Added permission checks.

2025-10-15 19:54:57 +08:00 · 2015-06-27 12:51:08 +03:00
parent ca4fb40bdf
commit b1c782f560
5 changed files with 36 additions and 6 deletions
--- a/src/Orchard.Web/Modules/Orchard.Dashboards/Controllers/DashboardController.cs
+++ b/src/Orchard.Web/Modules/Orchard.Dashboards/Controllers/DashboardController.cs
@@ -1,6 +1,8 @@
 using System;
 using System.Web.Mvc;
 using Orchard.ContentManagement;
+using Orchard.ContentManagement.Aspects;
+using Orchard.Core.Contents.Settings;
 using Orchard.Dashboards.Services;
 using Orchard.Localization;
 using Orchard.Mvc;
@@ -28,6 +30,9 @@ namespace Orchard.Dashboards.Controllers {
        }

        public ActionResult Edit() {
+            if (!_services.Authorizer.Authorize(Permissions.ManageDashboards))
+                return new HttpUnauthorizedResult();
+
            var dashboard = _dashboardService.GetDashboardDescriptor();
            var editor = dashboard.Editor(_services.New);
            return View(editor);
@@ -37,16 +42,26 @@ namespace Orchard.Dashboards.Controllers {
        [HttpPost]
        [FormValueRequired("submit.Save")]
        public ActionResult Save() {
-            return UpdateDashboard(dashboard => _services.Notifier.Information(T("Your dashboard has been saved.")));
+            if (!_services.Authorizer.Authorize(Permissions.ManageDashboards))
+                return new HttpUnauthorizedResult();
+
+            return UpdateDashboard(dashboard => {
+                if (!dashboard.Has<IPublishingControlAspect>() && !dashboard.TypeDefinition.Settings.GetModel<ContentTypeSettings>().Draftable)
+                    _services.ContentManager.Publish(dashboard);
+                _services.Notifier.Information(T("Your dashboard has been saved."));
+            });
        }

        [ActionName("Edit")]
        [HttpPost]
        [FormValueRequired("submit.Publish")]
        public ActionResult Publish() {
+            if (!_services.Authorizer.Authorize(Permissions.ManageDashboards))
+                return new HttpUnauthorizedResult();
+
            return UpdateDashboard(dashboard => {
-                _services.Notifier.Information(T("Your dashboard has been published."));
                _services.ContentManager.Publish(dashboard);
+                _services.Notifier.Information(T("Your dashboard has been published."));
            });
        }

@@ -63,6 +78,8 @@ namespace Orchard.Dashboards.Controllers {

            if (contentItem != null)
                conditonallyPublish(contentItem);
+            else
+                _services.Notifier.Information(T("Your dashboard has been saved."));

            return RedirectToAction("Edit");
        }
--- a/src/Orchard.Web/Modules/Orchard.Dashboards/Orchard.Dashboards.csproj
+++ b/src/Orchard.Web/Modules/Orchard.Dashboards/Orchard.Dashboards.csproj
@@ -24,6 +24,7 @@
    <IISExpressAnonymousAuthentication />
    <IISExpressWindowsAuthentication />
    <IISExpressUseClassicPipelineMode />
+    <UseGlobalApplicationHostFile />
  </PropertyGroup>
  <PropertyGroup Condition=" '$(Configuration)|$(Platform)' == 'Debug|AnyCPU' ">
    <DebugSymbols>true</DebugSymbols>
@@ -62,6 +63,10 @@
    <Reference Include="System.Web.Extensions" />
    <Reference Include="System.Web.Abstractions" />
    <Reference Include="System.Web.Routing" />
+    <Reference Include="System.Web.WebPages, Version=2.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, processorArchitecture=MSIL">
+      <SpecificVersion>False</SpecificVersion>
+      <HintPath>..\..\..\..\lib\aspnetmvc\System.Web.WebPages.dll</HintPath>
+    </Reference>
    <Reference Include="System.Xml" />
    <Reference Include="System.Configuration" />
    <Reference Include="System.Xml.Linq" />
--- a/src/Orchard.Web/Modules/Orchard.Dashboards/Services/DefaultDashboardSelector.cs
+++ b/src/Orchard.Web/Modules/Orchard.Dashboards/Services/DefaultDashboardSelector.cs
--- a/src/Orchard.Web/Modules/Orchard.Dashboards/Views/Content.Dashboard.cshtml
+++ b/src/Orchard.Web/Modules/Orchard.Dashboards/Views/Content.Dashboard.cshtml
@@ -1,7 +1,7 @@
@using Orchard.ContentManagement
@{
    Style.Include("bootstrap.css", "bootstrap.min.css");
-    Style.Include("~/Modules/Orchard.Layouts/Styles/Lib/font-awesome.css", "~/Modules/Orchard.Layouts/Styles/Lib/font-awesome.min.css");
+    Style.Include("~/Modules/Orchard.Layouts/Styles/Lib.css", "~/Modules/Orchard.Layouts/Styles/Lib.min.css");
    Style.Include("dashboard.css");
 }
@{
--- a/src/Orchard.Web/Modules/Orchard.Dashboards/Views/Parts/Layout.Dashboard.cshtml
+++ b/src/Orchard.Web/Modules/Orchard.Dashboards/Views/Parts/Layout.Dashboard.cshtml
@@ -1,3 +1,11 @@
-<div class="orchard-layouts-root">
+@using Orchard.Dashboards
+<div class="orchard-layouts-root">
    @Display(Model.LayoutRoot)
-</div>
+</div>
+@if (AuthorizedFor(Permissions.ManageDashboards)) {
+    <div class="group">
+        <div class="pull-right">
+            @Html.ActionLink(T("Edit").ToString(), "Edit", new {controller = "Dashboard", area = "Orchard.Dashboards"}, new {@class = "button"})
+        </div>
+    </div>
+}