Hooking the AdminFilter up to make use of *the* IAuthorizor and adding an Orchard.Core.Common AccessAdmin permission

--HG--
extra : convert_revision : svn%3A5ff7c347-ad56-4c35-b696-ccb81de16e03/trunk%4044452

src/Orchard.Web/Core/Common/Mvc/Filters/AdminFilter.cs

@@ -0,0 +1,37 @@
+using System.Globalization;
+using System.IO;
+using System.Web.Mvc;
+using Orchard.ContentManagement;
+using Orchard.Core.Settings.Models;
+using Orchard.Mvc.Filters;
+using Orchard.Security;
+using Orchard.Settings;
+
+namespace Orchard.Core.Common.Mvc.Filters {
+    public class AdminFilter : FilterProvider, IActionFilter
+    {
+        private readonly IAuthorizer _authorizer;
+        private readonly ISiteService _siteService;
+
+        public AdminFilter(IAuthorizer authorizer, ISiteService siteService)
+        {
+            _authorizer = authorizer;
+            _siteService = siteService;
+        }
+
+        public void OnActionExecuting(ActionExecutingContext filterContext)
+        {
+            //todo: (heskew) get at the SiteUrl the "right" way. or is this the right way :|
+            var siteUrl = _siteService.GetSiteSettings().ContentItem.As<SiteSettings>().Record.SiteUrl;
+
+            if (filterContext.HttpContext.Request.RawUrl.StartsWith(Path.Combine(siteUrl, "admin"), true, CultureInfo.InvariantCulture)
+                && !_authorizer.Authorize(Permissions.AccessAdmin, "Can't access the admin")) {
+                filterContext.Result = new HttpUnauthorizedResult();
+            }
+        }
+
+        public void OnActionExecuted(ActionExecutedContext filterContext)
+        {
+        }
+    }
+}

src/Orchard.Web/Core/Common/Permissions.cs

@@ -1,19 +1,20 @@
-using System;
+using System.Collections.Generic;
-using System.Collections.Generic;
-using System.Linq;
-using System.Web;
 using Orchard.Security.Permissions;
 
 namespace Orchard.Core.Common {
     public class Permissions : IPermissionProvider {
-        public static Permission ChangeOwner = new Permission { Name = "ChangeOwner", Description = "Change the owner of content items" };
+        public static readonly Permission ChangeOwner = new Permission { Name = "ChangeOwner", Description = "Change the owner of content items" };
+        public static readonly Permission AccessAdmin = new Permission { Name = "AccessAdmin", Description = "Access the application admin area" };
 
         public string PackageName {
             get { return "Common"; }
         }
 
         public IEnumerable<Permission> GetPermissions() {
-            return new[] { ChangeOwner };
+            return new[] {
+                 ChangeOwner,
+                 AccessAdmin
+             };
         }
     }
 }

src/Orchard.Web/Core/Orchard.Core.csproj

@@ -61,6 +61,7 @@
     <Reference Include="System.Web.Mobile" />
   </ItemGroup>
   <ItemGroup>
+    <Compile Include="Common\Mvc\Filters\AdminFilter.cs" />
     <Compile Include="Common\Permissions.cs" />
     <Compile Include="Common\Utilities\LazyField.cs" />
     <Compile Include="Common\Providers\CommonAspectHandler.cs" />

src/Orchard.Web/Core/Settings/Services/SiteService.cs

@@ -23,12 +23,12 @@ namespace Orchard.Core.Settings.Services {
         #region Implementation of ISiteService
 
         public ISite GetSiteSettings() {
-            string applicationName = HttpContext.Current.Request.ApplicationPath;
+            string applicationPath = HttpContext.Current.Request.ApplicationPath;
-            SiteSettingsRecord record = _siteSettingsRepository.Fetch(x => x.SiteUrl == applicationName).FirstOrDefault();
+            SiteSettingsRecord record = _siteSettingsRepository.Fetch(x => x.SiteUrl == applicationPath).FirstOrDefault();
             if (record == null) {
                 ISite site = _contentManager.Create<SiteSettings>("site", item => {
                     item.Record.SiteName = "My Orchard Project Application";
-                    item.Record.SiteUrl = applicationName;
+                    item.Record.SiteUrl = applicationPath;
                     item.Record.PageTitleSeparator = " - ";
                 });
                 return site;

