mirror of
https://github.com/OrchardCMS/Orchard.git
synced 2026-01-22 21:02:08 +08:00
Refactoring permissions. First stage is renaming and collapsing some fine-grained permissions.
--HG-- extra : convert_revision : svn%3A5ff7c347-ad56-4c35-b696-ccb81de16e03/trunk%4045742
This commit is contained in:
loudej
@@ -11,7 +11,9 @@ namespace Orchard.Core.Common {
|
||||
}
|
||||
|
||||
public IEnumerable<Permission> GetPermissions() {
|
||||
return new[] { ChangeOwner };
|
||||
return new Permission[] {
|
||||
ChangeOwner,
|
||||
};
|
||||
}
|
||||
|
||||
public IEnumerable<PermissionStereotype> GetDefaultStereotypes() {
|
||||
|
||||
@@ -109,6 +109,7 @@
|
||||
<Compile Include="Scheduling\Services\ScheduledTaskExecutor.cs" />
|
||||
<Compile Include="Scheduling\Models\Task.cs" />
|
||||
<Compile Include="Settings\Controllers\SiteSettingsDriver.cs" />
|
||||
<Compile Include="Settings\Permissions.cs" />
|
||||
<Compile Include="Themes\Services\AdminThemeSelector.cs" />
|
||||
<Compile Include="Themes\Services\SafeModeThemeSelector.cs" />
|
||||
<Compile Include="Settings\AdminMenu.cs" />
|
||||
|
||||
29
src/Orchard.Web/Core/Settings/Permissions.cs
Normal file
29
src/Orchard.Web/Core/Settings/Permissions.cs
Normal file
@@ -0,0 +1,29 @@
|
||||
using System.Collections.Generic;
|
||||
using Orchard.Security.Permissions;
|
||||
|
||||
namespace Orchard.Core.Settings {
|
||||
public class Permissions : IPermissionProvider {
|
||||
public static readonly Permission ManageSettings = new Permission { Name = "ManageSettings", Description = "Manage site settings" };
|
||||
public static readonly Permission ChangeSuperuser = new Permission { Name = "ChangeSuperuser", Description = "Change the superuser for the site" };
|
||||
|
||||
public string PackageName {
|
||||
get { return "Settings"; }
|
||||
}
|
||||
|
||||
public IEnumerable<Permission> GetPermissions() {
|
||||
return new Permission[] {
|
||||
ManageSettings,
|
||||
ChangeSuperuser,
|
||||
};
|
||||
}
|
||||
|
||||
public IEnumerable<PermissionStereotype> GetDefaultStereotypes() {
|
||||
return new[] {
|
||||
new PermissionStereotype {
|
||||
Name = "Administrators",
|
||||
//Permissions = new[] {ChangeOwner}
|
||||
}
|
||||
};
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -40,7 +40,7 @@ namespace Orchard.Core.Themes.Controllers {
|
||||
[HttpPost]
|
||||
public ActionResult Activate(string themeName) {
|
||||
try {
|
||||
if (!_authorizer.Authorize(Permissions.SetSiteTheme, T("Couldn't set the current theme")))
|
||||
if (!_authorizer.Authorize(Permissions.ApplyTheme, T("Couldn't set the current theme")))
|
||||
return new HttpUnauthorizedResult();
|
||||
_themeService.SetSiteTheme(themeName);
|
||||
return RedirectToAction("Index");
|
||||
@@ -58,7 +58,7 @@ namespace Orchard.Core.Themes.Controllers {
|
||||
[HttpPost]
|
||||
public ActionResult Install(FormCollection input) {
|
||||
try {
|
||||
if (!_authorizer.Authorize(Permissions.InstallUninstallTheme, T("Couldn't install theme")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageThemes, T("Couldn't install theme")))
|
||||
return new HttpUnauthorizedResult();
|
||||
foreach (string fileName in Request.Files) {
|
||||
HttpPostedFileBase file = Request.Files[fileName];
|
||||
@@ -75,7 +75,7 @@ namespace Orchard.Core.Themes.Controllers {
|
||||
[HttpPost]
|
||||
public ActionResult Uninstall(string themeName) {
|
||||
try {
|
||||
if (!_authorizer.Authorize(Permissions.InstallUninstallTheme, T("Couldn't uninstall theme")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageThemes, T("Couldn't uninstall theme")))
|
||||
return new HttpUnauthorizedResult();
|
||||
_themeService.UninstallTheme(themeName);
|
||||
return RedirectToAction("Index");
|
||||
|
||||
@@ -4,8 +4,8 @@ using Orchard.Security.Permissions;
|
||||
|
||||
namespace Orchard.Core.Themes {
|
||||
public class Permissions : IPermissionProvider {
|
||||
public static readonly Permission InstallUninstallTheme = new Permission { Description = "Installing or Uninstalling Themes", Name = "InstallUninstallTheme" };
|
||||
public static readonly Permission SetSiteTheme = new Permission { Description = "Setting the Current Theme", Name = "SetSiteTheme" };
|
||||
public static readonly Permission ManageThemes = new Permission { Description = "Manage Themes", Name = "ManageThemes" };
|
||||
public static readonly Permission ApplyTheme = new Permission { Description = "Apply a Theme", Name = "ApplyTheme" };
|
||||
|
||||
public string PackageName {
|
||||
get {
|
||||
@@ -14,9 +14,9 @@ namespace Orchard.Core.Themes {
|
||||
}
|
||||
|
||||
public IEnumerable<Permission> GetPermissions() {
|
||||
return new List<Permission> {
|
||||
SetSiteTheme,
|
||||
InstallUninstallTheme
|
||||
return new Permission[] {
|
||||
ManageThemes,
|
||||
ApplyTheme,
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
@@ -34,7 +34,7 @@ namespace Orchard.Blogs.Controllers {
|
||||
|
||||
public ActionResult Create() {
|
||||
//TODO: (erikpo) Might think about moving this to an ActionFilter/Attribute
|
||||
if (!_authorizer.Authorize(Permissions.CreateBlog, T("Not allowed to create blogs")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageBlogs, T("Not allowed to create blogs")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
Blog blog = _services.ContentManager.New<Blog>("blog");
|
||||
@@ -52,7 +52,7 @@ namespace Orchard.Blogs.Controllers {
|
||||
[HttpPost]
|
||||
public ActionResult Create(CreateBlogViewModel model) {
|
||||
//TODO: (erikpo) Might think about moving this to an ActionFilter/Attribute
|
||||
if (!_authorizer.Authorize(Permissions.CreateBlog, T("Couldn't create blog")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageBlogs, T("Couldn't create blog")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
