lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2026-02-09 09:16:41 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Adding an authorizer component to streamline the permission checking code. The authorizer can access the current user on the caller's behalf, and will send a standard message to notifier (and also to the log) when access is denied.

Browse Source 
--HG--
extra : convert_revision : svn%3A5ff7c347-ad56-4c35-b696-ccb81de16e03/trunk%4040313
This commit is contained in:
loudej
2009-11-14 06:15:55 +00:00
parent 250dab36d5
commit ea65ec7115
9 changed files with 108 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/Orchard.Web/Orchard.Web.csproj
View File

@@ -161,6 +161,7 @@
<Content Include="Views\Shared\ExtraUserControl.ascx" />
<Content Include="Views\Shared\Footer.ascx" />
<Content Include="Views\Shared\Header.ascx" />
<Content Include="Views\Shared\Messages.ascx" />
<Content Include="Views\Shared\Navigation.ascx" />
</ItemGroup>
<ItemGroup>

97
src/Orchard.Web/Packages/Orchard.CmsPages/Controllers/AdminController.cs
View File

@@ -21,20 +21,20 @@ namespace Orchard.CmsPages.Controllers {
private readonly IPageScheduler _pageScheduler;
private readonly IRepository<Page> _repository;
private readonly ITemplateProvider _templateProvider;
private readonly IAuthorizationService _authorizationService;
private readonly IAuthorizer _authorizer;
private readonly INotifier _notifier;
public AdminController(IPageManager pageManager,
IPageScheduler pageScheduler,
IRepository<Page> repository,
ITemplateProvider templateProvider,
IAuthorizationService authorizationService,
INotifier notifier) {
INotifier notifier,
IAuthorizer authorizer) {
_pageManager = pageManager;
_authorizer = authorizer;
_pageScheduler = pageScheduler;
_repository = repository;
_templateProvider = templateProvider;
_authorizationService = authorizationService;
_notifier = notifier;
Logger = NullLogger.Instance;
}
@@ -97,13 +97,9 @@ namespace Orchard.CmsPages.Controllers {
case PageIndexBulkAction.PublishNow:
//TODO: Transaction
if (!_authorizationService.CheckAccess(CurrentUser, Permissions.PublishPages)) {
_notifier.Error(T("Couldn't publish page, user {0} doesn't have {1}",
(CurrentUser != null ? CurrentUser.UserName : String.Empty),
Permissions.PublishPages.Name));
//return new HttpUnauthorizedResult();
break;
}
if (!_authorizer.Authorize(Permissions.PublishPages, T("Couldn't publish page")))
return new HttpUnauthorizedResult();
foreach (PageEntry entry in checkedEntries) {
entry.Page = _repository.Get(entry.PageId);
_pageScheduler.ClearTasks(entry.Page);
@@ -113,13 +109,9 @@ namespace Orchard.CmsPages.Controllers {
break;
case PageIndexBulkAction.PublishLater:
if (!_authorizationService.CheckAccess(CurrentUser, Permissions.SchedulePages)) {
_notifier.Error("Couldn't publish page, user " +
(CurrentUser != null ? CurrentUser.UserName : String.Empty) + " doesn't have " +
Permissions.SchedulePages.Name);
//return new HttpUnauthorizedResult();
break;
}
if (!_authorizer.Authorize(Permissions.SchedulePages, T("Couldn't publish page")))
return new HttpUnauthorizedResult();
if (viewModel.Options.BulkPublishLaterDate != null) {
//TODO: Transaction
foreach (PageEntry entry in checkedEntries) {
@@ -135,13 +127,9 @@ namespace Orchard.CmsPages.Controllers {
break;
case PageIndexBulkAction.Unpublish:
if (!_authorizationService.CheckAccess(CurrentUser, Permissions.UnpublishPages)) {
_notifier.Error("Couldn't unpublish page, user " +
(CurrentUser != null ? CurrentUser.UserName : String.Empty) + " doesn't have " +
Permissions.UnpublishPages.Name);
//return new HttpUnauthorizedResult();
break;
}
if (!_authorizer.Authorize(Permissions.UnpublishPages, T("Couldn't publish page")))
return new HttpUnauthorizedResult();
foreach (PageEntry entry in checkedEntries) {
var page = _repository.Get(entry.PageId);
_pageManager.UnpublishPage(page);
@@ -149,13 +137,9 @@ namespace Orchard.CmsPages.Controllers {
break;
case PageIndexBulkAction.Delete:
if (!_authorizationService.CheckAccess(CurrentUser, Permissions.DeletePages)) {
_notifier.Error("Couldn't delete page, user " +
(CurrentUser != null ? CurrentUser.UserName : String.Empty) + " doesn't have " +
Permissions.DeletePages.Name);
//return new HttpUnauthorizedResult();
break;
}
if (!_authorizer.Authorize(Permissions.DeletePages, T("Couldn't delete page")))
