lsm/Orchard
1
0
Fork 0
mirror of https://github.com/OrchardCMS/Orchard.git synced 2025-04-05 21:01:35 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

Merged IAuthorizationEventHandlers to circumvey the call order

Browse Source 
- Renamed permission tokens to prevent ambiguities
- Corrected called permission from content controllers

--HG--
branch : dev
This commit is contained in:
Sebastien Ros 2010-10-07 11:47:09 -07:00
parent f06d553ae0
commit 46c33f7fe0
9 changed files with 256 additions and 269 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
src/Orchard.Specs/Bindings/ContentRights.cs
View File

@ -90,7 +90,7 @@ namespace Orchard.Specs.Bindings {
});
}
// returns permissions as they are used in controllers for each action
private static Permission GetPermissionForAction(string action) {
switch ( action ) {
case "publish":

73
src/Orchard.Specs/ContentRights.feature
View File

@ -17,6 +17,31 @@ Scenario: Users can't create a Page if they don't have the PublishContent permis
And "user1" should be able to "edit" a "Page" owned by "user1"
And "user1" should be able to "delete" a "Page" owned by "user1"
Scenario: Users can create a Page of others if they have PublishContent permission
Given I have installed Orchard
When I have a role "CustomRole" with permissions "PublishContent"
And I have a user "user1" with roles "CustomRole"
And I have a user "user2" with roles "Administrator"
Then "user1" should be able to "publish" a "Page" owned by "user2"
And "user1" should be able to "edit" a "Page" owned by "user2"
And "user1" should not be able to "delete" a "Page" owned by "user2"
Scenario: Users can create a Page if they have PublishOwnContent for Page
Given I have installed Orchard
When I have a role "CustomRole" with permissions "Publish_Page"
And I have a user "user1" with roles "CustomRole"
Then "user1" should be able to "publish" a "Page" owned by "user1"
And "user1" should be able to "edit" a "Page" owned by "user1"
And "user1" should not be able to "delete" a "Page" owned by "user1"
Scenario: Users can create and edit a Page even if they only have the PublishOwnContent permission
Given I have installed Orchard
When I have a role "CustomRole" with permissions "PublishOwnContent"
And I have a user "user1" with roles "CustomRole"
Then "user1" should be able to "publish" a "Page" owned by "user1"
And "user1" should be able to "edit" a "Page" owned by "user1"
And "user1" should not be able to "delete" a "Page" owned by "user1"
Scenario: Users can't edit a Page if they don't have the EditContent permission
Given I have installed Orchard
When I have a role "CustomRole" with permissions "DeleteContent"
@ -25,41 +50,15 @@ Scenario: Users can't edit a Page if they don't have the EditContent permission
And "user1" should not be able to "edit" a "Page" owned by "user1"
And "user1" should be able to "delete" a "Page" owned by "user1"
Scenario: Users can create and edit a Page even if they only have the PublishContent permission
Scenario: Users can't create a Page for others if they only have PublishOwnContent
Given I have installed Orchard
When I have a role "CustomRole" with permissions "PublishContent"
And I have a user "user1" with roles "CustomRole"
Then "user1" should be able to "publish" a "Page" owned by "user1"
And "user1" should be able to "edit" a "Page" owned by "user1"
And "user1" should not be able to "delete" a "Page" owned by "user1"
Scenario: Users can create a Page if they have PublishContent for Page
Given I have installed Orchard
