From 97829e0948887a4f0bbaf4a760bb5fe80550bc75 Mon Sep 17 00:00:00 2001 From: Sebastien Ros Date: Mon, 12 May 2014 15:31:40 -0700 Subject: [PATCH] Fixing permissions on Projections --- .../Modules/Orchard.Projections/AdminMenu.cs | 3 ++- .../Controllers/FilterController.cs | 10 +++++----- .../Controllers/LayoutController.cs | 10 +++++----- .../Controllers/PropertyController.cs | 10 +++++----- .../Controllers/SortCriteriaController.cs | 8 ++++---- 5 files changed, 21 insertions(+), 20 deletions(-) diff --git a/src/Orchard.Web/Modules/Orchard.Projections/AdminMenu.cs b/src/Orchard.Web/Modules/Orchard.Projections/AdminMenu.cs index 06e60cbc0..9d2081b83 100644 --- a/src/Orchard.Web/Modules/Orchard.Projections/AdminMenu.cs +++ b/src/Orchard.Web/Modules/Orchard.Projections/AdminMenu.cs @@ -1,4 +1,5 @@ using Orchard.Localization; +using Orchard.Security; using Orchard.UI.Navigation; namespace Orchard.Projections { @@ -12,7 +13,7 @@ namespace Orchard.Projections { .Add(T("Queries"), "1.0", qi => qi.Action("Index", "Admin", new { area = "Orchard.Projections" }).Permission(Permissions.ManageQueries).LocalNav()) .Add(T("Bindings"), "2.0", - bi => bi.Action("Index", "Binding", new { area = "Orchard.Projections" }).Permission(Permissions.ManageQueries).LocalNav()) + bi => bi.Action("Index", "Binding", new { area = "Orchard.Projections" }).Permission(StandardPermissions.SiteOwner).LocalNav()) ); } } diff --git a/src/Orchard.Web/Modules/Orchard.Projections/Controllers/FilterController.cs b/src/Orchard.Web/Modules/Orchard.Projections/Controllers/FilterController.cs index 75fa30a73..fc73dbd25 100644 --- a/src/Orchard.Web/Modules/Orchard.Projections/Controllers/FilterController.cs +++ b/src/Orchard.Web/Modules/Orchard.Projections/Controllers/FilterController.cs @@ -43,7 +43,7 @@ namespace Orchard.Projections.Controllers { public dynamic Shape { get; set; } public ActionResult Add(int id) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); var viewModel = new FilterAddViewModel { Id = id, Filters = _projectionManager.DescribeFilters() }; @@ -51,7 +51,7 @@ namespace Orchard.Projections.Controllers { } public ActionResult AddGroup(int id) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); var query = _queryService.GetQuery(id).Record; @@ -67,7 +67,7 @@ namespace Orchard.Projections.Controllers { [HttpPost] public ActionResult DeleteGroup(int id) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); var group = _groupRepository.Get(id); @@ -85,7 +85,7 @@ namespace Orchard.Projections.Controllers { public ActionResult Delete(int id, int filterId) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); var filter = _repository.Get(filterId); @@ -102,7 +102,7 @@ namespace Orchard.Projections.Controllers { } public ActionResult Edit(int id, string category, string type, int filterId = -1) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); var filter = _projectionManager.DescribeFilters().SelectMany(x => x.Descriptors).FirstOrDefault(x => x.Category == category && x.Type == type); diff --git a/src/Orchard.Web/Modules/Orchard.Projections/Controllers/LayoutController.cs b/src/Orchard.Web/Modules/Orchard.Projections/Controllers/LayoutController.cs index 383107328..4cba6d990 100644 --- a/src/Orchard.Web/Modules/Orchard.Projections/Controllers/LayoutController.cs +++ b/src/Orchard.Web/Modules/Orchard.Projections/Controllers/LayoutController.cs @@ -42,7 +42,7 @@ namespace Orchard.Projections.Controllers { public dynamic Shape { get; set; } public ActionResult Add(int id) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); var viewModel = new LayoutAddViewModel { Id = id, Layouts = _projectionManager.DescribeLayouts() }; @@ -51,7 +51,7 @@ namespace Orchard.Projections.Controllers { [HttpPost] public ActionResult Delete(int id) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); var layout = _repository.Get(id); @@ -70,7 +70,7 @@ namespace Orchard.Projections.Controllers { } public ActionResult Create(int id, string category, string type) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); var