Refactoring permissions. First stage is renaming and collapsing some fine-grained permissions.

--HG--
extra : convert_revision : svn%3A5ff7c347-ad56-4c35-b696-ccb81de16e03/trunk%4045742
This commit is contained in:
loudej
2010-01-20 20:18:42 +00:00
parent 135ce3d661
commit 6c6b67af2b
27 changed files with 221 additions and 143 deletions

View File

@@ -11,7 +11,9 @@ namespace Orchard.Core.Common {
} }
public IEnumerable<Permission> GetPermissions() { public IEnumerable<Permission> GetPermissions() {
return new[] { ChangeOwner }; return new Permission[] {
ChangeOwner,
};
} }
public IEnumerable<PermissionStereotype> GetDefaultStereotypes() { public IEnumerable<PermissionStereotype> GetDefaultStereotypes() {

View File

@@ -109,6 +109,7 @@
<Compile Include="Scheduling\Services\ScheduledTaskExecutor.cs" /> <Compile Include="Scheduling\Services\ScheduledTaskExecutor.cs" />
<Compile Include="Scheduling\Models\Task.cs" /> <Compile Include="Scheduling\Models\Task.cs" />
<Compile Include="Settings\Controllers\SiteSettingsDriver.cs" /> <Compile Include="Settings\Controllers\SiteSettingsDriver.cs" />
<Compile Include="Settings\Permissions.cs" />
<Compile Include="Themes\Services\AdminThemeSelector.cs" /> <Compile Include="Themes\Services\AdminThemeSelector.cs" />
<Compile Include="Themes\Services\SafeModeThemeSelector.cs" /> <Compile Include="Themes\Services\SafeModeThemeSelector.cs" />
<Compile Include="Settings\AdminMenu.cs" /> <Compile Include="Settings\AdminMenu.cs" />

View File

@@ -0,0 +1,29 @@
using System.Collections.Generic;
using Orchard.Security.Permissions;
namespace Orchard.Core.Settings {
public class Permissions : IPermissionProvider {
public static readonly Permission ManageSettings = new Permission { Name = "ManageSettings", Description = "Manage site settings" };
public static readonly Permission ChangeSuperuser = new Permission { Name = "ChangeSuperuser", Description = "Change the superuser for the site" };
public string PackageName {
get { return "Settings"; }
}
public IEnumerable<Permission> GetPermissions() {
return new Permission[] {
ManageSettings,
ChangeSuperuser,
};
}
public IEnumerable<PermissionStereotype> GetDefaultStereotypes() {
return new[] {
new PermissionStereotype {
Name = "Administrators",
//Permissions = new[] {ChangeOwner}
}
};
}
}
}

View File

@@ -40,7 +40,7 @@ namespace Orchard.Core.Themes.Controllers {
[HttpPost] [HttpPost]
public ActionResult Activate(string themeName) { public ActionResult Activate(string themeName) {
try { try {
if (!_authorizer.Authorize(Permissions.SetSiteTheme, T("Couldn't set the current theme"))) if (!_authorizer.Authorize(Permissions.ApplyTheme, T("Couldn't set the current theme")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
_themeService.SetSiteTheme(themeName); _themeService.SetSiteTheme(themeName);
return RedirectToAction("Index"); return RedirectToAction("Index");
@@ -58,7 +58,7 @@ namespace Orchard.Core.Themes.Controllers {
[HttpPost] [HttpPost]
public ActionResult Install(FormCollection input) { public ActionResult Install(FormCollection input) {
try { try {
if (!_authorizer.Authorize(Permissions.InstallUninstallTheme, T("Couldn't install theme"))) if (!_authorizer.Authorize(Permissions.ManageThemes, T("Couldn't install theme")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
foreach (string fileName in Request.Files) { foreach (string fileName in Request.Files) {
HttpPostedFileBase file = Request.Files[fileName]; HttpPostedFileBase file = Request.Files[fileName];
@@ -75,7 +75,7 @@ namespace Orchard.Core.Themes.Controllers {
[HttpPost] [HttpPost]
public ActionResult Uninstall(string themeName) { public ActionResult Uninstall(string themeName) {
try { try {
if (!_authorizer.Authorize(Permissions.InstallUninstallTheme, T("Couldn't uninstall theme"))) if (!_authorizer.Authorize(Permissions.ManageThemes, T("Couldn't uninstall theme")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
_themeService.UninstallTheme(themeName); _themeService.UninstallTheme(themeName);
return RedirectToAction("Index"); return RedirectToAction("Index");

View File

@@ -4,8 +4,8 @@ using Orchard.Security.Permissions;
namespace Orchard.Core.Themes { namespace Orchard.Core.Themes {
public class Permissions : IPermissionProvider { public class Permissions : IPermissionProvider {
public static readonly Permission InstallUninstallTheme = new Permission { Description = "Installing or Uninstalling Themes", Name = "InstallUninstallTheme" }; public static readonly Permission ManageThemes = new Permission { Description = "Manage Themes", Name = "ManageThemes" };
public static readonly Permission SetSiteTheme = new Permission { Description = "Setting the Current Theme", Name = "SetSiteTheme" }; public static readonly Permission ApplyTheme = new Permission { Description = "Apply a Theme", Name = "ApplyTheme" };
public string PackageName { public string PackageName {
get { get {
@@ -14,9 +14,9 @@ namespace Orchard.Core.Themes {
} }
public IEnumerable<Permission> GetPermissions() { public IEnumerable<Permission> GetPermissions() {
return new List<Permission> { return new Permission[] {
SetSiteTheme, ManageThemes,
InstallUninstallTheme ApplyTheme,
}; };
} }

