Add UI permissions based on the user role (#6823)

OrchardCMS · Aug 27, 2020 · 3c47ed2 · 3c47ed2
1 parent 85576b6
commit 3c47ed2
Show file tree

Hide file tree

Showing 6 changed files with 90 additions and 36 deletions.
diff --git a/src/OrchardCore.Modules/OrchardCore.ContentPreview/Views/ContentPreview.Button.cshtml b/src/OrchardCore.Modules/OrchardCore.ContentPreview/Views/ContentPreview.Button.cshtml
@@ -1,8 +1,18 @@
+@using Microsoft.AspNetCore.Authorization
+@using OrchardCore.ContentManagement
+@using OrchardCore.ContentPreview
+@inject IAuthorizationService AuthorizationService
+
 @{
+    ContentItem contentItem = Model.ContentItem;
     var previewId = Guid.NewGuid();
+    var hasPreviewPermission = await AuthorizationService.AuthorizeAsync(User, Permissions.ContentPreview, contentItem);
 }
 
-<a id="previewButton" target="_blank" class="publish-button btn btn-info" href="@Url.Action("Index", "Preview", new { area = "OrchardCore.ContentPreview", id = previewId })">@T["Preview"]</a>
+@if(hasPreviewPermission)
+{
+    <a id="previewButton" target="_blank" class="publish-button btn btn-info" href="@Url.Action("Index", "Preview", new { area = "OrchardCore.ContentPreview", id = previewId })">@T["Preview"]</a>
+}
 
 <div id="renderPreviewUrl" style="display:none" data-value="@Url.Action("Render", "Preview", new { area = "OrchardCore.ContentPreview" })" ></div>
 <div id="contentItemType" style="display:none" data-value="@Model.ContentItem.ContentType"></div>

