protected override DriverResult Editor(ItemLevelCachePart part, dynamic shapeHelper)
{
var driverResults = new List <DriverResult>();
if (mAuthorizer.Authorize(ItemLevelCachePermissions.EditItemLevelCacheSettings))
{
driverResults.Add(ContentShape("Parts_ItemLevelCacheSettings_Edit", () => shapeHelper.EditorTemplate(TemplateName: "Parts/ItemLevelCacheSettings", Model: part, Prefix: Prefix)));
}
if (mAuthorizer.Authorize(ItemLevelCachePermissions.ViewItemLevelCacheItems))
{
driverResults.Add(ContentShape("Parts_ItemLevelCache_CacheItemsForContent", () =>
{
var outputCacheItems = mOutputCacheStorageProvider.GetCacheItems(0, mOutputCacheStorageProvider.GetCacheItemsCount()).Where(i => i.Tags.Contains(ItemLevelCacheTag.For(part)));
var vm = new CacheItemsForContentViewModel()
{
UserCanEvict = mAuthorizer.Authorize(ItemLevelCachePermissions.EvictItemLevelCacheItems),
Tag = ItemLevelCacheTag.For(part),
// TODO: Would it be more efficient to get all the cache keys using ITagCache, as opposed to getting all then filtering?
CacheItems = outputCacheItems.Select(ci => ci.ToCacheItemModel())
};
return(shapeHelper.EditorTemplate(TemplateName: "Parts/CacheItemsForContent", Model: vm, Prefix: Prefix));
}));
}
return(Combined(driverResults.ToArray()));
}
public IEnumerable <ContentTypeDefinition> GetTerritoryTypes()
{
return(_contentDefinitionManager.ListTypeDefinitions()
.Where(ctd => ctd.Parts.Any(pa => pa
.PartDefinition.Name.Equals(TerritoryPart.PartName, StringComparison.InvariantCultureIgnoreCase)) &&
_authorizer.Authorize(TerritoriesPermissions.GetTerritoryPermission(ctd))));
}
public ActionResult Upload()
{
if (!_authorizer.Authorize(Permissions.ManageCloudMediaContent, T("You are not authorized to manage Microsoft Azure Media content.")))
{
return(new HttpUnauthorizedResult());
}
if (HttpContext.Request.Files.Count < 1)
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest, "At least one file must be provided in the upload request."));
}
var postedFile = HttpContext.Request.Files[0];
Logger.Debug("User requested asynchronous upload of file with name '{0}' and size {1} bytes to temporary storage.", postedFile.FileName, postedFile.ContentLength);
var fileName = _assetManager.SaveTemporaryFile(postedFile);
Logger.Information("File with name '{0}' and size {1} bytes was uploaded to temporary storage.", postedFile.FileName, postedFile.ContentLength);
return(Json(new {
originalFileName = Path.GetFileName(postedFile.FileName),
temporaryFileName = fileName,
fileSize = postedFile.ContentLength
}));
}
public ActionResult Display(ReportDisplayViewModel model)
{
if (_authorizer.Authorize(reportManager.GetReportPermissions()[model.Id]) == false)
{
return(new HttpUnauthorizedResult(T("Not authorized to list Reports").ToString()));
}
var ci = services.ContentManager.Get(model.Id);
if (ci.Has <DataReportViewerPart>() == false)
{
throw new ArgumentException(string.Format(CultureInfo.CurrentUICulture, "{0}={1}", T("There is no report with the Id"), model.Id.ToString(CultureInfo.InvariantCulture)));
}
var filterPart = ci.Parts.FirstOrDefault(x => x.PartDefinition.Name == ci.ContentType);
if (filterPart != null)
{
model.FilterContent = services.ContentManager.New("DataReportEmptyType");
model.FilterContent.Weld(filterPart);
}
else
{
model.ViewerContent = services.ContentManager.New("DataReportEmptyType");
model.ViewerContent.Weld(ci.As <DataReportViewerPart>());
}
return(View(model));
}
public ActionResult PromoteVersion(int id, int versionId)