View File

@@ -34,7 +34,7 @@ namespace Orchard.Blogs.Controllers {
public ActionResult Create() { public ActionResult Create() {
//TODO: (erikpo) Might think about moving this to an ActionFilter/Attribute //TODO: (erikpo) Might think about moving this to an ActionFilter/Attribute
if (!_authorizer.Authorize(Permissions.CreateBlog, T("Not allowed to create blogs"))) if (!_authorizer.Authorize(Permissions.ManageBlogs, T("Not allowed to create blogs")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
Blog blog = _services.ContentManager.New<Blog>("blog"); Blog blog = _services.ContentManager.New<Blog>("blog");
@@ -52,7 +52,7 @@ namespace Orchard.Blogs.Controllers {
[HttpPost] [HttpPost]
public ActionResult Create(CreateBlogViewModel model) { public ActionResult Create(CreateBlogViewModel model) {
//TODO: (erikpo) Might think about moving this to an ActionFilter/Attribute //TODO: (erikpo) Might think about moving this to an ActionFilter/Attribute
if (!_authorizer.Authorize(Permissions.CreateBlog, T("Couldn't create blog"))) if (!_authorizer.Authorize(Permissions.ManageBlogs, T("Couldn't create blog")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
model.Blog = _services.ContentManager.UpdateEditorModel(_services.ContentManager.New<Blog>("blog"), this); model.Blog = _services.ContentManager.UpdateEditorModel(_services.ContentManager.New<Blog>("blog"), this);
@@ -71,7 +71,7 @@ namespace Orchard.Blogs.Controllers {
public ActionResult Edit(string blogSlug) { public ActionResult Edit(string blogSlug) {
//TODO: (erikpo) Might think about moving this to an ActionFilter/Attribute //TODO: (erikpo) Might think about moving this to an ActionFilter/Attribute
if (!_authorizer.Authorize(Permissions.ModifyBlog, T("Not allowed to edit blog"))) if (!_authorizer.Authorize(Permissions.ManageBlogs, T("Not allowed to edit blog")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
//TODO: (erikpo) Move looking up the current blog up into a modelbinder //TODO: (erikpo) Move looking up the current blog up into a modelbinder
@@ -89,7 +89,7 @@ namespace Orchard.Blogs.Controllers {
[HttpPost] [HttpPost]
public ActionResult Edit(string blogSlug, FormCollection input) { public ActionResult Edit(string blogSlug, FormCollection input) {
if (!_authorizer.Authorize(Permissions.ModifyBlog, T("Couldn't edit blog"))) if (!_authorizer.Authorize(Permissions.ManageBlogs, T("Couldn't edit blog")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
//TODO: (erikpo) Move looking up the current blog up into a modelbinder //TODO: (erikpo) Move looking up the current blog up into a modelbinder
@@ -112,7 +112,7 @@ namespace Orchard.Blogs.Controllers {
[HttpPost] [HttpPost]
public ActionResult Delete(string blogSlug) { public ActionResult Delete(string blogSlug) {
if (!_authorizer.Authorize(Permissions.DeleteBlog, T("Couldn't delete blog"))) if (!_authorizer.Authorize(Permissions.ManageBlogs, T("Couldn't delete blog")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
//TODO: (erikpo) Move looking up the current blog up into a modelbinder //TODO: (erikpo) Move looking up the current blog up into a modelbinder

View File

@@ -32,7 +32,7 @@ namespace Orchard.Blogs.Controllers {
public ActionResult Create(string blogSlug) { public ActionResult Create(string blogSlug) {
//TODO: (erikpo) Might think about moving this to an ActionFilter/Attribute //TODO: (erikpo) Might think about moving this to an ActionFilter/Attribute
if (!_services.Authorizer.Authorize(Permissions.CreatePost, T("Not allowed to create blog post"))) if (!_services.Authorizer.Authorize(Permissions.EditBlogPost, T("Not allowed to create blog post")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
//TODO: (erikpo) Move looking up the current blog up into a modelbinder //TODO: (erikpo) Move looking up the current blog up into a modelbinder
@@ -53,7 +53,7 @@ namespace Orchard.Blogs.Controllers {
[HttpPost] [HttpPost]
public ActionResult Create(string blogSlug, CreateBlogPostViewModel model) { public ActionResult Create(string blogSlug, CreateBlogPostViewModel model) {
if (!_services.Authorizer.Authorize(Permissions.CreatePost, T("Couldn't create blog post"))) if (!_services.Authorizer.Authorize(Permissions.EditBlogPost, T("Couldn't create blog post")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
//TODO: (erikpo) Move looking up the current blog up into a modelbinder //TODO: (erikpo) Move looking up the current blog up into a modelbinder
@@ -96,7 +96,7 @@ namespace Orchard.Blogs.Controllers {
} }
public ActionResult Edit(string blogSlug, string postSlug) { public ActionResult Edit(string blogSlug, string postSlug) {
if (!_services.Authorizer.Authorize(Permissions.ModifyPost, T("Couldn't edit blog post"))) if (!_services.Authorizer.Authorize(Permissions.EditBlogPost, T("Couldn't edit blog post")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
//TODO: (erikpo) Move looking up the current blog up into a modelbinder //TODO: (erikpo) Move looking up the current blog up into a modelbinder
@@ -119,7 +119,7 @@ namespace Orchard.Blogs.Controllers {
[HttpPost, ActionName("Edit")] [HttpPost, ActionName("Edit")]
public ActionResult EditPOST(string blogSlug, string postSlug) { public ActionResult EditPOST(string blogSlug, string postSlug) {
if (!_services.Authorizer.Authorize(Permissions.ModifyPost, T("Couldn't edit blog post"))) if (!_services.Authorizer.Authorize(Permissions.EditBlogPost, T("Couldn't edit blog post")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
bool isDraft = false; bool isDraft = false;
@@ -179,7 +179,8 @@ namespace Orchard.Blogs.Controllers {
[HttpPost] [HttpPost]
public ActionResult Delete(string blogSlug, string postSlug) { public ActionResult Delete(string blogSlug, string postSlug) {
if (!_services.Authorizer.Authorize(Permissions.DeletePost, T("Couldn't delete blog post"))) //refactoring: test PublishBlogPost/PublishOthersBlogPost in addition if published
if (!_services.Authorizer.Authorize(Permissions.DeleteBlogPost, T("Couldn't delete blog post")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
//TODO: (erikpo) Move looking up the current blog up into a modelbinder //TODO: (erikpo) Move looking up the current blog up into a modelbinder

