From ef5eea48fafb824ea5215372e58d43c0568cfa25 Mon Sep 17 00:00:00 2001 From: Sebastien Ros Date: Thu, 9 Dec 2010 15:47:25 -0800 Subject: [PATCH 1/7] Checking site ownership for all gallery actions Work Item: 16978 --HG-- branch : dev --- .../Modules/Orchard.Packaging/AdminMenu.cs | 10 ++++--- .../Controllers/GalleryController.cs | 27 ++++++++++++++++++- .../PackagingServicesController.cs | 26 +++++++++++++++++- 3 files changed, 58 insertions(+), 5 deletions(-) diff --git a/src/Orchard.Web/Modules/Orchard.Packaging/AdminMenu.cs b/src/Orchard.Web/Modules/Orchard.Packaging/AdminMenu.cs index f34d93011..fbfe5565b 100644 --- a/src/Orchard.Web/Modules/Orchard.Packaging/AdminMenu.cs +++ b/src/Orchard.Web/Modules/Orchard.Packaging/AdminMenu.cs @@ -1,6 +1,7 @@ using Orchard.Environment.Extensions; using Orchard.Localization; using Orchard.UI.Navigation; +using Orchard.Security; namespace Orchard.Packaging { [OrchardFeature("Gallery")] @@ -12,11 +13,14 @@ namespace Orchard.Packaging { public void GetNavigation(NavigationBuilder builder) { builder.Add(T("Gallery"), "30", menu => menu .Add(T("Modules"), "1.0", item => item - .Action("Modules", "Gallery", new { area = "Orchard.Packaging" })) + .Action("Modules", "Gallery", new { area = "Orchard.Packaging" }) + .Permission(StandardPermissions.SiteOwner)) .Add(T("Themes"), "2.0", item => item - .Action("Themes", "Gallery", new { area = "Orchard.Packaging" })) + .Action("Themes", "Gallery", new { area = "Orchard.Packaging" }) + .Permission(StandardPermissions.SiteOwner)) .Add(T("Feeds"), "3.0", item => item - .Action("Sources", "Gallery", new { area = "Orchard.Packaging" }))); + .Action("Sources", "Gallery", new { area = "Orchard.Packaging" }) + .Permission(StandardPermissions.SiteOwner))); } } } \ No newline at end of file diff --git a/src/Orchard.Web/Modules/Orchard.Packaging/Controllers/GalleryController.cs b/src/Orchard.Web/Modules/Orchard.Packaging/Controllers/GalleryController.cs index 57654a990..c07eecccf 100644 --- a/src/Orchard.Web/Modules/Orchard.Packaging/Controllers/GalleryController.cs +++ b/src/Orchard.Web/Modules/Orchard.Packaging/Controllers/GalleryController.cs @@ -9,6 +9,7 @@ using Orchard.Localization; using Orchard.Logging; using Orchard.Packaging.Services; using Orchard.Packaging.ViewModels; +using Orchard.Security; using Orchard.Themes; using Orchard.UI.Admin; using Orchard.UI.Notify; @@ -26,36 +27,51 @@ namespace Orchard.Packaging.Controllers { public GalleryController( IPackageManager packageManager, IPackagingSourceManager packagingSourceManager, - INotifier notifier) { + INotifier notifier, + IOrchardServices services) { _packageManager = packageManager; _packagingSourceManager = packagingSourceManager; _notifier = notifier; + Services = services; T = NullLocalizer.Instance; Logger = NullLogger.Instance; } + public IOrchardServices Services { get; set; } public Localizer T { get; set; } public ILogger Logger { get; set; } public ActionResult Sources() { + if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to list sources"))) + return new HttpUnauthorizedResult(); + return View(new PackagingSourcesViewModel { Sources = _packagingSourceManager.GetSources(), }); } public ActionResult Remove(int id) { + if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to remove sources"))) + return new HttpUnauthorizedResult(); + _packagingSourceManager.RemoveSource(id); _notifier.Information(T("The feed has been removed successfully.")); return RedirectToAction("Sources"); } public ActionResult AddSource() { + if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to add sources"))) + return new HttpUnauthorizedResult(); + return View(new PackagingAddSourceViewModel()); } [HttpPost] public ActionResult AddSource(string url) { + if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to add sources"))) + return new HttpUnauthorizedResult(); + try { if (!String.IsNullOrEmpty(url)) { if (!url.StartsWith("http")) { @@ -96,6 +112,9 @@ namespace Orchard.Packaging.Controllers { } public ActionResult Modules(int? sourceId) { + if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to list modules"))) + return new HttpUnauthorizedResult(); + var selectedSource = _packagingSourceManager.GetSources().Where(s => s.Id == sourceId).FirstOrDefault(); var sources = selectedSource != null @@ -123,6 +142,9 @@ namespace Orchard.Packaging.Controllers { } public ActionResult Themes(int? sourceId) { + if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to list themes"))) + return new HttpUnauthorizedResult(); + var selectedSource = _packagingSourceManager.GetSources().Where(s => s.Id == sourceId).FirstOrDefault(); var sources = selectedSource != null @@ -138,6 +160,9 @@ namespace Orchard.Packaging.Controllers { } public ActionResult Install(string packageId, string version, int sourceId, string redirectTo) { + if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to install packages"))) + return new HttpUnauthorizedResult(); + var source = _packagingSourceManager.GetSources().Where(s => s.Id == sourceId).FirstOrDefault(); if (source == null) { diff --git a/src/Orchard.Web/Modules/Orchard.Packaging/Controllers/PackagingServicesController.cs b/src/Orchard.Web/Modules/Orchard.Packaging/Controllers/PackagingServicesController.cs index e51d385f1..08a5abb83 100644 --- a/src/Orchard.Web/Modules/Orchard.Packaging/Controllers/PackagingServicesController.cs +++ b/src/Orchard.Web/Modules/Orchard.Packaging/Controllers/PackagingServicesController.cs @@ -8,6 +8,7 @@ using Orchard.Environment.Extensions; using Orchard.FileSystems.AppData; using Orchard.Localization; using Orchard.Packaging.Services; +using Orchard.Security; using Orchard.Themes; using Orchard.UI.Admin; using Orchard.UI.Notify; @@ -25,7 +26,8 @@ namespace Orchard.Packaging.Controllers { public PackagingServicesController( IPackageManager packageManager, INotifier notifier, - IAppDataFolderRoot appDataFolderRoot) { + IAppDataFolderRoot appDataFolderRoot, + IOrchardServices services) { _packageManager = packageManager; _notifier = notifier; _appDataFolderRoot = appDataFolderRoot; @@ -34,31 +36,50 @@ namespace Orchard.Packaging.Controllers { } public Localizer T { get; set; } + public IOrchardServices Services { get; set; } public ActionResult AddTheme(string returnUrl) { + if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to add themes"))) + return new HttpUnauthorizedResult(); + return View(); } [HttpPost, ActionName("AddTheme")] public ActionResult AddThemePOST(string returnUrl) { + if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to add themes"))) + return new HttpUnauthorizedResult(); + return InstallPackage(returnUrl, Request.RawUrl); } [HttpPost, ActionName("RemoveTheme")] public ActionResult RemoveThemePOST(string themeId, string returnUrl, string retryUrl) { + if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to remove themes"))) + return new HttpUnauthorizedResult(); + return UninstallPackage(PackagingSourceManager.ThemesPrefix + themeId, returnUrl, retryUrl); } public ActionResult AddModule(string returnUrl) { + if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to add modules"))) + return new HttpUnauthorizedResult(); + return View(); } [HttpPost, ActionName("AddModule")] public ActionResult AddModulePOST(string returnUrl) { + if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to add modules"))) + return new HttpUnauthorizedResult(); + return InstallPackage(returnUrl, Request.RawUrl); } public ActionResult InstallPackage(string returnUrl, string retryUrl) { + if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to install packages"))) + return new HttpUnauthorizedResult(); + try { if (Request.Files != null && Request.Files.Count > 0 && @@ -90,6 +111,9 @@ namespace Orchard.Packaging.Controllers { } public ActionResult UninstallPackage(string id, string returnUrl, string retryUrl) { + if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to