lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-10-26 20:16:15 +08:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

[Fixes #7427] Fixing Blog Post permission

Browse Source 
The SummaryAdmin was not using the dedicated permissions.
The default content handler can convert to the owner variation before the blogpost handler.

Fixes #7427
This commit is contained in:
Sebastien Ros
2016-12-07 12:15:24 -08:00
parent 6f3193e52b
commit d0b65cb60b
2 changed files with 39 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
src/Orchard.Web/Modules/Orchard.Blogs/Security/BlogAuthorizationEventHandler.cs
View File

@@ -1,5 +1,4 @@
using System.Web.UI.WebControls;
using Orchard.ContentManagement;
using Orchard.ContentManagement;
using Orchard.ContentManagement.Aspects;
using Orchard.Security;
using Orchard.Security.Permissions;
@@ -13,11 +12,13 @@ namespace Orchard.Blogs.Security {
if (!context.Granted &&
context.Content.Is<ICommonPart>()) {
if (context.Permission.Name == Orchard.Core.Contents.Permissions.PublishContent.Name && context.Content.ContentItem.ContentType == "BlogPost") {
if (context.Content.ContentItem.ContentType == "BlogPost" &&
BlogPostVariationExists(context.Permission)) {
context.Adjusted = true;
context.Permission = Permissions.PublishBlogPost;
context.Permission = GetBlogPostVariation(context.Permission);
}
else if (OwnerVariationExists(context.Permission) &&
if (OwnerVariationExists(context.Permission) &&
HasOwnership(context.User, context.Content)) {
context.Adjusted = true;
context.Permission = GetOwnerVariation(context.Permission);
@@ -73,5 +74,28 @@ namespace Orchard.Blogs.Security {
return null;
}
private static bool BlogPostVariationExists(Permission permission)
{
return GetBlogPostVariation(permission) != null;
}
private static Permission GetBlogPostVariation(Permission permission)
{
if (permission.Name == Orchard.Core.Contents.Permissions.PublishContent.Name)
return Permissions.PublishBlogPost;
if (permission.Name == Orchard.Core.Contents.Permissions.PublishOwnContent.Name)
return Permissions.PublishOwnBlogPost;
if (permission.Name == Orchard.Core.Contents.Permissions.EditContent.Name)
return Permissions.EditBlogPost;
if (permission.Name == Orchard.Core.Contents.Permissions.EditOwnContent.Name)
return Permissions.EditOwnBlogPost;
if (permission.Name == Orchard.Core.Contents.Permissions.DeleteContent.Name)
return Permissions.DeleteBlogPost;
if (permission.Name == Orchard.Core.Contents.Permissions.DeleteOwnContent.Name)
return Permissions.DeleteOwnBlogPost;
return null;
}
}
}

16
src/Orchard.Web/Modules/Orchard.Blogs/Views/Content-BlogPost.SummaryAdmin.cshtml
View File

@@ -25,10 +25,12 @@
@T(" | ")
if (contentItem.HasDraft()) {
@Html.Link(T("Publish Draft").Text, Url.Action("Publish", "Admin", new { area = "Contents", id = contentItem.Id, returnUrl = Request.ToUrlString() }), new { itemprop = "UnsafeUrl" })
@T(" | ")
if (Authorizer.Authorize(Orchard.Blogs.Permissions.PublishBlogPost, contentItem)) {
@Html.Link(T("Publish Draft").Text, Url.Action("Publish", "Admin", new { area = "Contents", id = contentItem.Id, returnUrl = Request.ToUrlString() }), new { itemprop = "UnsafeUrl" })
@T(" | ")
}
if (Authorizer.Authorize(Permissions.PreviewContent, contentItem)) {
@Html.ActionLink(T("Preview").Text, "Preview", "Item", new { area = "Contents", id = contentItem.Id }, new { })
@T(" | ")
}
@@ -39,9 +41,11 @@
@T(" | ")
}
} else {
if (contentItem.HasDraft()) {
@Html.ActionLink(T("Preview").Text, "Preview", "Item", new { area = "Contents", id = contentItem.Id }, new { })
@T(" | ")
if (contentItem.HasDraft()) {
if (Authorizer.Authorize(Permissions.PreviewContent, contentItem)) {
@Html.ActionLink(T("Preview").Text, "Preview", "Item", new { area = "Contents", id = contentItem.Id }, new { })
@T(" | ")
}
}
if (Authorizer.Authorize(Orchard.Blogs.Permissions.PublishBlogPost, contentItem)) {