lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-09-23 21:13:35 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

#18074,18048: Fixing blogs and content permissions

Browse Source 
Work Items: 18074, 18048

--HG--
branch : 1.x
This commit is contained in:
Sebastien Ros
2011-09-19 15:53:46 -07:00
parent 311041025a
commit a36c04aa89
6 changed files with 40 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Orchard.Web/Core/Common/OwnerEditor/OwnerEditorDriver.cs
View File

@@ -39,8 +39,10 @@ namespace Orchard.Core.Common.OwnerEditor {
return null; return null;
} }
var settings = part.TypePartDefinition.Settings.GetModel<OwnerEditorSettings>(); var settings = part.TypePartDefinition.Settings.GetModel<OwnerEditorSettings>();
if (!settings.ShowOwnerEditor) { if (!settings.ShowOwnerEditor) {
part.Owner = currentUser;
return null; return null;
} }

6
src/Orchard.Web/Core/Contents/Controllers/AdminController.cs
View File

@@ -191,7 +191,7 @@ namespace Orchard.Core.Contents.Controllers {
var contentItem = _contentManager.New(id); var contentItem = _contentManager.New(id);
if (!Services.Authorizer.Authorize(Permissions.PublishContent, contentItem, T("Cannot create content"))) if (!Services.Authorizer.Authorize(Permissions.EditContent, contentItem, T("Cannot create content")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
if (containerId.HasValue && contentItem.Is<ContainablePart>()) { if (containerId.HasValue && contentItem.Is<ContainablePart>()) {
@@ -218,7 +218,7 @@ namespace Orchard.Core.Contents.Controllers {
[HttpPost, ActionName("Create")] [HttpPost, ActionName("Create")]
[FormValueRequired("submit.Publish")] [FormValueRequired("submit.Publish")]
public ActionResult CreateAndPublishPOST(string id, string returnUrl) { public ActionResult CreateAndPublishPOST(string id, string returnUrl) {
if (!Services.Authorizer.Authorize(Permissions.PublishContent, T("Couldn't create content"))) if (!Services.Authorizer.Authorize(Permissions.PublishOwnContent, T("Couldn't create content")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
return CreatePOST(id, returnUrl, contentItem => _contentManager.Publish(contentItem)); return CreatePOST(id, returnUrl, contentItem => _contentManager.Publish(contentItem));
@@ -227,7 +227,7 @@ namespace Orchard.Core.Contents.Controllers {
private ActionResult CreatePOST(string id, string returnUrl, Action<ContentItem> conditionallyPublish) { private ActionResult CreatePOST(string id, string returnUrl, Action<ContentItem> conditionallyPublish) {
var contentItem = _contentManager.New(id); var contentItem = _contentManager.New(id);
if (!Services.Authorizer.Authorize(Permissions.PublishContent, contentItem, T("Couldn't create content"))) if (!Services.Authorizer.Authorize(Permissions.EditContent, contentItem, T("Couldn't create content")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
_contentManager.Create(contentItem, VersionOptions.Draft); _contentManager.Create(contentItem, VersionOptions.Draft);

4
src/Orchard.Web/Modules/Orchard.Blogs/AdminMenu.cs
View File

@@ -31,12 +31,12 @@ namespace Orchard.Blogs {
} }
else if (singleBlog != null) else if (singleBlog != null)
menu.Add(T("Manage Blog"), "1.0", menu.Add(T("Manage Blog"), "1.0",
item => item.Action("Item", "BlogAdmin", new { area = "Orchard.Blogs", blogId = singleBlog.Id }).Permission(Permissions.MetaListBlogs)); item => item.Action("Item", "BlogAdmin", new { area = "Orchard.Blogs", blogId = singleBlog.Id }).Permission(Permissions.MetaListOwnBlogs));
if (singleBlog != null) if (singleBlog != null)
menu.Add(T("New Post"), "1.1", menu.Add(T("New Post"), "1.1",
item => item =>
item.Action("Create", "BlogPostAdmin", new { area = "Orchard.Blogs", blogId = singleBlog.Id }).Permission(Permissions.PublishBlogPost)); item.Action("Create", "BlogPostAdmin", new { area = "Orchard.Blogs", blogId = singleBlog.Id }).Permission(Permissions.MetaListOwnBlogs));
menu.Add(T("New Blog"), "1.2", menu.Add(T("New Blog"), "1.2",
item => item =>