diff --git a/src/OrchardCore.Modules/OrchardCore.Contents/Views/Content.PublishButton.cshtml b/src/OrchardCore.Modules/OrchardCore.Contents/Views/Content.PublishButton.cshtml
@@ -1,22 +1,28 @@
-@*@if (Authorizer.Authorize(Permissions.PublishContent, (IContent)Model.ContentItem)) {*@
+@using Microsoft.AspNetCore.Authorization
+@inject IAuthorizationService AuthorizationService
+
 @{
+    ContentItem contentItem = Model.ContentItem;
     var returnUrl = Context.Request.Query["returnUrl"];
+    var hasPublishContentPermission = await AuthorizationService.AuthorizeAsync(User, OrchardCore.Contents.Permissions.PublishContent, contentItem);
 }
-@if (String.IsNullOrWhiteSpace(returnUrl))
-{
-    <button type="submit" name="submit.Publish" class="publish-button btn btn-success" value="submit.Publish">@T["Publish"]</button>
-}
-else
+
+@if(hasPublishContentPermission)
 {
-    <div class="btn-group">
-        <button class="publish-button btn btn-success" type="submit" name="submit.Publish" value="submit.Publish">@T["Publish"]</button>
-        <button type="button" class="btn btn-success dropdown-toggle dropdown-toggle-split" data-reference="parent" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
-            <span class="sr-only">@T["Toggle Dropdown"]</span>
-        </button>
-        <div class="dropdown-menu">
-            <button class="dropdown-item" type="submit" name="submit.Publish" value="submit.PublishAndContinue">@T["and continue"]</button>
+    if (String.IsNullOrWhiteSpace(returnUrl))
+    {
+        <button type="submit" name="submit.Publish" class="publish-button btn btn-success" value="submit.Publish">@T["Publish"]</button>
+    }
+    else
+    {
+        <div class="btn-group">
+            <button class="publish-button btn btn-success" type="submit" name="submit.Publish" value="submit.Publish">@T["Publish"]</button>
+            <button type="button" class="btn btn-success dropdown-toggle dropdown-toggle-split" data-reference="parent" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+                <span class="sr-only">@T["Toggle Dropdown"]</span>
+            </button>
+            <div class="dropdown-menu">
+                <button class="dropdown-item" type="submit" name="submit.Publish" value="submit.PublishAndContinue">@T["and continue"]</button>
+            </div>
         </div>
-    </div>
+    }
 }
-
-@* } *@
diff --git a/src/OrchardCore.Modules/OrchardCore.Contents/Views/Content.SaveDraftButton.cshtml b/src/OrchardCore.Modules/OrchardCore.Contents/Views/Content.SaveDraftButton.cshtml
@@ -1,19 +1,28 @@
+@using Microsoft.AspNetCore.Authorization
+@inject IAuthorizationService AuthorizationService
+
 @{
+    ContentItem contentItem = Model.ContentItem;
     var returnUrl = Context.Request.Query["returnUrl"];
+    var hasEditContentPermission = await AuthorizationService.AuthorizeAsync(User, OrchardCore.Contents.Permissions.EditContent, contentItem);
 }
-@if (String.IsNullOrWhiteSpace(returnUrl))
+
+@if(hasEditContentPermission)
 {
-    <button class="primaryAction btn btn-primary" type="submit" name="submit.Save" value="submit.Save">@T["Save Draft"]</button>
-}
-else
-{
-    <div class="btn-group">
-        <button class="btn btn-primary" type="submit" name="submit.Save" value="submit.Save">@T["Save Draft"]</button>
-        <button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-reference="parent" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
-            <span class="sr-only">@T["Toggle Dropdown"]</span>
-        </button>
-        <div class="dropdown-menu">
-            <button class="dropdown-item" type="submit" name="submit.Save" value="submit.SaveAndContinue">@T["and continue"]</button>
+    if (String.IsNullOrWhiteSpace(returnUrl))
+    {
+        <button class="primaryAction btn btn-primary" type="submit" name="submit.Save" value="submit.Save">@T["Save Draft"]</button>
+    }
+    else
+    {
+        <div class="btn-group">
+            <button class="btn btn-primary" type="submit" name="submit.Save" value="submit.Save">@T["Save Draft"]</button>
+            <button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-reference="parent" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
+                <span class="sr-only">@T["Toggle Dropdown"]</span>
+            </button>
+            <div class="dropdown-menu">
+                <button class="dropdown-item" type="submit" name="submit.Save" value="submit.SaveAndContinue">@T["and continue"]</button>
+            </div>
         </div>
-    </div>
+    }
 }
diff --git a/src/OrchardCore.Modules/OrchardCore.Contents/Views/Content.SummaryAdmin.cshtml b/src/OrchardCore.Modules/OrchardCore.Contents/Views/Content.SummaryAdmin.cshtml
@@ -43,7 +43,7 @@
                         <button type="button" class="btn btn-secondary btn-sm dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
                             @T["Actions"]
                         </button>
-                        <div class="dropdown-menu dropdown-menu-right">
+                        <div id="actionsMenu" class="dropdown-menu dropdown-menu-right">
                             @await DisplayAsync(Model.ActionsMenu)
                         </div>
                     </div>
@@ -57,3 +57,15 @@
 {
     <div class="col primary">@await DisplayAsync(Model.Content)</div>
 }
+
+<script at="Foot" type="text/javascript">
+    $(function(){
+        
+        $("#actionsMenu.dropdown-menu").each(function(i, e){
+            var count = $(e).children().length;
+            if(count == 0){
+                $(this).parent().hide();
+            }
+        });
+    });
+</script>
diff --git a/...rchardCore.Modules/OrchardCore.Contents/Views/Contents-Button-Actions.SummaryAdmin.cshtml b/...rchardCore.Modules/OrchardCore.Contents/Views/Contents-Button-Actions.SummaryAdmin.cshtml
@@ -6,12 +6,23 @@
     var hasPublished = await ContentManager.HasPublishedVersionAsync(contentItem);
     var hasDraft = contentItem.HasDraft();
     var hasClonePermission = await AuthorizationService.AuthorizeAsync(User, OrchardCore.Contents.Permissions.CloneContent, contentItem);
+    var hasDeletePermission = await AuthorizationService.AuthorizeAsync(User, OrchardCore.Contents.Permissions.DeleteContent, contentItem);
+    var hasEditPermission = await AuthorizationService.AuthorizeAsync(User, OrchardCore.Contents.Permissions.EditContent, contentItem);
+    var hasPreviewPermission = await AuthorizationService.AuthorizeAsync(User, OrchardCore.Contents.Permissions.PreviewContent, contentItem);
+    var hasPublishPermission = await AuthorizationService.AuthorizeAsync(User, OrchardCore.Contents.Permissions.PublishContent, contentItem);
 }
 