model.Blog = _services.ContentManager.UpdateEditorModel(_services.ContentManager.New<Blog>("blog"), this);
|
||||
@@ -71,7 +71,7 @@ namespace Orchard.Blogs.Controllers {
|
||||
|
||||
public ActionResult Edit(string blogSlug) {
|
||||
//TODO: (erikpo) Might think about moving this to an ActionFilter/Attribute
|
||||
if (!_authorizer.Authorize(Permissions.ModifyBlog, T("Not allowed to edit blog")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageBlogs, T("Not allowed to edit blog")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
//TODO: (erikpo) Move looking up the current blog up into a modelbinder
|
||||
@@ -89,7 +89,7 @@ namespace Orchard.Blogs.Controllers {
|
||||
|
||||
[HttpPost]
|
||||
public ActionResult Edit(string blogSlug, FormCollection input) {
|
||||
if (!_authorizer.Authorize(Permissions.ModifyBlog, T("Couldn't edit blog")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageBlogs, T("Couldn't edit blog")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
//TODO: (erikpo) Move looking up the current blog up into a modelbinder
|
||||
@@ -112,7 +112,7 @@ namespace Orchard.Blogs.Controllers {
|
||||
|
||||
[HttpPost]
|
||||
public ActionResult Delete(string blogSlug) {
|
||||
if (!_authorizer.Authorize(Permissions.DeleteBlog, T("Couldn't delete blog")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageBlogs, T("Couldn't delete blog")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
//TODO: (erikpo) Move looking up the current blog up into a modelbinder
|
||||
|
||||
@@ -32,7 +32,7 @@ namespace Orchard.Blogs.Controllers {
|
||||
|
||||
public ActionResult Create(string blogSlug) {
|
||||
//TODO: (erikpo) Might think about moving this to an ActionFilter/Attribute
|
||||
if (!_services.Authorizer.Authorize(Permissions.CreatePost, T("Not allowed to create blog post")))
|
||||
if (!_services.Authorizer.Authorize(Permissions.EditBlogPost, T("Not allowed to create blog post")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
//TODO: (erikpo) Move looking up the current blog up into a modelbinder
|
||||
@@ -53,7 +53,7 @@ namespace Orchard.Blogs.Controllers {
|
||||
|
||||
[HttpPost]
|
||||
public ActionResult Create(string blogSlug, CreateBlogPostViewModel model) {
|
||||
if (!_services.Authorizer.Authorize(Permissions.CreatePost, T("Couldn't create blog post")))
|
||||
if (!_services.Authorizer.Authorize(Permissions.EditBlogPost, T("Couldn't create blog post")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
//TODO: (erikpo) Move looking up the current blog up into a modelbinder
|
||||
@@ -96,7 +96,7 @@ namespace Orchard.Blogs.Controllers {
|
||||
}
|
||||
|
||||
public ActionResult Edit(string blogSlug, string postSlug) {
|
||||
if (!_services.Authorizer.Authorize(Permissions.ModifyPost, T("Couldn't edit blog post")))
|
||||
if (!_services.Authorizer.Authorize(Permissions.EditBlogPost, T("Couldn't edit blog post")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
//TODO: (erikpo) Move looking up the current blog up into a modelbinder
|
||||
@@ -119,7 +119,7 @@ namespace Orchard.Blogs.Controllers {
|
||||
|
||||
[HttpPost, ActionName("Edit")]
|
||||
public ActionResult EditPOST(string blogSlug, string postSlug) {
|
||||
if (!_services.Authorizer.Authorize(Permissions.ModifyPost, T("Couldn't edit blog post")))
|
||||
if (!_services.Authorizer.Authorize(Permissions.EditBlogPost, T("Couldn't edit blog post")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
bool isDraft = false;
|
||||
@@ -179,7 +179,8 @@ namespace Orchard.Blogs.Controllers {
|
||||
|
||||
[HttpPost]
|
||||
public ActionResult Delete(string blogSlug, string postSlug) {
|
||||
if (!_services.Authorizer.Authorize(Permissions.DeletePost, T("Couldn't delete blog post")))
|
||||
//refactoring: test PublishBlogPost/PublishOthersBlogPost in addition if published
|
||||
if (!_services.Authorizer.Authorize(Permissions.DeleteBlogPost, T("Couldn't delete blog post")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
//TODO: (erikpo) Move looking up the current blog up into a modelbinder
|
||||
|
||||
@@ -9,6 +9,7 @@ using Orchard.Core.Feeds;
|
||||
using Orchard.Localization;
|
||||
using Orchard.ContentManagement;
|
||||
using Orchard.Mvc.Results;
|
||||
using Orchard.Security;
|
||||
|
||||
namespace Orchard.Blogs.Controllers {
|
||||
public class BlogPostController : Controller {
|
||||
@@ -33,7 +34,7 @@ namespace Orchard.Blogs.Controllers {
|
||||
|
||||
//TODO: (erikpo) Should think about moving the slug parameters and get calls and null checks up into a model binder or action filter
|
||||
public ActionResult Item(string blogSlug, string postSlug) {
|
||||
if (!_services.Authorizer.Authorize(Permissions.ViewPost, T("Couldn't view blog post")))
|
||||
if (!_services.Authorizer.Authorize(StandardPermissions.AccessFrontEnd, T("Couldn't view blog post")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
//TODO: (erikpo) Move looking up the current blog up into a modelbinder
|
||||
|
||||
@@ -4,17 +4,15 @@ using Orchard.Security.Permissions;
|
||||
|
||||
namespace Orchard.Blogs {
|
||||
public class Permissions : IPermissionProvider {
|
||||
public static readonly Permission ViewPost = new Permission { Description = "Viewing Blog Posts", Name = "ViewPosts" };
|
||||
public static readonly Permission CreatePost = new Permission { Description = "Creating Blog Posts", Name = "CreatePost" };
|
||||
public static readonly Permission CreateDraft = new Permission { Description = "Creating a Draft of a Blog Post", Name = "CreateDraft" };
|
||||
public static readonly Permission ModifyPost = new Permission { Description = "Mofifying a Blog Post", Name = "ModifyPost" };
|
||||
public static readonly Permission DeletePost = new Permission { Description = "Deleting a Blog Post", Name = "DeletePost" };
