/// <summary> /// Evaluate if we have a specific owner variation permission to at least one content type /// </summary> public static async Task <bool> AuthorizeContentTypeDefinitionsAsync(this IAuthorizationService service, ClaimsPrincipal user, Permission requiredPermission, IEnumerable <ContentTypeDefinition> contentTypeDefinitions, IContentManager contentManager) { ArgumentNullException.ThrowIfNull(user); ArgumentNullException.ThrowIfNull(requiredPermission); ArgumentNullException.ThrowIfNull(contentManager); var permission = GetOwnerVariation(requiredPermission); var contentTypePermission = ContentTypePermissionsHelper.ConvertToDynamicPermission(permission); foreach (var contentTypeDefinition in contentTypeDefinitions) { var dynamicPermission = ContentTypePermissionsHelper.CreateDynamicPermission(contentTypePermission, contentTypeDefinition); var contentItem = await contentManager.NewAsync(contentTypeDefinition.Name); contentItem.Owner = user.FindFirstValue(ClaimTypes.NameIdentifier); if (await service.AuthorizeAsync(user, dynamicPermission, contentItem)) { return(true); } } return(await service.AuthorizeAsync(user, permission)); }
public async Task BuildNavigationAsync(string name, NavigationBuilder builder) { var context = _httpContextAccessor.HttpContext; if (!String.Equals(name, "admin", StringComparison.OrdinalIgnoreCase)) { return; } var contentTypeDefinitions = _contentDefinitionManager.ListTypeDefinitions().OrderBy(d => d.Name); var contentTypes = contentTypeDefinitions.Where(ctd => ctd.GetSettings <ContentTypeSettings>().Creatable).OrderBy(ctd => ctd.DisplayName); await builder.AddAsync(S["Content"], NavigationConstants.AdminMenuContentPosition, async content => { content.AddClass("content").Id("content"); await content.AddAsync(S["Content Items"], S["Content Items"].PrefixPosition(), async contentItems => { if (!await _authorizationService.AuthorizeContentTypeDefinitionsAsync(context.User, CommonPermissions.EditContent, contentTypes, _contentManager)) { contentItems.Permission(Permissions.EditContent); } contentItems.Action(nameof(AdminController.List), typeof(AdminController).ControllerName(), new { area = "OrchardCore.Contents", contentTypeId = "" }); contentItems.LocalNav(); }); }); var adminSettings = (await _siteService.GetSiteSettingsAsync()).As <AdminSettings>(); if (adminSettings.DisplayNewMenu && contentTypes.Any()) { await builder.AddAsync(S["New"], "-1", async newMenu => { newMenu.LinkToFirstChild(false).AddClass("new").Id("new"); foreach (var contentTypeDefinition in contentTypes) { var ci = await _contentManager.NewAsync(contentTypeDefinition.Name); var cim = await _contentManager.PopulateAspectAsync <ContentItemMetadata>(ci); var createRouteValues = cim.CreateRouteValues; createRouteValues.Add("returnUrl", _linkGenerator.GetPathByRouteValues(context, "", new { area = "OrchardCore.Contents", controller = "Admin", action = "List" })); if (createRouteValues.Any()) { newMenu.Add(new LocalizedString(contentTypeDefinition.DisplayName, contentTypeDefinition.DisplayName), "5", item => item .Action(cim.CreateRouteValues["Action"] as string, cim.CreateRouteValues["Controller"] as string, cim.CreateRouteValues) .Permission(ContentTypePermissionsHelper.CreateDynamicPermission(ContentTypePermissionsHelper.PermissionTemplates[CommonPermissions.EditOwnContent.Name], contentTypeDefinition)) ); } } }); } }
