lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-09-19 01:57:55 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Adding permission check when updloading media from the admin

Browse Source
This commit is contained in:
Sebastien Ros
2016-02-11 11:32:11 -08:00
parent ff276ae961
commit fc0e06408a
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/Orchard.Web/Modules/Orchard.MediaLibrary/Controllers/ClientStorageController.cs
View File

@@ -1,6 +1,5 @@
using System;
using System.Collections.Generic;
using System.Dynamic;
using System.IO;
using System.Web.Mvc;
using Orchard.ContentManagement;
@@ -27,6 +26,16 @@ namespace Orchard.MediaLibrary.Controllers {
public IOrchardServices Services { get; set; }
public ActionResult Index(string folderPath, string type) {
if (!Services.Authorizer.Authorize(Permissions.ManageOwnMedia)) {
return new HttpUnauthorizedResult();
}
// Check permission.
var rootMediaFolder = _mediaLibraryService.GetRootMediaFolder();
if (!Services.Authorizer.Authorize(Permissions.ManageMediaContent) && !_mediaLibraryService.CanManageMediaFolder(folderPath)) {
return new HttpUnauthorizedResult();
}
var viewModel = new ImportMediaViewModel {
FolderPath = folderPath,