Improving protected zones in settings UI

Protecting MaxPagedCount Protecting BaseUrl Unhiding BaseUrl and SuperUser so that users can see what the values are
2025-10-15 11:44:58 +08:00 · 2015-09-09 11:25:52 -07:00
parent 6d255f24ab
commit 89e8658f49
2 changed files with 29 additions and 24 deletions
--- a/src/Orchard.Web/Core/Settings/Drivers/SiteSettingsPartDriver.cs
+++ b/src/Orchard.Web/Core/Settings/Drivers/SiteSettingsPartDriver.cs
@@ -71,11 +71,12 @@ namespace Orchard.Core.Settings.Drivers {

            var previousBaseUrl = model.Site.BaseUrl;

-            updater.TryUpdateModel(model, Prefix, null, new [] { "Site.SuperUser", "Site.MaxPageSize" });
+            // Update all properties but not SuperUser, MaxPageSize and BaseUrl.
+            updater.TryUpdateModel(model, Prefix, null, new [] { "Site.SuperUser", "Site.MaxPageSize", "Site.BaseUrl", "Site.MaxPagedCount" });

            // only a user with SiteOwner permission can change the site owner
            if (_authorizer.Authorize(StandardPermissions.SiteOwner)) {
-                updater.TryUpdateModel(model, Prefix, new[] { "Site.SuperUser", "Site.MaxPageSize" }, null);
+                updater.TryUpdateModel(model, Prefix, new[] { "Site.SuperUser", "Site.MaxPageSize", "Site.BaseUrl", "Site.MaxPagedCount" }, null);

                // ensures the super user is fully empty
                if (String.IsNullOrEmpty(model.SuperUser)) {
@@ -88,7 +89,6 @@ namespace Orchard.Core.Settings.Drivers {
                        updater.AddModelError("SuperUser", T("The user {0} was not found", model.SuperUser));
                    }
                }
-            }

                // ensure the base url is absolute if provided
                if (!String.IsNullOrWhiteSpace(model.Site.BaseUrl)) {
@@ -112,6 +112,7 @@ namespace Orchard.Core.Settings.Drivers {
                        }
                    }
                }
+            }            

            return ContentShape("Parts_Settings_SiteSettingsPart",
                () => shapeHelper.EditorTemplate(TemplateName: "Parts.Settings.SiteSettingsPart", Model: model, Prefix: Prefix));
--- a/src/Orchard.Web/Core/Settings/Views/EditorTemplates/Parts.Settings.SiteSettingsPart.cshtml
+++ b/src/Orchard.Web/Core/Settings/Views/EditorTemplates/Parts.Settings.SiteSettingsPart.cshtml
@@ -16,7 +16,10 @@
    </div>
    <div>
        <label for="@Html.FieldIdFor(m => m.BaseUrl)">@T("Base URL")</label>
-        @Html.TextBoxFor(m => m.BaseUrl, new { @class = "text medium is-url" })
+        @Html.TextBoxFor(m => m.BaseUrl,
+            (object)(AuthorizedFor(Orchard.Security.StandardPermissions.SiteOwner)
+                ? (dynamic)new { @class = "text medium is-url" }
+                : (dynamic)new { @class = "text medium is-url", @readonly = "readonly" }))
        <span class="hint">@T("Enter the fully qualified base URL of the web site.")</span>
        <span class="hint">@T("e.g., http://localhost:30320/orchardlocal, http://www.yourdomain.com")</span>
    </div>
@@ -45,14 +48,15 @@
        @Html.EditorFor(x => x.PageTitleSeparator)
        @Html.ValidationMessage("PageTitleSeparator", "*")
    </div>
-@if (AuthorizedFor(Orchard.Security.StandardPermissions.SiteOwner)) {
    <div>
        <label for="SuperUser">@T("Super user")</label>
-        @Html.EditorFor(x => x.SuperUser)
+        @Html.TextBoxFor(x => x.SuperUser, 
+            (object)(AuthorizedFor(Orchard.Security.StandardPermissions.SiteOwner)
+                ? (dynamic)new { @class = "text single-line" }
+                : (dynamic)new { @class = "text single-line", @readonly = "readonly" }))
        @Html.ValidationMessage("SuperUser", "*")
        <span class="hint">@T("Enter an existing account name, or nothing if you don't want a Super user account")</span>
    </div>
-}
    <div>
        <label for="SiteDebugMode">@T("Resource Debug Mode")</label>
        @Html.DropDownList("ResourceDebugMode", resourceDebugMode)