public async Task BuildNavigationAsync(MenuItem menuItem, NavigationBuilder builder, IEnumerable <IAdminNodeNavigationBuilder> treeNodeBuilders) { var node = menuItem as ContentTypesAdminNode; if ((node == null) || (!node.Enabled)) { return; } // Add ContentTypes specific children var typesToShow = GetContentTypesToShow(node); foreach (var ctd in typesToShow) { builder.Add(new LocalizedString(ctd.DisplayName, ctd.DisplayName), cTypeMenu => { cTypeMenu.Url(_linkGenerator.GetPathByRouteValues(_httpContextAccessor.HttpContext, "", new { area = "OrchardCore.Contents", controller = "Admin", action = "List", contentTypeId = ctd.Name })); cTypeMenu.Priority(node.Priority); cTypeMenu.Position(node.Position); cTypeMenu.Permission( ContentTypePermissionsHelper.CreateDynamicPermission(ContentTypePermissionsHelper.PermissionTemplates[CommonPermissions.PublishOwnContent.Name], ctd)); GetIconClasses(ctd, node).ToList().ForEach(c => cTypeMenu.AddClass(c)); cTypeMenu.AdminNodeProvider(nameof(ContentTypesAdminNode)); }); } // Add external children foreach (var childNode in node.Items) { try { var treeBuilder = treeNodeBuilders.Where(x => x.Name == childNode.GetType().Name).FirstOrDefault(); await treeBuilder.BuildNavigationAsync(childNode, builder, treeNodeBuilders); } catch (Exception e) { _logger.LogError(e, "An exception occurred while building the '{MenuItem}' child Menu Item.", childNode.GetType().Name); } } }
public async Task BuildNavigationAsync(MenuItem menuItem, NavigationBuilder builder, IEnumerable <IAdminNodeNavigationBuilder> treeNodeBuilders) { _node = menuItem as ListsAdminNode; if (_node == null || !_node.Enabled || String.IsNullOrEmpty(_node.ContentType)) { return; } _contentType = _contentDefinitionManager.GetTypeDefinition(_node.ContentType); if (_node.AddContentTypeAsParent) { if (_contentType == null) { _logger.LogError("Can't find The content type '{ContentType}' for list admin node.", _node.ContentType); } await builder.AddAsync(new LocalizedString(_contentType.DisplayName, _contentType.DisplayName), async listTypeMenu => { AddPrefixToClasses(_node.IconForParentLink).ForEach(c => listTypeMenu.AddClass(c)); listTypeMenu.Permission(ContentTypePermissionsHelper.CreateDynamicPermission( ContentTypePermissionsHelper.PermissionTemplates[CommonPermissions.EditContent.Name], _contentType)); await AddContentItemsAsync(listTypeMenu, _node.LinkMode); }); } else { await AddContentItemsAsync(builder, _node.LinkMode); } // Add external children foreach (var childNode in _node.Items) { try { var treeBuilder = treeNodeBuilders.Where(x => x.Name == childNode.GetType().Name).FirstOrDefault(); await treeBuilder.BuildNavigationAsync(childNode, builder, treeNodeBuilders); } catch (Exception e) { _logger.LogError(e, "An exception occurred while building the '{MenuItem}' child Menu Item.", childNode.GetType().Name); } } }
public async Task BuildNavigationAsync(string name, NavigationBuilder builder) { if (!String.Equals(name, "admin", StringComparison.OrdinalIgnoreCase)) { return; } var contentTypeDefinitions = _contentDefinitionManager.ListTypeDefinitions().OrderBy(d => d.Name); builder.Add(S["Content"], NavigationConstants.AdminMenuContentPosition, content => content .AddClass("content").Id("content") .Add(S["Content Items"], S["Content Items"].PrefixPosition(), contentItems => contentItems .Permission(Permissions.EditOwnContent) .Action(nameof(AdminController.List), typeof(AdminController).ControllerName(), new { area = "OrchardCore.Contents" }) .LocalNav()) ); var contentTypes = contentTypeDefinitions.Where(ctd => ctd.GetSettings <ContentTypeSettings>().Creatable).OrderBy(ctd => ctd.DisplayName); if (contentTypes.Any()) { await builder.AddAsync(S["New"], "-1", async newMenu => { newMenu.LinkToFirstChild(false).AddClass("new").Id("new"); foreach (var contentTypeDefinition in contentTypes) { var ci = await _contentManager.NewAsync(contentTypeDefinition.Name); var cim = await _contentManager.PopulateAspectAsync <ContentItemMetadata>(ci); var createRouteValues = cim.CreateRouteValues; if (createRouteValues.Any()) { newMenu.Add(new LocalizedString(contentTypeDefinition.DisplayName, contentTypeDefinition.DisplayName), "5", item => item .Action(cim.CreateRouteValues["Action"] as string, cim.CreateRouteValues["Controller"] as string, cim.CreateRouteValues) .Permission(ContentTypePermissionsHelper.CreateDynamicPermission(ContentTypePermissionsHelper.PermissionTemplates[Permissions.PublishOwnContent.Name], contentTypeDefinition)) ); } } }); } }