View File

@@ -9,6 +9,7 @@ using Orchard.Core.Feeds;
using Orchard.Localization; using Orchard.Localization;
using Orchard.ContentManagement; using Orchard.ContentManagement;
using Orchard.Mvc.Results; using Orchard.Mvc.Results;
using Orchard.Security;
namespace Orchard.Blogs.Controllers { namespace Orchard.Blogs.Controllers {
public class BlogPostController : Controller { public class BlogPostController : Controller {
@@ -33,7 +34,7 @@ namespace Orchard.Blogs.Controllers {
//TODO: (erikpo) Should think about moving the slug parameters and get calls and null checks up into a model binder or action filter //TODO: (erikpo) Should think about moving the slug parameters and get calls and null checks up into a model binder or action filter
public ActionResult Item(string blogSlug, string postSlug) { public ActionResult Item(string blogSlug, string postSlug) {
if (!_services.Authorizer.Authorize(Permissions.ViewPost, T("Couldn't view blog post"))) if (!_services.Authorizer.Authorize(StandardPermissions.AccessFrontEnd, T("Couldn't view blog post")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
//TODO: (erikpo) Move looking up the current blog up into a modelbinder //TODO: (erikpo) Move looking up the current blog up into a modelbinder

View File

@@ -4,17 +4,15 @@ using Orchard.Security.Permissions;
namespace Orchard.Blogs { namespace Orchard.Blogs {
public class Permissions : IPermissionProvider { public class Permissions : IPermissionProvider {
public static readonly Permission ViewPost = new Permission { Description = "Viewing Blog Posts", Name = "ViewPosts" }; public static readonly Permission ManageBlogs = new Permission { Description = "Edit blog properties", Name = "ManageBlogs" };//q: Should edit_blog be ManageBlogs?
public static readonly Permission CreatePost = new Permission { Description = "Creating Blog Posts", Name = "CreatePost" };
public static readonly Permission CreateDraft = new Permission { Description = "Creating a Draft of a Blog Post", Name = "CreateDraft" }; public static readonly Permission EditBlogPost = new Permission { Description = "Edit own blog posts", Name = "EditBlogPost" };
public static readonly Permission ModifyPost = new Permission { Description = "Mofifying a Blog Post", Name = "ModifyPost" }; public static readonly Permission EditOthersBlogPost = new Permission { Description = "Edit any blog posts", Name = "EditOthersBlogPost" };
public static readonly Permission DeletePost = new Permission { Description = "Deleting a Blog Post", Name = "DeletePost" }; public static readonly Permission PublishBlogPost = new Permission { Description = "Publish or unpublish blog post", Name = "PublishBlogPost" };
public static readonly Permission PublishPost = new Permission { Description = "Publishing a Blog Post", Name = "PublishPost" }; public static readonly Permission PublishOthersBlogPost = new Permission { Description = "Publish or unpublish blog post for others", Name = "PublishOthersBlogPost" };
public static readonly Permission UnpublishPost = new Permission { Description = "Unpublishing a Blog Post", Name = "UnpublishPost" }; public static readonly Permission DeleteBlogPost = new Permission { Description = "Delete blog post", Name = "DeleteBlogPost" };
public static readonly Permission SchedulePost = new Permission { Description = "Scheduling a Blog Post", Name = "SchedulePost" }; public static readonly Permission DeleteOthersBlogPost = new Permission { Description = "Delete blog post for others", Name = "DeleteOthersBlogPost" };
public static readonly Permission CreateBlog = new Permission { Description = "Creating a Blog", Name = "CreateBlog" };
public static readonly Permission ModifyBlog = new Permission { Description = "Mofifying a Blog", Name = "ModifyBlog" };
public static readonly Permission DeleteBlog = new Permission { Description = "Deleting a Blog", Name = "DeleteBlog" };
public string PackageName { public string PackageName {
get { get {
@@ -23,18 +21,14 @@ namespace Orchard.Blogs {
} }
public IEnumerable<Permission> GetPermissions() { public IEnumerable<Permission> GetPermissions() {
return new List<Permission> { return new Permission[] {
ViewPost, ManageBlogs,
CreatePost, EditBlogPost,
CreateDraft, EditOthersBlogPost,
ModifyPost, PublishBlogPost,
DeletePost, PublishOthersBlogPost,
PublishPost, DeleteBlogPost,
UnpublishPost, DeleteOthersBlogPost,
SchedulePost,
CreateBlog,
ModifyBlog,
DeleteBlog
}; };
} }

