diff --git a/src/Orchard.Web/Modules/Orchard.Layouts/AdminMenu.cs b/src/Orchard.Web/Modules/Orchard.Layouts/AdminMenu.cs index 35db9afee..0a675af3d 100644 --- a/src/Orchard.Web/Modules/Orchard.Layouts/AdminMenu.cs +++ b/src/Orchard.Web/Modules/Orchard.Layouts/AdminMenu.cs @@ -11,9 +11,9 @@ namespace Orchard.Layouts { builder .AddImageSet("layouts") .Add(T("Layouts"), "8.5", layouts => layouts - .Action("List", "Admin", new {id = "Layout", area = "Contents"}) + .Action("List", "Admin", new {id = "Layout", area = "Contents"}).Permission(Permissions.ManageLayouts) .LinkToFirstChild(false) - .Add(T("Elements"), "1", elements => elements.Action("Index", "BlueprintAdmin", new {area = "Orchard.Layouts"}))); + .Add(T("Elements"), "1", elements => elements.Action("Index", "BlueprintAdmin", new {area = "Orchard.Layouts"}).Permission(Permissions.ManageLayouts))); } } } \ No newline at end of file diff --git a/src/Orchard.Web/Modules/Orchard.Layouts/Controllers/BlueprintAdminController.cs b/src/Orchard.Web/Modules/Orchard.Layouts/Controllers/BlueprintAdminController.cs index 1dcac2e31..6c5b8ae36 100644 --- a/src/Orchard.Web/Modules/Orchard.Layouts/Controllers/BlueprintAdminController.cs +++ b/src/Orchard.Web/Modules/Orchard.Layouts/Controllers/BlueprintAdminController.cs @@ -34,7 +34,8 @@ namespace Orchard.Layouts.Controllers { ICultureAccessor cultureAccessor, IShapeFactory shapeFactory, ITransactionManager transactionManager, - ISignals signals) { + ISignals signals, + IOrchardServices orchardServices) { _elementBlueprintService = elementBlueprintService; _notifier = notifier; @@ -43,12 +44,19 @@ namespace Orchard.Layouts.Controllers { _shapeFactory = shapeFactory; _transactionManager = transactionManager; _signals = signals; + Services = orchardServices; + T = NullLocalizer.Instance; } + public IOrchardServices Services { get; set; } public Localizer T { get; set; } public ActionResult Index() { + if (!Services.Authorizer.Authorize(Permissions.ManageLayouts, T("Not authorized to manage layouts."))) { + return new HttpUnauthorizedResult(); + } + var blueprints = _elementBlueprintService.GetBlueprints().ToArray(); var viewModel = new BlueprintsIndexViewModel { Blueprints = blueprints @@ -57,6 +65,10 @@ namespace Orchard.Layouts.Controllers { } public ActionResult Browse() { + if (!Services.Authorizer.Authorize(Permissions.ManageLayouts, T("Not authorized to manage layouts."))) { + return new HttpUnauthorizedResult(); + } + var categories = RemoveBlueprints(_elementManager.GetCategories(DescribeElementsContext.Empty)).ToArray(); var viewModel = new BrowseElementsViewModel { Categories = categories @@ -65,6 +77,10 @@ namespace Orchard.Layouts.Controllers { } public ActionResult Create(string id) { + if (!Services.Authorizer.Authorize(Permissions.ManageLayouts, T("Not authorized to manage layouts."))) { + return new HttpUnauthorizedResult(); + } + if (String.IsNullOrWhiteSpace(id)) return RedirectToAction("Browse"); @@ -80,6 +96,10 @@ namespace Orchard.Layouts.Controllers { [HttpPost] public ActionResult Create(string id, CreateElementBlueprintViewModel model) { + if (!Services.Authorizer.Authorize(Permissions.ManageLayouts, T("Not authorized to manage layouts."))) { + return new HttpUnauthorizedResult(); + } + var describeContext = DescribeElementsContext.Empty; var descriptor = _elementManager.GetElementDescriptorByTypeName(describeContext, id); var baseElement = _elementManager.ActivateElement(descriptor); @@ -100,7 +120,11 @@ namespace Orchard.Layouts.Controllers { return RedirectToAction("Edit", new { id = blueprint.Id }); } - public ViewResult Edit(int id) { + public ActionResult Edit(int id) { + if (!Services.Authorizer.Authorize(Permissions.ManageLayouts, T("Not authorized to manage layouts."))) { + return new