When I have a role "CustomRole" with permissions "Publish_Page"
And I have a user "user1" with roles "CustomRole"
Then "user1" should be able to "publish" a "Page" owned by "user1"
And "user1" should be able to "edit" a "Page" owned by "user1"
And "user1" should not be able to "delete" a "Page" owned by "user1"
Scenario: Users can't create a Page for others if they only have PublishContent
Given I have installed Orchard
When I have a role "CustomRole" with permissions "PublishContent"
When I have a role "CustomRole" with permissions "PublishOwnContent"
And I have a user "user1" with roles "CustomRole"
And I have a user "user2" with roles "Administrator"
Then "user1" should not be able to "publish" a "Page" owned by "user2"
And "user1" should not be able to "edit" a "Page" owned by "user2"
And "user1" should not be able to "delete" a "Page" owned by "user2"
Scenario: Users can create a Page for others if they have PublishOthersContent
Given I have installed Orchard
When I have a role "CustomRole" with permissions "PublishOthersContent"
And I have a user "user1" with roles "CustomRole"
And I have a user "user2" with roles "Administrator"
Then "user1" should be able to "publish" a "Page" owned by "user2"
And "user1" should be able to "edit" a "Page" owned by "user2"
And "user1" should not be able to "delete" a "Page" owned by "user2"
Scenario: Users can't create a Page for others if they only have Publish_Page
Given I have installed Orchard
When I have a role "CustomRole" with permissions "Publish_Page"
@ -69,20 +68,30 @@ Scenario: Users can't create a Page for others if they only have Publish_Page
And "user1" should be able to "edit" a "Page" owned by "user2"
And "user1" should not be able to "delete" a "Page" owned by "user2"
Scenario: Users can create a Page for others if they only have PublishOthers_Page
Scenario: Users can create a Page for others if they only have Publish_Page
Given I have installed Orchard
When I have a role "CustomRole" with permissions "PublishOthers_Page"
When I have a role "CustomRole" with permissions "Publish_Page"
And I have a user "user1" with roles "CustomRole"
And I have a user "user2" with roles "Administrator"
Then "user1" should be able to "publish" a "Page" owned by "user2"
And "user1" should be able to "edit" a "Page" owned by "user2"
And "user1" should not be able to "delete" a "Page" owned by "user2"
Scenario: Users can delete a Page for others if they only have DeleteOthers_Page
Scenario: Users can delete a Page for others if they only have Delete_Page
Given I have installed Orchard
When I have a role "CustomRole" with permissions "DeleteOthers_Page"
When I have a role "CustomRole" with permissions "Delete_Page"
And I have a user "user1" with roles "CustomRole"
And I have a user "user2" with roles "Administrator"
Then "user1" should not be able to "publish" a "Page" owned by "user2"
And "user1" should not be able to "edit" a "Page" owned by "user2"
And "user1" should be able to "delete" a "Page" owned by "user2"
Scenario: Users can't delete a Page for others if they only have DeleteOwn_Page
Given I have installed Orchard
When I have a role "CustomRole" with permissions "DeleteOwn_Page"
And I have a user "user1" with roles "CustomRole"
And I have a user "user2" with roles "Administrator"
Then "user1" should not be able to "publish" a "Page" owned by "user2"
And "user1" should not be able to "edit" a "Page" owned by "user2"
And "user1" should not be able to "delete" a "Page" owned by "user2"