View File

@@ -81,7 +81,7 @@ namespace Orchard.Comments.Controllers {
case CommentIndexBulkAction.None: case CommentIndexBulkAction.None:
break; break;
case CommentIndexBulkAction.MarkAsSpam: case CommentIndexBulkAction.MarkAsSpam:
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't moderate comment"))) if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't moderate comment")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
//TODO: Transaction //TODO: Transaction
foreach (CommentEntry entry in checkedEntries) { foreach (CommentEntry entry in checkedEntries) {
@@ -89,7 +89,7 @@ namespace Orchard.Comments.Controllers {
} }
break; break;
case CommentIndexBulkAction.Pend: case CommentIndexBulkAction.Pend:
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't moderate comment"))) if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't moderate comment")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
//TODO: Transaction //TODO: Transaction
foreach (CommentEntry entry in checkedEntries) { foreach (CommentEntry entry in checkedEntries) {
@@ -97,7 +97,7 @@ namespace Orchard.Comments.Controllers {
} }
break; break;
case CommentIndexBulkAction.Approve: case CommentIndexBulkAction.Approve:
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't moderate comment"))) if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't moderate comment")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
//TODO: Transaction //TODO: Transaction
foreach (CommentEntry entry in checkedEntries) { foreach (CommentEntry entry in checkedEntries) {
@@ -105,7 +105,7 @@ namespace Orchard.Comments.Controllers {
} }
break; break;
case CommentIndexBulkAction.Delete: case CommentIndexBulkAction.Delete:
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't delete comment"))) if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't delete comment")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
foreach (CommentEntry entry in checkedEntries) { foreach (CommentEntry entry in checkedEntries) {
@@ -211,7 +211,7 @@ namespace Orchard.Comments.Controllers {
case CommentDetailsBulkAction.None: case CommentDetailsBulkAction.None:
break; break;
case CommentDetailsBulkAction.MarkAsSpam: case CommentDetailsBulkAction.MarkAsSpam:
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't moderate comment"))) if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't moderate comment")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
//TODO: Transaction //TODO: Transaction
foreach (CommentEntry entry in checkedEntries) { foreach (CommentEntry entry in checkedEntries) {
@@ -219,7 +219,7 @@ namespace Orchard.Comments.Controllers {
} }
break; break;
case CommentDetailsBulkAction.Pend: case CommentDetailsBulkAction.Pend:
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't moderate comment"))) if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't moderate comment")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
foreach (CommentEntry entry in checkedEntries) { foreach (CommentEntry entry in checkedEntries) {
@@ -227,7 +227,7 @@ namespace Orchard.Comments.Controllers {
} }
break; break;
case CommentDetailsBulkAction.Approve: case CommentDetailsBulkAction.Approve:
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't moderate comment"))) if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't moderate comment")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
foreach (CommentEntry entry in checkedEntries) { foreach (CommentEntry entry in checkedEntries) {
@@ -235,7 +235,7 @@ namespace Orchard.Comments.Controllers {
} }
break; break;
case CommentDetailsBulkAction.Delete: case CommentDetailsBulkAction.Delete:
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't delete comment"))) if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't delete comment")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
foreach (CommentEntry entry in checkedEntries) { foreach (CommentEntry entry in checkedEntries) {
@@ -318,7 +318,7 @@ namespace Orchard.Comments.Controllers {
var viewModel = new CommentsEditViewModel(); var viewModel = new CommentsEditViewModel();
try { try {
UpdateModel(viewModel); UpdateModel(viewModel);
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't edit comment"))) if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't edit comment")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
_commentService.UpdateComment(viewModel.Id, viewModel.Name, viewModel.Email, viewModel.SiteName, viewModel.CommentText, viewModel.Status); _commentService.UpdateComment(viewModel.Id, viewModel.Name, viewModel.Email, viewModel.SiteName, viewModel.CommentText, viewModel.Status);
@@ -332,7 +332,7 @@ namespace Orchard.Comments.Controllers {
public ActionResult Delete(int id, string returnUrl) { public ActionResult Delete(int id, string returnUrl) {
try { try {
if (!_authorizer.Authorize(Permissions.ModerateComment, T("Couldn't delete comment"))) if (!_authorizer.Authorize(Permissions.ManageComments, T("Couldn't delete comment")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
int commentedOn = _commentService.GetComment(id).CommentedOn; int commentedOn = _commentService.GetComment(id).CommentedOn;
_commentService.DeleteComment(id); _commentService.DeleteComment(id);

View File

@@ -4,13 +4,12 @@ using Orchard.Security.Permissions;
namespace Orchard.Comments { namespace Orchard.Comments {
public class Permissions : IPermissionProvider { public class Permissions : IPermissionProvider {
public static readonly Permission AddComment = new Permission { Description = "Adding a Comment", Name = "AddComment" }; public static readonly Permission AddComment = new Permission { Description = "Add comment", Name = "AddComment" };
public static readonly Permission AddCommentWithoutValidation = new Permission { Description = "Adding a Comment without validation", Name = "AddCommentWithoutValidation" }; public static readonly Permission EnableComment = new Permission { Description = "Enabling Comments on content items", Name = "EnableComment" };//refactoring
public static readonly Permission EnableComment = new Permission { Description = "Enabling Comments on content items", Name = "EnableComment" }; public static readonly Permission CloseComment = new Permission { Description = "Closing Comments", Name = "CloseComment" };//refactoring
public static readonly Permission CloseComment = new Permission { Description = "Closing Comments", Name = "CloseComment" }; public static readonly Permission CloseCommentOnOwnItems = new Permission { Description = "Closing Comments on own items", Name = "CloseCommentOnOwnItems" };//refactoring
public static readonly Permission CloseCommentOnOwnItems = new Permission { Description = "Closing Comments on own items", Name = "CloseCommentOnOwnItems" }; public static readonly Permission ManageComments = new Permission { Description = "Manage comments", Name = "ManageComments" };
public static readonly Permission ModerateComment = new Permission { Description = "Moderating Comments", Name = "ModerateComment" }; public static readonly Permission ManageOthersComments = new Permission { Description = "Manage comments for others", Name = "ManageOthersComments" };
public static readonly Permission ModerateCommentOnOwnItems = new Permission { Description = "Moderating Comments On Own Items", Name = "ModerateCommentOnOwnItems" };
public string PackageName { public string PackageName {
get { get {
@@ -19,14 +18,13 @@ namespace Orchard.Comments {
} }
public IEnumerable<Permission> GetPermissions() { public IEnumerable<Permission> GetPermissions() {
return new[] { return new Permission[] {
AddComment, AddComment,
AddCommentWithoutValidation,
EnableComment, EnableComment,
CloseComment, CloseComment,
CloseCommentOnOwnItems, CloseCommentOnOwnItems,
ModerateComment, ManageComments,
ModerateCommentOnOwnItems ManageOthersComments
}; };
} }
@@ -34,7 +32,7 @@ namespace Orchard.Comments {
return new[] { return new[] {
new PermissionStereotype { new PermissionStereotype {
Name = "Administrators", Name = "Administrators",
Permissions = new[] {ModerateComment} Permissions = new[] {ManageComments}
}, },
new PermissionStereotype { new PermissionStereotype {
Name = "Anonymous", Name = "Anonymous",