HttpUnauthorizedResult(); + } + var blueprint = _elementBlueprintService.GetBlueprint(id); var describeContext = DescribeElementsContext.Empty; var descriptor = _elementManager.GetElementDescriptorByTypeName(describeContext, blueprint.BaseElementTypeName); @@ -125,6 +149,10 @@ namespace Orchard.Layouts.Controllers { [HttpPost] [ValidateInput(false)] public ActionResult Edit(int id, ElementDataViewModel model) { + if (!Services.Authorizer.Authorize(Permissions.ManageLayouts, T("Not authorized to manage layouts."))) { + return new HttpUnauthorizedResult(); + } + var blueprint = _elementBlueprintService.GetBlueprint(id); var describeContext = DescribeElementsContext.Empty; var descriptor = _elementManager.GetElementDescriptorByTypeName(describeContext, blueprint.BaseElementTypeName); @@ -154,6 +182,10 @@ namespace Orchard.Layouts.Controllers { } public ActionResult Properties(int id) { + if (!Services.Authorizer.Authorize(Permissions.ManageLayouts, T("Not authorized to manage layouts."))) { + return new HttpUnauthorizedResult(); + } + var blueprint = _elementBlueprintService.GetBlueprint(id); var describeContext = DescribeElementsContext.Empty; var descriptor = _elementManager.GetElementDescriptorByTypeName(describeContext, blueprint.BaseElementTypeName); @@ -171,6 +203,10 @@ namespace Orchard.Layouts.Controllers { [HttpPost] public ActionResult Properties(int id, ElementBlueprintPropertiesViewModel model) { + if (!Services.Authorizer.Authorize(Permissions.ManageLayouts, T("Not authorized to manage layouts."))) { + return new HttpUnauthorizedResult(); + } + var blueprint = _elementBlueprintService.GetBlueprint(id); var describeContext = DescribeElementsContext.Empty; var descriptor = _elementManager.GetElementDescriptorByTypeName(describeContext, blueprint.BaseElementTypeName); @@ -191,7 +227,12 @@ namespace Orchard.Layouts.Controllers { return RedirectToAction("Index"); } + [HttpPost] public ActionResult Delete(int id) { + if (!Services.Authorizer.Authorize(Permissions.ManageLayouts, T("Not authorized to manage layouts."))) { + return new HttpUnauthorizedResult(); + } + var blueprint = _elementBlueprintService.GetBlueprint(id); if (blueprint == null) @@ -204,7 +245,12 @@ namespace Orchard.Layouts.Controllers { [FormValueRequired("submit.BulkEdit")] [ActionName("Index")] + [HttpPost] public ActionResult BulkDelete(IEnumerable blueprintIds) { + if (!Services.Authorizer.Authorize(Permissions.ManageLayouts, T("Not authorized to manage layouts."))) { + return new HttpUnauthorizedResult(); + } + if (blueprintIds == null || !blueprintIds.Any()) { _notifier.Error(T("Please select the blueprints to delete.")); } diff --git a/src/Orchard.Web/Modules/Orchard.Layouts/Controllers/ElementController.cs b/src/Orchard.Web/Modules/Orchard.Layouts/Controllers/ElementController.cs index 170bdfb19..38dffa4ce 100644 --- a/src/Orchard.Web/Modules/Orchard.Layouts/Controllers/ElementController.cs +++ b/src/Orchard.Web/Modules/Orchard.Layouts/Controllers/ElementController.cs @@ -142,18 +142,7 @@ namespace Orchard.Layouts.Controllers { _objectStore.Set(session, state); return RedirectToAction("Edit", new {session = session}); } - - public RedirectToRouteResult Add(string session, string typeName, int? contentId = null, string contentType = null) { - var state = new ElementSessionState { - TypeName = typeName, - ContentId = contentId, - ContentType = contentType - }; - - _objectStore.Set(session, state); - return RedirectToAction("Edit", new { session = session }); - } - + public ViewResult Edit(string session) { var sessionState = _objectStore.Get(session); var contentId = sessionState.ContentId; diff --git a/src/Orchard.Web/Modules/Orchard.Layouts/Controllers/LayoutController.cs b/src/Orchard.Web/Modules/Orchard.Layouts/Controllers/LayoutController.cs