|
||||
public static readonly Permission PublishPost = new Permission { Description = "Publishing a Blog Post", Name = "PublishPost" };
|
||||
public static readonly Permission UnpublishPost = new Permission { Description = "Unpublishing a Blog Post", Name = "UnpublishPost" };
|
||||
public static readonly Permission SchedulePost = new Permission { Description = "Scheduling a Blog Post", Name = "SchedulePost" };
|
||||
public static readonly Permission CreateBlog = new Permission { Description = "Creating a Blog", Name = "CreateBlog" };
|
||||
public static readonly Permission ModifyBlog = new Permission { Description = "Mofifying a Blog", Name = "ModifyBlog" };
|
||||
public static readonly Permission DeleteBlog = new Permission { Description = "Deleting a Blog", Name = "DeleteBlog" };
|
||||
public static readonly Permission ManageBlogs = new Permission { Description = "Edit blog properties", Name = "ManageBlogs" };//q: Should edit_blog be ManageBlogs?
|
||||
|
||||
public static readonly Permission EditBlogPost = new Permission { Description = "Edit own blog posts", Name = "EditBlogPost" };
|
||||
public static readonly Permission EditOthersBlogPost = new Permission { Description = "Edit any blog posts", Name = "EditOthersBlogPost" };
|
||||
public static readonly Permission PublishBlogPost = new Permission { Description = "Publish or unpublish blog post", Name = "PublishBlogPost" };
|
||||
public static readonly Permission PublishOthersBlogPost = new Permission { Description = "Publish or unpublish blog post for others", Name = "PublishOthersBlogPost" };
|
||||
public static readonly Permission DeleteBlogPost = new Permission { Description = "Delete blog post", Name = "DeleteBlogPost" };
|
||||
public static readonly Permission DeleteOthersBlogPost = new Permission { Description = "Delete blog post for others", Name = "DeleteOthersBlogPost" };
|
||||
|
||||
|
||||
public string PackageName {
|
||||
get {
|
||||
@@ -23,18 +21,14 @@ namespace Orchard.Blogs {
|
||||
}
|
||||
|
||||
public IEnumerable<Permission> GetPermissions() {
|
||||
return new List<Permission> {
|
||||
ViewPost,
|
||||
CreatePost,
|
||||
CreateDraft,
|
||||
ModifyPost,
|
||||
DeletePost,
|
||||
PublishPost,
|
||||
UnpublishPost,
|
||||
SchedulePost,
|
||||
CreateBlog,
|
||||
ModifyBlog,
|
||||
DeleteBlog
|
||||
return new Permission[] {
|
||||
ManageBlogs,
|
||||
EditBlogPost,
|
||||
EditOthersBlogPost,
|
||||
PublishBlogPost,
|
||||
PublishOthersBlogPost,
|
||||
DeleteBlogPost,
|
||||
DeleteOthersBlogPost,
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
@@ -81,7 +81,7 @@ namespace Orchard.Comments.Controllers {
|
||||
case CommentIndexBulkAction.None:
|
||||
break;
|
||||
case CommentIndexBulkAction.MarkAsSpam:
|
||||
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't moderate comment")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't moderate comment")))
|
||||
return new HttpUnauthorizedResult();
|
||||
//TODO: Transaction
|
||||
foreach (CommentEntry entry in checkedEntries) {
|
||||
@@ -89,7 +89,7 @@ namespace Orchard.Comments.Controllers {
|
||||
}
|
||||
break;
|
||||
case CommentIndexBulkAction.Pend:
|
||||
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't moderate comment")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't moderate comment")))
|
||||
return new HttpUnauthorizedResult();
|
||||
//TODO: Transaction
|
||||
foreach (CommentEntry entry in checkedEntries) {
|
||||
@@ -97,7 +97,7 @@ namespace Orchard.Comments.Controllers {
|
||||
}
|
||||
break;
|
||||
case CommentIndexBulkAction.Approve:
|
||||
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't moderate comment")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't moderate comment")))
|
||||
return new HttpUnauthorizedResult();
|
||||
//TODO: Transaction
|
||||
foreach (CommentEntry entry in checkedEntries) {
|
||||
@@ -105,7 +105,7 @@ namespace Orchard.Comments.Controllers {
|
||||
}
|
||||
break;
|
||||
case CommentIndexBulkAction.Delete:
|
||||
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't delete comment")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't delete comment")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
foreach (CommentEntry entry in checkedEntries) {
|
||||
@@ -211,7 +211,7 @@ namespace Orchard.Comments.Controllers {
|
||||
case CommentDetailsBulkAction.None:
|
||||
break;
|
||||
case CommentDetailsBulkAction.MarkAsSpam:
|
||||
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't moderate comment")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't moderate comment")))
|
||||
return new HttpUnauthorizedResult();
|
||||
//TODO: Transaction
|
||||
foreach (CommentEntry entry in checkedEntries) {
|
||||
@@ -219,7 +219,7 @@ namespace Orchard.Comments.Controllers {
|
||||
}
|
||||
break;
|
||||
case CommentDetailsBulkAction.Pend:
|
||||
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't moderate comment")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't moderate comment")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
foreach (CommentEntry entry in checkedEntries) {
|
||||
@@ -227,7 +227,7 @@ namespace Orchard.Comments.Controllers {
|
||||
}
|
||||
break;
|
||||
case CommentDetailsBulkAction.Approve:
|
||||
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't moderate comment")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't moderate comment")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
foreach (CommentEntry entry in checkedEntries) {
|
||||
@@ -235,7 +235,7 @@ namespace Orchard.Comments.Controllers {
|
||||
}
|
||||
break;
|
||||
case CommentDetailsBulkAction.Delete:
|
||||