{
var versionToPromote = _contentManager.Get(id, VersionOptions.Number(versionId));
if (versionToPromote == null)
{
return(HttpNotFound());
}
if (!_authorizer.Authorize(Orchard.Core.Contents.Permissions.EditContent, versionToPromote))
{
return(new HttpUnauthorizedResult());
}
var newVersionNumber = _versionManager.BuildNewContentItemVersion(versionToPromote);
if (newVersionNumber == 0)
{
_notifier.Error(T("Version {0} of this content CANNOT be promoted to latest, as this content is in a Read Only state", versionId));
}
else
{
_notifier.Information(T("Version {0} of this content has been promoted to latest (draft) as version {1}", versionId, newVersionNumber));
}
return(RedirectToAction("Edit", "Admin", new { area = "", id = id }));
}
public IEnumerable <GenericItem> GetReportListForCurrentUser(string titleFilter = "")
{
string filter = (titleFilter ?? "").ToLowerInvariant();
var reportLst = new List <GenericItem>();
var unfilteredList = GetReports().Select(x => new GenericItem {
Id = x.Id,
Title = (x.Has <TitlePart>() ? x.As <TitlePart>().Title : T("[No Title]").ToString()),
ContentItem = x.ContentItem
});
foreach (var report in unfilteredList)
{
if (report.Title.ToLowerInvariant().Contains(filter))
{
if (_authorizer.Authorize(GetReportPermissions()[report.Id]))
{
if (_authorizer.Authorize(Permissions.EditOwnContent, report.ContentItem) == false)
{
report.ContentItem = null;
}
reportLst.Add(report);
}
}
}
return(reportLst.OrderBy(x => x.Title));
}
protected override DriverResult Editor(SecureMediaPart part, dynamic shapeHelper)
{
if (!_authorizer.Authorize(Permissions.ManageSecureMedia))
{
return(null);
}
return(ContentShape("Parts_SecureMedia_Edit", () => shapeHelper.EditorTemplate(TemplateName: "Parts.SecureMedia.Edit", Model: part, Prefix: Prefix)));
}
public ActionResult Index()
{
if (!_authorizer.Authorize(ContentSyncPermissions.SnapshotManager, T("You need the {0} permission to do this.", ContentSyncPermissions.SnapshotManager.Name)))
{
return(new HttpUnauthorizedResult());
}
return(View(_snapshotService.GetSnaphots().OrderByDescending(ss => ss.TimeTaken)));
}
public override IActionResult Create(ArticleEntity entity)
{
if (entity.ActionType == ActionType.Publish && _authorizer.Authorize(PermissionKeys.PublishArticle))
{
Service.Publish(entity);
}
var result = base.Create(entity);
return(result);
}
public ActionResult Index()
{
if (!_authorizer.Authorize(Permissions.ManageCloudMediaJobs, T("You are not authorized to manage cloud jobs.")))
{
return(new HttpUnauthorizedResult());
}
var jobsShape = GetOpenJobsTableShape();
return(View(jobsShape));
}
// If there will be a need for extending global SEO settings it would perhaps also need the usage of separate settings into groups.
// See site settings (Orchard.Core.Settings.Controllers.AdminController and friends for how it is done.
public ActionResult GlobalSettings()
{
if (!_authorizer.Authorize(Permissions.ManageSeo, T("You're not allowed to manage SEO settings.")))
{
return(new HttpUnauthorizedResult());
}
// Casting to avoid invalid (under medium trust) reflection over the protected View method and force a static invocation, despite
// being it highly unlikely with Onestop, just in case...
return(View((object)_contentManager.BuildEditor(_seoSettingsManager.GetGlobalSettings())));
}
public ActionResult Testbed()
{
if (!_authorizer.Authorize(StandardPermissions.SiteOwner, T("You're not allowed to use the scripting testbed.")))