private async Task AddContentItemsAsync(NavigationBuilder listTypeMenu) { foreach (var ci in await getContentItemsAsync()) { var cim = await _contentManager.PopulateAspectAsync <ContentItemMetadata>(ci); if (cim.AdminRouteValues.Any() && ci.DisplayText != null) { listTypeMenu.Add(new LocalizedString(ci.DisplayText, ci.DisplayText), m => { m.Action(cim.AdminRouteValues["Action"] as string, cim.AdminRouteValues["Controller"] as string, cim.AdminRouteValues); m.Resource(ci); m.Priority(_node.Priority); m.Position(_node.Position); m.LocalNav(); AddPrefixToClasses(_node.IconForContentItems).ToList().ForEach(c => m.AddClass(c)); m.Permission(ContentTypePermissionsHelper.CreateDynamicPermission( ContentTypePermissionsHelper.PermissionTemplates[CommonPermissions.EditContent.Name], _contentType)); }); } } }
public Task BuildNavigationAsync(string name, NavigationBuilder builder) { if (!String.Equals(name, "admin", StringComparison.OrdinalIgnoreCase)) { return(Task.CompletedTask); } var rvd = new RouteValueDictionary { { "contentTypeId", "VueForm" }, { "Area", "OrchardCore.Contents" }, { "Options.SelectedContentType", "VueForm" }, { "Options.CanCreateSelectedContentType", true } }; builder.Add(S["Content"], design => design .Add(S["Vue Forms"], S["Vue Forms"], menus => menus .Permission(ContentTypePermissionsHelper.CreateDynamicPermission(ContentTypePermissionsHelper.PermissionTemplates[CommonPermissions.EditOwnContent.Name], "VueForm")) .Action("List", "Admin", rvd) .LocalNav() )); return(Task.CompletedTask); }
public void Build(QueryEngineBuilder <ContentItem> builder) { builder .WithNamedTerm("status", builder => builder .OneCondition <ContentItem>((val, query, ctx) => { var context = (ContentQueryContext)ctx; if (Enum.TryParse <ContentsStatus>(val, true, out var contentsStatus)) { switch (contentsStatus) { case ContentsStatus.Draft: query.With <ContentItemIndex>(x => x.Latest && !x.Published); break; case ContentsStatus.Published: query.With <ContentItemIndex>(x => x.Published); break; case ContentsStatus.Owner: var httpContextAccessor = context.ServiceProvider.GetRequiredService <IHttpContextAccessor>(); var userNameIdentifier = httpContextAccessor.HttpContext.User?.FindFirstValue(ClaimTypes.NameIdentifier); query.With <ContentItemIndex>(x => x.Owner == userNameIdentifier && x.Latest); break; case ContentsStatus.AllVersions: query.With <ContentItemIndex>(x => x.Latest); break; default: query.With <ContentItemIndex>(x => x.Latest); break; } } else { // Draft is the default value. query.With <ContentItemIndex>(x => x.Latest); } return(new ValueTask <IQuery <ContentItem> >(query)); }) .MapTo <ContentOptionsViewModel>((val, model) => { if (Enum.TryParse <ContentsStatus>(val, true, out var contentsStatus)) { model.ContentsStatus = contentsStatus; } }) .MapFrom <ContentOptionsViewModel>((model) => { if (model.ContentsStatus != ContentsStatus.Latest) { return(true, model.ContentsStatus.ToString()); } return(false, String.Empty); }) .AlwaysRun() ) .WithNamedTerm("sort", builder => builder .OneCondition <ContentItem>((val, query) => { if (Enum.TryParse <ContentsOrder>(val, true, out var contentsOrder)) { switch (contentsOrder) { case ContentsOrder.Modified: query.With <ContentItemIndex>().OrderByDescending(x => x.ModifiedUtc); break; case ContentsOrder.Published: query.With <ContentItemIndex>().OrderByDescending(cr => cr.PublishedUtc); break; case ContentsOrder.Created: query.With <ContentItemIndex>().OrderByDescending(cr => cr.CreatedUtc); break; case ContentsOrder.Title: query.With <ContentItemIndex>().OrderBy(cr => cr.DisplayText); break; } ; } else { // Modified is a default value and applied when there is no filter. query.With <ContentItemIndex>().OrderByDescending(x => x.ModifiedUtc); } return(query); }) .MapTo <ContentOptionsViewModel>((val, model) => { if (Enum.TryParse <ContentsOrder>(val, true, out var contentsOrder)) { model.OrderBy = contentsOrder; } }) .MapFrom <ContentOptionsViewModel>((model) => { if (model.OrderBy != ContentsOrder.Modified) { return(true, model.OrderBy.ToString()); } return(false, String.Empty); }) .AlwaysRun() ) .WithNamedTerm("type", builder => builder .OneCondition <ContentItem>(async(contentType, query, ctx) => { var context = (ContentQueryContext)ctx; var httpContextAccessor = context.ServiceProvider.GetRequiredService <IHttpContextAccessor>(); var authorizationService = context.ServiceProvider.GetRequiredService <IAuthorizationService>(); var contentManager = context.ServiceProvider.GetRequiredService <IContentManager>(); var contentDefinitionManager = context.ServiceProvider.GetRequiredService <IContentDefinitionManager>(); var user = httpContextAccessor.HttpContext.User; var userNameIdentifier = user?.FindFirstValue(ClaimTypes.NameIdentifier); var canListAllContent = await authorizationService.AuthorizeAsync(user, Permissions.ListContent); // Filter for a specific type. if (!string.IsNullOrEmpty(contentType)) { var contentTypeDefinition = contentDefinitionManager.GetTypeDefinition(contentType); if (contentTypeDefinition != null) { // We display a specific type even if it's not listable so that admin pages // can reuse the Content list page for specific types. var contentItem = await contentManager.NewAsync(contentTypeDefinition.Name); contentItem.Owner = userNameIdentifier; var hasContentListPermission = await authorizationService.AuthorizeAsync(user, ContentTypePermissionsHelper.CreateDynamicPermission(ContentTypePermissionsHelper.PermissionTemplates[CommonPermissions.ListContent.Name], contentTypeDefinition), contentItem); if (hasContentListPermission) { query.With <ContentItemIndex>(x => x.ContentType == contentType); } else { query.With <ContentItemIndex>(x => x.ContentType == contentType && x.Owner == userNameIdentifier); } } } else { var listableTypes = new List <ContentTypeDefinition>(); var authorizedContentTypes = new List <ContentTypeDefinition>(); var unauthorizedContentTypes = new List <ContentTypeDefinition>(); foreach (var ctd in contentDefinitionManager.ListTypeDefinitions()) { if (ctd.GetSettings <ContentTypeSettings>().Listable) { // We want to list the content item if the user can edit their own items at least. // It might display content items the user won't be able to edit though. var contentItem = await contentManager.NewAsync(ctd.Name); contentItem.Owner = userNameIdentifier; var hasEditPermission = await authorizationService.AuthorizeAsync(user, CommonPermissions.EditContent, contentItem); if (hasEditPermission) { listableTypes.Add(ctd); } if (!canListAllContent) { var hasContentListPermission = await authorizationService.AuthorizeAsync(user, ContentTypePermissionsHelper.CreateDynamicPermission(ContentTypePermissionsHelper.PermissionTemplates[CommonPermissions.ListContent.Name], ctd), contentItem); if (hasContentListPermission) { authorizedContentTypes.Add(ctd); } else { unauthorizedContentTypes.Add(ctd); } } } } if (authorizedContentTypes.Any() && !canListAllContent) { query.With <ContentItemIndex>().Where(x => (x.ContentType.IsIn(authorizedContentTypes.Select(t => t.Name).ToArray())) || (x.ContentType.IsIn(unauthorizedContentTypes.Select(t => t.Name).ToArray()) && x.Owner == userNameIdentifier)); } else { query.With <ContentItemIndex>(x => x.ContentType.IsIn(listableTypes.Select(t => t.Name).ToArray())); // If we set the ListContent permission // to false we can only view our own content and // we bypass and force the corresponding ContentsStatus by owned content filtering if (!canListAllContent) { query.With <ContentItemIndex>(x => x.Owner == userNameIdentifier); } } } return(query); }) .MapTo <ContentOptionsViewModel>((val, model) => { if (!String.IsNullOrEmpty(val)) { model.SelectedContentType = val; } }) .MapFrom <ContentOptionsViewModel>((model) => { if (!String.IsNullOrEmpty(model.SelectedContentType)) { return(true, model.SelectedContentType); } return(false, String.Empty); }) .AlwaysRun() ) .WithDefaultTerm("text", builder => builder .ManyCondition <ContentItem>( ((val, query) => query.With <ContentItemIndex>(x => x.DisplayText.Contains(val))), ((val, query) => query.With <ContentItemIndex>(x => x.DisplayText.IsNotIn <ContentItemIndex>(s => s.DisplayText, w => w.DisplayText.Contains(val)))) ) ); }
private async Task AddContentItemsAsync(NavigationBuilder listTypeMenu, LinkMode nodeLinkMode) { foreach (var ci in await getContentItemsAsync()) { var cim = await _contentManager.PopulateAspectAsync <ContentItemMetadata>(ci); switch (nodeLinkMode) { case LinkMode.Admin: if (cim.AdminRouteValues.Any() && ci.DisplayText != null) { listTypeMenu.Add(new LocalizedString(ci.DisplayText, ci.DisplayText), m => { m.Action(cim.AdminRouteValues["Action"] as string, cim.AdminRouteValues["Controller"] as string, cim.AdminRouteValues); m.Resource(ci); m.Priority(_node.Priority); m.Position(_node.Position); m.LocalNav(); AddPrefixToClasses(_node.IconForContentItems).ToList().ForEach(c => m.AddClass(c)); m.Permission(ContentTypePermissionsHelper.CreateDynamicPermission( ContentTypePermissionsHelper.PermissionTemplates[CommonPermissions.EditContent.Name], _contentType)); }); } break; case LinkMode.Display: if (cim.DisplayRouteValues.Any() && ci.DisplayText != null) { listTypeMenu.Add(new LocalizedString(ci.DisplayText, ci.DisplayText), m => { m.Action(cim.DisplayRouteValues["Action"] as string, cim.DisplayRouteValues["Controller"] as string, cim.DisplayRouteValues); m.Resource(ci); m.Priority(_node.Priority); m.Position(_node.Position); m.LocalNav(); AddPrefixToClasses(_node.IconForContentItems).ToList().ForEach(c => m.AddClass(c)); m.Permission(ContentTypePermissionsHelper.CreateDynamicPermission( ContentTypePermissionsHelper.PermissionTemplates[CommonPermissions.EditContent.Name], _contentType)); }); } break; case LinkMode.Edit: if (cim.EditorRouteValues.Any() && ci.DisplayText != null) { listTypeMenu.Add(new LocalizedString(ci.DisplayText, ci.DisplayText), m => { m.Action(cim.EditorRouteValues["Action"] as string, cim.EditorRouteValues["Controller"] as string, cim.EditorRouteValues); m.Resource(ci); m.Priority(_node.Priority); m.Position(_node.Position); m.LocalNav(); AddPrefixToClasses(_node.IconForContentItems).ToList().ForEach(c => m.AddClass(c)); m.Permission(ContentTypePermissionsHelper.CreateDynamicPermission( ContentTypePermissionsHelper.PermissionTemplates[CommonPermissions.EditContent.Name], _contentType)); }); } break; case LinkMode.Create: if (cim.CreateRouteValues.Any() && ci.DisplayText != null) { listTypeMenu.Add(new LocalizedString(ci.DisplayText, ci.DisplayText), m => { m.Action(cim.CreateRouteValues["Action"] as string, cim.CreateRouteValues["Controller"] as string, cim.CreateRouteValues); m.Resource(ci); m.Priority(_node.Priority); m.Position(_node.Position); m.LocalNav(); AddPrefixToClasses(_node.IconForContentItems).ToList().ForEach(c => m.AddClass(c)); m.Permission(ContentTypePermissionsHelper.CreateDynamicPermission( ContentTypePermissionsHelper.PermissionTemplates[CommonPermissions.EditContent.Name], _contentType)); }); } break; default: throw new ArgumentOutOfRangeException(nameof(nodeLinkMode), nodeLinkMode, null); } } }
