-
Notifications
You must be signed in to change notification settings - Fork 2.4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add UI permissions based on the user role #6823
Changes from all commits
File filter
Filter by extension
Conversations
Jump to
Diff view
Diff view
There are no files selected for viewing
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,22 +1,28 @@ | ||
@*@if (Authorizer.Authorize(Permissions.PublishContent, (IContent)Model.ContentItem)) {*@ | ||
@using Microsoft.AspNetCore.Authorization | ||
@inject IAuthorizationService AuthorizationService | ||
|
||
@{ | ||
ContentItem contentItem = Model.ContentItem; | ||
var returnUrl = Context.Request.Query["returnUrl"]; | ||
var hasPublishContentPermission = await AuthorizationService.AuthorizeAsync(User, OrchardCore.Contents.Permissions.PublishContent, contentItem); | ||
} | ||
@if (String.IsNullOrWhiteSpace(returnUrl)) | ||
{ | ||
<button type="submit" name="submit.Publish" class="publish-button btn btn-success" value="submit.Publish">@T["Publish"]</button> | ||
} | ||
else | ||
|
||
@if(hasPublishContentPermission) | ||
{ | ||
<div class="btn-group"> | ||
<button class="publish-button btn btn-success" type="submit" name="submit.Publish" value="submit.Publish">@T["Publish"]</button> | ||
<button type="button" class="btn btn-success dropdown-toggle dropdown-toggle-split" data-reference="parent" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> | ||
<span class="sr-only">@T["Toggle Dropdown"]</span> | ||
</button> | ||
<div class="dropdown-menu"> | ||
<button class="dropdown-item" type="submit" name="submit.Publish" value="submit.PublishAndContinue">@T["and continue"]</button> | ||
if (String.IsNullOrWhiteSpace(returnUrl)) | ||
{ | ||
<button type="submit" name="submit.Publish" class="publish-button btn btn-success" value="submit.Publish">@T["Publish"]</button> | ||
} | ||
else | ||
{ | ||
<div class="btn-group"> | ||
<button class="publish-button btn btn-success" type="submit" name="submit.Publish" value="submit.Publish">@T["Publish"]</button> | ||
<button type="button" class="btn btn-success dropdown-toggle dropdown-toggle-split" data-reference="parent" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> | ||
<span class="sr-only">@T["Toggle Dropdown"]</span> | ||
</button> | ||
<div class="dropdown-menu"> | ||
<button class="dropdown-item" type="submit" name="submit.Publish" value="submit.PublishAndContinue">@T["and continue"]</button> | ||
</div> | ||
</div> | ||
</div> | ||
} | ||
} | ||
|
||
@* } *@ |
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,19 +1,28 @@ | ||
@using Microsoft.AspNetCore.Authorization | ||
@inject IAuthorizationService AuthorizationService | ||
|
||
@{ | ||
ContentItem contentItem = Model.ContentItem; | ||
var returnUrl = Context.Request.Query["returnUrl"]; | ||
var hasEditContentPermission = await AuthorizationService.AuthorizeAsync(User, OrchardCore.Contents.Permissions.EditContent, contentItem); | ||
} | ||
@if (String.IsNullOrWhiteSpace(returnUrl)) | ||
|
||
@if(hasEditContentPermission) | ||
{ | ||
<button class="primaryAction btn btn-primary" type="submit" name="submit.Save" value="submit.Save">@T["Save Draft"]</button> | ||
} | ||
else | ||
{ | ||
<div class="btn-group"> | ||
<button class="btn btn-primary" type="submit" name="submit.Save" value="submit.Save">@T["Save Draft"]</button> | ||
<button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-reference="parent" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> | ||
<span class="sr-only">@T["Toggle Dropdown"]</span> | ||
</button> | ||
<div class="dropdown-menu"> | ||
<button class="dropdown-item" type="submit" name="submit.Save" value="submit.SaveAndContinue">@T["and continue"]</button> | ||
if (String.IsNullOrWhiteSpace(returnUrl)) | ||
{ | ||
<button class="primaryAction btn btn-primary" type="submit" name="submit.Save" value="submit.Save">@T["Save Draft"]</button> | ||
} | ||
else | ||
{ | ||
<div class="btn-group"> | ||
<button class="btn btn-primary" type="submit" name="submit.Save" value="submit.Save">@T["Save Draft"]</button> | ||
<button type="button" class="btn btn-primary dropdown-toggle dropdown-toggle-split" data-reference="parent" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> | ||
<span class="sr-only">@T["Toggle Dropdown"]</span> | ||
</button> | ||
<div class="dropdown-menu"> | ||
<button class="dropdown-item" type="submit" name="submit.Save" value="submit.SaveAndContinue">@T["and continue"]</button> | ||
</div> | ||
</div> | ||
</div> | ||
} | ||
} |
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -43,7 +43,7 @@ | |
<button type="button" class="btn btn-secondary btn-sm dropdown-toggle" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false"> | ||
@T["Actions"] | ||
</button> | ||
<div class="dropdown-menu dropdown-menu-right"> | ||
<div id="actionsMenu" class="dropdown-menu dropdown-menu-right"> | ||
@await DisplayAsync(Model.ActionsMenu) | ||
</div> | ||
</div> | ||
|
@@ -57,3 +57,15 @@ | |
{ | ||
<div class="col primary">@await DisplayAsync(Model.Content)</div> | ||
} | ||
|
||
<script at="Foot" type="text/javascript"> | ||
There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Why not use a named script with a class selector ? Instead of having tons of instances of this code on the page ? There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. @netwavebe already fixed it @jptissot exactly as you suggested. There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Ah cool, I did not realize this was an old pr :) There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. It got merged to dev a few days ago. See #7070 There was a problem hiding this comment. Choose a reason for hiding this commentThe reason will be displayed to describe this comment to others. Learn more. Thanks @netwavebe :) |
||
$(function(){ | ||
|
||
$("#actionsMenu.dropdown-menu").each(function(i, e){ | ||
var count = $(e).children().length; | ||
if(count == 0){ | ||
$(this).parent().hide(); | ||
} | ||
}); | ||
}); | ||
</script> |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
PublishOwnContent. These permissions are not taking in consideration when we want to use PublishOwn or EditOwn they need to be changed.There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@Skrypt code is good here I think. a PublishContent permission request is morphed to PublishOwn. You shouldn't request PublishOwn directly (see comments in CommonPermissions)
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
It doesn't work if you have set a PublishOwn_ContentTypeName permission which is dynamic. So the issue is that the PR makes it impossible to have a role that has Publish/Edit/Delete own permission on a single custom content type. I have a PR coming up.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
See https://github.com/OrchardCMS/OrchardCore/blob/dev/src/OrchardCore.Modules/OrchardCore.Contents/Security/ContentTypeAuthorizationHandler.cs#L58