257
src/Orchard.Specs/ContentRights.feature.cs generated
View File

@ -96,120 +96,120 @@ testRunner.And("\"user1\" should be able to \"delete\" a \"Page\" owned by \"use
}
[NUnit.Framework.TestAttribute()]
[NUnit.Framework.DescriptionAttribute("Users can\'t edit a Page if they don\'t have the EditContent permission")]
public virtual void UsersCanTEditAPageIfTheyDonTHaveTheEditContentPermission()
[NUnit.Framework.DescriptionAttribute("Users can create a Page of others if they have PublishContent permission")]
public virtual void UsersCanCreateAPageOfOthersIfTheyHavePublishContentPermission()
{
TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can\'t edit a Page if they don\'t have the EditContent permission", ((string[])(null)));
TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can create a Page of others if they have PublishContent permission", ((string[])(null)));
#line 20
this.ScenarioSetup(scenarioInfo);
#line 21
testRunner.Given("I have installed Orchard");
#line 22
testRunner.When("I have a role \"CustomRole\" with permissions \"DeleteContent\"");
testRunner.When("I have a role \"CustomRole\" with permissions \"PublishContent\"");
#line 23
testRunner.And("I have a user \"user1\" with roles \"CustomRole\"");
#line 24
testRunner.Then("\"user1\" should not be able to \"publish\" a \"Page\" owned by \"user1\"");
#line 25
testRunner.And("\"user1\" should not be able to \"edit\" a \"Page\" owned by \"user1\"");
#line 26
testRunner.And("\"user1\" should be able to \"delete\" a \"Page\" owned by \"user1\"");
#line hidden
testRunner.CollectScenarioErrors();
}
[NUnit.Framework.TestAttribute()]
[NUnit.Framework.DescriptionAttribute("Users can create and edit a Page even if they only have the PublishContent permis" +
"sion")]
public virtual void UsersCanCreateAndEditAPageEvenIfTheyOnlyHaveThePublishContentPermission()
{
TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can create and edit a Page even if they only have the PublishContent permis" +
"sion", ((string[])(null)));
#line 28
this.ScenarioSetup(scenarioInfo);
#line 29
testRunner.Given("I have installed Orchard");
#line 30
testRunner.When("I have a role \"CustomRole\" with permissions \"PublishContent\"");
#line 31
testRunner.And("I have a user \"user1\" with roles \"CustomRole\"");
#line 32
testRunner.Then("\"user1\" should be able to \"publish\" a \"Page\" owned by \"user1\"");
#line 33
testRunner.And("\"user1\" should be able to \"edit\" a \"Page\" owned by \"user1\"");
#line 34
testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \"user1\"");
#line hidden
testRunner.CollectScenarioErrors();
}
[NUnit.Framework.TestAttribute()]
[NUnit.Framework.DescriptionAttribute("Users can create a Page if they have PublishContent for Page")]
public virtual void UsersCanCreateAPageIfTheyHavePublishContentForPage()
{
TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can create a Page if they have PublishContent for Page", ((string[])(null)));
#line 36
this.ScenarioSetup(scenarioInfo);
#line 37
testRunner.Given("I have installed Orchard");
#line 38
testRunner.When("I have a role \"CustomRole\" with permissions \"Publish_Page\"");
#line 39
testRunner.And("I have a user \"user1\" with roles \"CustomRole\"");
#line 40
testRunner.Then("\"user1\" should be able to \"publish\" a \"Page\" owned by \"user1\"");
#line 41
testRunner.And("\"user1\" should be able to \"edit\" a \"Page\" owned by \"user1\"");
#line 42
testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \"user1\"");
#line hidden
testRunner.CollectScenarioErrors();
}
[NUnit.Framework.TestAttribute()]
[NUnit.Framework.DescriptionAttribute("Users can\'t create a Page for others if they only have PublishContent")]
public virtual void UsersCanTCreateAPageForOthersIfTheyOnlyHavePublishContent()
{
TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can\'t create a Page for others if they only have PublishContent", ((string[])(null)));
#line 44
this.ScenarioSetup(scenarioInfo);
#line 45
testRunner.Given("I have installed Orchard");
#line 46
testRunner.When("I have a role \"CustomRole\" with permissions \"PublishContent\"");
#line 47
testRunner.And("I have a user \"user1\" with roles \"CustomRole\"");
#line 48
testRunner.And("I have a user \"user2\" with roles \"Administrator\"");
#line 49
testRunner.Then("\"user1\" should not be able to \"publish\" a \"Page\" owned by \"user2\"");
#line 50
testRunner.And("\"user1\" should not be able to \"edit\" a \"Page\" owned by \"user2\"");
#line 51
#line 25
testRunner.Then("\"user1\" should be able to \"publish\" a \"Page\" owned by \"user2\"");
#line 26
testRunner.And("\"user1\" should be able to \"edit\" a \"Page\" owned by \"user2\"");
#line 27
testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \"user2\"");
#line hidden
testRunner.CollectScenarioErrors();
}
[NUnit.Framework.TestAttribute()]
[NUnit.Framework.DescriptionAttribute("Users can create a Page for others if they have PublishOthersContent")]
public virtual void UsersCanCreateAPageForOthersIfTheyHavePublishOthersContent()
