lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-10-14 02:44:52 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Changing authorize calls to avoid demanding "Own" variations

Browse Source 
The demand is adjusted if the user is the owner - but the "Own" variation is never used directly

--HG--
branch : 1.x
This commit is contained in:
Louis DeJardin
2010-12-15 22:22:58 -08:00
parent 49ef5a44a7
commit e44facf4ab
2 changed files with 8 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/Orchard.Web/Modules/Orchard.Blogs/Controllers/BlogPostAdminController.cs
View File

@@ -32,7 +32,7 @@ namespace Orchard.Blogs.Controllers {
public Localizer T { get; set; }
public ActionResult Create() {
if (!Services.Authorizer.Authorize(Permissions.EditOwnBlogPost, T("Not allowed to create blog post")))
if (!Services.Authorizer.Authorize(Permissions.EditBlogPost, T("Not allowed to create blog post")))
return new HttpUnauthorizedResult();
var blogPost = Services.ContentManager.New<BlogPostPart>("BlogPost");
@@ -56,14 +56,14 @@ namespace Orchard.Blogs.Controllers {
[HttpPost, ActionName("Create")]
[FormValueRequired("submit.Publish")]
public ActionResult CreateAndPublishPOST() {
if (!Services.Authorizer.Authorize(Permissions.PublishOwnBlogPost, T("Couldn't create blog post")))
if (!Services.Authorizer.Authorize(Permissions.PublishBlogPost, T("Couldn't create blog post")))
return new HttpUnauthorizedResult();
return CreatePOST(contentItem => Services.ContentManager.Publish(contentItem));
}
public ActionResult CreatePOST(Action<ContentItem> conditionallyPublish) {
if (!Services.Authorizer.Authorize(Permissions.EditOwnBlogPost, T("Couldn't create blog post")))
if (!Services.Authorizer.Authorize(Permissions.EditBlogPost, T("Couldn't create blog post")))
return new HttpUnauthorizedResult();
var blogPost = Services.ContentManager.New<BlogPostPart>("BlogPost");

9
src/Orchard.Web/Modules/Orchard.Blogs/Services/XmlRpcHandler.cs
View File

@@ -128,11 +128,12 @@ namespace Orchard.Blogs.Services {
IUser user = ValidateUser(userName, password);
// User needs to at least have permission to edit its own blog posts to access the service
_authorizationService.CheckAccess(Permissions.EditOwnBlogPost, user, null);
XRpcArray array = new XRpcArray();
foreach (BlogPart blog in _blogService.Get()) {
// User needs to at least have permission to edit its own blog posts to access the service
_authorizationService.CheckAccess(Permissions.EditBlogPost, user, blog);
BlogPart blogPart = blog;
array.Add(new XRpcStruct()
.Set("url", urlHelper.AbsoluteAction(() => urlHelper.Blog(blogPart)))
@@ -154,7 +155,7 @@ namespace Orchard.Blogs.Services {
IUser user = ValidateUser(userName, password);
// User needs to at least have permission to edit its own blog posts to access the service
_authorizationService.CheckAccess(Permissions.EditOwnBlogPost, user, null);
_authorizationService.CheckAccess(Permissions.EditBlogPost, user, null);
BlogPart blog = _contentManager.Get<BlogPart>(Convert.ToInt32(blogId));
if (blog == null) {
@@ -184,7 +185,7 @@ namespace Orchard.Blogs.Services {
IUser user = ValidateUser(userName, password);
// User needs permission to edit or publish its own blog posts
_authorizationService.CheckAccess(publish ? Permissions.PublishOwnBlogPost : Permissions.EditOwnBlogPost, user, null);
_authorizationService.CheckAccess(publish ? Permissions.PublishBlogPost : Permissions.EditBlogPost, user, null);
BlogPart blog = _contentManager.Get<BlogPart>(Convert.ToInt32(blogId));
if (blog == null)