View File

@@ -58,7 +58,7 @@ namespace Orchard.Media.Controllers {
var viewModel = new MediaFolderCreateViewModel(); var viewModel = new MediaFolderCreateViewModel();
try { try {
UpdateModel(viewModel); UpdateModel(viewModel);
if (!_authorizer.Authorize(Permissions.CreateMediaFolder, T("Couldn't create media folder"))) if (!_authorizer.Authorize(Permissions.ManageMediaFiles, T("Couldn't create media folder")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
_mediaService.CreateFolder(viewModel.MediaPath, viewModel.Name); _mediaService.CreateFolder(viewModel.MediaPath, viewModel.Name);
return RedirectToAction("Index"); return RedirectToAction("Index");
@@ -83,14 +83,14 @@ namespace Orchard.Media.Controllers {
if (key.StartsWith("Checkbox.File.") && input[key] == "true") { if (key.StartsWith("Checkbox.File.") && input[key] == "true") {
string fileName = key.Substring("Checkbox.File.".Length); string fileName = key.Substring("Checkbox.File.".Length);
string folderName = input[fileName]; string folderName = input[fileName];
if (!_authorizer.Authorize(Permissions.DeleteMedia, T("Couldn't delete media file"))) if (!_authorizer.Authorize(Permissions.ManageMediaFiles, T("Couldn't delete media file")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
_mediaService.DeleteFile(fileName, folderName); _mediaService.DeleteFile(fileName, folderName);
} }
else if (key.StartsWith("Checkbox.Folder.") && input[key] == "true") { else if (key.StartsWith("Checkbox.Folder.") && input[key] == "true") {
string folderName = key.Substring("Checkbox.Folder.".Length); string folderName = key.Substring("Checkbox.Folder.".Length);
string folderPath = input[folderName]; string folderPath = input[folderName];
if (!_authorizer.Authorize(Permissions.DeleteMediaFolder, T("Couldn't delete media folder"))) if (!_authorizer.Authorize(Permissions.ManageMediaFiles, T("Couldn't delete media folder")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
_mediaService.DeleteFolder(folderPath); _mediaService.DeleteFolder(folderPath);
} }
@@ -116,13 +116,13 @@ namespace Orchard.Media.Controllers {
//TODO: There may be better ways to do this. //TODO: There may be better ways to do this.
// Delete // Delete
if (!String.IsNullOrEmpty(HttpContext.Request.Form["submit.Delete"])) { if (!String.IsNullOrEmpty(HttpContext.Request.Form["submit.Delete"])) {
if (!_authorizer.Authorize(Permissions.DeleteMediaFolder, T("Couldn't delete media folder"))) if (!_authorizer.Authorize(Permissions.ManageMediaFiles, T("Couldn't delete media folder")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
_mediaService.DeleteFolder(viewModel.MediaPath); _mediaService.DeleteFolder(viewModel.MediaPath);
} }
// Save // Save
else { else {
if (!_authorizer.Authorize(Permissions.RenameMediaFolder, T("Couldn't rename media folder"))) if (!_authorizer.Authorize(Permissions.ManageMediaFiles, T("Couldn't rename media folder")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
_mediaService.RenameFolder(viewModel.MediaPath, viewModel.Name); _mediaService.RenameFolder(viewModel.MediaPath, viewModel.Name);
} }
@@ -145,7 +145,7 @@ namespace Orchard.Media.Controllers {
var viewModel = new MediaItemAddViewModel(); var viewModel = new MediaItemAddViewModel();
try { try {
UpdateModel(viewModel); UpdateModel(viewModel);
if (!_authorizer.Authorize(Permissions.UploadMedia, T("Couldn't upload media file"))) if (!_authorizer.Authorize(Permissions.UploadMediaFiles, T("Couldn't upload media file")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
foreach (string fileName in Request.Files) { foreach (string fileName in Request.Files) {
@@ -177,11 +177,11 @@ namespace Orchard.Media.Controllers {
var viewModel = new MediaItemEditViewModel(); var viewModel = new MediaItemEditViewModel();
try { try {
UpdateModel(viewModel); UpdateModel(viewModel);
if (!_authorizer.Authorize(Permissions.ModifyMedia, T("Couldn't modify media file"))) if (!_authorizer.Authorize(Permissions.ManageMediaFiles, T("Couldn't modify media file")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
// Delete // Delete
if (!String.IsNullOrEmpty(HttpContext.Request.Form["submit.Delete"])) { if (!String.IsNullOrEmpty(HttpContext.Request.Form["submit.Delete"])) {
if (!_authorizer.Authorize(Permissions.DeleteMedia, T("Couldn't delete media file"))) if (!_authorizer.Authorize(Permissions.ManageMediaFiles, T("Couldn't delete media file")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
_mediaService.DeleteFile(viewModel.Name, viewModel.MediaPath); _mediaService.DeleteFile(viewModel.Name, viewModel.MediaPath);
return RedirectToAction("Edit", new { name = viewModel.FolderName, mediaPath = viewModel.MediaPath }); return RedirectToAction("Edit", new { name = viewModel.FolderName, mediaPath = viewModel.MediaPath });