[NUnit.Framework.DescriptionAttribute("Users can create a Page if they have PublishOwnContent for Page")]
public virtual void UsersCanCreateAPageIfTheyHavePublishOwnContentForPage()
{
TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can create a Page for others if they have PublishOthersContent", ((string[])(null)));
TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can create a Page if they have PublishOwnContent for Page", ((string[])(null)));
#line 29
this.ScenarioSetup(scenarioInfo);
#line 30
testRunner.Given("I have installed Orchard");
#line 31
testRunner.When("I have a role \"CustomRole\" with permissions \"Publish_Page\"");
#line 32
testRunner.And("I have a user \"user1\" with roles \"CustomRole\"");
#line 33
testRunner.Then("\"user1\" should be able to \"publish\" a \"Page\" owned by \"user1\"");
#line 34
testRunner.And("\"user1\" should be able to \"edit\" a \"Page\" owned by \"user1\"");
#line 35
testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \"user1\"");
#line hidden
testRunner.CollectScenarioErrors();
}
[NUnit.Framework.TestAttribute()]
[NUnit.Framework.DescriptionAttribute("Users can create and edit a Page even if they only have the PublishOwnContent per" +
"mission")]
public virtual void UsersCanCreateAndEditAPageEvenIfTheyOnlyHaveThePublishOwnContentPermission()
{
TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can create and edit a Page even if they only have the PublishOwnContent per" +
"mission", ((string[])(null)));
#line 37
this.ScenarioSetup(scenarioInfo);
#line 38
testRunner.Given("I have installed Orchard");
#line 39
testRunner.When("I have a role \"CustomRole\" with permissions \"PublishOwnContent\"");
#line 40
testRunner.And("I have a user \"user1\" with roles \"CustomRole\"");
#line 41
testRunner.Then("\"user1\" should be able to \"publish\" a \"Page\" owned by \"user1\"");
#line 42
testRunner.And("\"user1\" should be able to \"edit\" a \"Page\" owned by \"user1\"");
#line 43
testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \"user1\"");
#line hidden
testRunner.CollectScenarioErrors();
}
[NUnit.Framework.TestAttribute()]
[NUnit.Framework.DescriptionAttribute("Users can\'t edit a Page if they don\'t have the EditContent permission")]
public virtual void UsersCanTEditAPageIfTheyDonTHaveTheEditContentPermission()
{
TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can\'t edit a Page if they don\'t have the EditContent permission", ((string[])(null)));
#line 45
this.ScenarioSetup(scenarioInfo);
#line 46
testRunner.Given("I have installed Orchard");
#line 47
testRunner.When("I have a role \"CustomRole\" with permissions \"DeleteContent\"");
#line 48
testRunner.And("I have a user \"user1\" with roles \"CustomRole\"");
#line 49
testRunner.Then("\"user1\" should not be able to \"publish\" a \"Page\" owned by \"user1\"");
#line 50
testRunner.And("\"user1\" should not be able to \"edit\" a \"Page\" owned by \"user1\"");
#line 51
testRunner.And("\"user1\" should be able to \"delete\" a \"Page\" owned by \"user1\"");
#line hidden
testRunner.CollectScenarioErrors();
}
[NUnit.Framework.TestAttribute()]
[NUnit.Framework.DescriptionAttribute("Users can\'t create a Page for others if they only have PublishOwnContent")]
public virtual void UsersCanTCreateAPageForOthersIfTheyOnlyHavePublishOwnContent()
{
TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can\'t create a Page for others if they only have PublishOwnContent", ((string[])(null)));
#line 53
this.ScenarioSetup(scenarioInfo);
#line 54
testRunner.Given("I have installed Orchard");
#line 55
testRunner.When("I have a role \"CustomRole\" with permissions \"PublishOthersContent\"");
testRunner.When("I have a role \"CustomRole\" with permissions \"PublishOwnContent\"");
#line 56
testRunner.And("I have a user \"user1\" with roles \"CustomRole\"");
#line 57
testRunner.And("I have a user \"user2\" with roles \"Administrator\"");
#line 58
testRunner.Then("\"user1\" should be able to \"publish\" a \"Page\" owned by \"user2\"");
testRunner.Then("\"user1\" should not be able to \"publish\" a \"Page\" owned by \"user2\"");
#line 59
testRunner.And("\"user1\" should be able to \"edit\" a \"Page\" owned by \"user2\"");
testRunner.And("\"user1\" should not be able to \"edit\" a \"Page\" owned by \"user2\"");
#line 60
testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \"user2\"");
#line hidden
@ -221,72 +221,97 @@ testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \
public virtual void UsersCanTCreateAPageForOthersIfTheyOnlyHavePublish_Page()
{
TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can\'t create a Page for others if they only have Publish_Page", ((string[])(null)));
#line 62
this.ScenarioSetup(scenarioInfo);
#line 63
this.ScenarioSetup(scenarioInfo);
testRunner.Given("I have installed Orchard");
#line 64
testRunner.Given("I have installed Orchard");
#line 65
testRunner.When("I have a role \"CustomRole\" with permissions \"Publish_Page\"");
#line 65