{
return(new HttpUnauthorizedResult());
}
var page = NewPage("Testbed");
return(PageResult(page));
}
protected override DriverResult Editor(SeoPart part, dynamic shapeHelper)
{
if (!_authorizer.Authorize(Permissions.ManageSeo, part))
{
return(null);
}
return(ContentShape("Parts_Seo_Edit", // Generic editor, not shown by default for any content types
() => shapeHelper.EditorTemplate(
TemplateName: "Parts.Seo",
Model: part,
Prefix: Prefix)));
}
public ArticleEntity Get(int id)
{
var article = _articleService.Get(id);
if (article == null)
{
return(null);
}
if (!article.IsPublish && !_authorizer.Authorize(PermissionKeys.ViewArticle))
{
return(null);
}
return(article);
}
public bool CanSubscribeForNotifications(NotificationsPart part)
{
// Not enabled for this content item
if (!part.AllowNotifications)
{
return(false);
}
// Not authorized
if (!_authorizer.Authorize(Permissions.NotificationsPermissions.SubscribeForNotifications, part.ContentItem))
{
return(false);
}
var contentItem = part.ContentItem;
var schedulingPart = contentItem.As <SchedulingPart>();
if (schedulingPart == null)
{
return(false);
}
// Cannot subscribe to events in the past when it is not recurring
if (schedulingPart.StartDateTime < _clock.UtcNow && !schedulingPart.IsRecurring)
{
return(false);
}
return(true);
}
public ActionResult DownloadAs(int?id, string extension)
{
if (id == null)
{
return(HttpNotFound());
}
if (string.IsNullOrEmpty(extension) || !Regex.IsMatch(extension, @"^\w+$") || !_fileBuilder.HasWorkerFor(extension))
{
return(new HttpStatusCodeResult(HttpStatusCode.BadRequest));
}
var item = _contentManager.Get(id.Value);
if (!_authorizer.Authorize(Orchard.Core.Contents.Permissions.ViewContent, item))
{
return(new HttpUnauthorizedResult());
}
var result = _fileBuilder.BuildRecursive(item, extension);
var fileName = _contentManager.GetItemMetadata(item).DisplayText;
if (string.IsNullOrEmpty(fileName))
{
fileName = item.Id.ToString();
}
return(File(result.OpenRead(), result.MimeType, fileName + "." + extension));
}
public void ExecuteRecipeStep(RecipeContext recipeContext)
{
if (!String.Equals(recipeContext.RecipeStep.Name, "AuditTrail", StringComparison.OrdinalIgnoreCase))
{
return;
}
if (!_authorizer.Authorize(Permissions.ImportAuditTrail))
{
Logger.Warning("Blocked {0} from importing an audit trail because this user does not have the ImportauditTrail permission.", _wca.GetContext().CurrentUser.UserName);
recipeContext.Executed = false;
return;
}
foreach (var eventElement in recipeContext.RecipeStep.Step.Elements())
{
var record = new AuditTrailEventRecord {
EventName = eventElement.Attr <string>("Name"),
FullEventName = eventElement.Attr <string>("FullName"),
Category = eventElement.Attr <string>("Category"),
UserName = eventElement.Attr <string>("User"),
CreatedUtc = eventElement.Attr <DateTime>("CreatedUtc"),
EventFilterKey = eventElement.Attr <string>("EventFilterKey"),
EventFilterData = eventElement.Attr <string>("EventFilterData"),
Comment = eventElement.El("Comment"),
EventData = eventElement.Element("EventData").ToString(),
};
_auditTrailEventRepository.Create(record);
}
recipeContext.Executed = true;
}
public ActionResult Index(string mediaPath)
{
mediaPath = _storageProvider.GetStoragePath(mediaPath);
if (mediaPath == null)
{
return(HttpNotFound());
}
var fileName = Path.GetFileName(mediaPath);
