lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2026-01-19 09:42:29 +08:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

Fixes #8090 - Weird ManageMenu Permissions (#8092)

Browse Source
This commit is contained in:
Hermes Sbicego
2018-08-09 21:10:55 +02:00
committed by Sébastien Ros
parent 79aacf86b8
commit d44120ff3a
8 changed files with 132 additions and 33 deletions
Download Patch File Download Diff File Expand all files Collapse all files

104
src/Orchard.Web/Core/Navigation/Controllers/AdminController.cs
View File

@@ -15,6 +15,12 @@ using System;
using Orchard.ContentManagement.Handlers;
using Orchard.Logging;
using Orchard.Exceptions;
using Orchard.ContentManagement.Aspects;
using Orchard.Utility.Extensions;
using Orchard.Mvc.Html;
using Orchard.Core.Contents.Settings;
using Orchard.Data;
using System.Web.Routing;
namespace Orchard.Core.Navigation.Controllers {
[ValidateInput(false)]
@@ -23,13 +29,19 @@ namespace Orchard.Core.Navigation.Controllers {
private readonly INavigationManager _navigationManager;
private readonly IEnumerable<IContentHandler> _handlers;
private readonly IMenuManager _menuManager;
private readonly IContentManager _contentManager;
private readonly ITransactionManager _transactionManager;
public AdminController(
IOrchardServices orchardServices,
IContentManager contentManager,
ITransactionManager transactionManager,
IMenuService menuService,
IMenuManager menuManager,
INavigationManager navigationManager,
IEnumerable<IContentHandler> handlers) {
_contentManager = contentManager;
_transactionManager = transactionManager;
_menuService = menuService;
_menuManager = menuManager;
_navigationManager = navigationManager;
@@ -88,7 +100,7 @@ namespace Orchard.Core.Navigation.Controllers {
[HttpPost, ActionName("Index")]
public ActionResult IndexPOST(IList<MenuItemEntry> menuItemEntries, int? menuId) {
if (!Services.Authorizer.Authorize(Permissions.ManageMenus, T("Couldn't manage the main menu")))
if (!Services.Authorizer.Authorize(Permissions.ManageMenus, (menuId.HasValue) ? _menuService.GetMenu(menuId.Value) : null, T("Couldn't manage the main menu")))
return new HttpUnauthorizedResult();
// See https://github.com/OrchardCMS/Orchard/issues/948
@@ -126,11 +138,11 @@ namespace Orchard.Core.Navigation.Controllers {
[HttpPost]
public ActionResult Delete(int id) {
if (!Services.Authorizer.Authorize(Permissions.ManageMenus, T("Couldn't manage the main menu")))
return new HttpUnauthorizedResult();
MenuPart menuPart = _menuService.Get(id);
int? menuId = null;
if (!Services.Authorizer.Authorize(Permissions.ManageMenus, (menuPart != null) ? _menuService.GetMenu(menuPart.Menu.Id) : null, T("Couldn't manage the main menu")))
return new HttpUnauthorizedResult();
if (menuPart != null) {
menuId = menuPart.Menu.Id;
@@ -141,7 +153,7 @@ namespace Orchard.Core.Navigation.Controllers {
.Select(x => x.As<MenuPart>())
.ToList();
foreach (var menuItem in menuItems.Concat(new [] {menuPart})) {
foreach (var menuItem in menuItems.Concat(new[] { menuPart })) {
// if the menu item is a concrete content item, don't delete it, just unreference the menu
if (!menuPart.ContentItem.TypeDefinition.Settings.ContainsKey("Stereotype") || menuPart.ContentItem.TypeDefinition.Settings["Stereotype"] != "MenuItem") {
menuPart.Menu = null;
@@ -173,25 +185,25 @@ namespace Orchard.Core.Navigation.Controllers {
if (menuPart == null)
return HttpNotFound();
// load the menu
var menu = Services.ContentManager.Get(menuId);
if (menu == null)
return HttpNotFound();
try {
// filter the content items for this specific menu
menuPart.MenuPosition = Position.GetNext(_navigationManager.BuildMenu(menu));
menuPart.Menu = menu;
