protected override DriverResult Editor(ItemLevelCachePart part, dynamic shapeHelper) { var driverResults = new List <DriverResult>(); if (mAuthorizer.Authorize(ItemLevelCachePermissions.EditItemLevelCacheSettings)) { driverResults.Add(ContentShape("Parts_ItemLevelCacheSettings_Edit", () => shapeHelper.EditorTemplate(TemplateName: "Parts/ItemLevelCacheSettings", Model: part, Prefix: Prefix))); } if (mAuthorizer.Authorize(ItemLevelCachePermissions.ViewItemLevelCacheItems)) { driverResults.Add(ContentShape("Parts_ItemLevelCache_CacheItemsForContent", () => { var outputCacheItems = mOutputCacheStorageProvider.GetCacheItems(0, mOutputCacheStorageProvider.GetCacheItemsCount()).Where(i => i.Tags.Contains(ItemLevelCacheTag.For(part))); var vm = new CacheItemsForContentViewModel() { UserCanEvict = mAuthorizer.Authorize(ItemLevelCachePermissions.EvictItemLevelCacheItems), Tag = ItemLevelCacheTag.For(part), // TODO: Would it be more efficient to get all the cache keys using ITagCache, as opposed to getting all then filtering? CacheItems = outputCacheItems.Select(ci => ci.ToCacheItemModel()) }; return(shapeHelper.EditorTemplate(TemplateName: "Parts/CacheItemsForContent", Model: vm, Prefix: Prefix)); })); } return(Combined(driverResults.ToArray())); }
public IEnumerable <ContentTypeDefinition> GetTerritoryTypes() { return(_contentDefinitionManager.ListTypeDefinitions() .Where(ctd => ctd.Parts.Any(pa => pa .PartDefinition.Name.Equals(TerritoryPart.PartName, StringComparison.InvariantCultureIgnoreCase)) && _authorizer.Authorize(TerritoriesPermissions.GetTerritoryPermission(ctd)))); }
public ActionResult Upload() { if (!_authorizer.Authorize(Permissions.ManageCloudMediaContent, T("You are not authorized to manage Microsoft Azure Media content."))) { return(new HttpUnauthorizedResult()); } if (HttpContext.Request.Files.Count < 1) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest, "At least one file must be provided in the upload request.")); } var postedFile = HttpContext.Request.Files[0]; Logger.Debug("User requested asynchronous upload of file with name '{0}' and size {1} bytes to temporary storage.", postedFile.FileName, postedFile.ContentLength); var fileName = _assetManager.SaveTemporaryFile(postedFile); Logger.Information("File with name '{0}' and size {1} bytes was uploaded to temporary storage.", postedFile.FileName, postedFile.ContentLength); return(Json(new { originalFileName = Path.GetFileName(postedFile.FileName), temporaryFileName = fileName, fileSize = postedFile.ContentLength })); }
public ActionResult Display(ReportDisplayViewModel model) { if (_authorizer.Authorize(reportManager.GetReportPermissions()[model.Id]) == false) { return(new HttpUnauthorizedResult(T("Not authorized to list Reports").ToString())); } var ci = services.ContentManager.Get(model.Id); if (ci.Has <DataReportViewerPart>() == false) { throw new ArgumentException(string.Format(CultureInfo.CurrentUICulture, "{0}={1}", T("There is no report with the Id"), model.Id.ToString(CultureInfo.InvariantCulture))); } var filterPart = ci.Parts.FirstOrDefault(x => x.PartDefinition.Name == ci.ContentType); if (filterPart != null) { model.FilterContent = services.ContentManager.New("DataReportEmptyType"); model.FilterContent.Weld(filterPart); } else { model.ViewerContent = services.ContentManager.New("DataReportEmptyType"); model.ViewerContent.Weld(ci.As <DataReportViewerPart>()); } return(View(model)); }
public ActionResult PromoteVersion(int id, int versionId) { var versionToPromote = _contentManager.Get(id, VersionOptions.Number(versionId)); if (versionToPromote == null) { return(HttpNotFound()); } if (!_authorizer.Authorize(Orchard.Core.Contents.Permissions.EditContent, versionToPromote)) { return(new HttpUnauthorizedResult()); } var newVersionNumber = _versionManager.BuildNewContentItemVersion(versionToPromote); if (newVersionNumber == 0) { _notifier.Error(T("Version {0} of this content CANNOT be promoted to latest, as this content is in a Read Only state", versionId)); } else { _notifier.Information(T("Version {0} of this content has been promoted to latest (draft) as version {1}", versionId, newVersionNumber)); } return(RedirectToAction("Edit", "Admin", new { area = "", id = id })); }