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't delete comment")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't delete comment")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
foreach (CommentEntry entry in checkedEntries) {
|
||||
@@ -318,7 +318,7 @@ namespace Orchard.Comments.Controllers {
|
||||
var viewModel = new CommentsEditViewModel();
|
||||
try {
|
||||
UpdateModel(viewModel);
|
||||
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't edit comment")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't edit comment")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
_commentService.UpdateComment(viewModel.Id, viewModel.Name, viewModel.Email, viewModel.SiteName, viewModel.CommentText, viewModel.Status);
|
||||
@@ -332,7 +332,7 @@ namespace Orchard.Comments.Controllers {
|
||||
|
||||
public ActionResult Delete(int id, string returnUrl) {
|
||||
try {
|
||||
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't delete comment")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't delete comment")))
|
||||
return new HttpUnauthorizedResult();
|
||||
int commentedOn = _commentService.GetComment(id).CommentedOn;
|
||||
_commentService.DeleteComment(id);
|
||||
|
||||
@@ -4,13 +4,12 @@ using Orchard.Security.Permissions;
|
||||
|
||||
namespace Orchard.Comments {
|
||||
public class Permissions : IPermissionProvider {
|
||||
public static readonly Permission AddComment = new Permission { Description = "Adding a Comment", Name = "AddComment" };
|
||||
public static readonly Permission AddCommentWithoutValidation = new Permission { Description = "Adding a Comment without validation", Name = "AddCommentWithoutValidation" };
|
||||
public static readonly Permission EnableComment = new Permission { Description = "Enabling Comments on content items", Name = "EnableComment" };
|
||||
public static readonly Permission CloseComment = new Permission { Description = "Closing Comments", Name = "CloseComment" };
|
||||
public static readonly Permission CloseCommentOnOwnItems = new Permission { Description = "Closing Comments on own items", Name = "CloseCommentOnOwnItems" };
|
||||
public static readonly Permission ModerateComment = new Permission { Description = "Moderating Comments", Name = "ModerateComment" };
|
||||
public static readonly Permission ModerateCommentOnOwnItems = new Permission { Description = "Moderating Comments On Own Items", Name = "ModerateCommentOnOwnItems" };
|
||||
public static readonly Permission AddComment = new Permission { Description = "Add comment", Name = "AddComment" };
|
||||
public static readonly Permission EnableComment = new Permission { Description = "Enabling Comments on content items", Name = "EnableComment" };//refactoring
|
||||
public static readonly Permission CloseComment = new Permission { Description = "Closing Comments", Name = "CloseComment" };//refactoring
|
||||
public static readonly Permission CloseCommentOnOwnItems = new Permission { Description = "Closing Comments on own items", Name = "CloseCommentOnOwnItems" };//refactoring
|
||||
public static readonly Permission ManageComments = new Permission { Description = "Manage comments", Name = "ManageComments" };
|
||||
public static readonly Permission ManageOthersComments = new Permission { Description = "Manage comments for others", Name = "ManageOthersComments" };
|
||||
|
||||
public string PackageName {
|
||||
get {
|
||||
@@ -19,14 +18,13 @@ namespace Orchard.Comments {
|
||||
}
|
||||
|
||||
public IEnumerable<Permission> GetPermissions() {
|
||||
return new[] {
|
||||
return new Permission[] {
|
||||
AddComment,
|
||||
AddCommentWithoutValidation,
|
||||
EnableComment,
|
||||
CloseComment,
|
||||
CloseCommentOnOwnItems,
|
||||
ModerateComment,
|
||||
ModerateCommentOnOwnItems
|
||||
ManageComments,
|
||||
ManageOthersComments
|
||||
};
|
||||
}
|
||||
|
||||
@@ -34,7 +32,7 @@ namespace Orchard.Comments {
|
||||
return new[] {
|
||||
new PermissionStereotype {
|
||||
Name = "Administrators",
|
||||
Permissions = new[] {ModerateComment}
|
||||
Permissions = new[] {ManageComments}
|
||||
},
|
||||
new PermissionStereotype {
|
||||
Name = "Anonymous",
|
||||
|
||||
@@ -58,7 +58,7 @@ namespace Orchard.Media.Controllers {
|
||||
var viewModel = new MediaFolderCreateViewModel();
|
||||
try {
|
||||
UpdateModel(viewModel);
|
||||
if (!_authorizer.Authorize(Permissions.CreateMediaFolder, T("Couldn't create media folder")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageMediaFiles, T("Couldn't create media folder")))
|
||||
return new HttpUnauthorizedResult();
|
||||
_mediaService.CreateFolder(viewModel.MediaPath, viewModel.Name);
|
||||
return RedirectToAction("Index");
|
||||
@@ -83,14 +83,14 @@ namespace Orchard.Media.Controllers {
|
||||
if (key.StartsWith("Checkbox.File.") && input[key] == "true") {
|
||||
string fileName = key.Substring("Checkbox.File.".Length);
|
||||
string folderName = input[fileName];
|
||||
if (!_authorizer.Authorize(Permissions.DeleteMedia, T("Couldn't delete media file")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageMediaFiles, T("Couldn't delete media file")))
|
||||
return new HttpUnauthorizedResult();
|
||||
_mediaService.DeleteFile(fileName, folderName);
|
||||
}
|
||||
else if (key.StartsWith("Checkbox.Folder.") && input[key] == "true") {
|
||||
string folderName = key.Substring("Checkbox.Folder.".Length);
|
||||
string folderPath = input[folderName];
|
||||
if (!_authorizer.Authorize(Permissions.DeleteMediaFolder, T("Couldn't delete media folder")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageMediaFiles, T("Couldn't delete media folder")))
|
||||
return new HttpUnauthorizedResult();
|
||||
_mediaService.DeleteFolder(folderPath);
|
||||
}
|
||||
@@ -116,13 +116,13 @@ namespace Orchard.Media.Controllers {
|
||||
//TODO: There may be better ways to do this.
