From 9d3f5c2d200c81cfc2ac1cf516822d6ead53fc96 Mon Sep 17 00:00:00 2001 From: Sebastien Ros Date: Tue, 29 Jul 2014 11:23:07 -0700 Subject: [PATCH] Adding lists permissions --- .../Modules/Orchard.Lists/AdminMenu.cs | 23 ++++++++-- .../Controllers/AdminController.cs | 16 +++---- .../Orchard.Lists/Orchard.Lists.csproj | 1 + .../Modules/Orchard.Lists/Permissions.cs | 42 +++++++++++++++++++ 4 files changed, 70 insertions(+), 12 deletions(-) create mode 100644 src/Orchard.Web/Modules/Orchard.Lists/Permissions.cs diff --git a/src/Orchard.Web/Modules/Orchard.Lists/AdminMenu.cs b/src/Orchard.Web/Modules/Orchard.Lists/AdminMenu.cs index b7332b63f..2598f46d5 100644 --- a/src/Orchard.Web/Modules/Orchard.Lists/AdminMenu.cs +++ b/src/Orchard.Web/Modules/Orchard.Lists/AdminMenu.cs @@ -4,6 +4,7 @@ using Orchard.ContentManagement; using Orchard.Core.Containers.Models; using Orchard.Core.Containers.Services; using Orchard.Localization; +using Orchard.Security; using Orchard.UI.Navigation; using Orchard.Utility.Extensions; @@ -11,10 +12,19 @@ namespace Orchard.Lists { public class AdminMenu : INavigationProvider { private readonly IContainerService _containerService; private readonly IContentManager _contentManager; - - public AdminMenu(IContainerService containerService, IContentManager contentManager) { + private readonly IAuthorizationService _authorizationService; + private readonly IWorkContextAccessor _workContextAccessor; + + public AdminMenu( + IContainerService containerService, + IContentManager contentManager, + IAuthorizationService authorizationService, + IWorkContextAccessor workContextAccessor + ) { _containerService = containerService; _contentManager = contentManager; + _authorizationService = authorizationService; + _workContextAccessor = workContextAccessor; } public Localizer T { get; set; } @@ -29,12 +39,17 @@ namespace Orchard.Lists { private void CreateListManagementMenuItem(NavigationBuilder builder) { builder.Add(T("Lists"), "11", item => item - .Action("Index", "Admin", new {area = "Orchard.Lists"}) + .Action("Index", "Admin", new {area = "Orchard.Lists"}).Permission(Permissions.ManageLists) ); } private void CreateListMenuItems(NavigationBuilder builder) { - var containers = _containerService.GetContainersQuery(VersionOptions.Latest).Where(x => x.ShowOnAdminMenu).List().ToList(); + var containers = _containerService + .GetContainersQuery(VersionOptions.Latest) + .Where(x => x.ShowOnAdminMenu) + .List() + .Where(x => _authorizationService.TryCheckAccess(Orchard.Core.Contents.Permissions.EditContent, _workContextAccessor.GetContext().CurrentUser, x)) + .ToList(); foreach (var container in containers) { var closureContainer = container; diff --git a/src/Orchard.Web/Modules/Orchard.Lists/Controllers/AdminController.cs b/src/Orchard.Web/Modules/Orchard.Lists/Controllers/AdminController.cs index f1b7d5138..fd944893e 100644 --- a/src/Orchard.Web/Modules/Orchard.Lists/Controllers/AdminController.cs +++ b/src/Orchard.Web/Modules/Orchard.Lists/Controllers/AdminController.cs @@ -129,7 +129,7 @@ namespace Orchard.Lists.Controllers { break; case ContentsBulkAction.PublishNow: foreach (var item in checkedContentItems) { - if (!_services.Authorizer.Authorize(Permissions.PublishContent, item, T("Couldn't publish selected lists."))) { + if (!_services.Authorizer.Authorize(Orchard.Core.Contents.Permissions.PublishContent, item, T("Couldn't publish selected lists."))) { _transactionManager.Cancel(); return new HttpUnauthorizedResult(); } @@ -139,7 +139,7 @@ namespace Orchard.Lists.Controllers { break; case ContentsBulkAction.Unpublish: foreach (var item in checkedContentItems) { - if (!_services.Authorizer.Authorize(Permissions.PublishContent, item, T("Couldn't unpublish selected lists."))) { + if (!_services.Authorizer.Authorize(Orchard.Core.Contents.Permissions.PublishContent, item, T("Couldn't unpublish selected lists."))) { _transactionManager.Cancel(); return new HttpUnauthorizedResult(); } @@ -149,7 +149,7 @@ namespace Orchard.Lists.Controllers { break; case ContentsBulkAction.Remove: foreach (var item in checkedContentItems) { - if (!_services.Authorizer.Authorize(Permissions.DeleteContent, item, T("Couldn't remove selected lists."))) { + if (!