 @if (hasDraft)
 {
-    <a asp-action="Publish" asp-controller="Admin" asp-route-area="OrchardCore.Contents" asp-route-contentItemId="@contentItem.ContentItemId" asp-route-returnUrl="@FullRequestPath" itemprop="UnsafeUrl" class="dropdown-item btn-sm">@T["Publish Draft"]</a>
-    <a asp-action="Preview" asp-controller="Item" asp-route-area="OrchardCore.Contents" asp-route-contentItemId="@contentItem.ContentItemId" class="dropdown-item btn-sm">@T["Preview Draft"]</a>
+    if(hasPublishPermission)
+    {
+        <a asp-action="Publish" asp-controller="Admin" asp-route-area="OrchardCore.Contents" asp-route-contentItemId="@contentItem.ContentItemId" asp-route-returnUrl="@FullRequestPath" itemprop="UnsafeUrl" class="dropdown-item btn-sm">@T["Publish Draft"]</a>
+    }
+
+    if(hasPreviewPermission)
+    {
+        <a asp-action="Preview" asp-controller="Item" asp-route-area="OrchardCore.Contents" asp-route-contentItemId="@contentItem.ContentItemId" class="dropdown-item btn-sm">@T["Preview Draft"]</a>
+    }
 
     <div class="dropdown-divider"></div>
 }
@@ -21,12 +32,12 @@
     <a asp-action="DiscardDraft" asp-controller="Admin" asp-route-area="OrchardCore.Contents" asp-route-contentItemId="@contentItem.ContentItemId" asp-route-returnUrl="@FullRequestPath" itemprop="UnsafeUrl RemoveUrl" data-title=@T["Discard Draft"] data-message=@T["Are you sure you want to discard this draft?"] data-ok-text="@T["Yes"]" data-cancel-text="@T["No"]" data-ok-class="btn-primary" class="dropdown-item btn-sm">@T["Discard Draft"]</a>
 }
 
-@if (hasPublished)
+@if (hasPublished && hasEditPermission)
 {
     <a asp-action="Unpublish" asp-controller="Admin" asp-route-area="OrchardCore.Contents" asp-route-contentItemId="@contentItem.ContentItemId" asp-route-returnUrl="@FullRequestPath" itemprop="UnsafeUrl RemoveUrl" data-title=@T["Unpublish"] data-message=@T["Are you sure you want to unpublish this item?"] data-ok-text="@T["Yes"]" data-cancel-text="@T["No"]" data-ok-class="btn-primary" class="dropdown-item btn-sm">@T["Unpublish"]</a>
 }
 
-@if (hasDraft || hasPublished)
+@if ((hasDraft || hasPublished) && hasDeletePermission)
 {
     <a remove-for="@contentItem" class="dropdown-item btn-sm" asp-route-returnUrl="@FullRequestPath" itemprop="RemoveUrl UnsafeUrl" data-title="@T["Delete"]" data-message="@T["Are you sure you want to delete this content item?"]">@T["Delete"]</a>
 }

diff --git a/src/OrchardCore.Modules/OrchardCore.Contents/Views/Contents-Button-Edit.SummaryAdmin.cshtml b/src/OrchardCore.Modules/OrchardCore.Contents/Views/Contents-Button-Edit.SummaryAdmin.cshtml
@@ -1,12 +1,18 @@
+@using Microsoft.AspNetCore.Authorization
 @using OrchardCore.ContentManagement
+@inject IAuthorizationService AuthorizationService
 @inject IContentManager ContentManager
 
 @{
     ContentItem contentItem = Model.ContentItem;
     var hasPublished = await ContentManager.HasPublishedVersionAsync(contentItem);
+    var hasEditContentPermission = await AuthorizationService.AuthorizeAsync(User, OrchardCore.Contents.Permissions.EditContent, contentItem);
 }
 
-<a edit-for="@contentItem" asp-route-returnUrl="@FullRequestPath" class="btn btn-primary btn-sm">@T["Edit"]</a>
+@if(hasEditContentPermission)
+{
+    <a edit-for="@contentItem" asp-route-returnUrl="@FullRequestPath" class="btn btn-primary btn-sm">@T["Edit"]</a>
+}
 
 @if (hasPublished)
 {