layout = _projectionManager.DescribeLayouts().SelectMany(x => x.Descriptors).FirstOrDefault(x => x.Category == category && x.Type == type); @@ -93,7 +93,7 @@ namespace Orchard.Projections.Controllers { [HttpPost, ActionName("Create")] public ActionResult CreatePost(LayoutEditViewModel model, FormCollection formCollection) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); // validating form values @@ -129,7 +129,7 @@ namespace Orchard.Projections.Controllers { } public ActionResult Edit(int id) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); LayoutRecord layoutRecord = _repository.Get(id); diff --git a/src/Orchard.Web/Modules/Orchard.Projections/Controllers/PropertyController.cs b/src/Orchard.Web/Modules/Orchard.Projections/Controllers/PropertyController.cs index 8368a21d0..d2dcc4606 100644 --- a/src/Orchard.Web/Modules/Orchard.Projections/Controllers/PropertyController.cs +++ b/src/Orchard.Web/Modules/Orchard.Projections/Controllers/PropertyController.cs @@ -46,7 +46,7 @@ namespace Orchard.Projections.Controllers { public dynamic Shape { get; set; } public ActionResult Add(int id) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); var viewModel = new PropertyAddViewModel { Id = id, Properties = _projectionManager.DescribeProperties() }; @@ -55,7 +55,7 @@ namespace Orchard.Projections.Controllers { [HttpPost] public ActionResult Delete(int id, int propertyId) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); var property = _repository.Get(propertyId); @@ -72,7 +72,7 @@ namespace Orchard.Projections.Controllers { } public ActionResult Edit(int id, string category, string type, int propertyId = -1) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); var property = _projectionManager.DescribeProperties().SelectMany(x => x.Descriptors).Where(x => x.Category == category && x.Type == type).FirstOrDefault(); @@ -140,7 +140,7 @@ namespace Orchard.Projections.Controllers { [HttpPost, ActionName("Edit")] public ActionResult EditPost(int id, string category, string type, [DefaultValue(-1)]int propertyId, FormCollection formCollection) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); var layout = _layoutRepository.Get(id); @@ -213,7 +213,7 @@ namespace Orchard.Projections.Controllers { } public ActionResult Move(string direction, int id, int layoutId) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); switch (direction) { diff --git a/src/Orchard.Web/Modules/Orchard.Projections/Controllers/SortCriteriaController.cs b/src/Orchard.Web/Modules/Orchard.Projections/Controllers/SortCriteriaController.cs index 670bad846..0a7627882 100644 --- a/src/Orchard.Web/Modules/Orchard.Projections/Controllers/SortCriteriaController.cs +++ b/src/Orchard.Web/Modules/Orchard.Projections/Controllers/SortCriteriaController.cs @@ -44,7 +44,7 @@ namespace Orchard.Projections.Controllers { public dynamic Shape { get; set; } public ActionResult Add(int id) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); var viewModel = new SortCriterionAddViewModel { Id = id, SortCriteria = _projectionManager.DescribeSortCriteria() }; @@ -53,7 +53,7 @@ namespace Orchard.Projections.Controllers { [HttpPost] public ActionResult Delete(int id, int sortCriterionId) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); var sortCriterion = _repository.Get(sortCriterionId); @@ -70,7 +70,7 @@ namespace Orchard.Projections.Controllers { } public ActionResult Edit(int id, string category, string type, int sortCriterionId = -1) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); var sortCriterion = _projectionManager.DescribeSortCriteria().SelectMany(x => x.Descriptors).FirstOrDefault(x => x.Category == category && x.Type == type); @@ -158,7 +158,7 @@ namespace Orchard.Projections.Controllers { public ActionResult Move(string direction, int id, int queryId) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage queries"))) + if (!Services.Authorizer.Authorize(Permissions.ManageQueries, T("Not authorized to manage queries"))) return new HttpUnauthorizedResult(); switch (direction) {