var model = Services.ContentManager.BuildEditor(menuPart);
return View(model);
}
catch (Exception exception) {
if (exception.IsFatal()) {
throw;
}
}
Logger.Error(T("Creating menu item failed: {0}", exception.Message).Text);
Services.Notifier.Error(T("Creating menu item failed: {0}", exception.Message));
@@ -203,33 +215,85 @@ namespace Orchard.Core.Navigation.Controllers {
public ActionResult CreateMenuItemPost(string id, int menuId, string returnUrl) {
if (!Services.Authorizer.Authorize(Permissions.ManageMenus, _menuService.GetMenu(menuId), T("Couldn't manage the main menu")))
return new HttpUnauthorizedResult();
var menuPart = Services.ContentManager.New<MenuPart>(id);
if (menuPart == null)
return HttpNotFound();
// load the menu
var menu = Services.ContentManager.Get(menuId);
if (menu == null)
return HttpNotFound();
var model = Services.ContentManager.UpdateEditor(menuPart, this);
menuPart.MenuPosition = Position.GetNext(_navigationManager.BuildMenu(menu));
menuPart.Menu = menu;
var model = Services.ContentManager.UpdateEditor(menuPart, this);
menuPart.MenuPosition = Position.GetNext(_navigationManager.BuildMenu(menu));
Services.ContentManager.Create(menuPart);
if (!ModelState.IsValid) {
Services.TransactionManager.Cancel();
return View(model);
}
Services.Notifier.Information(T("Your {0} has been added.", menuPart.TypeDefinition.DisplayName));
return this.RedirectLocal(returnUrl, () => RedirectToAction("Index"));
}
public ActionResult Edit(int id) {
var contentItem = _contentManager.Get(id, VersionOptions.Latest);
if (contentItem == null)
return HttpNotFound();
if (!Services.Authorizer.Authorize(Permissions.ManageMenus, contentItem.Content.MenuPart.Menu, T("Couldn't manage the main menu")))
return new HttpUnauthorizedResult();
var model = _contentManager.BuildEditor(contentItem);
return View(model);
}
[HttpPost, ActionName("Edit")]
[Mvc.FormValueRequired("submit.Save")]
public ActionResult EditPOST(int id, string returnUrl) {
return EditPOST(id, returnUrl, contentItem => {
if (!contentItem.Has<IPublishingControlAspect>() && !contentItem.TypeDefinition.Settings.GetModel<ContentTypeSettings>().Draftable)
_contentManager.Publish(contentItem);
});
}
private ActionResult EditPOST(int id, string returnUrl, Action<ContentItem> conditionallyPublish) {
var contentItem = _contentManager.Get(id, VersionOptions.DraftRequired);
if (contentItem == null)
return HttpNotFound();
if (!Services.Authorizer.Authorize(Permissions.ManageMenus, contentItem.Content.MenuPart.Menu, T("Couldn't manage the main menu")))
return new HttpUnauthorizedResult();
string previousRoute = null;
if (contentItem.Has<IAliasAspect>()
&& !string.IsNullOrWhiteSpace(returnUrl)
&& Request.IsLocalUrl(returnUrl)
// only if the original returnUrl is the content itself
&& String.Equals(returnUrl, Url.ItemDisplayUrl(contentItem), StringComparison.OrdinalIgnoreCase)
) {
previousRoute = contentItem.As<IAliasAspect>().Path;
}
var model = _contentManager.UpdateEditor(contentItem, this);
if (!ModelState.IsValid) {
_transactionManager.Cancel();
return View("Edit", model);
}
conditionallyPublish(contentItem);
if (!string.IsNullOrWhiteSpace(returnUrl)
&& previousRoute != null
&& !String.Equals(contentItem.As<IAliasAspect>().Path, previousRoute, StringComparison.OrdinalIgnoreCase)) {
returnUrl = Url.ItemDisplayUrl(contentItem);
}
Services.Notifier.Information(string.IsNullOrWhiteSpace(contentItem.TypeDefinition.DisplayName)
? T("Your content has been saved.")
: T("Your {0} has been saved.", contentItem.TypeDefinition.DisplayName));
return this.RedirectLocal(returnUrl, () => RedirectToAction("Edit", new RouteValueDictionary { { "Id", contentItem.Id } }));
}
}
}