var directory = mediaPath.Substring(0, mediaPath.IndexOf(fileName));
directory = directory.TrimEnd('/');
var medias = _mediaLibraryService
.GetMediaContentItems(VersionOptions.Published)
.Where(x => x.FolderPath == directory && x.FileName == fileName)
.List();
var isSecure = medias.All(x => x.As <SecureMediaPart>()?.IsSecure ?? true);
if ((isSecure && !_authorizer.Authorize(Permissions.ViewSecureMedia)) || !_storageProvider.FileExists(mediaPath))
{
return(HttpNotFound());
}
var file = _storageProvider.GetFile(mediaPath);
var stream = file.OpenRead();
return(File(stream, file.GetFileType()));
}
public void GetNavigation(NavigationBuilder builder)
{
// if the user may edit at least one type of Listable content,
// we add the link to the admin menu for them
var contentTypeDefinitions = _contentDefinitionManager
.ListTypeDefinitions()
.OrderBy(d => d.Name);
var listableContentTypes = contentTypeDefinitions
.Where(ctd => ctd
.Settings
.GetModel <ContentTypeSettings>()
.Listable);
ContentItem listableCi = null;
foreach (var contentTypeDefinition in listableContentTypes)
{
listableCi = _contentManager.New(contentTypeDefinition.Name);
if (_authorizer.Authorize(Permissions.EditContent, listableCi))
{
builder.Add(T("Content"),
menu => menu
.Add(T("Advanced Search"), "0.5", item => item.Action("List", "Admin", new { area = "Laser.Orchard.AdvancedSearch" }).LocalNav())
);
break;
}
}
}
protected override DriverResult Editor(FacebookShopSiteSettingsPart part, IUpdateModel updater, dynamic shapeHelper)
{
var viewModel = CreateVM(part);
if (updater.TryUpdateModel(viewModel, Prefix, null, null))
{
if (Validate(viewModel, part, updater))
{
part.Save(viewModel);
if (viewModel.SynchronizeProducts && _authorizer.Authorize(FacebookShopSynchronizationPermission.FacebookShopSynchronization))
{
_facebookShopService.ScheduleProductSynchronization();
}
}
else
{
return(ContentShape("SiteSettings_FacebookShop",
() => shapeHelper.EditorTemplate(
TemplateName: "SiteSettings/FacebookShopSiteSettings",
Model: viewModel,
Prefix: Prefix)).OnGroup("FacebookShop"));
}
}
return(Editor(part, shapeHelper));
}
// POST
protected override DriverResult Editor(SeoPart part, IUpdateModel updater, dynamic shapeHelper)
{
if (!_authorizer.Authorize(DynamicPermissions.CreateDynamicPermission(SeoPermissions.EditSeoPart, part.ContentItem.TypeDefinition)))
{
return(null);
}
SeoPartEditViewModel model = new SeoPartEditViewModel(part);
SeoPartSettings settings = part.Settings.GetModel <SeoPartSettings>();
model.DefaultRobots = settings.DefaultRobotsMeta;
model.DefaultDescription = _seoService.GenerateDefaultDescription(part);
model.DefaultKeywords = _seoService.GenerateDefaultKeywords(part);
model.DefaultCanonicalUrl = _seoService.GenerateCanonicalUrl(part);
if (updater != null && updater.TryUpdateModel(model, Prefix, null, null))
{
part.Description = model.OverrideDescription ? model.Description : String.Empty;
part.OverrideKeywords = model.OverrideKeywords;
part.Keywords = model.Keywords;
part.OverrideRobots = model.OverrideRobots;
part.Robots = model.OverrideRobots ? model.Robots : model.DefaultRobots;
part.CanonicalUrl = model.CanonicalUrl;
}
return(ContentShape("Parts_SeoPart_Edit", () => {
return shapeHelper.EditorTemplate(
TemplateName: TemplateName,
Model: model,
Prefix: Prefix);
}));
}