index 753bd9aa8..a72f1783b 100644 --- a/src/Orchard.Web/Modules/Orchard.Layouts/Controllers/LayoutController.cs +++ b/src/Orchard.Web/Modules/Orchard.Layouts/Controllers/LayoutController.cs @@ -6,6 +6,7 @@ using Orchard.ContentManagement; using Orchard.Layouts.Elements; using Orchard.Layouts.Framework.Elements; using Orchard.Layouts.Services; +using Orchard.Localization; using Orchard.UI.Admin; namespace Orchard.Layouts.Controllers { @@ -15,15 +16,25 @@ namespace Orchard.Layouts.Controllers { private readonly ILayoutManager _layoutManager; private readonly ILayoutModelMapper _mapper; - public LayoutController(IContentManager contentManager, ILayoutManager layoutManager, ILayoutModelMapper mapper) { + public LayoutController( + IContentManager contentManager, + ILayoutManager layoutManager, + ILayoutModelMapper mapper, + IOrchardServices orchardServices) { _contentManager = contentManager; _layoutManager = layoutManager; _mapper = mapper; + Services = orchardServices; + + T = NullLocalizer.Instance; } + public IOrchardServices Services { get; set; } + public Localizer T { get; set; } + [HttpPost, ValidateInput(enableValidation: false)] - public ContentResult ApplyTemplate(int? templateId = null, string layoutData = null, int? contentId = null, string contentType = null) { + public ActionResult ApplyTemplate(int? templateId = null, string layoutData = null, int? contentId = null, string contentType = null) { var template = templateId != null ? _layoutManager.GetLayout(templateId.Value) : null; var templateElements = template != null ? _layoutManager.LoadElements(template).ToList() : default(IEnumerable); var describeContext = CreateDescribeElementsContext(contentId, contentType); diff --git a/src/Orchard.Web/Modules/Orchard.Layouts/Migrations.cs b/src/Orchard.Web/Modules/Orchard.Layouts/Migrations.cs index c87ade13c..746120763 100644 --- a/src/Orchard.Web/Modules/Orchard.Layouts/Migrations.cs +++ b/src/Orchard.Web/Modules/Orchard.Layouts/Migrations.cs @@ -33,7 +33,6 @@ namespace Orchard.Layouts { .WithPart("LayoutPart", p => p .WithSetting("LayoutTypePartSettings.IsTemplate", "True")) .DisplayedAs("Layout") - .Listable() .Draftable()); ContentDefinitionManager.AlterTypeDefinition("LayoutWidget", type => type diff --git a/src/Orchard.Web/Modules/Orchard.Layouts/Orchard.Layouts.csproj b/src/Orchard.Web/Modules/Orchard.Layouts/Orchard.Layouts.csproj index 5243e7e8a..34d4cb312 100644 --- a/src/Orchard.Web/Modules/Orchard.Layouts/Orchard.Layouts.csproj +++ b/src/Orchard.Web/Modules/Orchard.Layouts/Orchard.Layouts.csproj @@ -351,6 +351,7 @@ + diff --git a/src/Orchard.Web/Modules/Orchard.Layouts/Permissions.cs b/src/Orchard.Web/Modules/Orchard.Layouts/Permissions.cs new file mode 100644 index 000000000..a7905be9b --- /dev/null +++ b/src/Orchard.Web/Modules/Orchard.Layouts/Permissions.cs @@ -0,0 +1,40 @@ +using System.Collections.Generic; +using Orchard.Environment.Extensions.Models; +using Orchard.Security.Permissions; + +namespace Orchard.Layouts { + public class Permissions : IPermissionProvider { + public static readonly Permission ManageLayouts = new Permission { Description = "Managing Layouts", Name = "ManageLayouts" }; + + public virtual Feature Feature { get; set; } + + public IEnumerable GetPermissions() { + return new[] { + ManageLayouts, + }; + } + + public IEnumerable GetDefaultStereotypes() { + return new[] { + new PermissionStereotype { + Name = "Administrator", + Permissions = new[] { ManageLayouts } + }, + new PermissionStereotype { + Name = "Editor", + Permissions = new[] { ManageLayouts } + }, + new PermissionStereotype { + Name = "Moderator", + }, + new PermissionStereotype { + Name = "Author" + }, + new PermissionStereotype { + Name = "Contributor", + }, + }; + } + + } +} \ No newline at end of file