Improving protected zones in settings UI

Protecting MaxPagedCount Protecting BaseUrl Unhiding BaseUrl and SuperUser so that users can see what the values are
2025-10-15 03:25:23 +08:00 · 2015-09-09 11:25:52 -07:00
parent 6d255f24ab
commit 89e8658f49
2 changed files with 29 additions and 24 deletions
--- a/src/Orchard.Web/Core/Settings/Drivers/SiteSettingsPartDriver.cs
+++ b/src/Orchard.Web/Core/Settings/Drivers/SiteSettingsPartDriver.cs
@@ -71,11 +71,12 @@ namespace Orchard.Core.Settings.Drivers {

            var previousBaseUrl = model.Site.BaseUrl;

-            updater.TryUpdateModel(model, Prefix, null, new [] { "Site.SuperUser", "Site.MaxPageSize" });
+            // Update all properties but not SuperUser, MaxPageSize and BaseUrl.
+            updater.TryUpdateModel(model, Prefix, null, new [] { "Site.SuperUser", "Site.MaxPageSize", "Site.BaseUrl", "Site.MaxPagedCount" });

            // only a user with SiteOwner permission can change the site owner
            if (_authorizer.Authorize(StandardPermissions.SiteOwner)) {
-                updater.TryUpdateModel(model, Prefix, new[] { "Site.SuperUser", "Site.MaxPageSize" }, null);
+                updater.TryUpdateModel(model, Prefix, new[] { "Site.SuperUser", "Site.MaxPageSize", "Site.BaseUrl", "Site.MaxPagedCount" }, null);

                // ensures the super user is fully empty
                if (String.IsNullOrEmpty(model.SuperUser)) {
@@ -88,30 +89,30 @@ namespace Orchard.Core.Settings.Drivers {
                        updater.AddModelError("SuperUser", T("The user {0} was not found", model.SuperUser));
                    }
                }
-            }

-            // ensure the base url is absolute if provided
-            if (!String.IsNullOrWhiteSpace(model.Site.BaseUrl)) {
-                if (!Uri.IsWellFormedUriString(model.Site.BaseUrl, UriKind.Absolute)) {
-                    updater.AddModelError("BaseUrl", T("The base url must be absolute."));
-                }
+                // ensure the base url is absolute if provided
+                if (!String.IsNullOrWhiteSpace(model.Site.BaseUrl)) {
+                    if (!Uri.IsWellFormedUriString(model.Site.BaseUrl, UriKind.Absolute)) {
+                        updater.AddModelError("BaseUrl", T("The base url must be absolute."));
+                    }
                    // if the base url has been modified, try to ping it
-                else if (!String.Equals(previousBaseUrl, model.Site.BaseUrl, StringComparison.OrdinalIgnoreCase)) {
-                    try {
-                        var request = WebRequest.Create(model.Site.BaseUrl) as HttpWebRequest;
-                        if (request != null) {
-                            using (request.GetResponse() as HttpWebResponse) {}
+                    else if (!String.Equals(previousBaseUrl, model.Site.BaseUrl, StringComparison.OrdinalIgnoreCase)) {
+                        try {
+                            var request = WebRequest.Create(model.Site.BaseUrl) as HttpWebRequest;
+                            if (request != null) {
+                                using (request.GetResponse() as HttpWebResponse) { }
+                            }
                        }
-                    }
-                    catch (Exception ex) {
-                        if (ex.IsFatal()) {                        
-                            throw;
+                        catch (Exception ex) {
+                            if (ex.IsFatal()) {
+                                throw;
+                            }
+                            _notifier.Warning(T("The base url you entered could not be requested from current location."));
+                            Logger.Warning(ex, "Could not query base url: {0}", model.Site.BaseUrl);
                        }
-                        _notifier.Warning(T("The base url you entered could not be requested from current location."));
-                        Logger.Warning(ex, "Could not query base url: {0}", model.Site.BaseUrl);
                    }
                }
-            }
+            }            

            return ContentShape("Parts_Settings_SiteSettingsPart",
                () => shapeHelper.EditorTemplate(TemplateName: "Parts.Settings.SiteSettingsPart", Model: model, Prefix: Prefix));
--- a/src/Orchard.Web/Core/Settings/Views/EditorTemplates/Parts.Settings.SiteSettingsPart.cshtml
+++ b/src/Orchard.Web/Core/Settings/Views/EditorTemplates/Parts.Settings.SiteSettingsPart.cshtml
@@ -16,7 +16,10 @@
    </div>
    <div>
        <label for="@Html.FieldIdFor(m => m.BaseUrl)">@T("Base URL")</label>
-        @Html.TextBoxFor(m => m.BaseUrl, new { @class = "text medium is-url" })
+        @Html.TextBoxFor(m => m.BaseUrl,
+            (object)(AuthorizedFor(Orchard.Security.StandardPermissions.SiteOwner)
+                ? (dynamic)new { @class = "text medium is-url" }
+                : (dynamic)new { @class = "text medium is-url", @readonly = "readonly" }))
        <span class="hint">@T("Enter the fully qualified base URL of the web site.")</span>
        <span class="hint">@T("e.g., http://localhost:30320/orchardlocal, http://www.yourdomain.com")</span>
    </div>
@@ -45,14 +48,15 @@
        @Html.EditorFor(x => x.PageTitleSeparator)
        @Html.ValidationMessage("PageTitleSeparator", "*")
    </div>
-@if (AuthorizedFor(Orchard.Security.StandardPermissions.SiteOwner)) {
    <div>
        <label for="SuperUser">@T("Super user")</label>
-        @Html.EditorFor(x => x.SuperUser)
+        @Html.TextBoxFor(x => x.SuperUser, 
+            (object)(AuthorizedFor(Orchard.Security.StandardPermissions.SiteOwner)
+                ? (dynamic)new { @class = "text single-line" }
+                : (dynamic)new { @class = "text single-line", @readonly = "readonly" }))
        @Html.ValidationMessage("SuperUser", "*")
        <span class="hint">@T("Enter an existing account name, or nothing if you don't want a Super user account")</span>
    </div>
-}
    <div>
        <label for="SiteDebugMode">@T("Resource Debug Mode")</label>
        @Html.DropDownList("ResourceDebugMode", resourceDebugMode)