lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-10-14 10:54:50 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

- Blogs: adding permission checks.

Browse Source 
--HG--
extra : convert_revision : svn%3A5ff7c347-ad56-4c35-b696-ccb81de16e03/trunk%4042996
This commit is contained in:
suhacan
2009-12-03 00:11:42 +00:00
parent 0989f2a55a
commit e93efa87e4
1 changed files with 18 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/Orchard.Web/Packages/Orchard.Blogs/Controllers/BlogPostController.cs
View File

@@ -9,6 +9,7 @@ using Orchard.Localization;
using Orchard.Models;
using Orchard.Models.Driver;
using Orchard.Mvc.Results;
using Orchard.Security;
using Orchard.UI.Notify;
namespace Orchard.Blogs.Controllers {
@@ -16,13 +17,17 @@ namespace Orchard.Blogs.Controllers {
public class BlogPostController : Controller, IUpdateModel {
private readonly ISessionLocator _sessionLocator;
private readonly IContentManager _contentManager;
private readonly IAuthorizer _authorizer;
private readonly INotifier _notifier;
private readonly IBlogService _blogService;
private readonly IBlogPostService _blogPostService;
public BlogPostController(ISessionLocator sessionLocator, IContentManager contentManager, INotifier notifier, IBlogService blogService, IBlogPostService blogPostService) {
public BlogPostController(ISessionLocator sessionLocator, IContentManager contentManager,
IAuthorizer authorizer, INotifier notifier,
IBlogService blogService, IBlogPostService blogPostService) {
_sessionLocator = sessionLocator;
_contentManager = contentManager;
_authorizer = authorizer;
_notifier = notifier;
_blogService = blogService;
_blogPostService = blogPostService;
@@ -42,6 +47,9 @@ namespace Orchard.Blogs.Controllers {
//TODO: (erikpo) Should think about moving the slug parameters and get calls and null checks up into a model binder or action filter
public ActionResult Item(string blogSlug, string postSlug) {
if (!_authorizer.Authorize(Permissions.ViewPost, T("Couldn't view blog post")))
return new HttpUnauthorizedResult();
Blog blog = _blogService.Get(blogSlug);
if (blog == null)
@@ -67,6 +75,9 @@ namespace Orchard.Blogs.Controllers {
[HttpPost]
public ActionResult Create(string blogSlug, CreateBlogPostViewModel model) {
if (!_authorizer.Authorize(Permissions.CreatePost, T("Couldn't create blog post")))
return new HttpUnauthorizedResult();
//TODO: (erikpo) Move looking up the current blog up into a modelbinder
Blog blog = _blogService.Get(blogSlug);
@@ -86,6 +97,9 @@ namespace Orchard.Blogs.Controllers {
}
public ActionResult Edit(string blogSlug, string postSlug) {
if (!_authorizer.Authorize(Permissions.ModifyPost, T("Couldn't edit blog post")))
return new HttpUnauthorizedResult();
//TODO: (erikpo) Move looking up the current blog up into a modelbinder
Blog blog = _blogService.Get(blogSlug);
@@ -104,6 +118,9 @@ namespace Orchard.Blogs.Controllers {
[HttpPost]
public ActionResult Edit(string blogSlug, string postSlug, FormCollection input) {
if (!_authorizer.Authorize(Permissions.ModifyPost, T("Couldn't edit blog post")))
return new HttpUnauthorizedResult();
//TODO: (erikpo) Move looking up the current blog up into a modelbinder
Blog blog = _blogService.Get(blogSlug);