6
src/Orchard.Web/Core/Navigation/Drivers/MenuItemPartDriver.cs
View File

@@ -15,7 +15,8 @@ namespace Orchard.Core.Navigation.Drivers {
protected override DriverResult Editor(MenuItemPart part, dynamic shapeHelper) {
var currentUser = _workContextAccessor.GetContext().CurrentUser;
if (!_authorizationService.TryCheckAccess(Permissions.ManageMenus, currentUser, part))
var menu = ((dynamic)part.ContentItem).MenuPart.Menu;
if (!_authorizationService.TryCheckAccess(Permissions.ManageMenus, currentUser, menu)) // tests if the current user has permissions to manage that specific menu
return null;
return ContentShape("Parts_MenuItem_Edit",
@@ -24,7 +25,8 @@ namespace Orchard.Core.Navigation.Drivers {
protected override DriverResult Editor(MenuItemPart part, IUpdateModel updater, dynamic shapeHelper) {
var currentUser = _workContextAccessor.GetContext().CurrentUser;
if (!_authorizationService.TryCheckAccess(Permissions.ManageMenus, currentUser, part))
var menu = ((dynamic)part.ContentItem).MenuPart.Menu;
if (!_authorizationService.TryCheckAccess(Permissions.ManageMenus, currentUser, menu)) // tests if the current user has permissions to manage that specific menu
return null;
if (updater != null) {

23
src/Orchard.Web/Core/Navigation/Handlers/MenuPartHandler.cs
View File

@@ -1,4 +1,5 @@
using System;
using System.Web.Routing;
using Orchard.ContentManagement;
using Orchard.ContentManagement.Handlers;
using Orchard.Core.Navigation.Models;
@@ -17,21 +18,21 @@ namespace Orchard.Core.Navigation.Handlers {
Filters.Add(StorageFilter.For(menuPartRepository));
OnInitializing<MenuPart>((ctx, x) => {
x.MenuText = String.Empty;
});
x.MenuText = String.Empty;
});
OnActivated<MenuPart>(PropertySetHandlers);
}
protected void PropertySetHandlers(ActivatedContentContext context, MenuPart menuPart) {
menuPart.MenuField.Setter(menu => {
if(menu == null || menu.ContentItem == null) {
if (menu == null || menu.ContentItem == null) {
menuPart.Record.MenuId = 0;
}
else {
menuPart.Record.MenuId = menu.ContentItem.Id;
menuPart.Record.MenuId = menu.ContentItem.Id;
}
return menu;
});
@@ -47,6 +48,18 @@ namespace Orchard.Core.Navigation.Handlers {
string stereotype;
if (context.ContentItem.TypeDefinition.Settings.TryGetValue("Stereotype", out stereotype) && stereotype == "MenuItem") {
context.Metadata.DisplayText = part.MenuText;
context.Metadata.EditorRouteValues = new RouteValueDictionary {
{"Area", "Navigation"},
{"Controller", "Admin"},
{"Action", "Edit"},
{"Id", context.ContentItem.Id}
};
context.Metadata.RemoveRouteValues = new RouteValueDictionary {
{"Area", "Navigation"},
{"Controller", "Admin"},
{"Action", "Delete"},
{"Id", context.ContentItem.Id}
};
}
}
}

15
src/Orchard.Web/Core/Navigation/Views/Admin/Edit.cshtml Normal file
View File

@@ -0,0 +1,15 @@
@{
var typeDisplayName = Model.ContentItem.TypeDefinition.DisplayName;
var pageTitle = T("Edit Menu Item");
if (!string.IsNullOrWhiteSpace(typeDisplayName)) {
pageTitle = T("Edit {0}", typeDisplayName);
}
Layout.Title = pageTitle;
}
@using (Html.BeginFormAntiForgeryPost(Url.Action("Edit"), FormMethod.Post, new { enctype = "multipart/form-data", @class= "no-multisubmit" })) {
@Html.ValidationSummary()
// Model is a Shape, calling Display() so that it is rendered using the most specific template for its Shape type
@Display(Model)
}