testRunner.And("I have a user \"user1\" with roles \"CustomRole\"");
#line 66
testRunner.And("I have a user \"user1\" with roles \"CustomRole\"");
testRunner.And("I have a user \"user2\" with roles \"Administrator\"");
#line 67
testRunner.And("I have a user \"user2\" with roles \"Administrator\"");
testRunner.Then("\"user1\" should be able to \"publish\" a \"Page\" owned by \"user2\"");
#line 68
testRunner.Then("\"user1\" should be able to \"publish\" a \"Page\" owned by \"user2\"");
testRunner.And("\"user1\" should be able to \"edit\" a \"Page\" owned by \"user2\"");
#line 69
testRunner.And("\"user1\" should be able to \"edit\" a \"Page\" owned by \"user2\"");
#line 70
testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \"user2\"");
#line hidden
testRunner.CollectScenarioErrors();
}
[NUnit.Framework.TestAttribute()]
[NUnit.Framework.DescriptionAttribute("Users can create a Page for others if they only have PublishOthers_Page")]
public virtual void UsersCanCreateAPageForOthersIfTheyOnlyHavePublishOthers_Page()
[NUnit.Framework.DescriptionAttribute("Users can create a Page for others if they only have Publish_Page")]
public virtual void UsersCanCreateAPageForOthersIfTheyOnlyHavePublish_Page()
{
TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can create a Page for others if they only have PublishOthers_Page", ((string[])(null)));
TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can create a Page for others if they only have Publish_Page", ((string[])(null)));
#line 71
this.ScenarioSetup(scenarioInfo);
#line 72
this.ScenarioSetup(scenarioInfo);
#line 73
testRunner.Given("I have installed Orchard");
#line 73
testRunner.When("I have a role \"CustomRole\" with permissions \"Publish_Page\"");
#line 74
testRunner.When("I have a role \"CustomRole\" with permissions \"PublishOthers_Page\"");
#line 75
testRunner.And("I have a user \"user1\" with roles \"CustomRole\"");
#line 76
#line 75
testRunner.And("I have a user \"user2\" with roles \"Administrator\"");
#line 77
#line 76
testRunner.Then("\"user1\" should be able to \"publish\" a \"Page\" owned by \"user2\"");
#line 78
#line 77
testRunner.And("\"user1\" should be able to \"edit\" a \"Page\" owned by \"user2\"");
#line 79
#line 78
testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \"user2\"");
#line hidden
testRunner.CollectScenarioErrors();
}
[NUnit.Framework.TestAttribute()]
[NUnit.Framework.DescriptionAttribute("Users can delete a Page for others if they only have DeleteOthers_Page")]
public virtual void UsersCanDeleteAPageForOthersIfTheyOnlyHaveDeleteOthers_Page()
[NUnit.Framework.DescriptionAttribute("Users can delete a Page for others if they only have Delete_Page")]
public virtual void UsersCanDeleteAPageForOthersIfTheyOnlyHaveDelete_Page()
{
TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can delete a Page for others if they only have DeleteOthers_Page", ((string[])(null)));
#line 81
TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can delete a Page for others if they only have Delete_Page", ((string[])(null)));
#line 80
this.ScenarioSetup(scenarioInfo);
#line 82
#line 81
testRunner.Given("I have installed Orchard");
#line 82
testRunner.When("I have a role \"CustomRole\" with permissions \"Delete_Page\"");
#line 83
testRunner.When("I have a role \"CustomRole\" with permissions \"DeleteOthers_Page\"");
#line 84
testRunner.And("I have a user \"user1\" with roles \"CustomRole\"");
#line 85
#line 84
testRunner.And("I have a user \"user2\" with roles \"Administrator\"");
#line 86
#line 85
testRunner.Then("\"user1\" should not be able to \"publish\" a \"Page\" owned by \"user2\"");
#line 87
#line 86
testRunner.And("\"user1\" should not be able to \"edit\" a \"Page\" owned by \"user2\"");
#line 88
#line 87
testRunner.And("\"user1\" should be able to \"delete\" a \"Page\" owned by \"user2\"");
#line hidden
testRunner.CollectScenarioErrors();
}
[NUnit.Framework.TestAttribute()]
[NUnit.Framework.DescriptionAttribute("Users can\'t delete a Page for others if they only have DeleteOwn_Page")]
public virtual void UsersCanTDeleteAPageForOthersIfTheyOnlyHaveDeleteOwn_Page()
{
TechTalk.SpecFlow.ScenarioInfo scenarioInfo = new TechTalk.SpecFlow.ScenarioInfo("Users can\'t delete a Page for others if they only have DeleteOwn_Page", ((string[])(null)));
#line 90
this.ScenarioSetup(scenarioInfo);
#line 91
testRunner.Given("I have installed Orchard");
#line 92
testRunner.When("I have a role \"CustomRole\" with permissions \"DeleteOwn_Page\"");
#line 93
testRunner.And("I have a user \"user1\" with roles \"CustomRole\"");
#line 94
testRunner.And("I have a user \"user2\" with roles \"Administrator\"");
#line 95
testRunner.Then("\"user1\" should not be able to \"publish\" a \"Page\" owned by \"user2\"");
#line 96
testRunner.And("\"user1\" should not be able to \"edit\" a \"Page\" owned by \"user2\"");
#line 97
testRunner.And("\"user1\" should not be able to \"delete\" a \"Page\" owned by \"user2\"");
#line hidden
testRunner.CollectScenarioErrors();
}

