lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-09-24 05:23:33 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Adding an authorizer component to streamline the permission checking code. The authorizer can access the current user on the caller's behalf, and will send a standard message to notifier (and also to the log) when access is denied.

Browse Source 
--HG--
extra : convert_revision : svn%3A5ff7c347-ad56-4c35-b696-ccb81de16e03/trunk%4040313
This commit is contained in:
loudej
2009-11-14 06:15:55 +00:00
parent 250dab36d5
commit ea65ec7115
9 changed files with 108 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

97
src/Orchard.Web/Packages/Orchard.CmsPages/Controllers/AdminController.cs
View File

@@ -21,20 +21,20 @@ namespace Orchard.CmsPages.Controllers {
private readonly IPageScheduler _pageScheduler;
private readonly IRepository<Page> _repository;
private readonly ITemplateProvider _templateProvider;
private readonly IAuthorizationService _authorizationService;
private readonly IAuthorizer _authorizer;
private readonly INotifier _notifier;
public AdminController(IPageManager pageManager,
IPageScheduler pageScheduler,
IRepository<Page> repository,
ITemplateProvider templateProvider,
IAuthorizationService authorizationService,
INotifier notifier) {
INotifier notifier,
IAuthorizer authorizer) {
_pageManager = pageManager;
_authorizer = authorizer;
_pageScheduler = pageScheduler;
_repository = repository;
_templateProvider = templateProvider;
_authorizationService = authorizationService;
_notifier = notifier;
Logger = NullLogger.Instance;
}
@@ -97,13 +97,9 @@ namespace Orchard.CmsPages.Controllers {
case PageIndexBulkAction.PublishNow:
//TODO: Transaction
if (!_authorizationService.CheckAccess(CurrentUser, Permissions.PublishPages)) {
_notifier.Error(T("Couldn't publish page, user {0} doesn't have {1}",
(CurrentUser != null ? CurrentUser.UserName : String.Empty),
Permissions.PublishPages.Name));
//return new HttpUnauthorizedResult();
break;
}
if (!_authorizer.Authorize(Permissions.PublishPages, T("Couldn't publish page")))
return new HttpUnauthorizedResult();
foreach (PageEntry entry in checkedEntries) {
entry.Page = _repository.Get(entry.PageId);
_pageScheduler.ClearTasks(entry.Page);
@@ -113,13 +109,9 @@ namespace Orchard.CmsPages.Controllers {
break;
case PageIndexBulkAction.PublishLater:
if (!_authorizationService.CheckAccess(CurrentUser, Permissions.SchedulePages)) {
_notifier.Error("Couldn't publish page, user " +
(CurrentUser != null ? CurrentUser.UserName : String.Empty) + " doesn't have " +
Permissions.SchedulePages.Name);
//return new HttpUnauthorizedResult();
break;
}
if (!_authorizer.Authorize(Permissions.SchedulePages, T("Couldn't publish page")))
return new HttpUnauthorizedResult();
if (viewModel.Options.BulkPublishLaterDate != null) {
//TODO: Transaction
foreach (PageEntry entry in checkedEntries) {
@@ -135,13 +127,9 @@ namespace Orchard.CmsPages.Controllers {
break;
case PageIndexBulkAction.Unpublish:
if (!_authorizationService.CheckAccess(CurrentUser, Permissions.UnpublishPages)) {
_notifier.Error("Couldn't unpublish page, user " +
(CurrentUser != null ? CurrentUser.UserName : String.Empty) + " doesn't have " +
Permissions.UnpublishPages.Name);
//return new HttpUnauthorizedResult();
break;
}
if (!_authorizer.Authorize(Permissions.UnpublishPages, T("Couldn't publish page")))
return new HttpUnauthorizedResult();
foreach (PageEntry entry in checkedEntries) {
var page = _repository.Get(entry.PageId);
_pageManager.UnpublishPage(page);
@@ -149,13 +137,9 @@ namespace Orchard.CmsPages.Controllers {
break;
case PageIndexBulkAction.Delete:
if (!_authorizationService.CheckAccess(CurrentUser, Permissions.DeletePages)) {
