lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-12-02 19:44:02 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

#18823: Fixing permissions inforcement in Orchard.Tags

Browse Source 
Work Item: 18823
This commit is contained in:
Sebastien Ros
2012-07-18 11:13:53 -07:00
parent 9627dd030a
commit 6cac2dec49
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/Orchard.Web/Modules/Orchard.Tags/Controllers/AdminController.cs
View File

@@ -26,6 +26,9 @@ namespace Orchard.Tags.Controllers {
public Localizer T { get; set; } public Localizer T { get; set; }
public ActionResult Index() { public ActionResult Index() {
if (!Services.Authorizer.Authorize(Permissions.ManageTags, T("Can't manage tags")))
return new HttpUnauthorizedResult();
IEnumerable<TagRecord> tags = _tagService.GetTags(); IEnumerable<TagRecord> tags = _tagService.GetTags();
var entries = tags.Select(CreateTagEntry).ToList(); var entries = tags.Select(CreateTagEntry).ToList();
var model = new TagsAdminIndexViewModel { Tags = entries }; var model = new TagsAdminIndexViewModel { Tags = entries };
@@ -65,6 +68,9 @@ namespace Orchard.Tags.Controllers {
[HttpPost, ActionName("Index")] [HttpPost, ActionName("Index")]
[FormValueRequired("submit.Create")] [FormValueRequired("submit.Create")]
public ActionResult IndexCreatePOST() { public ActionResult IndexCreatePOST() {
if (!Services.Authorizer.Authorize(Permissions.ManageTags, T("Couldn't create tag")))
return new HttpUnauthorizedResult();
var viewModel = new TagsAdminCreateViewModel(); var viewModel = new TagsAdminCreateViewModel();
if (!TryUpdateModel(viewModel)) { if (!TryUpdateModel(viewModel)) {