBackgroundCompilation.Start();
             }
 
@@ -98,4 +96,4 @@ namespace Orchard.Setup.Controllers {
             }
         }
     }
-}
+}