public async Task <IActionResult> Submit(string formId) { var canView = ContentTypePermissionsHelper.CreateDynamicPermission(ContentTypePermissionsHelper.PermissionTemplates[CommonPermissions.ViewContent.Name], "VueForm"); if (!await _authorizationService.AuthorizeAsync(User, canView)) { return(NotFound()); } var form = await _contentManager.GetAsync(formId, VersionOptions.Published); if (form == null) { return(NotFound()); } var formPart = form.As <VueForm>(); if (formPart.Disabled.Value) { return(NotFound()); } if (!_contentPermissionsService.CanAccess(form)) { return(NotFound()); } var scriptingProvider = new VueFormMethodsProvider(form); var script = form.As <VueFormScripts>(); // This object holds the return value of the script object serverScriptResult = EvaluateScript(script?.OnValidation?.Text, scriptingProvider, formPart, "OnValidation"); // Return if any errors are returned in the OnValidation script if (ModelState.ErrorCount > 0) { return(Json(new VueFormSubmitResult(GetErrorDictionary(), serverScriptResult, GetDebugLogs(formPart)))); } serverScriptResult = EvaluateScript(script?.OnSubmitted?.Text, scriptingProvider, formPart, "OnSubmitted"); // Return if any errors are returned from the OnSubmitted script if (ModelState.ErrorCount > 0) { return(Json(new VueFormSubmitResult(GetErrorDictionary(), serverScriptResult, GetDebugLogs(formPart)))); } // _workflow manager is null if workflow feature is not enabled if (_workflowManager != null) { await _workflowManager.TriggerEventAsync(nameof(VueFormSubmittedEvent), input : new { VueForm = form }, correlationId : form.ContentItemId ); } // Return if any errors are returned from the Workflow if (ModelState.ErrorCount > 0) { return(Json(new VueFormSubmitResult(GetErrorDictionary(), serverScriptResult, GetDebugLogs(formPart)))); } // Handle the redirects with ajax requests. // 302 are equivalent to 301 in this case. No permanent redirect. // This can come from a scripting method or the HttpRedirect Workflow Task if (HttpContext.Response.StatusCode == 301 || HttpContext.Response.StatusCode == 302) { var returnValue = new { redirect = WebUtility.UrlDecode(HttpContext.Response.Headers["Location"]) }; HttpContext.Response.Clear(); return(Json(returnValue)); } // This get's set by either the workflow's HttpRedirectTask or HttpResponseTask if (HttpContext.Items[WorkflowHttpResult.Instance] != null) { // Let the HttpResponseTask control the response. This will fail on the client if it's anything other than json return(new EmptyResult()); } //try to get the message from the http context as set by the addSuccessMessage() scripting function var successMessage = string.Empty; if (HttpContext.Items[Constants.VueFormSuccessMessage] != null) { successMessage = (string)HttpContext.Items[Constants.VueFormSuccessMessage]; } else { if (!string.IsNullOrWhiteSpace(formPart.SuccessMessage?.Text)) { var formSuccessMessage = await _liquidTemplateManager.RenderStringAsync(formPart.SuccessMessage.Text, _htmlEncoder); successMessage = await _shortcodeService.ProcessAsync(formSuccessMessage); } } return(Json(new VueFormSubmitResult(successMessage, serverScriptResult, GetDebugLogs(formPart)))); }
