lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-09-23 04:43:35 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

#18074,18048: Fixing blogs and content permissions

Browse Source 
Work Items: 18074, 18048

--HG--
branch : 1.x
This commit is contained in:
Sebastien Ros
2011-09-19 15:53:46 -07:00
parent 311041025a
commit a36c04aa89
6 changed files with 40 additions and 23 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
src/Orchard.Web/Core/Common/OwnerEditor/OwnerEditorDriver.cs
View File

@@ -39,8 +39,10 @@ namespace Orchard.Core.Common.OwnerEditor {
return null;
}
var settings = part.TypePartDefinition.Settings.GetModel<OwnerEditorSettings>();
if (!settings.ShowOwnerEditor) {
part.Owner = currentUser;
return null;
}

6
src/Orchard.Web/Core/Contents/Controllers/AdminController.cs
View File

@@ -191,7 +191,7 @@ namespace Orchard.Core.Contents.Controllers {
var contentItem = _contentManager.New(id);
if (!Services.Authorizer.Authorize(Permissions.PublishContent, contentItem, T("Cannot create content")))
if (!Services.Authorizer.Authorize(Permissions.EditContent, contentItem, T("Cannot create content")))
return new HttpUnauthorizedResult();
if (containerId.HasValue && contentItem.Is<ContainablePart>()) {
@@ -218,7 +218,7 @@ namespace Orchard.Core.Contents.Controllers {
[HttpPost, ActionName("Create")]
[FormValueRequired("submit.Publish")]
public ActionResult CreateAndPublishPOST(string id, string returnUrl) {
if (!Services.Authorizer.Authorize(Permissions.PublishContent, T("Couldn't create content")))
if (!Services.Authorizer.Authorize(Permissions.PublishOwnContent, T("Couldn't create content")))
return new HttpUnauthorizedResult();
return CreatePOST(id, returnUrl, contentItem => _contentManager.Publish(contentItem));
@@ -227,7 +227,7 @@ namespace Orchard.Core.Contents.Controllers {
private ActionResult CreatePOST(string id, string returnUrl, Action<ContentItem> conditionallyPublish) {
var contentItem = _contentManager.New(id);
if (!Services.Authorizer.Authorize(Permissions.PublishContent, contentItem, T("Couldn't create content")))
if (!Services.Authorizer.Authorize(Permissions.EditContent, contentItem, T("Couldn't create content")))
return new HttpUnauthorizedResult();
_contentManager.Create(contentItem, VersionOptions.Draft);

6
src/Orchard.Web/Modules/Orchard.Blogs/AdminMenu.cs
View File

@@ -27,16 +27,16 @@ namespace Orchard.Blogs {
if (blogCount > 0 && singleBlog == null) {
menu.Add(T("Manage Blogs"), "3",
item => item.Action("List", "BlogAdmin", new {area = "Orchard.Blogs"}).Permission(Permissions.MetaListBlogs));
item => item.Action("List", "BlogAdmin", new { area = "Orchard.Blogs" }).Permission(Permissions.MetaListBlogs));
}
else if (singleBlog != null)
menu.Add(T("Manage Blog"), "1.0",
item => item.Action("Item", "BlogAdmin", new { area = "Orchard.Blogs", blogId = singleBlog.Id }).Permission(Permissions.MetaListBlogs));
item => item.Action("Item", "BlogAdmin", new { area = "Orchard.Blogs", blogId = singleBlog.Id }).Permission(Permissions.MetaListOwnBlogs));
if (singleBlog != null)
menu.Add(T("New Post"), "1.1",
item =>
item.Action("Create", "BlogPostAdmin", new { area = "Orchard.Blogs", blogId = singleBlog.Id }).Permission(Permissions.PublishBlogPost));
item.Action("Create", "BlogPostAdmin", new { area = "Orchard.Blogs", blogId = singleBlog.Id }).Permission(Permissions.MetaListOwnBlogs));
menu.Add(T("New Blog"), "1.2",
item =>

31
src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostAdminController.cs
View File

