lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2026-01-19 17:51:45 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Adding authorization to widgets displayed from Layouts

Browse Source
This commit is contained in:
Lombiq
2018-04-17 23:49:51 +02:00
committed by Zoltán Lehóczky
parent 25718a3e90
commit 685f092a22
1 changed files with 8 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/Orchard.Web/Modules/Orchard.Widgets/Layouts/Providers/WidgetElementHarvester.cs
View File

@@ -12,6 +12,7 @@ using Orchard.Layouts.Framework.Drivers;
using Orchard.Layouts.Framework.Elements;
using Orchard.Layouts.Framework.Harvesters;
using Orchard.Layouts.Helpers;
using Orchard.Security;
using Orchard.Widgets.Layouts.Elements;
using Orchard.Widgets.ViewModels;
using ContentItem = Orchard.ContentManagement.ContentItem;
@@ -20,9 +21,11 @@ namespace Orchard.Widgets.Layouts.Providers {
[OrchardFeature("Orchard.Widgets.Elements")]
public class WidgetElementHarvester : Component, IElementHarvester {
private readonly Work<IContentManager> _contentManager;
private readonly IAuthorizer _authorizer;
public WidgetElementHarvester(Work<IContentManager> contentManager) {
public WidgetElementHarvester(Work<IContentManager> contentManager, IAuthorizer authorizer) {
_contentManager = contentManager;
_authorizer = authorizer;
}
public IEnumerable<ElementDescriptor> HarvestElements(HarvestElementsContext context) {
@@ -56,6 +59,10 @@ namespace Orchard.Widgets.Layouts.Providers {
? _contentManager.Value.Get(widgetId.Value, versionOptions)
: _contentManager.Value.New(contentTypeName);
if (!_authorizer.Authorize(Core.Contents.Permissions.ViewContent, widget)) {
return;
}
var widgetShape = widget != null ? _contentManager.Value.BuildDisplay(widget, context.DisplayType) : default(dynamic);
context.ElementShape.Widget = widget;
context.ElementShape.WidgetShape = widgetShape;