Further work updating security model

--HG-- extra : convert_revision : svn%3A5ff7c347-ad56-4c35-b696-ccb81de16e03/trunk%4045825
2025-09-23 21:13:35 +08:00 · 2010-01-22 05:25:54 +00:00
parent 95d5398f50
commit 6d95217b6a
33 changed files with 290 additions and 83 deletions
--- a/src/Orchard.Web/Packages/Orchard.Roles/Controllers/AdminController.cs
+++ b/src/Orchard.Web/Packages/Orchard.Roles/Controllers/AdminController.cs
@@ -1,10 +1,15 @@
 using System;
 using System.Collections.Generic;
+using System.Linq;
 using System.Web;
 using System.Web.Mvc;
+using Orchard.Localization;
+using Orchard.Roles.Models;
 using Orchard.Roles.Records;
 using Orchard.Roles.Services;
 using Orchard.Roles.ViewModels;
+using Orchard.Security;
+using Orchard.Security.Permissions;
 using Orchard.UI.Notify;

 namespace Orchard.Roles.Controllers {
@@ -12,13 +17,27 @@ namespace Orchard.Roles.Controllers {
    public class AdminController : Controller {
        private readonly IRoleService _roleService;
        private readonly INotifier _notifier;
+        private readonly IAuthorizationService _authorizationService;

-        public AdminController(IRoleService roleService, INotifier notifier) {
+        public AdminController(
+            IOrchardServices services,
+            IRoleService roleService,
+            INotifier notifier,
+            IAuthorizationService authorizationService) {
+            Services = services;
            _roleService = roleService;
            _notifier = notifier;
+            _authorizationService = authorizationService;
        }

+        public IOrchardServices Services { get; set; }
+        public Localizer T { get; set; }
+
+
        public ActionResult Index() {
+            if (!Services.Authorizer.Authorize(Permissions.ManageRoles, T("Not authorized to manage roles")))
+                return new HttpUnauthorizedResult();
+
            var model = new RolesIndexViewModel { Rows = _roleService.GetRoles() as IList<RoleRecord> };

            return View(model);
@@ -26,6 +45,9 @@ namespace Orchard.Roles.Controllers {

        [HttpPost, ActionName("Index")]
        public ActionResult IndexPOST() {
+            if (!Services.Authorizer.Authorize(Permissions.ManageRoles, T("Not authorized to manage roles")))
+                return new HttpUnauthorizedResult();
+
            try {
                foreach (string key in Request.Form.Keys) {
                    if (key.StartsWith("Checkbox.") && Request.Form[key] == "true") {
@@ -42,12 +64,18 @@ namespace Orchard.Roles.Controllers {
        }

        public ActionResult Create() {
+            if (!Services.Authorizer.Authorize(Permissions.ManageRoles, T("Not authorized to manage roles")))
+                return new HttpUnauthorizedResult();
+
            var model = new RoleCreateViewModel { PackagePermissions = _roleService.GetInstalledPermissions() };
            return View(model);
        }

        [HttpPost, ActionName("Create")]
        public ActionResult CreatePOST() {
+            if (!Services.Authorizer.Authorize(Permissions.ManageRoles, T("Not authorized to manage roles")))
+                return new HttpUnauthorizedResult();
+
            var viewModel = new RoleCreateViewModel();
            try {
                UpdateModel(viewModel);
@@ -55,7 +83,7 @@ namespace Orchard.Roles.Controllers {
                foreach (string key in Request.Form.Keys) {
                    if (key.StartsWith("Checkbox.") && Request.Form[key] == "true") {
                        string permissionName = key.Substring("Checkbox.".Length);
-                        _roleService.CreatePermissionForRole(viewModel.Name, 
+                        _roleService.CreatePermissionForRole(viewModel.Name,
                                                             permissionName);
                    }
                }
@@ -68,6 +96,9 @@ namespace Orchard.Roles.Controllers {
        }

        public ActionResult Edit(int id) {
+            if (!Services.Authorizer.Authorize(Permissions.ManageRoles, T("Not authorized to manage roles")))
+                return new HttpUnauthorizedResult();
+
            var role = _roleService.GetRole(id);
            if (role == null) {
                //TODO: Error message
@@ -77,11 +108,22 @@ namespace Orchard.Roles.Controllers {
                                                PackagePermissions = _roleService.GetInstalledPermissions(),
                                                CurrentPermissions = _roleService.GetPermissionsForRole(id)};

+            var simulation = UserSimulation.Create(role.Name);
+            model.EffectivePermissions = model.PackagePermissions
+                .SelectMany(group => group.Value)
+                .Where(permission => _authorizationService.CheckAccess(simulation, permission))
+                .Select(permission=>permission.Name)
+                .Distinct()
+                .ToList();
+
            return View(model);
        }

        [HttpPost, ActionName("Edit")]
        public ActionResult EditPOST() {
+            if (!Services.Authorizer.Authorize(Permissions.ManageRoles, T("Not authorized to manage roles")))
+                return new HttpUnauthorizedResult();
+
            var viewModel = new RoleEditViewModel();
            try {
                UpdateModel(viewModel);
@@ -99,7 +141,7 @@ namespace Orchard.Roles.Controllers {
                else if (!String.IsNullOrEmpty(HttpContext.Request.Form["submit.Delete"])) {
                    _roleService.DeleteRole(viewModel.Id);
                }
-                return RedirectToAction("Index");
+                return RedirectToAction("Edit", new { viewModel.Id });
            }
            catch (Exception exception) {
                _notifier.Error("Editing Role failed: " + exception.Message);