diff --git a/src/Orchard.Web/Modules/Orchard.Templates/AdminMenu.cs b/src/Orchard.Web/Modules/Orchard.Templates/AdminMenu.cs index 9161a0aa8..c3f2653a0 100644 --- a/src/Orchard.Web/Modules/Orchard.Templates/AdminMenu.cs +++ b/src/Orchard.Web/Modules/Orchard.Templates/AdminMenu.cs @@ -7,7 +7,7 @@ namespace Orchard.Templates { public void GetNavigation(NavigationBuilder builder) { builder .AddImageSet("templates") - .Add(T("Templates"), "5.0", item => item.Action("List", "Admin", new { area = "Orchard.Templates", id = "" })); + .Add(T("Templates"), "5.0", item => item.Action("List", "Admin", new { area = "Orchard.Templates", id = "" }).Permission(Permissions.ManageTemplates)); } } } \ No newline at end of file diff --git a/src/Orchard.Web/Modules/Orchard.Templates/Controllers/AdminController.cs b/src/Orchard.Web/Modules/Orchard.Templates/Controllers/AdminController.cs index 8ef5cee0a..426e7ae02 100644 --- a/src/Orchard.Web/Modules/Orchard.Templates/Controllers/AdminController.cs +++ b/src/Orchard.Web/Modules/Orchard.Templates/Controllers/AdminController.cs @@ -44,6 +44,10 @@ namespace Orchard.Templates.Controllers { public Localizer T { get; set; } public ActionResult List(ListContentsViewModel model, PagerParameters pagerParameters) { + if (!Services.Authorizer.Authorize(Permissions.ManageTemplates, T("Not authorized to manage templates"))) { + return new HttpUnauthorizedResult(); + } + var pager = new Pager(_siteService.GetSiteSettings(), pagerParameters); var query = _contentManager.Query(VersionOptions.Latest, GetShapeTypes().Select(ctd => ctd.Name).ToArray()); @@ -93,6 +97,10 @@ namespace Orchard.Templates.Controllers { [HttpPost, ActionName("List")] [Mvc.FormValueRequired("submit.Filter")] public ActionResult ListFilterPOST(ContentOptions options) { + if (!Services.Authorizer.Authorize(Permissions.ManageTemplates, T("Not authorized to manage templates"))) { + return new HttpUnauthorizedResult(); + } + var routeValues = ControllerContext.RouteData.Values; if (options != null) { routeValues["Options.OrderBy"] = options.OrderBy; @@ -110,6 +118,10 @@ namespace Orchard.Templates.Controllers { [HttpPost, ActionName("List")] [Mvc.FormValueRequired("submit.BulkEdit")] public ActionResult ListPOST(ContentOptions options, IEnumerable itemIds, string returnUrl) { + if (!Services.Authorizer.Authorize(Permissions.ManageTemplates, T("Not authorized to manage templates"))) { + return new HttpUnauthorizedResult(); + } + if (itemIds != null) { var checkedContentItems = _contentManager.GetMany(itemIds, VersionOptions.Latest, QueryHints.Empty); switch (options.BulkAction) { @@ -117,7 +129,7 @@ namespace Orchard.Templates.Controllers { break; case ContentsBulkAction.PublishNow: foreach (var item in checkedContentItems) { - if (!Services.Authorizer.Authorize(Permissions.PublishContent, item, T("Couldn't publish selected content."))) { + if (!Services.Authorizer.Authorize(Orchard.Core.Contents.Permissions.PublishContent, item, T("Couldn't publish selected content."))) { _transactionManager.Cancel(); return new HttpUnauthorizedResult(); } @@ -128,7 +140,7 @@ namespace Orchard.Templates.Controllers { break; case ContentsBulkAction.Unpublish: foreach (var item in checkedContentItems) { - if (!Services.Authorizer.Authorize(Permissions.PublishContent, item, T("Couldn't unpublish selected content."))) { + if (!Services.Authorizer.Authorize(Orchard.Core.Contents.Permissions.PublishContent, item, T("Couldn't unpublish selected content."))) { _transactionManager.Cancel(); return new HttpUnauthorizedResult(); } @@ -139,7 +151,7 @@ namespace Orchard.Templates.Controllers { break; case ContentsBulkAction.Remove: foreach (var item in checkedContentItems) { - if (!Services.Authorizer.Authorize(Permissions.DeleteContent, item, T("Couldn't remove selected content."))) { + if (!Services.Authorizer.Authorize(Orchard.Core.Contents.Permissions.DeleteContent, item, T("Couldn't remove selected content."))) { _transactionManager.Cancel(); return new HttpUnauthorizedResult(); } @@ -157,6 +169,10 @@ namespace Orchard.Templates.Controllers { } public ActionResult Create(string id) { + if (!Services.Authorizer.Authorize(Permissions.ManageTemplates, T("Not authorized to manage templates"))) { + return new HttpUnauthorizedResult(); + } + var types = GetShapeTypes(); var typeName = String.IsNullOrWhiteSpace(id) ? types.Count() == 1 ? types.First().Name : null : id; return String.IsNullOrEmpty(typeName) ? CreatableTypeList() : RedirectToAction("Create", "Admin", new { area = "Contents", id = typeName }); diff --git a/src/Orchard.Web/Modules/Orchard.Templates/Orchard.Templates.csproj b/src/Orchard.Web/Modules/Orchard.Templates/Orchard.Templates.csproj index c7b715dfe..882738b20 100644 --- a/src/Orchard.Web/Modules/Orchard.Templates/Orchard.Templates.csproj +++ b/src/Orchard.Web/Modules/Orchard.Templates/Orchard.Templates.csproj @@ -170,6 +170,7 @@ + diff --git a/src/Orchard.Web/Modules/Orchard.Templates/Permissions.cs b/src/Orchard.Web/Modules/Orchard.Templates/Permissions.cs new file mode 100644 index 000000000..3f77392e5 --- /dev/null +++ b/src/Orchard.Web/Modules/Orchard.Templates/Permissions.cs @@ -0,0 +1,38 @@ +using System.Collections.Generic; +using Orchard.Environment.Extensions.Models; +using Orchard.Security.Permissions; + +namespace Orchard.Templates { + public class Permissions : IPermissionProvider { + public static readonly Permission ManageTemplates = new Permission { Description = "Managing Templates", Name = "ManageTemplates" }; + + public virtual Feature Feature { get; set; } + + public IEnumerable GetPermissions() { + return new[] { + ManageTemplates, + }; + } + + public IEnumerable GetDefaultStereotypes() { + return new[] { + new PermissionStereotype { + Name = "Administrator", + Permissions = new[] { ManageTemplates } + }, + new PermissionStereotype { + Name = "Editor", + }, + new PermissionStereotype { + Name = "Moderator", + }, + new PermissionStereotype { + Name = "Author" + }, + new PermissionStereotype { + Name = "Contributor", + }, + }; + } + } +} \ No newline at end of file