public async Task FilterAsync(ContentOptionsViewModel model, IQuery <ContentItem> query, IUpdateModel updater) { var user = _httpContextAccessor.HttpContext.User; var userNameIdentifier = user.FindFirstValue(ClaimTypes.NameIdentifier); if (!String.IsNullOrEmpty(model.DisplayText)) { query.With <ContentItemIndex>(x => x.DisplayText.Contains(model.DisplayText)); } switch (model.ContentsStatus) { case ContentsStatus.Published: query.With <ContentItemIndex>(x => x.Published); break; case ContentsStatus.Draft: query.With <ContentItemIndex>(x => x.Latest && !x.Published); break; case ContentsStatus.AllVersions: query.With <ContentItemIndex>(x => x.Latest); break; default: query.With <ContentItemIndex>(x => x.Latest); break; } var canListAllContent = await _authorizationService.AuthorizeAsync(user, Permissions.ListContent); // Filter the creatable types. if (!string.IsNullOrEmpty(model.SelectedContentType)) { var contentTypeDefinition = _contentDefinitionManager.GetTypeDefinition(model.SelectedContentType); if (contentTypeDefinition != null) { // We display a specific type even if it's not listable so that admin pages // can reuse the Content list page for specific types. var contentItem = await _contentManager.NewAsync(contentTypeDefinition.Name); contentItem.Owner = userNameIdentifier; var hasContentListPermission = await _authorizationService.AuthorizeAsync(user, ContentTypePermissionsHelper.CreateDynamicPermission(ContentTypePermissionsHelper.PermissionTemplates[CommonPermissions.ListContent.Name], contentTypeDefinition), contentItem); if (hasContentListPermission) { query.With <ContentItemIndex>(x => x.ContentType == model.SelectedContentType); } else { query.With <ContentItemIndex>(x => x.ContentType == model.SelectedContentType && x.Owner == userNameIdentifier); } } } else { var listableTypes = new List <ContentTypeDefinition>(); var authorizedContentTypes = new List <ContentTypeDefinition>(); var unauthorizedContentTypes = new List <ContentTypeDefinition>(); foreach (var ctd in _contentDefinitionManager.ListTypeDefinitions()) { if (ctd.GetSettings <ContentTypeSettings>().Listable) { // We want to list the content item if the user can edit their own items at least. // It might display content items the user won't be able to edit though. var contentItem = await _contentManager.NewAsync(ctd.Name); contentItem.Owner = userNameIdentifier; var hasEditPermission = await _authorizationService.AuthorizeAsync(user, CommonPermissions.EditContent, contentItem); if (hasEditPermission) { listableTypes.Add(ctd); } if (!canListAllContent) { var hasContentListPermission = await _authorizationService.AuthorizeAsync(user, ContentTypePermissionsHelper.CreateDynamicPermission(ContentTypePermissionsHelper.PermissionTemplates[CommonPermissions.ListContent.Name], ctd), contentItem); if (hasContentListPermission) { authorizedContentTypes.Add(ctd); } else { unauthorizedContentTypes.Add(ctd); } } } } if (authorizedContentTypes.Any() && !canListAllContent) { query.With <ContentItemIndex>().Where(x => (x.ContentType.IsIn(authorizedContentTypes.Select(t => t.Name).ToArray())) || (x.ContentType.IsIn(unauthorizedContentTypes.Select(t => t.Name).ToArray()) && x.Owner == userNameIdentifier)); } else { query.With <ContentItemIndex>(x => x.ContentType.IsIn(listableTypes.Select(t => t.Name).ToArray())); // If we set the ListContent permission // to false we can only view our own content and // we bypass the corresponding ContentsStatus by owned content filtering if (!canListAllContent) { query.With <ContentItemIndex>(x => x.Owner == userNameIdentifier); } else { if (model.ContentsStatus == ContentsStatus.Owner) { query.With <ContentItemIndex>(x => x.Owner == userNameIdentifier); } } } } // Apply OrderBy filters. switch (model.OrderBy) { case ContentsOrder.Modified: query.With <ContentItemIndex>().OrderByDescending(x => x.ModifiedUtc); break; case ContentsOrder.Published: query.With <ContentItemIndex>().OrderByDescending(cr => cr.PublishedUtc); break; case ContentsOrder.Created: query.With <ContentItemIndex>().OrderByDescending(cr => cr.CreatedUtc); break; case ContentsOrder.Title: query.With <ContentItemIndex>().OrderBy(cr => cr.DisplayText); break; default: query.With <ContentItemIndex>().OrderByDescending(cr => cr.ModifiedUtc); break; } ; }