public IEnumerable <GenericItem> GetReportListForCurrentUser(string titleFilter = "") { string filter = (titleFilter ?? "").ToLowerInvariant(); var reportLst = new List <GenericItem>(); var unfilteredList = GetReports().Select(x => new GenericItem { Id = x.Id, Title = (x.Has <TitlePart>() ? x.As <TitlePart>().Title : T("[No Title]").ToString()), ContentItem = x.ContentItem }); foreach (var report in unfilteredList) { if (report.Title.ToLowerInvariant().Contains(filter)) { if (_authorizer.Authorize(GetReportPermissions()[report.Id])) { if (_authorizer.Authorize(Permissions.EditOwnContent, report.ContentItem) == false) { report.ContentItem = null; } reportLst.Add(report); } } } return(reportLst.OrderBy(x => x.Title)); }
protected override DriverResult Editor(SecureMediaPart part, dynamic shapeHelper) { if (!_authorizer.Authorize(Permissions.ManageSecureMedia)) { return(null); } return(ContentShape("Parts_SecureMedia_Edit", () => shapeHelper.EditorTemplate(TemplateName: "Parts.SecureMedia.Edit", Model: part, Prefix: Prefix))); }
public ActionResult Index() { if (!_authorizer.Authorize(ContentSyncPermissions.SnapshotManager, T("You need the {0} permission to do this.", ContentSyncPermissions.SnapshotManager.Name))) { return(new HttpUnauthorizedResult()); } return(View(_snapshotService.GetSnaphots().OrderByDescending(ss => ss.TimeTaken))); }
public override IActionResult Create(ArticleEntity entity) { if (entity.ActionType == ActionType.Publish && _authorizer.Authorize(PermissionKeys.PublishArticle)) { Service.Publish(entity); } var result = base.Create(entity); return(result); }
public ActionResult Index() { if (!_authorizer.Authorize(Permissions.ManageCloudMediaJobs, T("You are not authorized to manage cloud jobs."))) { return(new HttpUnauthorizedResult()); } var jobsShape = GetOpenJobsTableShape(); return(View(jobsShape)); }
// If there will be a need for extending global SEO settings it would perhaps also need the usage of separate settings into groups. // See site settings (Orchard.Core.Settings.Controllers.AdminController and friends for how it is done. public ActionResult GlobalSettings() { if (!_authorizer.Authorize(Permissions.ManageSeo, T("You're not allowed to manage SEO settings."))) { return(new HttpUnauthorizedResult()); } // Casting to avoid invalid (under medium trust) reflection over the protected View method and force a static invocation, despite // being it highly unlikely with Onestop, just in case... return(View((object)_contentManager.BuildEditor(_seoSettingsManager.GetGlobalSettings()))); }
public ActionResult Testbed() { if (!_authorizer.Authorize(StandardPermissions.SiteOwner, T("You're not allowed to use the scripting testbed."))) { return(new HttpUnauthorizedResult()); } var page = NewPage("Testbed"); return(PageResult(page)); }
protected override DriverResult Editor(SeoPart part, dynamic shapeHelper) { if (!_authorizer.Authorize(Permissions.ManageSeo, part)) { return(null); } return(ContentShape("Parts_Seo_Edit", // Generic editor, not shown by default for any content types () => shapeHelper.EditorTemplate( TemplateName: "Parts.Seo", Model: part, Prefix: Prefix))); }
public ArticleEntity Get(int id) { var article = _articleService.Get(id); if (article == null) { return(null); } if (!article.IsPublish && !_authorizer.Authorize(PermissionKeys.ViewArticle)) { return(null); } return(article); }
public bool CanSubscribeForNotifications(NotificationsPart part) { // Not enabled for this content item if (!part.AllowNotifications) { return(false); } // Not authorized if (!_authorizer.Authorize(Permissions.NotificationsPermissions.SubscribeForNotifications, part.ContentItem)) { return(false); } var contentItem = part.ContentItem; var schedulingPart = contentItem.As <SchedulingPart>(); if (schedulingPart == null) { return(false); } // Cannot subscribe to events in the past when it is not recurring if (schedulingPart.StartDateTime < _clock.UtcNow && !schedulingPart.IsRecurring) { return(false); } return(true); }
public ActionResult DownloadAs(int?id, string extension) { if (id == null) { return(HttpNotFound()); } if (string.IsNullOrEmpty(extension) || !Regex.IsMatch(extension, @"^\w+$") || !_fileBuilder.HasWorkerFor(extension)) { return(new HttpStatusCodeResult(HttpStatusCode.BadRequest)); } var item = _contentManager.Get(id.Value); if (!_authorizer.Authorize(Orchard.Core.Contents.Permissions.ViewContent, item)) { return(new HttpUnauthorizedResult()); } var result = _fileBuilder.BuildRecursive(item, extension); var fileName = _contentManager.GetItemMetadata(item).DisplayText; if (string.IsNullOrEmpty(fileName)) { fileName = item.Id.ToString(); } return(File(result.OpenRead(), result.MimeType, fileName + "." + extension)); }
