16979 Reports should check for site ownership

--HG-- branch : dev
2025-10-15 03:25:23 +08:00 · 2010-12-08 15:10:07 -08:00
parent ca78b8acef
commit ea760cfe2e
1 changed files with 15 additions and 1 deletions
--- a/src/Orchard.Web/Core/Reports/Controllers/AdminController.cs
+++ b/src/Orchard.Web/Core/Reports/Controllers/AdminController.cs
@@ -1,24 +1,38 @@
 using System.Linq;
 using System.Web.Mvc;
 using Orchard.Core.Reports.ViewModels;
+using Orchard.Localization;
 using Orchard.Reports.Services;
+using Orchard.Security;

 namespace Orchard.Core.Reports.Controllers {
    public class AdminController : Controller {
        private readonly IReportsManager _reportsManager;

-        public AdminController(IReportsManager reportsManager) {
+        public AdminController(
+            IOrchardServices services, 
+            IReportsManager reportsManager) {
+            Services = services;
            _reportsManager = reportsManager;
+            T = NullLocalizer.Instance;
        }

+        public IOrchardServices Services { get; set; }
+        public Localizer T { get; set; }

        public ActionResult Index() {
+            if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to list reports")))
+                return new HttpUnauthorizedResult();
+
            var model = new ReportsAdminIndexViewModel { Reports = _reportsManager.GetReports().ToList() };

            return View(model);
        }

        public ActionResult Display(int id) {
+            if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to display report")))
+                return new HttpUnauthorizedResult();
+
            var model = new DisplayReportViewModel { Report = _reportsManager.Get(id) };

            return View(model);