|
||||
// Delete
|
||||
if (!String.IsNullOrEmpty(HttpContext.Request.Form["submit.Delete"])) {
|
||||
if (!_authorizer.Authorize(Permissions.DeleteMediaFolder, T("Couldn't delete media folder")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageMediaFiles, T("Couldn't delete media folder")))
|
||||
return new HttpUnauthorizedResult();
|
||||
_mediaService.DeleteFolder(viewModel.MediaPath);
|
||||
}
|
||||
// Save
|
||||
else {
|
||||
if (!_authorizer.Authorize(Permissions.RenameMediaFolder, T("Couldn't rename media folder")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageMediaFiles, T("Couldn't rename media folder")))
|
||||
return new HttpUnauthorizedResult();
|
||||
_mediaService.RenameFolder(viewModel.MediaPath, viewModel.Name);
|
||||
}
|
||||
@@ -145,7 +145,7 @@ namespace Orchard.Media.Controllers {
|
||||
var viewModel = new MediaItemAddViewModel();
|
||||
try {
|
||||
UpdateModel(viewModel);
|
||||
if (!_authorizer.Authorize(Permissions.UploadMedia, T("Couldn't upload media file")))
|
||||
if (!_authorizer.Authorize(Permissions.UploadMediaFiles, T("Couldn't upload media file")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
foreach (string fileName in Request.Files) {
|
||||
@@ -177,11 +177,11 @@ namespace Orchard.Media.Controllers {
|
||||
var viewModel = new MediaItemEditViewModel();
|
||||
try {
|
||||
UpdateModel(viewModel);
|
||||
if (!_authorizer.Authorize(Permissions.ModifyMedia, T("Couldn't modify media file")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageMediaFiles, T("Couldn't modify media file")))
|
||||
return new HttpUnauthorizedResult();
|
||||
// Delete
|
||||
if (!String.IsNullOrEmpty(HttpContext.Request.Form["submit.Delete"])) {
|
||||
if (!_authorizer.Authorize(Permissions.DeleteMedia, T("Couldn't delete media file")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageMediaFiles, T("Couldn't delete media file")))
|
||||
return new HttpUnauthorizedResult();
|
||||
_mediaService.DeleteFile(viewModel.Name, viewModel.MediaPath);
|
||||
return RedirectToAction("Edit", new { name = viewModel.FolderName, mediaPath = viewModel.MediaPath });
|
||||
|
||||
@@ -4,12 +4,8 @@ using Orchard.Security.Permissions;
|
||||
|
||||
namespace Orchard.Media {
|
||||
public class Permissions : IPermissionProvider {
|
||||
public static readonly Permission UploadMedia = new Permission { Description = "Uploading Media Files", Name = "UploadMedia" };
|
||||
public static readonly Permission ModifyMedia = new Permission { Description = "Modifying Media Files", Name = "ModifyMedia" };
|
||||
public static readonly Permission DeleteMedia = new Permission { Description = "Deleting Media Files", Name = "DeleteMedia" };
|
||||
public static readonly Permission CreateMediaFolder = new Permission { Description = "Creating Media Folders", Name = "CreateMediaFolder" };
|
||||
public static readonly Permission DeleteMediaFolder = new Permission { Description = "Deleting Media Folders", Name = "DeleteMediaFolder" };
|
||||
public static readonly Permission RenameMediaFolder = new Permission { Description = "Renaming Media Folders", Name = "RenameMediaFolder" };
|
||||
public static readonly Permission ManageMediaFiles = new Permission { Description = "Modifying Media Files", Name = "ManageMediaFiles" };
|
||||
public static readonly Permission UploadMediaFiles = new Permission { Description = "Uploading Media Files", Name = "UploadMediaFiles" };
|
||||
|
||||
public string PackageName {
|
||||
get {
|
||||
@@ -18,13 +14,9 @@ namespace Orchard.Media {
|
||||
}
|
||||
|
||||
public IEnumerable<Permission> GetPermissions() {
|
||||
return new List<Permission> {
|
||||
UploadMedia,
|
||||
ModifyMedia,
|
||||
DeleteMedia,
|
||||
CreateMediaFolder,
|
||||
DeleteMediaFolder,
|
||||
RenameMediaFolder
|
||||
return new Permission[] {
|
||||
ManageMediaFiles,
|
||||
UploadMediaFiles,
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
@@ -46,7 +46,7 @@ namespace Orchard.Media.Services {
|
||||
XRpcStruct file) {
|
||||
|
||||
var user = _membershipService.ValidateUser(userName, password);
|
||||
if (!_authorizationService.CheckAccess(user, Permissions.UploadMedia)) {
|
||||
if (!_authorizationService.CheckAccess(user, Permissions.UploadMediaFiles)) {
|
||||
//TEMP: return appropriate access-denied response for user
|
||||
throw new ApplicationException("Access denied");
|
||||
}
|
||||
|
||||
@@ -67,7 +67,7 @@ namespace Orchard.Pages.Controllers {
|
||||
}
|
||||
break;
|
||||
case PagesBulkAction.Unpublish:
|
||||
if (!_services.Authorizer.Authorize(Permissions.UnpublishPages, T("Couldn't unpublish page")))
|
||||
if (!_services.Authorizer.Authorize(Permissions.PublishPages, T("Couldn't unpublish page")))