public void ExecuteRecipeStep(RecipeContext recipeContext) { if (!String.Equals(recipeContext.RecipeStep.Name, "AuditTrail", StringComparison.OrdinalIgnoreCase)) { return; } if (!_authorizer.Authorize(Permissions.ImportAuditTrail)) { Logger.Warning("Blocked {0} from importing an audit trail because this user does not have the ImportauditTrail permission.", _wca.GetContext().CurrentUser.UserName); recipeContext.Executed = false; return; } foreach (var eventElement in recipeContext.RecipeStep.Step.Elements()) { var record = new AuditTrailEventRecord { EventName = eventElement.Attr <string>("Name"), FullEventName = eventElement.Attr <string>("FullName"), Category = eventElement.Attr <string>("Category"), UserName = eventElement.Attr <string>("User"), CreatedUtc = eventElement.Attr <DateTime>("CreatedUtc"), EventFilterKey = eventElement.Attr <string>("EventFilterKey"), EventFilterData = eventElement.Attr <string>("EventFilterData"), Comment = eventElement.El("Comment"), EventData = eventElement.Element("EventData").ToString(), }; _auditTrailEventRepository.Create(record); } recipeContext.Executed = true; }
public ActionResult Index(string mediaPath) { mediaPath = _storageProvider.GetStoragePath(mediaPath); if (mediaPath == null) { return(HttpNotFound()); } var fileName = Path.GetFileName(mediaPath); var directory = mediaPath.Substring(0, mediaPath.IndexOf(fileName)); directory = directory.TrimEnd('/'); var medias = _mediaLibraryService .GetMediaContentItems(VersionOptions.Published) .Where(x => x.FolderPath == directory && x.FileName == fileName) .List(); var isSecure = medias.All(x => x.As <SecureMediaPart>()?.IsSecure ?? true); if ((isSecure && !_authorizer.Authorize(Permissions.ViewSecureMedia)) || !_storageProvider.FileExists(mediaPath)) { return(HttpNotFound()); } var file = _storageProvider.GetFile(mediaPath); var stream = file.OpenRead(); return(File(stream, file.GetFileType())); }
public void GetNavigation(NavigationBuilder builder) { // if the user may edit at least one type of Listable content, // we add the link to the admin menu for them var contentTypeDefinitions = _contentDefinitionManager .ListTypeDefinitions() .OrderBy(d => d.Name); var listableContentTypes = contentTypeDefinitions .Where(ctd => ctd .Settings .GetModel <ContentTypeSettings>() .Listable); ContentItem listableCi = null; foreach (var contentTypeDefinition in listableContentTypes) { listableCi = _contentManager.New(contentTypeDefinition.Name); if (_authorizer.Authorize(Permissions.EditContent, listableCi)) { builder.Add(T("Content"), menu => menu .Add(T("Advanced Search"), "0.5", item => item.Action("List", "Admin", new { area = "Laser.Orchard.AdvancedSearch" }).LocalNav()) ); break; } } }
protected override DriverResult Editor(FacebookShopSiteSettingsPart part, IUpdateModel updater, dynamic shapeHelper) { var viewModel = CreateVM(part); if (updater.TryUpdateModel(viewModel, Prefix, null, null)) { if (Validate(viewModel, part, updater)) { part.Save(viewModel); if (viewModel.SynchronizeProducts && _authorizer.Authorize(FacebookShopSynchronizationPermission.FacebookShopSynchronization)) { _facebookShopService.ScheduleProductSynchronization(); } } else { return(ContentShape("SiteSettings_FacebookShop", () => shapeHelper.EditorTemplate( TemplateName: "SiteSettings/FacebookShopSiteSettings", Model: viewModel, Prefix: Prefix)).OnGroup("FacebookShop")); } } return(Editor(part, shapeHelper)); }
// POST protected override DriverResult Editor(SeoPart part, IUpdateModel updater, dynamic shapeHelper) { if (!_authorizer.Authorize(DynamicPermissions.CreateDynamicPermission(SeoPermissions.EditSeoPart, part.ContentItem.TypeDefinition))) { return(null); } SeoPartEditViewModel model = new SeoPartEditViewModel(part); SeoPartSettings settings = part.Settings.GetModel <SeoPartSettings>(); model.DefaultRobots = settings.DefaultRobotsMeta; model.DefaultDescription = _seoService.GenerateDefaultDescription(part); model.DefaultKeywords = _seoService.GenerateDefaultKeywords(part); model.DefaultCanonicalUrl = _seoService.GenerateCanonicalUrl(part); if (updater != null && updater.TryUpdateModel(model, Prefix, null, null)) { part.Description = model.OverrideDescription ? model.Description : String.Empty; part.OverrideKeywords = model.OverrideKeywords; part.Keywords = model.Keywords; part.OverrideRobots = model.OverrideRobots; part.Robots = model.OverrideRobots ? model.Robots : model.DefaultRobots; part.CanonicalUrl = model.CanonicalUrl; } return(ContentShape("Parts_SeoPart_Edit", () => { return shapeHelper.EditorTemplate( TemplateName: TemplateName, Model: model, Prefix: Prefix); })); }