lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2026-02-09 09:16:41 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

Fixing permissions on Projections

Browse Source
This commit is contained in:
Sebastien Ros
2014-05-12 15:31:40 -07:00
parent 52d494542f
commit 97829e0948
5 changed files with 21 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
src/Orchard.Web/Modules/Orchard.Projections/AdminMenu.cs
View File

@@ -1,4 +1,5 @@
using Orchard.Localization;
using Orchard.Security;
using Orchard.UI.Navigation;
namespace Orchard.Projections {
@@ -12,7 +13,7 @@ namespace Orchard.Projections {
.Add(T("Queries"), "1.0",
qi => qi.Action("Index", "Admin", new { area = "Orchard.Projections" }).Permission(Permissions.ManageQueries).LocalNav())
.Add(T("Bindings"), "2.0",
bi => bi.Action("Index", "Binding", new { area = "Orchard.Projections" }).Permission(Permissions.ManageQueries).LocalNav())
bi => bi.Action("Index", "Binding", new { area = "Orchard.Projections" }).Permission(StandardPermissions.SiteOwner).LocalNav())
);
}
}

10
src/Orchard.Web/Modules/Orchard.Projections/Controllers/FilterController.cs
View File

@@ -43,7 +43,7 @@ namespace Orchard.Projections.Controllers {
public dynamic Shape { get; set; }
public ActionResult Add(int id) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
var viewModel = new FilterAddViewModel { Id = id, Filters = _projectionManager.DescribeFilters() };
@@ -51,7 +51,7 @@ namespace Orchard.Projections.Controllers {
}
public ActionResult AddGroup(int id) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
var query = _queryService.GetQuery(id).Record;
@@ -67,7 +67,7 @@ namespace Orchard.Projections.Controllers {
[HttpPost]
public ActionResult DeleteGroup(int id) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
var group = _groupRepository.Get(id);
@@ -85,7 +85,7 @@ namespace Orchard.Projections.Controllers {
public ActionResult Delete(int id, int filterId) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
var filter = _repository.Get(filterId);
@@ -102,7 +102,7 @@ namespace Orchard.Projections.Controllers {
}
public ActionResult Edit(int id, string category, string type, int filterId = -1) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
var filter = _projectionManager.DescribeFilters().SelectMany(x => x.Descriptors).FirstOrDefault(x => x.Category == category && x.Type == type);

10
src/Orchard.Web/Modules/Orchard.Projections/Controllers/LayoutController.cs
View File

@@ -42,7 +42,7 @@ namespace Orchard.Projections.Controllers {
public dynamic Shape { get; set; }
public ActionResult Add(int id) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
var viewModel = new LayoutAddViewModel { Id = id, Layouts = _projectionManager.DescribeLayouts() };
@@ -51,7 +51,7 @@ namespace Orchard.Projections.Controllers {
[HttpPost]
public ActionResult Delete(int id) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
var layout = _repository.Get(id);
@@ -70,7 +70,7 @@ namespace Orchard.Projections.Controllers {
}
public ActionResult Create(int id, string category, string type) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
var layout = _projectionManager.DescribeLayouts().SelectMany(x => x.Descriptors).FirstOrDefault(x => x.Category == category && x.Type == type);
@@ -93,7 +93,7 @@ namespace Orchard.Projections.Controllers {
[HttpPost, ActionName("Create")]
public ActionResult CreatePost(LayoutEditViewModel model, FormCollection formCollection) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
// validating form values
@@ -129,7 +129,7 @@ namespace Orchard.Projections.Controllers {
}
public ActionResult Edit(int id) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
LayoutRecord layoutRecord = _repository.Get(id);

10
src/Orchard.Web/Modules/Orchard.Projections/Controllers/PropertyController.cs
View File

@@ -46,7 +46,7 @@ namespace Orchard.Projections.Controllers {
public dynamic Shape { get; set; }
public ActionResult Add(int id) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
var viewModel = new PropertyAddViewModel { Id = id, Properties = _projectionManager.DescribeProperties() };
@@ -55,7 +55,7 @@ namespace Orchard.Projections.Controllers {
[HttpPost]
public ActionResult Delete(int id, int propertyId) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
var property = _repository.Get(propertyId);
@@ -72,7 +72,7 @@ namespace Orchard.Projections.Controllers {
}
public ActionResult Edit(int id, string category, string type, int propertyId = -1) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
var property = _projectionManager.DescribeProperties().SelectMany(x => x.Descriptors).Where(x => x.Category == category && x.Type == type).FirstOrDefault();
@@ -140,7 +140,7 @@ namespace Orchard.Projections.Controllers {
[HttpPost, ActionName("Edit")]
public ActionResult EditPost(int id, string category, string type, [DefaultValue(-1)]int propertyId, FormCollection formCollection) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
var layout = _layoutRepository.Get(id);
@@ -213,7 +213,7 @@ namespace Orchard.Projections.Controllers {
}
public ActionResult Move(string direction, int id, int layoutId) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
switch (direction) {

8
src/Orchard.Web/Modules/Orchard.Projections/Controllers/SortCriteriaController.cs
View File

@@ -44,7 +44,7 @@ namespace Orchard.Projections.Controllers {
public dynamic Shape { get; set; }
public ActionResult Add(int id) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
var viewModel = new SortCriterionAddViewModel { Id = id, SortCriteria = _projectionManager.DescribeSortCriteria() };
@@ -53,7 +53,7 @@ namespace Orchard.Projections.Controllers {
[HttpPost]
public ActionResult Delete(int id, int sortCriterionId) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
var sortCriterion = _repository.Get(sortCriterionId);
@@ -70,7 +70,7 @@ namespace Orchard.Projections.Controllers {
}
public ActionResult Edit(int id, string category, string type, int sortCriterionId = -1) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
var sortCriterion = _projectionManager.DescribeSortCriteria().SelectMany(x => x.Descriptors).FirstOrDefault(x => x.Category == category && x.Type == type);
@@ -158,7 +158,7 @@ namespace Orchard.Projections.Controllers {
public ActionResult Move(string direction, int id, int queryId) {
if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries")))
if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries")))
return new HttpUnauthorizedResult();
switch (direction) {