31
src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostAdminController.cs
View File

@@ -30,8 +30,6 @@ namespace Orchard.Blogs.Controllers {
public Localizer T { get; set; } public Localizer T { get; set; }
public ActionResult Create(int blogId) { public ActionResult Create(int blogId) {
if (!Services.Authorizer.Authorize(Permissions.EditBlogPost, T("Not allowed to create blog post")))
return new HttpUnauthorizedResult();
var blog = _blogService.Get(blogId, VersionOptions.Latest).As<BlogPart>(); var blog = _blogService.Get(blogId, VersionOptions.Latest).As<BlogPart>();
if (blog == null) if (blog == null)
@@ -40,7 +38,11 @@ namespace Orchard.Blogs.Controllers {
var blogPost = Services.ContentManager.New<BlogPostPart>("BlogPost"); var blogPost = Services.ContentManager.New<BlogPostPart>("BlogPost");
blogPost.BlogPart = blog; blogPost.BlogPart = blog;
if (!Services.Authorizer.Authorize(Permissions.EditBlogPost, blogPost, T("Not allowed to create blog post")))
return new HttpUnauthorizedResult();
dynamic model = Services.ContentManager.BuildEditor(blogPost); dynamic model = Services.ContentManager.BuildEditor(blogPost);
// Casting to avoid invalid (under medium trust) reflection over the protected View method and force a static invocation. // Casting to avoid invalid (under medium trust) reflection over the protected View method and force a static invocation.
return View((object)model); return View((object)model);
} }
@@ -48,32 +50,30 @@ namespace Orchard.Blogs.Controllers {
[HttpPost, ActionName("Create")] [HttpPost, ActionName("Create")]
[FormValueRequired("submit.Save")] [FormValueRequired("submit.Save")]
public ActionResult CreatePOST(int blogId) { public ActionResult CreatePOST(int blogId) {
return CreatePOST(blogId, contentItem => { return CreatePOST(blogId, false);
if (!contentItem.Has<IPublishingControlAspect>() && !contentItem.TypeDefinition.Settings.GetModel<ContentTypeSettings>().Draftable)
Services.ContentManager.Publish(contentItem);
});
} }
[HttpPost, ActionName("Create")] [HttpPost, ActionName("Create")]
[FormValueRequired("submit.Publish")] [FormValueRequired("submit.Publish")]
public ActionResult CreateAndPublishPOST(int blogId) { public ActionResult CreateAndPublishPOST(int blogId) {
if (!Services.Authorizer.Authorize(Permissions.PublishBlogPost, T("Couldn't create blog post"))) if (!Services.Authorizer.Authorize(Permissions.PublishOwnBlogPost, T("Couldn't create content")))
return new HttpUnauthorizedResult(); return new HttpUnauthorizedResult();
return CreatePOST(blogId, contentItem => Services.ContentManager.Publish(contentItem)); return CreatePOST(blogId, true);
} }
private ActionResult CreatePOST(int blogId, Action<ContentItem> conditionallyPublish) { private ActionResult CreatePOST(int blogId, bool publish = false) {
if (!Services.Authorizer.Authorize(Permissions.EditBlogPost, T("Couldn't create blog post")))
return new HttpUnauthorizedResult();
var blog = _blogService.Get(blogId, VersionOptions.Latest).As<BlogPart>(); var blog = _blogService.Get(blogId, VersionOptions.Latest).As<BlogPart>();
if (blog == null) if (blog == null)
return HttpNotFound(); return HttpNotFound();
var blogPost = Services.ContentManager.New<BlogPostPart>("BlogPost"); var blogPost = Services.ContentManager.New<BlogPostPart>("BlogPost");
blogPost.BlogPart = blog; blogPost.BlogPart = blog;
if (!Services.Authorizer.Authorize(Permissions.EditBlogPost, blogPost, T("Couldn't create blog post")))
return new HttpUnauthorizedResult();
Services.ContentManager.Create(blogPost, VersionOptions.Draft); Services.ContentManager.Create(blogPost, VersionOptions.Draft);
var model = Services.ContentManager.UpdateEditor(blogPost, this); var model = Services.ContentManager.UpdateEditor(blogPost, this);
@@ -83,7 +83,12 @@ namespace Orchard.Blogs.Controllers {
return View((object)model); return View((object)model);
} }
conditionallyPublish(blogPost.ContentItem); if (publish) {
if (!Services.Authorizer.Authorize(Permissions.PublishBlogPost, blog.ContentItem, T("Couldn't publish blog post")))
return new HttpUnauthorizedResult();
Services.ContentManager.Publish(blog.ContentItem);
}
Services.Notifier.Information(T("Your {0} has been created.", blogPost.TypeDefinition.DisplayName)); Services.Notifier.Information(T("Your {0} has been created.", blogPost.TypeDefinition.DisplayName));
return Redirect(Url.BlogPostEdit(blogPost)); return Redirect(Url.BlogPostEdit(blogPost));