return new HttpUnauthorizedResult();
if (viewModel.Options.BulkDeleteConfirmed) {
//TODO: Transaction
foreach (PageEntry entry in checkedEntries) {
@@ -214,13 +198,9 @@ namespace Orchard.CmsPages.Controllers {
var viewModel = new PageCreateViewModel { Templates = _templateProvider.List() };
try {
UpdateModel(viewModel, input.ToValueProvider());
if (!_authorizationService.CheckAccess(CurrentUser, Permissions.CreatePages)) {
_notifier.Error(T("Couldn't create page, user {0} doesn't have {1}",
(CurrentUser != null ? CurrentUser.UserName : String.Empty),
Permissions.CreatePages.Name));
//return new HttpUnauthorizedResult();
return View(viewModel);
}
if (!_authorizer.Authorize(Permissions.CreatePages, T("Couldn't create page")))
return new HttpUnauthorizedResult();
Logger.Information("Creating CmsPage slug:{0} title{1}: template{2}",
viewModel.Slug, viewModel.Title, viewModel.TemplateName);
var revision = _pageManager.CreatePage(viewModel);
@@ -270,32 +250,20 @@ namespace Orchard.CmsPages.Controllers {
RemoveUnusedContentItems(model.Revision, model.Template);
_pageScheduler.ClearTasks(model.Revision.Page);
if (!_authorizationService.CheckAccess(CurrentUser, Permissions.ModifyPages)) {
_notifier.Error("Couldn't edit page, user " +
(CurrentUser != null ? CurrentUser.UserName : String.Empty) + " doesn't have " +
Permissions.ModifyPages.Name);
//return new HttpUnauthorizedResult();
return RedirectToAction("Index");
}
if (!_authorizer.Authorize(Permissions.ModifyPages, T("Couldn't edit page")))
return new HttpUnauthorizedResult();
switch (model.Command) {
case PageEditCommand.PublishNow:
if (!_authorizationService.CheckAccess(CurrentUser, Permissions.PublishPages)) {
_notifier.Error("Couldn't publish page, user " +
(CurrentUser != null ? CurrentUser.UserName : String.Empty) + " doesn't have " +
Permissions.PublishPages.Name);
//return new HttpUnauthorizedResult();
break;
}
if (!_authorizer.Authorize(Permissions.PublishPages, T("Couldn't publish page")))
return new HttpUnauthorizedResult();
_pageManager.Publish(model.Revision, new PublishOptions());
break;
case PageEditCommand.PublishLater:
if (!_authorizationService.CheckAccess(CurrentUser, Permissions.SchedulePages)) {
_notifier.Error("Couldn't publish page, user " +
(CurrentUser != null ? CurrentUser.UserName : String.Empty) + " doesn't have " +
Permissions.SchedulePages.Name);
//return new HttpUnauthorizedResult();
break;
}
if (!_authorizer.Authorize(Permissions.SchedulePages, T("Couldn't publish page")))
return new HttpUnauthorizedResult();
if (model.PublishLaterDate == null)
throw new ArgumentNullException("No pub later value");
_pageScheduler.AddPublishTask(model.Revision, model.PublishLaterDate.Value);
@@ -321,13 +289,8 @@ namespace Orchard.CmsPages.Controllers {
[FormValueRequired("submit.DeleteDraft")]
public ActionResult DeleteDraft(int id) {
#warning UNIT TEST!!!!
if (!_authorizationService.CheckAccess(CurrentUser, Permissions.DeleteDraftPages)) {
_notifier.Error("Couldn't delete draft page, user " +
(CurrentUser != null ? CurrentUser.UserName : String.Empty) + " doesn't have " +
Permissions.DeleteDraftPages.Name);
//return new HttpUnauthorizedResult();
return RedirectToAction("Edit", new { id });
}
if (!_authorizer.Authorize(Permissions.DeleteDraftPages, T("Couldn't delete draft page")))
return new HttpUnauthorizedResult();
var lastRevision = _pageManager.GetLastRevision(id);
if (!lastRevision.IsPublished())

6
src/Orchard.Web/Views/Account/LogOn.aspx
View File

@@ -1,14 +1,18 @@
<%@ Page Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage" %>
<%@ Page Language="C#" MasterPageFile="~/Views/Shared/Site.Master" Inherits="System.Web.Mvc.ViewPage<BaseViewModel>" %>
<%@ Import Namespace="Orchard.Mvc.ViewModels"%>
<asp:Content ID="loginTitle" ContentPlaceHolderID="TitleContent" runat="server">
Log On
</asp:Content>
<asp:Content ID="loginContent" ContentPlaceHolderID="MainContent" runat="server">
<h2>Log On</h2>
<p>
Please enter your username and password. <%= Html.ActionLink("Register", "Register") %> if you don't have an account.
</p>
<% if (Model != null && Model.Messages != null) Html.RenderPartial("Messages", Model.Messages); %>
<%= Html.ValidationSummary("Login was unsuccessful. Please correct the errors and try again.") %>
<% using (Html.BeginForm()) { %>