64
src/Orchard.Web/Core/Common/Security/AuthorizationEventHandler.cs
View File

@ -2,6 +2,8 @@ using JetBrains.Annotations;
using Orchard.ContentManagement;
using Orchard.ContentManagement.Aspects;
using Orchard.Core.Common.Models;
using Orchard.Core.Contents;
using Orchard.Core.Contents.Settings;
using Orchard.Security;
using Orchard.Security.Permissions;
@ -13,17 +15,49 @@ namespace Orchard.Core.Common.Security
public void Checking(CheckAccessContext context) { }
public void Complete(CheckAccessContext context) { }
public void Adjust(CheckAccessContext context)
{
if (!context.Granted &&
context.Content.Is<CommonPart>() &&
OwnerVariationExists(context.Permission) &&
HasOwnership(context.User, context.Content))
{
public void Adjust(CheckAccessContext context) {
if ( !context.Granted &&
context.Content.Is<CommonPart>() ) {
context.Adjusted = true;
context.Permission = GetOwnerVariation(context.Permission);
if (OwnerVariationExists(context.Permission) &&
HasOwnership(context.User, context.Content)) {
context.Adjusted = true;
context.Permission = GetOwnerVariation(context.Permission);
}
var typeDefinition = context.Content.ContentItem.TypeDefinition;
// replace permission if a more specific version exists
if ( typeDefinition.Settings.GetModel<ContentTypeSettings>().Creatable ) {
var permission = context.Permission;
if ( context.Permission.Name == Contents.Permissions.PublishOwnContent.Name ) {
permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.PublishOwnContent, typeDefinition);
}
else if ( context.Permission.Name == Contents.Permissions.EditOwnContent.Name ) {
permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.EditOwnContent, typeDefinition);
}
else if ( context.Permission.Name == Contents.Permissions.DeleteOwnContent.Name ) {
permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.DeleteOwnContent, typeDefinition);
}
else if ( context.Permission.Name == Contents.Permissions.PublishContent.Name ) {
permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.PublishContent, typeDefinition);
}
else if ( context.Permission.Name == Contents.Permissions.EditContent.Name ) {
permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.EditContent, typeDefinition);
}
else if ( context.Permission.Name == Contents.Permissions.DeleteContent.Name ) {
permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.DeleteContent, typeDefinition);
}
if ( permission != context.Permission ) {
context.Adjusted = true;
context.Permission = permission;
}
}
}
}
private static bool HasOwnership(IUser user, IContent content)
@ -45,12 +79,12 @@ namespace Orchard.Core.Common.Security
private static Permission GetOwnerVariation(Permission permission)
{
if (permission.Name == Contents.Permissions.PublishOthersContent.Name)
return Contents.Permissions.PublishContent;
if (permission.Name == Contents.Permissions.EditOthersContent.Name)
return Contents.Permissions.EditContent;
if (permission.Name == Contents.Permissions.DeleteOthersContent.Name)
return Contents.Permissions.DeleteContent;
if (permission.Name == Contents.Permissions.PublishContent.Name)
return Contents.Permissions.PublishOwnContent;
if (permission.Name == Contents.Permissions.EditContent.Name)
return Contents.Permissions.EditOwnContent;
if (permission.Name == Contents.Permissions.DeleteContent.Name)
return Contents.Permissions.DeleteOwnContent;
return null;
}
}

80
src/Orchard.Web/Core/Contents/AuthorizationEventHandler.cs
View File

@ -1,80 +0,0 @@
using System;
using JetBrains.Annotations;
using Orchard.ContentManagement;
using Orchard.ContentManagement.Aspects;
using Orchard.Core.Contents.Settings;
using Orchard.Security;
using Orchard.Security.Permissions;
namespace Orchard.Core.Contents {
[UsedImplicitly]
public class AuthorizationEventHandler : IAuthorizationServiceEventHandler {
public void Checking(CheckAccessContext context) { }
public void Complete(CheckAccessContext context) { }
public void Adjust(CheckAccessContext context) {
if ( context.Granted || context.Content == null )
return;
var typeDefinition = context.Content.ContentItem.TypeDefinition;
// replace permission if more specific version exists
if ( typeDefinition.Settings.GetModel<ContentTypeSettings>().Creatable ) {
var permission = context.Permission;
if ( context.Permission.Name == Permissions.PublishContent.Name )
permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.PublishContent, typeDefinition);
if ( context.Permission.Name == Permissions.EditContent.Name )
permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.EditContent, typeDefinition);
if ( context.Permission.Name == Permissions.DeleteContent.Name )
permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.DeleteContent, typeDefinition);
if ( context.Permission.Name == Permissions.PublishOthersContent.Name )
permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.PublishOthersContent, typeDefinition);
if ( context.Permission.Name == Permissions.EditOthersContent.Name )
permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.EditOthersContent, typeDefinition);
if ( context.Permission.Name == Permissions.DeleteOthersContent.Name )
permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.DeleteOthersContent, typeDefinition);
// converts the permission if the owner is someone else
if ( HasOtherOwner(context.User, context.Content) ) {
if ( permission.Name == String.Format(DynamicPermissions.PublishContent.Name, typeDefinition.Name) )
permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.PublishOthersContent, typeDefinition);
if ( permission.Name == String.Format(DynamicPermissions.EditContent.Name, typeDefinition.Name) )
permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.EditOthersContent, typeDefinition);
if ( permission.Name == String.Format(DynamicPermissions.DeleteContent.Name, typeDefinition.Name) )
permission = DynamicPermissions.CreateDynamicPersion(DynamicPermissions.DeleteOthersContent, typeDefinition);
}
if ( permission != context.Permission ) {
context.Adjusted = true;
context.Permission = permission;
}
}
}
private static bool HasOtherOwner(IUser user, IContent content) {
if ( user == null || content == null )
return false;
var common = content.As<ICommonPart>();
if ( common == null || common.Owner == null )
return false;
return user.Id != common.Owner.Id;
}
private static Permission GetOwnerVariation(Permission permission)
{
if (permission.Name == Contents.Permissions.PublishOthersContent.Name)
return Contents.Permissions.PublishContent;
if (permission.Name == Contents.Permissions.EditOthersContent.Name)
return Contents.Permissions.EditContent;
if (permission.Name == Contents.Permissions.DeleteOthersContent.Name)
return Contents.Permissions.DeleteContent;
return null;
}
}
}

