lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-11-28 17:32:44 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

- Blogs: Some permission checks for recently added operations

Browse Source 
--HG--
extra : convert_revision : svn%3A5ff7c347-ad56-4c35-b696-ccb81de16e03/trunk%4043120
This commit is contained in:
suhacan
2009-12-03 22:53:49 +00:00
parent 807facdb91
commit a61f5a5dd4
3 changed files with 25 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

16
src/Orchard.Web/Packages/Orchard.Blogs/Controllers/BlogController.cs
View File

@@ -9,6 +9,7 @@ using Orchard.Localization;
using Orchard.Models; using Orchard.Models;
using Orchard.Models.Driver; using Orchard.Models.Driver;
using Orchard.Mvc.Results; using Orchard.Mvc.Results;
using Orchard.Security;
using Orchard.UI.Notify; using Orchard.UI.Notify;
namespace Orchard.Blogs.Controllers { namespace Orchard.Blogs.Controllers {
@@ -16,13 +17,17 @@ namespace Orchard.Blogs.Controllers {
public class BlogController : Controller, IUpdateModel { public class BlogController : Controller, IUpdateModel {
private readonly ISessionLocator _sessionLocator; private readonly ISessionLocator _sessionLocator;
private readonly IContentManager _contentManager; private readonly IContentManager _contentManager;
private readonly IAuthorizer _authorizer;
private readonly INotifier _notifier; private readonly INotifier _notifier;
private readonly IBlogService _blogService; private readonly IBlogService _blogService;
private readonly IBlogPostService _blogPostService; private readonly IBlogPostService _blogPostService;
public BlogController(ISessionLocator sessionLocator, IContentManager contentManager, INotifier notifier, IBlogService blogService, IBlogPostService blogPostService) { public BlogController(ISessionLocator sessionLocator, IContentManager contentManager,
IAuthorizer authorizer, INotifier notifier,
IBlogService blogService, IBlogPostService blogPostService) {
_sessionLocator = sessionLocator; _sessionLocator = sessionLocator;
_contentManager = contentManager; _contentManager = contentManager;
_authorizer = authorizer;
_notifier = notifier; _notifier = notifier;
_blogService = blogService; _blogService = blogService;
_blogPostService = blogPostService; _blogPostService = blogPostService;
@@ -70,6 +75,9 @@ namespace Orchard.Blogs.Controllers {
[HttpPost] [HttpPost]
public ActionResult Create(CreateBlogViewModel model) { public ActionResult Create(CreateBlogViewModel model) {
if (!_authorizer.Authorize(Permissions.CreateBlog, T("Couldn't create blog")))
return new HttpUnauthorizedResult();
if (!ModelState.IsValid) if (!ModelState.IsValid)
return View(model); return View(model);
@@ -97,6 +105,9 @@ namespace Orchard.Blogs.Controllers {
[HttpPost] [HttpPost]
public ActionResult Edit(string blogSlug, FormCollection input) { public ActionResult Edit(string blogSlug, FormCollection input) {
if (!_authorizer.Authorize(Permissions.ModifyBlog, T("Couldn't edit blog")))
return new HttpUnauthorizedResult();
//TODO: (erikpo) Move looking up the current blog up into a modelbinder //TODO: (erikpo) Move looking up the current blog up into a modelbinder
Blog blog = _blogService.Get(blogSlug); Blog blog = _blogService.Get(blogSlug);
@@ -117,6 +128,9 @@ namespace Orchard.Blogs.Controllers {
//[HttpPost] <- todo: (heskew) make all add/edit/remove POST only and verify the AntiForgeryToken //[HttpPost] <- todo: (heskew) make all add/edit/remove POST only and verify the AntiForgeryToken
public ActionResult Delete(string blogSlug) { public ActionResult Delete(string blogSlug) {
if (!_authorizer.Authorize(Permissions.DeleteBlog, T("Couldn't delete blog")))
return new HttpUnauthorizedResult();
//TODO: (erikpo) Move looking up the current blog up into a modelbinder //TODO: (erikpo) Move looking up the current blog up into a modelbinder
Blog blog = _blogService.Get(blogSlug); Blog blog = _blogService.Get(blogSlug);

3
src/Orchard.Web/Packages/Orchard.Blogs/Controllers/BlogPostController.cs
View File

@@ -149,6 +149,9 @@ namespace Orchard.Blogs.Controllers {
[HttpPost] [HttpPost]
public ActionResult Delete(string blogSlug, string postSlug) { public ActionResult Delete(string blogSlug, string postSlug) {
if (!_authorizer.Authorize(Permissions.DeletePost, T("Couldn't delete blog post")))
return new HttpUnauthorizedResult();
//TODO: (erikpo) Move looking up the current blog up into a modelbinder //TODO: (erikpo) Move looking up the current blog up into a modelbinder
Blog blog = _blogService.Get(blogSlug); Blog blog = _blogService.Get(blogSlug);

8
src/Orchard.Web/Packages/Orchard.Blogs/Permissions.cs
View File

@@ -11,6 +11,9 @@ namespace Orchard.Blogs {
public static readonly Permission PublishPost = new Permission { Description = "Publishing a Blog Post", Name = "PublishPost" }; public static readonly Permission PublishPost = new Permission { Description = "Publishing a Blog Post", Name = "PublishPost" };
public static readonly Permission UnpublishPost = new Permission { Description = "Unpublishing a Blog Post", Name = "UnpublishPost" }; public static readonly Permission UnpublishPost = new Permission { Description = "Unpublishing a Blog Post", Name = "UnpublishPost" };
public static readonly Permission SchedulePost = new Permission { Description = "Scheduling a Blog Post", Name = "SchedulePost" }; public static readonly Permission SchedulePost = new Permission { Description = "Scheduling a Blog Post", Name = "SchedulePost" };
public static readonly Permission CreateBlog = new Permission { Description = "Creating a Blog", Name = "CreateBlog" };
public static readonly Permission ModifyBlog = new Permission { Description = "Mofifying a Blog", Name = "ModifyBlog" };
public static readonly Permission DeleteBlog = new Permission { Description = "Deleting a Blog", Name = "DeleteBlog" };
public string PackageName { public string PackageName {
get { get {
@@ -27,7 +30,10 @@ namespace Orchard.Blogs {
DeletePost, DeletePost,
PublishPost, PublishPost,
UnpublishPost, UnpublishPost,
SchedulePost SchedulePost,
CreateBlog,
ModifyBlog,
DeleteBlog
}; };
} }
} }