_services.Authorizer.Authorize(Orchard.Core.Contents.Permissions.DeleteContent, item, T("Couldn't remove selected lists."))) { _transactionManager.Cancel(); return new HttpUnauthorizedResult(); } @@ -435,7 +435,7 @@ namespace Orchard.Lists.Controllers { var selectedItems = _contentManager.GetMany(selectedIds, VersionOptions.Latest, QueryHints.Empty); foreach (var item in selectedItems) { - if (!_services.Authorizer.Authorize(Permissions.EditContent, item, T("Couldn't move selected content."))) { + if (!_services.Authorizer.Authorize(Orchard.Core.Contents.Permissions.EditContent, item, T("Couldn't move selected content."))) { return false; } @@ -455,7 +455,7 @@ namespace Orchard.Lists.Controllers { private bool BulkRemoveFromList(IEnumerable itemIds) { var selectedItems = _contentManager.GetMany(itemIds, VersionOptions.Latest, QueryHints.Empty); foreach (var item in selectedItems) { - if (!_services.Authorizer.Authorize(Permissions.EditContent, item, T("Couldn't remove selected content from the list."))) { + if (!_services.Authorizer.Authorize(Orchard.Core.Contents.Permissions.EditContent, item, T("Couldn't remove selected content from the list."))) { _services.TransactionManager.Cancel(); return false; } @@ -468,7 +468,7 @@ namespace Orchard.Lists.Controllers { private bool BulkRemove(IEnumerable itemIds) { foreach (var item in itemIds.Select(itemId => _contentManager.GetLatest(itemId))) { - if (!_services.Authorizer.Authorize(Permissions.DeleteContent, item, T("Couldn't remove selected content."))) { + if (!_services.Authorizer.Authorize(Orchard.Core.Contents.Permissions.DeleteContent, item, T("Couldn't remove selected content."))) { _services.TransactionManager.Cancel(); return false; } @@ -481,7 +481,7 @@ namespace Orchard.Lists.Controllers { private bool BulkUnpublish(IEnumerable itemIds) { foreach (var item in itemIds.Select(itemId => _contentManager.GetLatest(itemId))) { - if (!_services.Authorizer.Authorize(Permissions.PublishContent, item, T("Couldn't unpublish selected content."))) { + if (!_services.Authorizer.Authorize(Orchard.Core.Contents.Permissions.PublishContent, item, T("Couldn't unpublish selected content."))) { _services.TransactionManager.Cancel(); return false; } @@ -494,7 +494,7 @@ namespace Orchard.Lists.Controllers { private bool BulkPublishNow(IEnumerable itemIds) { foreach (var item in itemIds.Select(itemId => _contentManager.GetLatest(itemId))) { - if (!_services.Authorizer.Authorize(Permissions.PublishContent, item, T("Couldn't publish selected content."))) { + if (!_services.Authorizer.Authorize(Orchard.Core.Contents.Permissions.PublishContent, item, T("Couldn't publish selected content."))) { _services.TransactionManager.Cancel(); return false; } diff --git a/src/Orchard.Web/Modules/Orchard.Lists/Orchard.Lists.csproj b/src/Orchard.Web/Modules/Orchard.Lists/Orchard.Lists.csproj index dc555ddfd..542c5b0f2 100644 --- a/src/Orchard.Web/Modules/Orchard.Lists/Orchard.Lists.csproj +++ b/src/Orchard.Web/Modules/Orchard.Lists/Orchard.Lists.csproj @@ -66,6 +66,7 @@ + diff --git a/src/Orchard.Web/Modules/Orchard.Lists/Permissions.cs b/src/Orchard.Web/Modules/Orchard.Lists/Permissions.cs new file mode 100644 index 000000000..93f47c188 --- /dev/null +++ b/src/Orchard.Web/Modules/Orchard.Lists/Permissions.cs @@ -0,0 +1,42 @@ +using System.Collections.Generic; +using Orchard.Environment.Extensions.Models; +using Orchard.Security.Permissions; + +namespace Orchard.Lists { + public class Permissions : IPermissionProvider { + public static readonly Permission ManageLists = new Permission { Description = "Manage lists", Name = "ManageLists" }; + + public virtual Feature Feature { get; set; } + + public IEnumerable GetPermissions() { + return new[] { + ManageLists, + }; + } + + public IEnumerable GetDefaultStereotypes() { + return new[] { + new PermissionStereotype { + Name = "Administrator", + Permissions = new[] {ManageLists} + }, + new PermissionStereotype { + Name = "Editor", + Permissions = new[] {ManageLists} + }, + new PermissionStereotype { + Name = "Moderator", + }, + new PermissionStereotype { + Name = "Author", + }, + new PermissionStereotype { + Name = "Contributor", + }, + }; + } + + } +} + +