|
||||
return new HttpUnauthorizedResult();
|
||||
foreach (PageEntry entry in checkedEntries) {
|
||||
var page = _pageService.GetLatest(entry.PageId);
|
||||
@@ -99,7 +99,7 @@ namespace Orchard.Pages.Controllers {
|
||||
}
|
||||
|
||||
public ActionResult Create() {
|
||||
if (!_services.Authorizer.Authorize(Permissions.CreatePages, T("Not allowed to create a page")))
|
||||
if (!_services.Authorizer.Authorize(Permissions.EditPages, T("Not allowed to create a page")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
var page = _services.ContentManager.BuildEditorModel(_services.ContentManager.New<Page>("page"));
|
||||
@@ -113,7 +113,7 @@ namespace Orchard.Pages.Controllers {
|
||||
|
||||
[HttpPost, ActionName("Create")]
|
||||
public ActionResult CreatePOST(PageCreateViewModel model) {
|
||||
if (!_services.Authorizer.Authorize(Permissions.CreatePages, T("Couldn't create page")))
|
||||
if (!_services.Authorizer.Authorize(Permissions.EditPages, T("Couldn't create page")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
//TODO: (erikpo) Move this duplicate code somewhere else
|
||||
@@ -143,7 +143,7 @@ namespace Orchard.Pages.Controllers {
|
||||
}
|
||||
|
||||
public ActionResult Edit(int id) {
|
||||
if (!_services.Authorizer.Authorize(Permissions.ModifyPages, T("Couldn't edit page")))
|
||||
if (!_services.Authorizer.Authorize(Permissions.EditPages, T("Couldn't edit page")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
Page page = _pageService.GetLatest(id);
|
||||
@@ -160,7 +160,7 @@ namespace Orchard.Pages.Controllers {
|
||||
|
||||
[HttpPost, ActionName("Edit")]
|
||||
public ActionResult EditPOST(int id) {
|
||||
if (!_services.Authorizer.Authorize(Permissions.ModifyPages, T("Couldn't edit page")))
|
||||
if (!_services.Authorizer.Authorize(Permissions.EditPages, T("Couldn't edit page")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
Page page = _pageService.GetPageOrDraft(id);
|
||||
|
||||
@@ -4,6 +4,7 @@ using Orchard.Localization;
|
||||
using Orchard.ContentManagement;
|
||||
using Orchard.Pages.Services;
|
||||
using Orchard.Pages.ViewModels;
|
||||
using Orchard.Security;
|
||||
|
||||
namespace Orchard.Pages.Controllers {
|
||||
[ValidateInput(false)]
|
||||
@@ -25,7 +26,7 @@ namespace Orchard.Pages.Controllers {
|
||||
private Localizer T { get; set; }
|
||||
|
||||
public ActionResult Item(string slug) {
|
||||
if (!Services.Authorizer.Authorize(Permissions.ViewPages, T("Couldn't view page")))
|
||||
if (!Services.Authorizer.Authorize(StandardPermissions.AccessFrontEnd, T("Couldn't view page")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
if (slug == null) {
|
||||
|
||||
@@ -4,15 +4,12 @@ using Orchard.Security.Permissions;
|
||||
|
||||
namespace Orchard.Pages {
|
||||
public class Permissions : IPermissionProvider {
|
||||
public static readonly Permission ViewPages = new Permission { Description = "Viewing Pages", Name = "ViewPages" };
|
||||
public static readonly Permission CreatePages = new Permission { Description = "Creating Pages", Name = "CreatePages" };
|
||||
public static readonly Permission CreateDraftPages = new Permission { Description = "Creating Page Drafts", Name = "CreateDraftPages" };
|
||||
public static readonly Permission DeleteDraftPages = new Permission { Description = "Deleting Page Drafts", Name = "DeleteDraftPages" };
|
||||
public static readonly Permission ModifyPages = new Permission { Description = "Modifying Pages", Name = "ModifyPages" };
|
||||
public static readonly Permission DeletePages = new Permission { Description = "Deleting Pages", Name = "DeletePages" };
|
||||
public static readonly Permission PublishPages = new Permission { Description = "Publishing Pages", Name = "PublishPages" };
|
||||
public static readonly Permission UnpublishPages = new Permission { Description = "Unpublishing Pages", Name = "UnpublishPages" };
|
||||
public static readonly Permission SchedulePages = new Permission { Description = "Scheduling Pages", Name = "SchedulePages" };
|
||||
public static readonly Permission EditPages = new Permission { Description = "Edit page", Name = "EditPages" };
|
||||
public static readonly Permission EditOthersPages = new Permission { Description = "Edit page for others", Name = "EditOthersPages" };
|
||||
public static readonly Permission PublishPages = new Permission { Description = "Publish or unpublish page", Name = "PublishPages" };
|
||||
public static readonly Permission PublishOthersPages = new Permission { Description = "Publish or unpublish page for others", Name = "PublishOthersPages" };
|
||||