View File

@@ -4,12 +4,8 @@ using Orchard.Security.Permissions;
namespace Orchard.Media { namespace Orchard.Media {
public class Permissions : IPermissionProvider { public class Permissions : IPermissionProvider {
public static readonly Permission UploadMedia = new Permission { Description = "Uploading Media Files", Name = "UploadMedia" }; public static readonly Permission ManageMediaFiles = new Permission { Description = "Modifying Media Files", Name = "ManageMediaFiles" };
public static readonly Permission ModifyMedia = new Permission { Description = "Modifying Media Files", Name = "ModifyMedia" }; public static readonly Permission UploadMediaFiles = new Permission { Description = "Uploading Media Files", Name = "UploadMediaFiles" };
public static readonly Permission DeleteMedia = new Permission { Description = "Deleting Media Files", Name = "DeleteMedia" };
public static readonly Permission CreateMediaFolder = new Permission { Description = "Creating Media Folders", Name = "CreateMediaFolder" };
public static readonly Permission DeleteMediaFolder = new Permission { Description = "Deleting Media Folders", Name = "DeleteMediaFolder" };
public static readonly Permission RenameMediaFolder = new Permission { Description = "Renaming Media Folders", Name = "RenameMediaFolder" };
public string PackageName { public string PackageName {
get { get {
@@ -18,13 +14,9 @@ namespace Orchard.Media {
} }
public IEnumerable<Permission> GetPermissions() { public IEnumerable<Permission> GetPermissions() {
return new List<Permission> { return new Permission[] {
UploadMedia, ManageMediaFiles,
ModifyMedia, UploadMediaFiles,
DeleteMedia,
CreateMediaFolder,
DeleteMediaFolder,
RenameMediaFolder
}; };
} }

View File

@@ -46,7 +46,7 @@ namespace Orchard.Media.Services {
XRpcStruct file) { XRpcStruct file) {
var user = _membershipService.ValidateUser(userName, password); var user = _membershipService.ValidateUser(userName, password);
if (!_authorizationService.CheckAccess(user, Permissions.UploadMedia)) { if (!_authorizationService.CheckAccess(user, Permissions.UploadMediaFiles)) {
//TEMP: return appropriate access-denied response for user //TEMP: return appropriate access-denied response for user
throw new ApplicationException("Access denied"); throw new ApplicationException("Access denied");
} }

View File

@@ -67,7 +67,7 @@ namespace Orchard.Pages.Controllers {
} }
break; break;
case PagesBulkAction.Unpublish: case PagesBulkAction.Unpublish:
if (!_services.Authorizer.Authorize(Permissions.UnpublishPages, T("Couldn't unpublish page"))) if (!_services.Authorizer.Authorize(Permissions.PublishPages, T("Couldn't unpublish page")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
foreach (PageEntry entry in checkedEntries) { foreach (PageEntry entry in checkedEntries) {
var page = _pageService.GetLatest(entry.PageId); var page = _pageService.GetLatest(entry.PageId);
@@ -99,7 +99,7 @@ namespace Orchard.Pages.Controllers {
} }
public ActionResult Create() { public ActionResult Create() {
if (!_services.Authorizer.Authorize(Permissions.CreatePages, T("Not allowed to create a page"))) if (!_services.Authorizer.Authorize(Permissions.EditPages, T("Not allowed to create a page")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
var page = _services.ContentManager.BuildEditorModel(_services.ContentManager.New<Page>("page")); var page = _services.ContentManager.BuildEditorModel(_services.ContentManager.New<Page>("page"));
@@ -113,7 +113,7 @@ namespace Orchard.Pages.Controllers {
[HttpPost, ActionName("Create")] [HttpPost, ActionName("Create")]
public ActionResult CreatePOST(PageCreateViewModel model) { public ActionResult CreatePOST(PageCreateViewModel model) {
if (!_services.Authorizer.Authorize(Permissions.CreatePages, T("Couldn't create page"))) if (!_services.Authorizer.Authorize(Permissions.EditPages, T("Couldn't create page")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
//TODO: (erikpo) Move this duplicate code somewhere else //TODO: (erikpo) Move this duplicate code somewhere else
@@ -143,7 +143,7 @@ namespace Orchard.Pages.Controllers {
} }
public ActionResult Edit(int id) { public ActionResult Edit(int id) {
if (!_services.Authorizer.Authorize(Permissions.ModifyPages, T("Couldn't edit page"))) if (!_services.Authorizer.Authorize(Permissions.EditPages, T("Couldn't edit page")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
Page page = _pageService.GetLatest(id); Page page = _pageService.GetLatest(id);
@@ -160,7 +160,7 @@ namespace Orchard.Pages.Controllers {
[HttpPost, ActionName("Edit")] [HttpPost, ActionName("Edit")]
public ActionResult EditPOST(int id) { public ActionResult EditPOST(int id) {
if (!_services.Authorizer.Authorize(Permissions.ModifyPages, T("Couldn't edit page"))) if (!_services.Authorizer.Authorize(Permissions.EditPages, T("Couldn't edit page")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
Page page = _pageService.GetPageOrDraft(id); Page page = _pageService.GetPageOrDraft(id);

View File

@@ -4,6 +4,7 @@ using Orchard.Localization;
using Orchard.ContentManagement; using Orchard.ContentManagement;
using Orchard.Pages.Services; using Orchard.Pages.Services;
using Orchard.Pages.ViewModels; using Orchard.Pages.ViewModels;
using Orchard.Security;
namespace Orchard.Pages.Controllers { namespace Orchard.Pages.Controllers {
[ValidateInput(false)] [ValidateInput(false)]
@@ -25,7 +26,7 @@ namespace Orchard.Pages.Controllers {
private Localizer T { get; set; } private Localizer T { get; set; }
public ActionResult Item(string slug) { public ActionResult Item(string slug) {
if (!Services.Authorizer.Authorize(Permissions.ViewPages, T("Couldn't view page"))) if (!Services.Authorizer.Authorize(StandardPermissions.AccessFrontEnd, T("Couldn't view page")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
if (slug == null) { if (slug == null) {