6
src/Orchard.Web/Core/Contents/Controllers/AdminController.cs
View File

@ -251,7 +251,7 @@ namespace Orchard.Core.Contents.Controllers {
if (contentItem == null)
return new NotFoundResult();
if (!Services.Authorizer.Authorize(Permissions.EditOthersContent, contentItem, T("Cannot edit content")))
if (!Services.Authorizer.Authorize(Permissions.EditContent, contentItem, T("Cannot edit content")))
return new HttpUnauthorizedResult();
var model = _contentManager.BuildEditorModel(contentItem);
@ -266,7 +266,7 @@ namespace Orchard.Core.Contents.Controllers {
if (contentItem == null)
return new NotFoundResult();
if (!Services.Authorizer.Authorize(Permissions.EditOthersContent, contentItem, T("Couldn't edit content")))
if (!Services.Authorizer.Authorize(Permissions.EditContent, contentItem, T("Couldn't edit content")))
return new HttpUnauthorizedResult();
var model = _contentManager.UpdateEditorModel(contentItem, this);
@ -289,7 +289,7 @@ namespace Orchard.Core.Contents.Controllers {
public ActionResult RemovePOST(int id, string returnUrl) {
var contentItem = _contentManager.Get(id, VersionOptions.Latest);
if (!Services.Authorizer.Authorize(Permissions.DeleteOthersContent, contentItem, T("Couldn't remove content")))
if (!Services.Authorizer.Authorize(Permissions.DeleteContent, contentItem, T("Couldn't remove content")))
return new HttpUnauthorizedResult();
if (contentItem != null) {

14
src/Orchard.Web/Core/Contents/DynamicPermissions.cs
View File

@ -9,14 +9,14 @@ using Orchard.Security.Permissions;
namespace Orchard.Core.Contents {
public class DynamicPermissions : IPermissionProvider {
public static readonly Permission PublishOthersContent = new Permission { Description = "Publish or unpublish {0} for others", Name = "PublishOthers_{0}", ImpliedBy = new[] { Permissions.PublishOthersContent } };
public static readonly Permission PublishContent = new Permission { Description = "Publish or unpublish {0}", Name = "Publish_{0}", ImpliedBy = new[] { PublishOthersContent, Permissions.PublishContent } };
public static readonly Permission EditOthersContent = new Permission { Description = "Edit {0} for others", Name = "EditOthers_{0}", ImpliedBy = new[] { PublishOthersContent, Permissions.EditOthersContent } };
public static readonly Permission EditContent = new Permission { Description = "Edit {0}", Name = "EditContent", ImpliedBy = new[] { EditOthersContent, PublishContent, Permissions.EditContent } };
public static readonly Permission DeleteOthersContent = new Permission { Description = "Delete {0} for others", Name = "DeleteOthers_{0}", ImpliedBy = new[] { Permissions.DeleteOthersContent } };
public static readonly Permission DeleteContent = new Permission { Description = "Delete {0}", Name = "Delete_{0}", ImpliedBy = new[] { DeleteOthersContent, Permissions.DeleteContent } };
public static readonly Permission PublishContent = new Permission { Description = "Publish or unpublish {0} for others", Name = "Publish_{0}", ImpliedBy = new[] { Permissions.PublishContent } };
public static readonly Permission PublishOwnContent = new Permission { Description = "Publish or unpublish {0}", Name = "PublishOwn_{0}", ImpliedBy = new[] { PublishContent, Permissions.PublishOwnContent } };
public static readonly Permission EditContent = new Permission { Description = "Edit {0} for others", Name = "Edit_{0}", ImpliedBy = new[] { PublishContent, Permissions.PublishContent } };
public static readonly Permission EditOwnContent = new Permission { Description = "Edit {0}", Name = "EditOwn_{0}", ImpliedBy = new[] { EditContent, PublishOwnContent, Permissions.EditOwnContent } };
public static readonly Permission DeleteContent = new Permission { Description = "Delete {0} for others", Name = "Delete_{0}", ImpliedBy = new[] { Permissions.DeleteContent } };
public static readonly Permission DeleteOwnContent = new Permission { Description = "Delete {0}", Name = "DeleteOwn_{0}", ImpliedBy = new[] { DeleteContent, Permissions.DeleteOwnContent } };
public static readonly Permission[] PermissionTemplates = new[] {PublishOthersContent, PublishContent, EditOthersContent, EditContent, DeleteOthersContent, DeleteContent};
public static readonly Permission[] PermissionTemplates = new[] {PublishContent, PublishOwnContent, EditContent, EditOwnContent, DeleteContent, DeleteOwnContent};
private readonly IContentDefinitionManager _contentDefinitionManager;