src/Orchard.Web/Core/Themes/Services/AdminThemeSelector.cs

@@ -1,12 +1,24 @@
 using System.Globalization;
+using System.IO;
 using System.Web.Routing;
+using Orchard.ContentManagement;
+using Orchard.Core.Settings.Models;
+using Orchard.Settings;
 using Orchard.Themes;
 
 namespace Orchard.Core.Themes.Services {
     public class AdminThemeSelector : IThemeSelector {
+        private readonly ISiteService _siteService;
+
+        public AdminThemeSelector(ISiteService siteService) {
+            _siteService = siteService;
+        }
 
         public ThemeSelectorResult GetTheme(RequestContext context) {
-            if (!context.HttpContext.Request.Path.StartsWith("/admin", true, CultureInfo.InvariantCulture))
+            //todo: (heskew) get at the SiteUrl the "right" way. or is this the right way :|
+            var siteUrl = _siteService.GetSiteSettings().ContentItem.As<SiteSettings>().Record.SiteUrl;
+
+            if (!context.HttpContext.Request.Path.StartsWith(Path.Combine(siteUrl, "admin"), true, CultureInfo.InvariantCulture))
                 return null;
 
             return new ThemeSelectorResult { Priority = 0, ThemeName = "TheAdmin" };

src/Orchard/Controllers/AccountController.cs

@@ -29,7 +29,7 @@ namespace Orchard.Controllers {
         public ActionResult LogOn(string userName, string password, bool rememberMe, string returnUrl) {
             var user = ValidateLogOn(userName, password);
             if (!ModelState.IsValid) {
-                return View();
+                return LogOn();
             }
 
             _authenticationService.SignIn(user, rememberMe);
@@ -79,7 +79,7 @@ namespace Orchard.Controllers {
             }
 
             // If we got this far, something failed, redisplay form
-            return View(new BaseViewModel());
+            return Register();
         }
 
         [Authorize]
@@ -110,12 +110,12 @@ namespace Orchard.Controllers {
                 else {
                     ModelState.AddModelError("_FORM",
                                              "The current password is incorrect or the new password is invalid.");
-                    return View(new BaseViewModel());
+                    return ChangePassword();
                 }
             }
             catch {
                 ModelState.AddModelError("_FORM", "The current password is incorrect or the new password is invalid.");
-                return View(new BaseViewModel());
+                return ChangePassword();
             }
         }
 

src/Orchard/Mvc/Filters/AdminFilter.cs

@@ -1,14 +0,0 @@
-using System.Web.Mvc;
-
-namespace Orchard.Mvc.Filters {
-    public class AdminFilter : FilterProvider, IActionFilter {
-        public void OnActionExecuting(ActionExecutingContext filterContext) {
-            //TODO: (erikpo) When Orchard needs to work from a virtual path, this check will need to be adjusted
-            if (filterContext.HttpContext.Request.RawUrl.StartsWith("/Admin") && !filterContext.HttpContext.Request.IsAuthenticated)
-                filterContext.Result = new HttpUnauthorizedResult();
-        }
-
-        public void OnActionExecuted(ActionExecutedContext filterContext) {
-        }
-    }
-}

src/Orchard/Orchard.csproj

@@ -183,7 +183,6 @@
     <Compile Include="Environment\OrchardServices.cs" />
     <Compile Include="Extensions\ExtensionDescriptor.cs" />
     <Compile Include="Extensions\ExtensionEntry.cs" />
-    <Compile Include="Mvc\Filters\AdminFilter.cs" />
     <Compile Include="IOrchardServices.cs" />
     <Compile Include="Mvc\Html\FileRegistrationContext.cs" />
     <Compile Include="Mvc\Html\SiteServiceExtensions.cs" />