From 89e8658f4992640045c3c76514d232554b6bf635 Mon Sep 17 00:00:00 2001 From: Sebastien Ros Date: Wed, 9 Sep 2015 11:25:52 -0700 Subject: [PATCH] Improving protected zones in settings UI Protecting MaxPagedCount Protecting BaseUrl Unhiding BaseUrl and SuperUser so that users can see what the values are --- .../Drivers/SiteSettingsPartDriver.cs | 41 ++++++++++--------- .../Parts.Settings.SiteSettingsPart.cshtml | 12 ++++-- 2 files changed, 29 insertions(+), 24 deletions(-) diff --git a/src/Orchard.Web/Core/Settings/Drivers/SiteSettingsPartDriver.cs b/src/Orchard.Web/Core/Settings/Drivers/SiteSettingsPartDriver.cs index 5591115e5..ec76f1ebc 100644 --- a/src/Orchard.Web/Core/Settings/Drivers/SiteSettingsPartDriver.cs +++ b/src/Orchard.Web/Core/Settings/Drivers/SiteSettingsPartDriver.cs @@ -71,11 +71,12 @@ namespace Orchard.Core.Settings.Drivers { var previousBaseUrl = model.Site.BaseUrl; - updater.TryUpdateModel(model, Prefix, null, new [] { "Site.SuperUser", "Site.MaxPageSize" }); + // Update all properties but not SuperUser, MaxPageSize and BaseUrl. + updater.TryUpdateModel(model, Prefix, null, new [] { "Site.SuperUser", "Site.MaxPageSize", "Site.BaseUrl", "Site.MaxPagedCount" }); // only a user with SiteOwner permission can change the site owner if (_authorizer.Authorize(StandardPermissions.SiteOwner)) { - updater.TryUpdateModel(model, Prefix, new[] { "Site.SuperUser", "Site.MaxPageSize" }, null); + updater.TryUpdateModel(model, Prefix, new[] { "Site.SuperUser", "Site.MaxPageSize", "Site.BaseUrl", "Site.MaxPagedCount" }, null); // ensures the super user is fully empty if (String.IsNullOrEmpty(model.SuperUser)) { @@ -88,30 +89,30 @@ namespace Orchard.Core.Settings.Drivers { updater.AddModelError("SuperUser", T("The user {0} was not found", model.SuperUser)); } } - } - // ensure the base url is absolute if provided - if (!String.IsNullOrWhiteSpace(model.Site.BaseUrl)) { - if (!Uri.IsWellFormedUriString(model.Site.BaseUrl, UriKind.Absolute)) { - updater.AddModelError("BaseUrl", T("The base url must be absolute.")); - } + // ensure the base url is absolute if provided + if (!String.IsNullOrWhiteSpace(model.Site.BaseUrl)) { + if (!Uri.IsWellFormedUriString(model.Site.BaseUrl, UriKind.Absolute)) { + updater.AddModelError("BaseUrl", T("The base url must be absolute.")); + } // if the base url has been modified, try to ping it - else if (!String.Equals(previousBaseUrl, model.Site.BaseUrl, StringComparison.OrdinalIgnoreCase)) { - try { - var request = WebRequest.Create(model.Site.BaseUrl) as HttpWebRequest; - if (request != null) { - using (request.GetResponse() as HttpWebResponse) {} + else if (!String.Equals(previousBaseUrl, model.Site.BaseUrl, StringComparison.OrdinalIgnoreCase)) { + try { + var request = WebRequest.Create(model.Site.BaseUrl) as HttpWebRequest; + if (request != null) { + using (request.GetResponse() as HttpWebResponse) { } + } } - } - catch (Exception ex) { - if (ex.IsFatal()) { - throw; + catch (Exception ex) { + if (ex.IsFatal()) { + throw; + } + _notifier.Warning(T("The base url you entered could not be requested from current location.")); + Logger.Warning(ex, "Could not query base url: {0}", model.Site.BaseUrl); } - _notifier.Warning(T("The base url you entered could not be requested from current location.")); - Logger.Warning(ex, "Could not query base url: {0}", model.Site.BaseUrl); } } - } + } return ContentShape("Parts_Settings_SiteSettingsPart", () => shapeHelper.EditorTemplate(TemplateName: "Parts.Settings.SiteSettingsPart", Model: model, Prefix: Prefix)); diff --git a/src/Orchard.Web/Core/Settings/Views/EditorTemplates/Parts.Settings.SiteSettingsPart.cshtml b/src/Orchard.Web/Core/Settings/Views/EditorTemplates/Parts.Settings.SiteSettingsPart.cshtml index af4bd6f1a..eea869eaf 100644 --- a/src/Orchard.Web/Core/Settings/Views/EditorTemplates/Parts.Settings.SiteSettingsPart.cshtml +++ b/src/Orchard.Web/Core/Settings/Views/EditorTemplates/Parts.Settings.SiteSettingsPart.cshtml @@ -16,7 +16,10 @@
- @Html.TextBoxFor(m => m.BaseUrl, new { @class = "text medium is-url" }) + @Html.TextBoxFor(m => m.BaseUrl, + (object)(AuthorizedFor(Orchard.Security.StandardPermissions.SiteOwner) + ? (dynamic)new { @class = "text medium is-url" } + : (dynamic)new { @class = "text medium is-url", @readonly = "readonly" })) @T("Enter the fully qualified base URL of the web site.") @T("e.g., http://localhost:30320/orchardlocal, http://www.yourdomain.com")
@@ -45,14 +48,15 @@ @Html.EditorFor(x => x.PageTitleSeparator) @Html.ValidationMessage("PageTitleSeparator", "*") -@if (AuthorizedFor(Orchard.Security.StandardPermissions.SiteOwner)) {
- @Html.EditorFor(x => x.SuperUser) + @Html.TextBoxFor(x => x.SuperUser, + (object)(AuthorizedFor(Orchard.Security.StandardPermissions.SiteOwner) + ? (dynamic)new { @class = "text single-line" } + : (dynamic)new { @class = "text single-line", @readonly = "readonly" })) @Html.ValidationMessage("SuperUser", "*") @T("Enter an existing account name, or nothing if you don't want a Super user account")
-}
@Html.DropDownList("ResourceDebugMode", resourceDebugMode)