diff --git a/src/Orchard.Web/Modules/Orchard.Blogs/Security/BlogAuthorizationEventHandler.cs b/src/Orchard.Web/Modules/Orchard.Blogs/Security/BlogAuthorizationEventHandler.cs index 175551170..2be6bfb2b 100644 --- a/src/Orchard.Web/Modules/Orchard.Blogs/Security/BlogAuthorizationEventHandler.cs +++ b/src/Orchard.Web/Modules/Orchard.Blogs/Security/BlogAuthorizationEventHandler.cs @@ -1,5 +1,4 @@ -using System.Web.UI.WebControls; -using Orchard.ContentManagement; +using Orchard.ContentManagement; using Orchard.ContentManagement.Aspects; using Orchard.Security; using Orchard.Security.Permissions; @@ -13,11 +12,13 @@ namespace Orchard.Blogs.Security { if (!context.Granted && context.Content.Is()) { - if (context.Permission.Name == Orchard.Core.Contents.Permissions.PublishContent.Name && context.Content.ContentItem.ContentType == "BlogPost") { + if (context.Content.ContentItem.ContentType == "BlogPost" && + BlogPostVariationExists(context.Permission)) { context.Adjusted = true; - context.Permission = Permissions.PublishBlogPost; + context.Permission = GetBlogPostVariation(context.Permission); } - else if (OwnerVariationExists(context.Permission) && + + if (OwnerVariationExists(context.Permission) && HasOwnership(context.User, context.Content)) { context.Adjusted = true; context.Permission = GetOwnerVariation(context.Permission); @@ -73,5 +74,28 @@ namespace Orchard.Blogs.Security { return null; } + + private static bool BlogPostVariationExists(Permission permission) + { + return GetBlogPostVariation(permission) != null; + } + + private static Permission GetBlogPostVariation(Permission permission) + { + if (permission.Name == Orchard.Core.Contents.Permissions.PublishContent.Name) + return Permissions.PublishBlogPost; + if (permission.Name == Orchard.Core.Contents.Permissions.PublishOwnContent.Name) + return Permissions.PublishOwnBlogPost; + if (permission.Name == Orchard.Core.Contents.Permissions.EditContent.Name) + return Permissions.EditBlogPost; + if (permission.Name == Orchard.Core.Contents.Permissions.EditOwnContent.Name) + return Permissions.EditOwnBlogPost; + if (permission.Name == Orchard.Core.Contents.Permissions.DeleteContent.Name) + return Permissions.DeleteBlogPost; + if (permission.Name == Orchard.Core.Contents.Permissions.DeleteOwnContent.Name) + return Permissions.DeleteOwnBlogPost; + + return null; + } } } \ No newline at end of file diff --git a/src/Orchard.Web/Modules/Orchard.Blogs/Views/Content-BlogPost.SummaryAdmin.cshtml b/src/Orchard.Web/Modules/Orchard.Blogs/Views/Content-BlogPost.SummaryAdmin.cshtml index 599c9d213..4fc4086fc 100644 --- a/src/Orchard.Web/Modules/Orchard.Blogs/Views/Content-BlogPost.SummaryAdmin.cshtml +++ b/src/Orchard.Web/Modules/Orchard.Blogs/Views/Content-BlogPost.SummaryAdmin.cshtml @@ -25,10 +25,12 @@ @T(" | ") if (contentItem.HasDraft()) { - @Html.Link(T("Publish Draft").Text, Url.Action("Publish", "Admin", new { area = "Contents", id = contentItem.Id, returnUrl = Request.ToUrlString() }), new { itemprop = "UnsafeUrl" }) - @T(" | ") - if (Authorizer.Authorize(Orchard.Blogs.Permissions.PublishBlogPost, contentItem)) { + @Html.Link(T("Publish Draft").Text, Url.Action("Publish", "Admin", new { area = "Contents", id = contentItem.Id, returnUrl = Request.ToUrlString() }), new { itemprop = "UnsafeUrl" }) + @T(" | ") + } + + if (Authorizer.Authorize(Permissions.PreviewContent, contentItem)) { @Html.ActionLink(T("Preview").Text, "Preview", "Item", new { area = "Contents", id = contentItem.Id }, new { }) @T(" | ") } @@ -39,9 +41,11 @@ @T(" | ") } } else { - if (contentItem.HasDraft()) { - @Html.ActionLink(T("Preview").Text, "Preview", "Item", new { area = "Contents", id = contentItem.Id }, new { }) - @T(" | ") + if (contentItem.HasDraft()) { + if (Authorizer.Authorize(Permissions.PreviewContent, contentItem)) { + @Html.ActionLink(T("Preview").Text, "Preview", "Item", new { area = "Contents", id = contentItem.Id }, new { }) + @T(" | ") + } } if (Authorizer.Authorize(Orchard.Blogs.Permissions.PublishBlogPost, contentItem)) {