lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-09-19 18:27:55 +08:00
Code Issues Actions 3 Packages Projects Releases Wiki Activity

Adding permission check when updloading media from the admin

Browse Source
This commit is contained in:
Sebastien Ros
2016-02-11 11:32:11 -08:00
parent ff276ae961
commit fc0e06408a
1 changed files with 10 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
src/Orchard.Web/Modules/Orchard.MediaLibrary/Controllers/ClientStorageController.cs
View File

@@ -1,6 +1,5 @@
using System; using System;
using System.Collections.Generic; using System.Collections.Generic;
using System.Dynamic;
using System.IO; using System.IO;
using System.Web.Mvc; using System.Web.Mvc;
using Orchard.ContentManagement; using Orchard.ContentManagement;
@@ -27,6 +26,16 @@ namespace Orchard.MediaLibrary.Controllers {
public IOrchardServices Services { get; set; } public IOrchardServices Services { get; set; }
public ActionResult Index(string folderPath, string type) { public ActionResult Index(string folderPath, string type) {
if (!Services.Authorizer.Authorize(Permissions.ManageOwnMedia)) {
return new HttpUnauthorizedResult();
}
// Check permission.
var rootMediaFolder = _mediaLibraryService.GetRootMediaFolder();
if (!Services.Authorizer.Authorize(Permissions.ManageMediaContent) && !_mediaLibraryService.CanManageMediaFolder(folderPath)) {
return new HttpUnauthorizedResult();
}
var viewModel = new ImportMediaViewModel { var viewModel = new ImportMediaViewModel {
FolderPath = folderPath, FolderPath = folderPath,