2
src/Orchard.Web/Core/Navigation/Views/Admin/Index.cshtml
View File

@@ -116,7 +116,7 @@
<span class="navigation-actions">
<input type="hidden" name="@Html.NameOf(m => m.MenuItemEntries[i].MenuItemId)" value="@menuPartEntry.MenuItemId" />
@Html.ItemEditLink(T("Edit").Text, menuPartEntry.ContentItem, new { returnUrl = Request.RawUrl })@T(" | ")
@Html.ActionLink(T("Delete").Text, "Delete", new { id = menuPartEntry.MenuItemId }, new { @class = "remove", itemprop = "RemoveUrl UnsafeUrl" })
@Html.Link(T("Delete").Text, Url.ItemRemoveUrl(menuPartEntry.ContentItem,null), new { itemprop = "RemoveUrl UnsafeUrl" })
</span>
</div>

8
src/Orchard.Web/Core/Navigation/Views/EditorTemplates/Parts.Navigation.Menu.Edit.cshtml
View File

@@ -5,7 +5,7 @@
@if (!Model.ContentItem.TypeDefinition.Settings.ContainsKey("Stereotype") || Model.ContentItem.TypeDefinition.Settings["Stereotype"] != "MenuItem") {
<fieldset>
@Html.EditorFor(m => m.OnMenu)
<label for="@Html.FieldIdFor(m => m.OnMenu)" class="forcheckbox">@T("Show on a menu")</label>
<div data-controllerid="@Html.FieldIdFor(m => m.OnMenu)" class="">
@@ -24,13 +24,13 @@
}
else {
<fieldset>
<label for="MenuText">@T("Menu text")</label>
@Html.TextBoxFor(m => m.MenuText, new { @class = "text medium", autofocus = "autofocus" })
<span class="hint">@T("The text that should appear in the menu.")</span>
@Html.HiddenFor(m => m.OnMenu, true)
@Html.HiddenFor(m => m.CurrentMenuId, Request["menuId"])
@Html.Hidden(Html.NameOf(m => m.OnMenu), true)
@Html.Hidden(Html.NameOf(m => m.CurrentMenuId), !string.IsNullOrWhiteSpace(Request["menuId"]) ? Request["menuId"] : Model.CurrentMenuId.ToString())
</fieldset>
}

3
src/Orchard.Web/Core/Orchard.Core.csproj
View File

@@ -610,6 +610,9 @@
<ItemGroup>
<Content Include="packages.config" />
</ItemGroup>
<ItemGroup>
<Content Include="Navigation\Views\Admin\Edit.cshtml" />
</ItemGroup>
<PropertyGroup>
<VisualStudioVersion Condition="'$(VisualStudioVersion)' == ''">10.0</VisualStudioVersion>
<VSToolsPath Condition="'$(VSToolsPath)' == ''">$(MSBuildExtensionsPath32)\Microsoft\VisualStudio\v$(VisualStudioVersion)</VSToolsPath>

4
src/Orchard.Web/Modules/Orchard.ContentPicker/Drivers/ContentMenuItemPartDriver.cs
View File

@@ -41,7 +41,9 @@ namespace Orchard.ContentPicker.Drivers {
protected override DriverResult Editor(ContentMenuItemPart part, IUpdateModel updater, dynamic shapeHelper) {
var currentUser = _workContextAccessor.GetContext().CurrentUser;
if (!_authorizationService.TryCheckAccess(Permissions.ManageMenus, currentUser, part))
var menu = ((dynamic)part.ContentItem).MenuPart.Menu;
if (!_authorizationService.TryCheckAccess(Permissions.ManageMenus, currentUser, menu))
return null;
var model = new ContentMenuItemEditViewModel();