_notifier.Error("Couldn't delete page, user " +
(CurrentUser != null ? CurrentUser.UserName : String.Empty) + " doesn't have " +
Permissions.DeletePages.Name);
//return new HttpUnauthorizedResult();
break;
}
if (!_authorizer.Authorize(Permissions.DeletePages, T("Couldn't delete page")))
return new HttpUnauthorizedResult();
if (viewModel.Options.BulkDeleteConfirmed) {
//TODO: Transaction
foreach (PageEntry entry in checkedEntries) {
@@ -214,13 +198,9 @@ namespace Orchard.CmsPages.Controllers {
var viewModel = new PageCreateViewModel { Templates = _templateProvider.List() };
try {
UpdateModel(viewModel, input.ToValueProvider());
if (!_authorizationService.CheckAccess(CurrentUser, Permissions.CreatePages)) {
_notifier.Error(T("Couldn't create page, user {0} doesn't have {1}",
(CurrentUser != null ? CurrentUser.UserName : String.Empty),
Permissions.CreatePages.Name));
//return new HttpUnauthorizedResult();
return View(viewModel);
}
if (!_authorizer.Authorize(Permissions.CreatePages, T("Couldn't create page")))
return new HttpUnauthorizedResult();
Logger.Information("Creating CmsPage slug:{0} title{1}: template{2}",
viewModel.Slug, viewModel.Title, viewModel.TemplateName);
var revision = _pageManager.CreatePage(viewModel);
@@ -270,32 +250,20 @@ namespace Orchard.CmsPages.Controllers {
RemoveUnusedContentItems(model.Revision, model.Template);
_pageScheduler.ClearTasks(model.Revision.Page);
if (!_authorizationService.CheckAccess(CurrentUser, Permissions.ModifyPages)) {
_notifier.Error("Couldn't edit page, user " +
(CurrentUser != null ? CurrentUser.UserName : String.Empty) + " doesn't have " +
Permissions.ModifyPages.Name);
//return new HttpUnauthorizedResult();
return RedirectToAction("Index");
}
if (!_authorizer.Authorize(Permissions.ModifyPages, T("Couldn't edit page")))
return new HttpUnauthorizedResult();
switch (model.Command) {
case PageEditCommand.PublishNow:
if (!_authorizationService.CheckAccess(CurrentUser, Permissions.PublishPages)) {
_notifier.Error("Couldn't publish page, user " +
(CurrentUser != null ? CurrentUser.UserName : String.Empty) + " doesn't have " +
Permissions.PublishPages.Name);
//return new HttpUnauthorizedResult();
break;
}
if (!_authorizer.Authorize(Permissions.PublishPages, T("Couldn't publish page")))
return new HttpUnauthorizedResult();
_pageManager.Publish(model.Revision, new PublishOptions());
break;
case PageEditCommand.PublishLater:
if (!_authorizationService.CheckAccess(CurrentUser, Permissions.SchedulePages)) {
_notifier.Error("Couldn't publish page, user " +
(CurrentUser != null ? CurrentUser.UserName : String.Empty) + " doesn't have " +
Permissions.SchedulePages.Name);
//return new HttpUnauthorizedResult();
break;
}
if (!_authorizer.Authorize(Permissions.SchedulePages, T("Couldn't publish page")))
return new HttpUnauthorizedResult();
if (model.PublishLaterDate == null)
throw new ArgumentNullException("No pub later value");
_pageScheduler.AddPublishTask(model.Revision, model.PublishLaterDate.Value);
@@ -321,13 +289,8 @@ namespace Orchard.CmsPages.Controllers {
[FormValueRequired("submit.DeleteDraft")]
public ActionResult DeleteDraft(int id) {
#warning UNIT TEST!!!!
if (!_authorizationService.CheckAccess(CurrentUser, Permissions.DeleteDraftPages)) {
_notifier.Error("Couldn't delete draft page, user " +
(CurrentUser != null ? CurrentUser.UserName : String.Empty) + " doesn't have " +
Permissions.DeleteDraftPages.Name);
//return new HttpUnauthorizedResult();
return RedirectToAction("Edit", new { id });
}
if (!_authorizer.Authorize(Permissions.DeleteDraftPages, T("Couldn't delete draft page")))
return new HttpUnauthorizedResult();
var lastRevision = _pageManager.GetLastRevision(id);
if (!lastRevision.IsPublished())