View File

@@ -4,15 +4,12 @@ using Orchard.Security.Permissions;
namespace Orchard.Pages { namespace Orchard.Pages {
public class Permissions : IPermissionProvider { public class Permissions : IPermissionProvider {
public static readonly Permission ViewPages = new Permission { Description = "Viewing Pages", Name = "ViewPages" }; public static readonly Permission EditPages = new Permission { Description = "Edit page", Name = "EditPages" };
public static readonly Permission CreatePages = new Permission { Description = "Creating Pages", Name = "CreatePages" }; public static readonly Permission EditOthersPages = new Permission { Description = "Edit page for others", Name = "EditOthersPages" };
public static readonly Permission CreateDraftPages = new Permission { Description = "Creating Page Drafts", Name = "CreateDraftPages" }; public static readonly Permission PublishPages = new Permission { Description = "Publish or unpublish page", Name = "PublishPages" };
public static readonly Permission DeleteDraftPages = new Permission { Description = "Deleting Page Drafts", Name = "DeleteDraftPages" }; public static readonly Permission PublishOthersPages = new Permission { Description = "Publish or unpublish page for others", Name = "PublishOthersPages" };
public static readonly Permission ModifyPages = new Permission { Description = "Modifying Pages", Name = "ModifyPages" }; public static readonly Permission DeletePages = new Permission { Description = "Delete page", Name = "DeletePages" };
public static readonly Permission DeletePages = new Permission { Description = "Deleting Pages", Name = "DeletePages" }; public static readonly Permission DeleteOthersPages = new Permission { Description = "Delete page for others", Name = "DeleteOthersPages" };
public static readonly Permission PublishPages = new Permission { Description = "Publishing Pages", Name = "PublishPages" };
public static readonly Permission UnpublishPages = new Permission { Description = "Unpublishing Pages", Name = "UnpublishPages" };
public static readonly Permission SchedulePages = new Permission { Description = "Scheduling Pages", Name = "SchedulePages" };
public string PackageName { public string PackageName {
get { get {
@@ -21,16 +18,13 @@ namespace Orchard.Pages {
} }
public IEnumerable<Permission> GetPermissions() { public IEnumerable<Permission> GetPermissions() {
return new List<Permission> { return new Permission[] {
ViewPages, EditPages,
CreatePages, EditOthersPages,
CreateDraftPages,
DeleteDraftPages,
ModifyPages,
DeletePages,
PublishPages, PublishPages,
UnpublishPages, PublishOthersPages,
SchedulePages DeletePages,
DeleteOthersPages,
}; };
} }

View File

@@ -65,6 +65,7 @@
<Compile Include="Controllers\AdminController.cs" /> <Compile Include="Controllers\AdminController.cs" />
<Compile Include="Controllers\UserRolesDriver.cs" /> <Compile Include="Controllers\UserRolesDriver.cs" />
<Compile Include="Extension.cs" /> <Compile Include="Extension.cs" />
<Compile Include="Permissions.cs" />
<Compile Include="Records\PermissionRecord.cs" /> <Compile Include="Records\PermissionRecord.cs" />
<Compile Include="Records\RoleRecord.cs" /> <Compile Include="Records\RoleRecord.cs" />
<Compile Include="Models\UserRoles.cs" /> <Compile Include="Models\UserRoles.cs" />

View File

@@ -0,0 +1,31 @@
using System.Collections.Generic;
using System.Linq;
using JetBrains.Annotations;
using Orchard.Security.Permissions;
namespace Orchard.Roles {
[UsedImplicitly]
public class Permissions : IPermissionProvider {
public static readonly Permission ManageRoles = new Permission { Description = "Create and manage roles", Name = "ManageRoles" };
public static readonly Permission AssignUsersToRoles = new Permission { Description = "Assign users to roles", Name = "AssignUsersToRoles" };
public string PackageName {
get {
return "Roles";
}
}
public IEnumerable<Permission> GetPermissions() {
return new Permission[] {
ManageRoles,
AssignUsersToRoles,
};
}
public IEnumerable<PermissionStereotype> GetDefaultStereotypes() {
return Enumerable.Empty<PermissionStereotype>();
}
}
}

View File

@@ -60,7 +60,7 @@ namespace Orchard.Tags.Controllers {
case TagAdminIndexBulkAction.None: case TagAdminIndexBulkAction.None:
break; break;
case TagAdminIndexBulkAction.Delete: case TagAdminIndexBulkAction.Delete:
if (!_authorizer.Authorize(Permissions.DeleteTag, T("Couldn't delete tag"))) if (!_authorizer.Authorize(Permissions.ManageTags, T("Couldn't delete tag")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
foreach (TagEntry entry in checkedEntries) { foreach (TagEntry entry in checkedEntries) {
@@ -121,7 +121,7 @@ namespace Orchard.Tags.Controllers {
var viewModel = new TagsAdminEditViewModel(); var viewModel = new TagsAdminEditViewModel();
try { try {
UpdateModel(viewModel); UpdateModel(viewModel);
if (!_authorizer.Authorize(Permissions.RenameTag, T("Couldn't edit tag"))) if (!_authorizer.Authorize(Permissions.ManageTags, T("Couldn't edit tag")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
_tagService.UpdateTag(viewModel.Id, viewModel.TagName); _tagService.UpdateTag(viewModel.Id, viewModel.TagName);

View File

@@ -4,10 +4,9 @@ using Orchard.Security.Permissions;
namespace Orchard.Tags { namespace Orchard.Tags {
public class Permissions : IPermissionProvider { public class Permissions : IPermissionProvider {
public static readonly Permission CreateTag = new Permission { Description = "Creating a Tag", Name = "CreateTag" }; public static readonly Permission ManageTags = new Permission { Description = "Manage tags", Name = "ManageTags" };
public static readonly Permission CreateTag = new Permission { Description = "Create tag", Name = "CreateTag" };
public static readonly Permission ApplyTag = new Permission { Description = "Applying a Tag", Name = "ApplyTag" }; public static readonly Permission ApplyTag = new Permission { Description = "Applying a Tag", Name = "ApplyTag" };
public static readonly Permission DeleteTag = new Permission { Description = "Deleting a Tag", Name = "DeleteTag" };
public static readonly Permission RenameTag = new Permission { Description = "Renaming a Tag", Name = "RenameTag" };
public string PackageName { public string PackageName {
get { get {
@@ -16,11 +15,10 @@ namespace Orchard.Tags {
} }
public IEnumerable<Permission> GetPermissions() { public IEnumerable<Permission> GetPermissions() {
return new List<Permission> { return new Permission[] {
ManageTags,
CreateTag, CreateTag,
ApplyTag, ApplyTag,
DeleteTag,
RenameTag,
}; };
} }