uninstall packages"))) + return new HttpUnauthorizedResult(); + try { _packageManager.Uninstall(id, HostingEnvironment.MapPath("~/")); From ef724fd6c3981de4dfac545a425cf7f50422b700 Mon Sep 17 00:00:00 2001 From: Sebastien Ros Date: Thu, 9 Dec 2010 15:49:19 -0800 Subject: [PATCH 2/7] Correcting SqlCe reference in Azure --HG-- branch : dev --- src/Orchard.Azure/Orchard.Azure.Web/Orchard.Azure.Web.csproj | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/Orchard.Azure/Orchard.Azure.Web/Orchard.Azure.Web.csproj b/src/Orchard.Azure/Orchard.Azure.Web/Orchard.Azure.Web.csproj index 981db132f..4db91e723 100644 --- a/src/Orchard.Azure/Orchard.Azure.Web/Orchard.Azure.Web.csproj +++ b/src/Orchard.Azure/Orchard.Azure.Web/Orchard.Azure.Web.csproj @@ -75,8 +75,9 @@ False - - True + + False + ..\..\..\lib\sqlce\System.Data.SqlServerCe.dll False From f26cb60a9e3efc80c4069b78369cdf19f1543e37 Mon Sep 17 00:00:00 2001 From: Sebastien Ros Date: Thu, 9 Dec 2010 15:49:32 -0800 Subject: [PATCH 3/7] Updating ShellSettingsManager for Azure --HG-- branch : dev --- .../AzureShellSettingsManager.cs | 51 +++++++++++-------- 1 file changed, 30 insertions(+), 21 deletions(-) diff --git a/src/Orchard.Azure/Environment/Configuration/AzureShellSettingsManager.cs b/src/Orchard.Azure/Environment/Configuration/AzureShellSettingsManager.cs index 5c5e33d98..524c02777 100644 --- a/src/Orchard.Azure/Environment/Configuration/AzureShellSettingsManager.cs +++ b/src/Orchard.Azure/Environment/Configuration/AzureShellSettingsManager.cs @@ -83,32 +83,27 @@ namespace Orchard.Azure.Environment.Configuration { } } - class Content { - public string Name { get; set; } - public string DataProvider { get; set; } - public string DataConnectionString { get; set; } - public string DataPrefix { get; set; } - public string RequestUrlHost { get; set; } - public string RequestUrlPrefix { get; set; } - public string State { get; set; } - } - - static ShellSettings ParseSettings(string text) { + static ShellSettings ParseSettings(string text) + { var shellSettings = new ShellSettings(); - if ( String.IsNullOrEmpty(text) ) + if (String.IsNullOrEmpty(text)) return shellSettings; string[] settings = text.Split(new[] { "\r\n" }, StringSplitOptions.RemoveEmptyEntries); - foreach ( var setting in settings ) { + foreach (var setting in settings) + { string[] settingFields = setting.Split(new[] { ":" }, StringSplitOptions.RemoveEmptyEntries); int fieldsLength = settingFields.Length; - if ( fieldsLength != 2 ) + if (fieldsLength != 2) continue; - for ( int i = 0; i < fieldsLength; i++ ) { + for (int i = 0; i < fieldsLength; i++) + { settingFields[i] = settingFields[i].Trim(); } - if ( settingFields[1] != "null" ) { - switch ( settingFields[0] ) { + if (settingFields[1] != "null") + { + switch (settingFields[0]) + { case "Name": shellSettings.Name = settingFields[1]; break; @@ -130,24 +125,38 @@ namespace Orchard.Azure.Environment.Configuration { case "RequestUrlPrefix": shellSettings.RequestUrlPrefix = settingFields[1]; break; + case "EncryptionAlgorithm": + shellSettings.EncryptionAlgorithm = settingFields[1]; + break; + case "EncryptionKey": + shellSettings.EncryptionKey = settingFields[1]; + break; + case "EncryptionIV": + shellSettings.EncryptionIV = settingFields[1]; + break; } } } return shellSettings; } - static string ComposeSettings(ShellSettings settings) { - if ( settings == null ) + static string ComposeSettings(ShellSettings settings) + { + if (settings == null) return ""; - return string.Format("Name: {0}\r\nDataProvider: {1}\r\nDataConnectionString: {2}\r\nDataPrefix: {3}\r\nRequestUrlHost: {4}\r\nRequestUrlPrefix: {5}\r\nState: {6}\r\n", + return string.Format("Name: {0}\r\nDataProvider: {1}\r\nDataConnectionString: {2}\r\nDataPrefix: {3}\r\nRequestUrlHost: {4}\r\nRequestUrlPrefix: {5}\r\nState: {6}\r\nEncryptionAlgorithm: {7}\r\nEncryptionKey: {8}\r\nEncryptionIV: {9}\r\n", settings.Name, settings.DataProvider, settings.DataConnectionString ?? "null", settings.DataTablePrefix ?? "null", settings.RequestUrlHost ?? "null", settings.RequestUrlPrefix ?? "null", - settings.State != null ? settings.State.ToString() : String.Empty); + settings.State != null ? settings.State.ToString() : String.Empty, + settings.EncryptionAlgorithm ?? "null", + settings.EncryptionKey ?? "null", + settings.EncryptionIV ?? "null" + ); } } } From a88f2a74bfbcbfa2ca8f7bc85d9192fd8b966a56 Mon Sep 17 00:00:00 2001 From: Sebastien Ros Date: Thu, 9 Dec 2010 15:49:48 -0800 Subject: [PATCH 4/7] Removing full IIS mode from Azure config file --HG-- branch : dev --- .../Orchard.Azure.CloudService/ServiceDefinition.csdef | 7 ------- 1 file changed, 7 deletions(-) diff --git a/src/Orchard.Azure/Orchard.Azure.CloudService/ServiceDefinition.csdef b/src/Orchard.Azure/Orchard.Azure.CloudService/ServiceDefinition.csdef index fb41cf303..462e8f2ae 100644 --- a/src/Orchard.Azure/Orchard.Azure.CloudService/ServiceDefinition.csdef +++ b/src/Orchard.Azure/Orchard.Azure.CloudService/ServiceDefinition.csdef @@ -1,13 +1,6 @@  - - - - - - - From 147dcf9badd1248b837497c989f84f727afd9c65 Mon Sep 17 00:00:00 2001 From: Sebastien Ros Date: Thu, 9 Dec 2010 15:50:20 -0800 Subject: [PATCH 5/7] Using more adapted when no connection string is found --HG-- branch : dev --- src/Orchard/Data/Providers/SqlServerDataServicesProvider.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Orchard/Data/Providers/SqlServerDataServicesProvider.cs b/src/Orchard/Data/Providers/SqlServerDataServicesProvider.cs index acce27bd0..a266af81a 100644 --- a/src/Orchard/Data/Providers/SqlServerDataServicesProvider.cs +++ b/src/Orchard/Data/Providers/SqlServerDataServicesProvider.cs @@ -18,7 +18,7 @@ namespace Orchard.Data.Providers { public override IPersistenceConfigurer GetPersistenceConfigurer(bool createDatabase) { var persistence = MsSqlConfiguration.MsSql2008; if (string.IsNullOrEmpty(_connectionString)) { - throw new NotImplementedException(); + throw new ArgumentException("The connection string is empty"); } persistence = persistence.ConnectionString(_connectionString); return persistence; From c1c06d599155196cdfb3c70c63315d6f8245572b Mon Sep 17 00:00:00 2001 From: Sebastien Ros Date: Thu, 9 Dec 2010 16:09:07 -0800 Subject: [PATCH 6/7] Adding script to run Azure in dev fabric Work Item: 16874 --HG-- branch : dev --- ClickToRunAzureInDevFabric.cmd | 5 +++++ 1 file changed, 5 insertions(+) create mode 100644 ClickToRunAzureInDevFabric.cmd diff --git a/ClickToRunAzureInDevFabric.cmd b/ClickToRunAzureInDevFabric.cmd new file mode 100644 index 000000000..3e1ba1773 --- /dev/null +++ b/ClickToRunAzureInDevFabric.cmd @@ -0,0 +1,5 @@ +SET CDIR = %CD% +call "%ProgramFiles%\Windows Azure SDK\v1.3\bin\setenv.cmd" +csrun /devstore +csrun /run:"%CDIR %\build\Compile\Orchard.Azure.CloudService.csx";"%CDIR %\src\Orchard.Azure\Orchard.Azure.CloudService\ServiceConfiguration.cscfg" /launchbrowser +pause \ No newline at end of file From cc7f77a75794689d5a838c900ffa55020b5a1c5e Mon Sep 17 00:00:00 2001 From: Jonathan Wall Date: Thu, 9 Dec 2010 16:26:50 -0800 Subject: [PATCH 7/7] Changed list to manage blogs in the admin menu. Work Item: 17001 --HG-- branch : dev --- src/Orchard.Web/Modules/Orchard.Blogs/AdminMenu.cs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/Orchard.Web/Modules/Orchard.Blogs/AdminMenu.cs b/src/Orchard.Web/Modules/Orchard.Blogs/AdminMenu.cs index d54c11dc2..258b630ee 100644 --- a/src/Orchard.Web/Modules/Orchard.Blogs/AdminMenu.cs +++ b/src/Orchard.Web/Modules/Orchard.Blogs/AdminMenu.cs @@ -25,7 +25,7 @@ namespace Orchard.Blogs { var singleBlog = blogCount == 1 ? blogs.ElementAt(0) : null; if (blogCount > 0 && singleBlog == null) { - menu.Add(T("List"), "3", + menu.Add(T("Manage Blogs"), "3", item => item.Action("List", "BlogAdmin", new {area = "Orchard.Blogs"}).Permission(Permissions.MetaListOwnBlogs)); } else if (singleBlog != null)