28
src/Orchard.Web/Core/Contents/Permissions.cs
View File

@ -4,25 +4,25 @@ using Orchard.Security.Permissions;
namespace Orchard.Core.Contents {
public class Permissions : IPermissionProvider {
public static readonly Permission PublishOthersContent = new Permission { Description = "Publish or unpublish content for others", Name = "PublishOthersContent" };
public static readonly Permission PublishContent = new Permission { Description = "Publish or unpublish content", Name = "PublishContent", ImpliedBy = new[] { PublishOthersContent } };
public static readonly Permission EditOthersContent = new Permission { Description = "Edit content for others", Name = "EditOthersContent", ImpliedBy = new[] { PublishOthersContent } };
public static readonly Permission EditContent = new Permission { Description = "Edit content", Name = "EditContent", ImpliedBy = new[] { EditOthersContent, PublishContent } };
public static readonly Permission DeleteOthersContent = new Permission { Description = "Delete content for others", Name = "DeleteOthersContent" };
public static readonly Permission DeleteContent = new Permission { Description = "Delete content", Name = "DeleteContent", ImpliedBy = new[] { DeleteOthersContent } };
public static readonly Permission PublishContent = new Permission { Description = "Publish or unpublish content for others", Name = "PublishContent" };
public static readonly Permission PublishOwnContent = new Permission { Description = "Publish or unpublish content", Name = "PublishOwnContent", ImpliedBy = new[] { PublishContent } };
public static readonly Permission EditContent = new Permission { Description = "Edit content for others", Name = "EditContent", ImpliedBy = new[] { PublishContent } };
public static readonly Permission EditOwnContent = new Permission { Description = "Edit content", Name = "EditOwnContent", ImpliedBy = new[] { EditContent, PublishOwnContent } };
public static readonly Permission DeleteContent = new Permission { Description = "Delete content for others", Name = "DeleteContent" };
public static readonly Permission DeleteOwnContent = new Permission { Description = "Delete content", Name = "DeleteOwnContent", ImpliedBy = new[] { DeleteContent } };
public static readonly Permission MetaListContent = new Permission { ImpliedBy = new[] { EditContent, PublishContent, DeleteContent } };
public static readonly Permission MetaListContent = new Permission { ImpliedBy = new[] { EditOwnContent, PublishOwnContent, DeleteOwnContent } };
public virtual Feature Feature { get; set; }
public IEnumerable<Permission> GetPermissions() {
return new [] {
EditOwnContent,
EditContent,
EditOthersContent,
PublishOwnContent,
PublishContent,
PublishOthersContent,
DeleteOwnContent,
DeleteContent,
DeleteOthersContent,
};
}
@ -30,11 +30,11 @@ namespace Orchard.Core.Contents {
return new[] {
new PermissionStereotype {
Name = "Administrator",
Permissions = new[] {PublishOthersContent,EditOthersContent,DeleteOthersContent}
Permissions = new[] {PublishContent,EditContent,DeleteContent}
},
new PermissionStereotype {
Name = "Editor",
Permissions = new[] {PublishOthersContent,EditOthersContent,DeleteOthersContent}
Permissions = new[] {PublishContent,EditContent,DeleteContent}
},
new PermissionStereotype {
Name = "Moderator",
@ -42,11 +42,11 @@ namespace Orchard.Core.Contents {
},
new PermissionStereotype {
Name = "Author",
Permissions = new[] {PublishContent,EditContent,DeleteContent}
Permissions = new[] {PublishOwnContent,EditOwnContent,DeleteOwnContent}
},
new PermissionStereotype {
Name = "Contributor",
Permissions = new[] {EditContent}
Permissions = new[] {EditOwnContent}
},
};
}

1
src/Orchard.Web/Core/Orchard.Core.csproj
View File

@ -86,7 +86,6 @@
<Compile Include="Common\ViewModels\ContainerEditorViewModel.cs" />
<Compile Include="Common\ViewModels\TextContentFieldDisplayViewModel.cs" />
<Compile Include="Common\ViewModels\TextContentFieldEditorViewModel.cs" />
<Compile Include="Contents\AuthorizationEventHandler.cs" />
<Compile Include="Contents\Controllers\ItemController.cs" />
<Compile Include="Contents\Drivers\ContentsDriver.cs" />
<Compile Include="Contents\DynamicPermissions.cs" />