9
src/Orchard.Web/Modules/Orchard.Blogs/Migrations.cs
View File

@@ -47,7 +47,7 @@ namespace Orchard.Blogs {
cfg => cfg cfg => cfg
.WithPart("BlogPostPart") .WithPart("BlogPostPart")
.WithPart("CommonPart", p => p .WithPart("CommonPart", p => p
.WithSetting("CommonTypePartSettings.ShowCreatedUtcEditor", "true")) .WithSetting("DateEditorSettings.ShowDateEditor", "true"))
.WithPart("PublishLaterPart") .WithPart("PublishLaterPart")
.WithPart("RoutePart") .WithPart("RoutePart")
.WithPart("BodyPart") .WithPart("BodyPart")
@@ -69,7 +69,7 @@ namespace Orchard.Blogs {
.WithSetting("Stereotype", "Widget") .WithSetting("Stereotype", "Widget")
); );
return 3; return 4;
} }
public int UpdateFrom1() { public int UpdateFrom1() {
@@ -81,5 +81,10 @@ namespace Orchard.Blogs {
ContentDefinitionManager.AlterTypeDefinition("Blog", cfg => cfg.WithPart("AdminMenuPart", p => p.WithSetting("AdminMenuPartTypeSettings.DefaultPosition", "2"))); ContentDefinitionManager.AlterTypeDefinition("Blog", cfg => cfg.WithPart("AdminMenuPart", p => p.WithSetting("AdminMenuPartTypeSettings.DefaultPosition", "2")));
return 3; return 3;
} }
public int UpdateFrom3() {
ContentDefinitionManager.AlterTypeDefinition("BlogPost", cfg => cfg.WithPart("CommonPart", p => p.WithSetting("DateEditorSettings.ShowDateEditor", "true")));
return 4;
}
} }
} }

9
src/Orchard.Web/Modules/Orchard.Pages/Migrations.cs
View File

@@ -8,13 +8,18 @@ namespace Orchard.Pages {
ContentDefinitionManager.AlterTypeDefinition("Page", ContentDefinitionManager.AlterTypeDefinition("Page",
cfg => cfg cfg => cfg
.WithPart("CommonPart", p => p .WithPart("CommonPart", p => p
.WithSetting("CommonTypePartSettings.ShowCreatedUtcEditor", "true")) .WithSetting("DateEditorSettings.ShowDateEditor", "true"))
.WithPart("PublishLaterPart") .WithPart("PublishLaterPart")
.WithPart("RoutePart") .WithPart("RoutePart")
.WithPart("BodyPart") .WithPart("BodyPart")
.Creatable()); .Creatable());
return 1; return 2;
}
public int UpdateFrom1() {
ContentDefinitionManager.AlterTypeDefinition("Page", cfg => cfg.WithPart("CommonPart", p => p.WithSetting("DateEditorSettings.ShowDateEditor", "true")));
return 2;
} }
} }
} }