Securing json endpoint for tags

--HG--
branch : 1.x

src/Orchard.Web/Modules/Orchard.Tags/Controllers/AdminController.cs

@@ -124,6 +124,16 @@ namespace Orchard.Tags.Controllers {
             return this.RedirectLocal(returnUrl, () => RedirectToAction("Index"));
         }
 
+        public JsonResult FetchSimilarTags(string snippet) {
+            if (!Services.Authorizer.Authorize(Permissions.ManageTags, T("Not authorized to fetch tags")))
+                return Json(null);
+
+            return Json(
+                _tagService.GetTagsByNameSnippet(snippet).Select(tag => tag.TagName).ToList(),
+                JsonRequestBehavior.AllowGet
+            );
+        }
+
         private static TagEntry CreateTagEntry(TagRecord tagRecord) {
             return new TagEntry {
                 Tag = tagRecord,

src/Orchard.Web/Modules/Orchard.Tags/Controllers/HomeController.cs

@@ -63,12 +63,5 @@ namespace Orchard.Tags.Controllers {
 
             return View(viewModel);
         }
-
-        public JsonResult FetchSimilarTags(string snippet) {
-            return Json(
-                _tagService.GetTagsByNameSnippet(snippet).Select(tag => tag.TagName).ToList(), 
-                JsonRequestBehavior.AllowGet
-            );
-        }
     }
 }

src/Orchard.Web/Modules/Orchard.Tags/Views/EditorTemplates/Parts/Tags.cshtml

@@ -16,7 +16,7 @@
     $(function () {
         $.tagsAutocomplete.autocomplete(
             '@Html.FieldIdFor(m => m.Tags)',
-            '@Url.Action("FetchSimilarTags", new { Controller = "Home", Area = "Orchard.Tags" })', 1);
+            '@Url.Action("FetchSimilarTags", new { Controller = "Admin", Area = "Orchard.Tags" })', 1);
     });
 //]]>
 </script>