17
src/Orchard.Web/Views/Shared/Messages.ascx Normal file
View File

@@ -0,0 +1,17 @@
<%@ Control Language="C#" Inherits="System.Web.Mvc.ViewUserControl<IEnumerable<NotifyEntry>>" %>
<%@ Import Namespace="Orchard.UI.Notify"%>
<script runat="server">
string CssClassName(NotifyType type) {
switch(type) {
case NotifyType.Error:
return "validation-summary-errors";
case NotifyType.Warning:
return "validation-summary-errors";
}
return "validation-summary-errors";
}</script>
<% foreach (var item in Model) { %>
<div class="<%=CssClassName(item.Type) %>"><%=Html.Encode(item.Message) %></div>
<% } %>

3
src/Orchard/Controllers/AccountController.cs
View File

@@ -4,6 +4,7 @@ using System.Globalization;
using System.Security.Principal;
using System.Web.Mvc;
using System.Web.Security;
using Orchard.Mvc.ViewModels;
using Orchard.Security;
namespace Orchard.Controllers {
@@ -19,7 +20,7 @@ namespace Orchard.Controllers {
}
public ActionResult LogOn() {
return View();
return View(new BaseViewModel());
}
[AcceptVerbs(HttpVerbs.Post)]

2
src/Orchard/Localization/NullLocalizer.cs
View File

@@ -5,7 +5,7 @@ namespace Orchard.Localization {
_instance = (format, args) => (args == null || args.Length == 0) ? format : string.Format(format, args);
}
public static Localizer _instance;
static readonly Localizer _instance;
public static Localizer Instance { get { return _instance; } }
}

6
src/Orchard/Orchard.csproj
View File

@@ -47,6 +47,8 @@
<SpecificVersion>False</SpecificVersion>
<HintPath>..\..\lib\fluentnhibernate\FluentNHibernate.dll</HintPath>
</Reference>
<Reference Include="Microsoft.VisualStudio.QualityTools.UnitTestFramework, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<Reference Include="Microsoft.VisualStudio.TeamSystem.Data.UnitTesting, Version=9.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a" />
<Reference Include="NHibernate, Version=2.1.0.4000, Culture=neutral, PublicKeyToken=aa95f207798dfdb4, processorArchitecture=MSIL">
<SpecificVersion>False</SpecificVersion>
<HintPath>..\..\lib\fluentnhibernate\NHibernate.dll</HintPath>
@@ -166,6 +168,7 @@
<SubType>ASPXCodeBehind</SubType>
</Compile>
<Compile Include="Security\IAuthenticationService.cs" />
<Compile Include="Security\Authorizer.cs" />
<Compile Include="Security\Providers\FormsAuthenticationService.cs" />
<Compile Include="Security\SecurityFilter.cs" />
<Compile Include="Security\SecurityModule.cs" />
@@ -203,6 +206,9 @@
<Compile Include="Validation\JetBrains.Annotations.cs" />
<Compile Include="IMapper.cs" />
</ItemGroup>
<ItemGroup>
<None Include="Security\app.config" />
</ItemGroup>
<Import Project="$(MSBuildToolsPath)\Microsoft.CSharp.targets" />
<!-- To modify your build process, add your task inside one of the targets below and uncomment it.
Other similar extension points exist, see Microsoft.Common.targets.

45
src/Orchard/Security/Authorizer.cs Normal file
View File

@@ -0,0 +1,45 @@
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Web.Mvc;
using Orchard.Localization;
using Orchard.Security.Permissions;
using Orchard.UI.Notify;
namespace Orchard.Security {
public interface IAuthorizer : IDependency {
bool Authorize(Permission permission, LocalizedString message);
}
public class Authorizer : IAuthorizer {
private readonly IAuthorizationService _authorizationService;
private readonly INotifier _notifier;
public Authorizer(
IAuthorizationService authorizationService,
INotifier notifier) {
_authorizationService = authorizationService;
_notifier = notifier;
T = NullLocalizer.Instance;
}
public IUser CurrentUser { get; set; }
public Localizer T { get; set; }
public bool Authorize(Permission permission, LocalizedString message) {
if (_authorizationService.CheckAccess(CurrentUser, permission))
return true;
if (CurrentUser == null) {
_notifier.Error(T("{0}. Anonymous users do not have {1} permission.",
message, permission.Name));
}
else {
_notifier.Error(T("{0}. Current user, {2}, does not have {1} permission.",
message, permission.Name, CurrentUser.UserName));
}
return false;
}
}
}

1
src/Orchard/UI/Notify/NotifierExtensions.cs
View File

@@ -1,3 +1,4 @@
using System.Web.Mvc;
using Orchard.Localization;
namespace Orchard.UI.Notify {