@@ -30,8 +30,6 @@ namespace Orchard.Blogs.Controllers {
public Localizer T { get; set; }
public ActionResult Create(int blogId) {
if (!Services.Authorizer.Authorize(Permissions.EditBlogPost, T("Not allowed to create blog post")))
return new HttpUnauthorizedResult();
var blog = _blogService.Get(blogId, VersionOptions.Latest).As<BlogPart>();
if (blog == null)
@@ -40,7 +38,11 @@ namespace Orchard.Blogs.Controllers {
var blogPost = Services.ContentManager.New<BlogPostPart>("BlogPost");
blogPost.BlogPart = blog;
if (!Services.Authorizer.Authorize(Permissions.EditBlogPost, blogPost, T("Not allowed to create blog post")))
return new HttpUnauthorizedResult();
dynamic model = Services.ContentManager.BuildEditor(blogPost);
// Casting to avoid invalid (under medium trust) reflection over the protected View method and force a static invocation.
return View((object)model);
}
@@ -48,32 +50,30 @@ namespace Orchard.Blogs.Controllers {
[HttpPost, ActionName("Create")]
[FormValueRequired("submit.Save")]
public ActionResult CreatePOST(int blogId) {
return CreatePOST(blogId, contentItem => {
if (!contentItem.Has<IPublishingControlAspect>() && !contentItem.TypeDefinition.Settings.GetModel<ContentTypeSettings>().Draftable)
Services.ContentManager.Publish(contentItem);
});
return CreatePOST(blogId, false);
}
[HttpPost, ActionName("Create")]
[FormValueRequired("submit.Publish")]
public ActionResult CreateAndPublishPOST(int blogId) {
if (!Services.Authorizer.Authorize(Permissions.PublishBlogPost, T("Couldn't create blog post")))
if (!Services.Authorizer.Authorize(Permissions.PublishOwnBlogPost, T("Couldn't create content")))
return new HttpUnauthorizedResult();
return CreatePOST(blogId, contentItem => Services.ContentManager.Publish(contentItem));
return CreatePOST(blogId, true);
}
private ActionResult CreatePOST(int blogId, Action<ContentItem> conditionallyPublish) {
if (!Services.Authorizer.Authorize(Permissions.EditBlogPost, T("Couldn't create blog post")))
return new HttpUnauthorizedResult();
private ActionResult CreatePOST(int blogId, bool publish = false) {
var blog = _blogService.Get(blogId, VersionOptions.Latest).As<BlogPart>();
if (blog == null)
return HttpNotFound();
var blogPost = Services.ContentManager.New<BlogPostPart>("BlogPost");
blogPost.BlogPart = blog;
if (!Services.Authorizer.Authorize(Permissions.EditBlogPost, blogPost, T("Couldn't create blog post")))
return new HttpUnauthorizedResult();
Services.ContentManager.Create(blogPost, VersionOptions.Draft);
var model = Services.ContentManager.UpdateEditor(blogPost, this);
@@ -83,7 +83,12 @@ namespace Orchard.Blogs.Controllers {
return View((object)model);
}
conditionallyPublish(blogPost.ContentItem);
if (publish) {
if (!Services.Authorizer.Authorize(Permissions.PublishBlogPost, blog.ContentItem, T("Couldn't publish blog post")))
return new HttpUnauthorizedResult();
Services.ContentManager.Publish(blog.ContentItem);
}
Services.Notifier.Information(T("Your {0} has been created.", blogPost.TypeDefinition.DisplayName));
return Redirect(Url.BlogPostEdit(blogPost));

9
src/Orchard.Web/Modules/Orchard.Blogs/Migrations.cs
View File

@@ -47,7 +47,7 @@ namespace Orchard.Blogs {
cfg => cfg
.WithPart("BlogPostPart")
.WithPart("CommonPart", p => p
.WithSetting("CommonTypePartSettings.ShowCreatedUtcEditor", "true"))
.WithSetting("DateEditorSettings.ShowDateEditor", "true"))
.WithPart("PublishLaterPart")
.WithPart("RoutePart")
.WithPart("BodyPart")
@@ -69,7 +69,7 @@ namespace Orchard.Blogs {
.WithSetting("Stereotype", "Widget")
);
return 3;
return 4;
}
public int UpdateFrom1() {
@@ -81,5 +81,10 @@ namespace Orchard.Blogs {
ContentDefinitionManager.AlterTypeDefinition("Blog", cfg => cfg.WithPart("AdminMenuPart", p => p.WithSetting("AdminMenuPartTypeSettings.DefaultPosition", "2")));
return 3;
}
public int UpdateFrom3() {
ContentDefinitionManager.AlterTypeDefinition("BlogPost", cfg => cfg.WithPart("CommonPart", p => p.WithSetting("DateEditorSettings.ShowDateEditor", "true")));
return 4;
}
}
}

9
src/Orchard.Web/Modules/Orchard.Pages/Migrations.cs
View File

@@ -8,13 +8,18 @@ namespace Orchard.Pages {
ContentDefinitionManager.AlterTypeDefinition("Page",
cfg => cfg
.WithPart("CommonPart", p => p
.WithSetting("CommonTypePartSettings.ShowCreatedUtcEditor", "true"))
.WithSetting("DateEditorSettings.ShowDateEditor", "true"))
.WithPart("PublishLaterPart")
.WithPart("RoutePart")
.WithPart("BodyPart")
.Creatable());
return 1;
return 2;
}
public int UpdateFrom1() {
ContentDefinitionManager.AlterTypeDefinition("Page", cfg => cfg.WithPart("CommonPart", p => p.WithSetting("DateEditorSettings.ShowDateEditor", "true")));
return 2;
}
}
}