View File

@@ -67,6 +67,7 @@
<Compile Include="Models\User.cs" /> <Compile Include="Models\User.cs" />
<Compile Include="Models\UserHandler.cs" /> <Compile Include="Models\UserHandler.cs" />
<Compile Include="Models\UserRecord.cs" /> <Compile Include="Models\UserRecord.cs" />
<Compile Include="Permissions.cs" />
<Compile Include="Properties\AssemblyInfo.cs" /> <Compile Include="Properties\AssemblyInfo.cs" />
<Compile Include="Services\MembershipService.cs" /> <Compile Include="Services\MembershipService.cs" />
<Compile Include="AdminMenu.cs" /> <Compile Include="AdminMenu.cs" />

View File

@@ -0,0 +1,30 @@
using System.Collections.Generic;
using System.Linq;
using JetBrains.Annotations;
using Orchard.Security.Permissions;
namespace Orchard.Users {
[UsedImplicitly]
public class Permissions : IPermissionProvider {
public static readonly Permission ManageUsers = new Permission { Description = "Manage users", Name = "ManageUsers" };
public static readonly Permission AddUsers = new Permission { Description = "Add users", Name = "AddUsers" };
public string PackageName {
get {
return "Users";
}
}
public IEnumerable<Permission> GetPermissions() {
return new Permission[] {
ManageUsers,
AddUsers,
};
}
public IEnumerable<PermissionStereotype> GetDefaultStereotypes() {
return Enumerable.Empty<PermissionStereotype>();
}
}
}

View File

@@ -21,7 +21,7 @@ namespace Orchard.Mvc.Filters {
var siteUrl = _siteService.GetSiteSettings().SiteUrl; var siteUrl = _siteService.GetSiteSettings().SiteUrl;
//todo: (heskew) get at the admin path in a less hacky way //todo: (heskew) get at the admin path in a less hacky way
if (filterContext.HttpContext.Request.RawUrl.StartsWith(Path.Combine(siteUrl, "admin").Replace("\\", "/"), true, CultureInfo.InvariantCulture) if (filterContext.HttpContext.Request.RawUrl.StartsWith(Path.Combine(siteUrl, "admin").Replace("\\", "/"), true, CultureInfo.InvariantCulture)
&& !_authorizer.Authorize(Permissions.AccessAdmin, "Can't access the admin")) { && !_authorizer.Authorize(StandardPermissions.AccessAdminPanel, "Can't access the admin")) {
filterContext.Result = new HttpUnauthorizedResult(); filterContext.Result = new HttpUnauthorizedResult();
} }
} }

View File

@@ -135,6 +135,7 @@
<Compile Include="Extensions\ExtensionFolders.cs" /> <Compile Include="Extensions\ExtensionFolders.cs" />
<Compile Include="Extensions\Loaders\AreaExtensionLoader.cs" /> <Compile Include="Extensions\Loaders\AreaExtensionLoader.cs" />
<Compile Include="Extensions\UriExtensions.cs" /> <Compile Include="Extensions\UriExtensions.cs" />
<Compile Include="Security\StandardPermissions.cs" />
<Compile Include="Tasks\Scheduling\IScheduledTask.cs" /> <Compile Include="Tasks\Scheduling\IScheduledTask.cs" />
<Compile Include="ContentManagement\ContentExtensions.cs" /> <Compile Include="ContentManagement\ContentExtensions.cs" />
<Compile Include="ContentManagement\ContentItem.cs" /> <Compile Include="ContentManagement\ContentItem.cs" />
@@ -206,7 +207,6 @@
<Compile Include="Mvc\Html\FileRegistrationContext.cs" /> <Compile Include="Mvc\Html\FileRegistrationContext.cs" />
<Compile Include="Mvc\Html\MvcFormAntiForgeryPost.cs" /> <Compile Include="Mvc\Html\MvcFormAntiForgeryPost.cs" />
<Compile Include="Mvc\Html\SiteServiceExtensions.cs" /> <Compile Include="Mvc\Html\SiteServiceExtensions.cs" />
<Compile Include="Permissions.cs" />
<Compile Include="Tasks\FiniteContainerProvider.cs" /> <Compile Include="Tasks\FiniteContainerProvider.cs" />
<Compile Include="Tasks\Scheduling\IScheduledTaskHandler.cs" /> <Compile Include="Tasks\Scheduling\IScheduledTaskHandler.cs" />
<Compile Include="Tasks\Scheduling\IScheduledTaskManager.cs" /> <Compile Include="Tasks\Scheduling\IScheduledTaskManager.cs" />

View File

@@ -1,22 +0,0 @@
using System.Collections.Generic;
using System.Linq;
using Orchard.Security.Permissions;
namespace Orchard {
public class Permissions : IPermissionProvider {
public static readonly Permission AccessAdmin = new Permission { Name = "AccessAdmin", Description = "Access the application admin area" };
public string PackageName {
get { return "Orchard"; }
}
public IEnumerable<Permission> GetPermissions() {
return new[] { AccessAdmin };
}
public IEnumerable<PermissionStereotype> GetDefaultStereotypes() {
return Enumerable.Empty<PermissionStereotype>();
}
}
}

View File

@@ -0,0 +1,26 @@
using System.Collections.Generic;
using System.Linq;
using Orchard.Security.Permissions;
namespace Orchard.Security {
public class StandardPermissions : IPermissionProvider {
public static readonly Permission AccessAdminPanel = new Permission { Name = "AccessAdminPanel", Description = "Access admin panel" };
public static readonly Permission AccessFrontEnd = new Permission { Name = "AccessFrontEnd", Description = "Access site front-end" };
public string PackageName {
get { return "Orchard"; }
}
public IEnumerable<Permission> GetPermissions() {
return new Permission[] {
AccessAdminPanel,
AccessFrontEnd,
};
}
public IEnumerable<PermissionStereotype> GetDefaultStereotypes() {
return Enumerable.Empty<PermissionStereotype>();
}
}
}