public static readonly Permission DeletePages = new Permission { Description = "Delete page", Name = "DeletePages" };
|
||||
public static readonly Permission DeleteOthersPages = new Permission { Description = "Delete page for others", Name = "DeleteOthersPages" };
|
||||
|
||||
public string PackageName {
|
||||
get {
|
||||
@@ -21,16 +18,13 @@ namespace Orchard.Pages {
|
||||
}
|
||||
|
||||
public IEnumerable<Permission> GetPermissions() {
|
||||
return new List<Permission> {
|
||||
ViewPages,
|
||||
CreatePages,
|
||||
CreateDraftPages,
|
||||
DeleteDraftPages,
|
||||
ModifyPages,
|
||||
DeletePages,
|
||||
return new Permission[] {
|
||||
EditPages,
|
||||
EditOthersPages,
|
||||
PublishPages,
|
||||
UnpublishPages,
|
||||
SchedulePages
|
||||
PublishOthersPages,
|
||||
DeletePages,
|
||||
DeleteOthersPages,
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
@@ -65,6 +65,7 @@
|
||||
<Compile Include="Controllers\AdminController.cs" />
|
||||
<Compile Include="Controllers\UserRolesDriver.cs" />
|
||||
<Compile Include="Extension.cs" />
|
||||
<Compile Include="Permissions.cs" />
|
||||
<Compile Include="Records\PermissionRecord.cs" />
|
||||
<Compile Include="Records\RoleRecord.cs" />
|
||||
<Compile Include="Models\UserRoles.cs" />
|
||||
|
||||
31
src/Orchard.Web/Packages/Orchard.Roles/Permissions.cs
Normal file
31
src/Orchard.Web/Packages/Orchard.Roles/Permissions.cs
Normal file
@@ -0,0 +1,31 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using JetBrains.Annotations;
|
||||
using Orchard.Security.Permissions;
|
||||
|
||||
namespace Orchard.Roles {
|
||||
[UsedImplicitly]
|
||||
public class Permissions : IPermissionProvider {
|
||||
public static readonly Permission ManageRoles = new Permission { Description = "Create and manage roles", Name = "ManageRoles" };
|
||||
public static readonly Permission AssignUsersToRoles = new Permission { Description = "Assign users to roles", Name = "AssignUsersToRoles" };
|
||||
|
||||
public string PackageName {
|
||||
get {
|
||||
return "Roles";
|
||||
}
|
||||
}
|
||||
|
||||
public IEnumerable<Permission> GetPermissions() {
|
||||
return new Permission[] {
|
||||
ManageRoles,
|
||||
AssignUsersToRoles,
|
||||
};
|
||||
}
|
||||
|
||||
public IEnumerable<PermissionStereotype> GetDefaultStereotypes() {
|
||||
return Enumerable.Empty<PermissionStereotype>();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@@ -60,7 +60,7 @@ namespace Orchard.Tags.Controllers {
|
||||
case TagAdminIndexBulkAction.None:
|
||||
break;
|
||||
case TagAdminIndexBulkAction.Delete:
|
||||
if (!_authorizer.Authorize(Permissions.DeleteTag, T("Couldn't delete tag")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageTags, T("Couldn't delete tag")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
foreach (TagEntry entry in checkedEntries) {
|
||||
@@ -121,7 +121,7 @@ namespace Orchard.Tags.Controllers {
|
||||
var viewModel = new TagsAdminEditViewModel();
|
||||
try {
|
||||
UpdateModel(viewModel);
|
||||
if (!_authorizer.Authorize(Permissions.RenameTag, T("Couldn't edit tag")))
|
||||
if (!_authorizer.Authorize(Permissions.ManageTags, T("Couldn't edit tag")))
|
||||
return new HttpUnauthorizedResult();
|
||||
|
||||
_tagService.UpdateTag(viewModel.Id, viewModel.TagName);
|
||||
|
||||
@@ -4,10 +4,9 @@ using Orchard.Security.Permissions;
|
||||
|
||||
namespace Orchard.Tags {
|
||||
public class Permissions : IPermissionProvider {
|
||||
public static readonly Permission CreateTag = new Permission { Description = "Creating a Tag", Name = "CreateTag" };
|
||||
public static readonly Permission ManageTags = new Permission { Description = "Manage tags", Name = "ManageTags" };
|
||||
public static readonly Permission CreateTag = new Permission { Description = "Create tag", Name = "CreateTag" };
|
||||
public static readonly Permission ApplyTag = new Permission { Description = "Applying a Tag", Name = "ApplyTag" };
|
||||
public static readonly Permission DeleteTag = new Permission { Description = "Deleting a Tag", Name = "DeleteTag" };
|
||||
public static readonly Permission RenameTag = new Permission { Description = "Renaming a Tag", Name = "RenameTag" };
|
||||
|
||||
public string PackageName {
|
||||
get {
|
||||
@@ -16,11 +15,10 @@ namespace Orchard.Tags {
|
||||
}
|
||||
|
||||
public IEnumerable<Permission> GetPermissions() {
|
||||
return new List<Permission> {
|
||||
return new Permission[] {
|
||||
ManageTags,
|
||||
CreateTag,
|
||||
ApplyTag,
|
||||
DeleteTag,
|
||||
RenameTag,
|
||||
};
|
||||
}
|
||||
|
||||
|
||||
@@ -67,6 +67,7 @@
|
||||
<Compile Include="Models\User.cs" />
|
||||
<Compile Include="Models\UserHandler.cs" />
|
||||
<Compile Include="Models\UserRecord.cs" />
|
||||
