Adding dynamic content type rights management

--HG-- branch : dev
2025-10-15 19:54:57 +08:00 · 2010-10-05 16:35:55 -07:00
parent 8ef28802a7
commit aca883f54a
3 changed files with 79 additions and 10 deletions
--- a/src/Orchard.Web/Core/Contents/AuthorizationEventHandler.cs
+++ b/src/Orchard.Web/Core/Contents/AuthorizationEventHandler.cs
@@ -0,0 +1,63 @@
+using System;
+using JetBrains.Annotations;
+using Orchard.ContentManagement;
+using Orchard.ContentManagement.Aspects;
+using Orchard.Core.Contents.Settings;
+using Orchard.Security;
+using Orchard.Security.Permissions;
+
+namespace Orchard.Core.Contents
+{
+    [UsedImplicitly]
+    public class AuthorizationEventHandler : IAuthorizationServiceEventHandler {
+        public void Checking(CheckAccessContext context) { }
+        public void Complete(CheckAccessContext context) { }
+
+        public void Adjust(CheckAccessContext context) {
+            if ( context.Granted || context.Content == null )
+                return;
+
+            var typeDefinition = context.Content.ContentItem.TypeDefinition;
+
+            // replace permission if more specific version exists
+            if ( typeDefinition.Settings.GetModel<ContentTypeSettings>().Creatable ) {
+                Permission permission = context.Permission;
+
+                if ( context.Permission.Name == Permissions.PublishContent.Name )
+                    permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.PublishContent, typeDefinition);
+                if ( context.Permission.Name == Permissions.EditContent.Name)
+                    permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.EditContent, typeDefinition);
+                if ( context.Permission.Name == Permissions.DeleteContent.Name)
+                    permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.DeleteContent, typeDefinition);
+
+                // converts the permission if the owner is someone else
+                if ( HasOtherOwner(context.User, context.Content) ) {
+
+                    if ( permission.Name == String.Format(DynamicPermissions.PublishContent.Name, typeDefinition.Name) )
+                        permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.PublishOthersContent, typeDefinition);
+                    if ( permission.Name == String.Format(DynamicPermissions.EditContent.Name, typeDefinition.Name) )
+                        permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.EditOthersContent, typeDefinition);
+                    if ( permission.Name == String.Format(DynamicPermissions.DeleteContent.Name, typeDefinition.Name) )
+                        permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.DeleteOthersContent, typeDefinition);
+                }
+
+                if ( permission != context.Permission ) {
+                    context.Adjusted = true;
+                    context.Permission = permission;
+                }
+            }
+        }
+
+        private static bool HasOtherOwner(IUser user, IContent content) {
+            if ( user == null || content == null )
+                return false;
+
+            var common = content.As<ICommonPart>();
+            if ( common == null || common.Owner == null )
+                return false;
+
+            return user.Id != common.Owner.Id;
+        }
+    }
+}
+
--- a/src/Orchard.Web/Core/Contents/DynamicPermissions.cs
+++ b/src/Orchard.Web/Core/Contents/DynamicPermissions.cs
@@ -9,7 +9,14 @@ using Orchard.Security.Permissions;

 namespace Orchard.Core.Contents {
    public class DynamicPermissions : IPermissionProvider {
-        public static readonly Permission ManageContentType = new Permission { Name = "ManageContentType{0}", Description = "Manage {0}" };
+        public static readonly Permission PublishOthersContent = new Permission { Description = "Publish or unpublish {0} for others", Name = "PublishOthers_{0}", ImpliedBy = new[] { Permissions.PublishOthersContent } };
+        public static readonly Permission PublishContent = new Permission { Description = "Publish or unpublish {0}", Name = "Publish_{0}", ImpliedBy = new[] { PublishOthersContent, Permissions.PublishContent } };
+        public static readonly Permission EditOthersContent = new Permission { Description = "Edit {0} for others", Name = "EditOthers_{0}", ImpliedBy = new[] { PublishOthersContent, Permissions.EditOthersContent } };
+        public static readonly Permission EditContent = new Permission { Description = "Edit {0}", Name = "EditContent", ImpliedBy = new[] { EditOthersContent, PublishContent, Permissions.EditContent } };
+        public static readonly Permission DeleteOthersContent = new Permission { Description = "Delete {0} for others", Name = "DeleteOthers_{0}", ImpliedBy = new[] { Permissions.DeleteOthersContent } };
+        public static readonly Permission DeleteContent = new Permission { Description = "Delete {0}", Name = "Delete_{0}", ImpliedBy = new[] { DeleteOthersContent, Permissions.DeleteContent } };
+
+        public static readonly Permission[] PermissionTemplates = new[] {PublishOthersContent, PublishContent, EditOthersContent, EditContent, DeleteOthersContent, DeleteContent};

        private readonly IContentDefinitionManager _contentDefinitionManager;

@@ -25,24 +32,22 @@ namespace Orchard.Core.Contents {
                .Where(ctd => ctd.Settings.GetModel<ContentTypeSettings>().Creatable);

            foreach(var typeDefinition in creatableTypes) {
-                yield return CreateDynamicPersion(ManageContentType, typeDefinition);
+                foreach ( var permissionTemplate in PermissionTemplates ) {
+                    yield return CreateDynamicPersion(permissionTemplate, typeDefinition);
+                }
            }
        }

        public IEnumerable<PermissionStereotype> GetDefaultStereotypes() {
-            return new[] {
-                new PermissionStereotype {
-                    Name = "Administrator",
-                    Permissions = _contentDefinitionManager.ListTypeDefinitions().Select(typeDefinition => CreateDynamicPersion(ManageContentType, typeDefinition))
-                }
-            };
+            return Enumerable.Empty<PermissionStereotype>();
        }

-        private static Permission CreateDynamicPersion(Permission template, ContentTypeDefinition typeDefinition) {
+        public static Permission CreateDynamicPersion(Permission template, ContentTypeDefinition typeDefinition) {
            return new Permission {
                Name = String.Format(template.Name, typeDefinition.Name),
                Description = String.Format(template.Description, typeDefinition.DisplayName),
-                Category = typeDefinition.DisplayName
+                Category = typeDefinition.DisplayName,
+                ImpliedBy = (template.ImpliedBy ?? new Permission[0]).Select(t => CreateDynamicPersion(t, typeDefinition))
            };
        }
    }
--- a/src/Orchard.Web/Core/Orchard.Core.csproj
+++ b/src/Orchard.Web/Core/Orchard.Core.csproj
@@ -86,6 +86,7 @@
    <Compile Include="Common\ViewModels\ContainerEditorViewModel.cs" />
    <Compile Include="Common\ViewModels\TextContentFieldDisplayViewModel.cs" />
    <Compile Include="Common\ViewModels\TextContentFieldEditorViewModel.cs" />
+    <Compile Include="Contents\AuthorizationEventHandler.cs" />
    <Compile Include="Contents\Controllers\ItemController.cs" />
    <Compile Include="Contents\Drivers\ContentsDriver.cs" />
    <Compile Include="Contents\DynamicPermissions.cs" />