<Compile Include="Permissions.cs" />
|
||||
<Compile Include="Properties\AssemblyInfo.cs" />
|
||||
<Compile Include="Services\MembershipService.cs" />
|
||||
<Compile Include="AdminMenu.cs" />
|
||||
|
||||
30
src/Orchard.Web/Packages/Orchard.Users/Permissions.cs
Normal file
30
src/Orchard.Web/Packages/Orchard.Users/Permissions.cs
Normal file
@@ -0,0 +1,30 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using JetBrains.Annotations;
|
||||
using Orchard.Security.Permissions;
|
||||
|
||||
namespace Orchard.Users {
|
||||
[UsedImplicitly]
|
||||
public class Permissions : IPermissionProvider {
|
||||
public static readonly Permission ManageUsers = new Permission { Description = "Manage users", Name = "ManageUsers" };
|
||||
public static readonly Permission AddUsers = new Permission { Description = "Add users", Name = "AddUsers" };
|
||||
|
||||
public string PackageName {
|
||||
get {
|
||||
return "Users";
|
||||
}
|
||||
}
|
||||
|
||||
public IEnumerable<Permission> GetPermissions() {
|
||||
return new Permission[] {
|
||||
ManageUsers,
|
||||
AddUsers,
|
||||
};
|
||||
}
|
||||
|
||||
public IEnumerable<PermissionStereotype> GetDefaultStereotypes() {
|
||||
return Enumerable.Empty<PermissionStereotype>();
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
@@ -21,7 +21,7 @@ namespace Orchard.Mvc.Filters {
|
||||
var siteUrl = _siteService.GetSiteSettings().SiteUrl;
|
||||
//todo: (heskew) get at the admin path in a less hacky way
|
||||
if (filterContext.HttpContext.Request.RawUrl.StartsWith(Path.Combine(siteUrl, "admin").Replace("\\", "/"), true, CultureInfo.InvariantCulture)
|
||||
&& !_authorizer.Authorize(Permissions.AccessAdmin, "Can't access the admin")) {
|
||||
&& !_authorizer.Authorize(StandardPermissions.AccessAdminPanel, "Can't access the admin")) {
|
||||
filterContext.Result = new HttpUnauthorizedResult();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -135,6 +135,7 @@
|
||||
<Compile Include="Extensions\ExtensionFolders.cs" />
|
||||
<Compile Include="Extensions\Loaders\AreaExtensionLoader.cs" />
|
||||
<Compile Include="Extensions\UriExtensions.cs" />
|
||||
<Compile Include="Security\StandardPermissions.cs" />
|
||||
<Compile Include="Tasks\Scheduling\IScheduledTask.cs" />
|
||||
<Compile Include="ContentManagement\ContentExtensions.cs" />
|
||||
<Compile Include="ContentManagement\ContentItem.cs" />
|
||||
@@ -206,7 +207,6 @@
|
||||
<Compile Include="Mvc\Html\FileRegistrationContext.cs" />
|
||||
<Compile Include="Mvc\Html\MvcFormAntiForgeryPost.cs" />
|
||||
<Compile Include="Mvc\Html\SiteServiceExtensions.cs" />
|
||||
<Compile Include="Permissions.cs" />
|
||||
<Compile Include="Tasks\FiniteContainerProvider.cs" />
|
||||
<Compile Include="Tasks\Scheduling\IScheduledTaskHandler.cs" />
|
||||
<Compile Include="Tasks\Scheduling\IScheduledTaskManager.cs" />
|
||||
|
||||
@@ -1,22 +0,0 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using Orchard.Security.Permissions;
|
||||
|
||||
namespace Orchard {
|
||||
public class Permissions : IPermissionProvider {
|
||||
public static readonly Permission AccessAdmin = new Permission { Name = "AccessAdmin", Description = "Access the application admin area" };
|
||||
|
||||
public string PackageName {
|
||||
get { return "Orchard"; }
|
||||
}
|
||||
|
||||
public IEnumerable<Permission> GetPermissions() {
|
||||
return new[] { AccessAdmin };
|
||||
}
|
||||
|
||||
public IEnumerable<PermissionStereotype> GetDefaultStereotypes() {
|
||||
return Enumerable.Empty<PermissionStereotype>();
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
26
src/Orchard/Security/StandardPermissions.cs
Normal file
26
src/Orchard/Security/StandardPermissions.cs
Normal file
@@ -0,0 +1,26 @@
|
||||
using System.Collections.Generic;
|
||||
using System.Linq;
|
||||
using Orchard.Security.Permissions;
|
||||
|
||||
namespace Orchard.Security {
|
||||
public class StandardPermissions : IPermissionProvider {
|
||||
public static readonly Permission AccessAdminPanel = new Permission { Name = "AccessAdminPanel", Description = "Access admin panel" };
|
||||
public static readonly Permission AccessFrontEnd = new Permission { Name = "AccessFrontEnd", Description = "Access site front-end" };
|
||||
|
||||
public string PackageName {
|
||||
get { return "Orchard"; }
|
||||
}
|
||||
|
||||
public IEnumerable<Permission> GetPermissions() {
|
||||
return new Permission[] {
|
||||
AccessAdminPanel,
|
||||
AccessFrontEnd,
|
||||
};
|
||||
}
|
||||
|
||||
public IEnumerable<PermissionStereotype> GetDefaultStereotypes() {
|
||||
return Enumerable.Empty<PermissionStereotype>();
|
||||
}
|
||||
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user