Orchard - How to understand if I'm calling from Admin panel - orchardcms

I need to execute some code everytime I load a page, except if the page belongs to the admin panel. I created an IActionFilter and in the OnActionExecuting method I tried to check for the Controller name, but it isn't an optimal solution because there are a lot of different controllers being called from the dashboard. Is there a more efficient way to recognize if I'm loading a page of the admin panel?

Yes there is
using Orchard.UI.Admin;
&
if (AdminFilter.IsApplied(filterContext.RequestContext))
{
// This is an admin page, do nothing
return;
}

Related

Using the Existing Redirection to an External URL

How do you use redirection on Acumatica mobile xml or msdl to redirect to an external link?
All I could find is If an action on an Acumatica ERP form provides redirection to an external URL, you can map the action to use it in the mobile app. To do this, you need no additional attributes in the action object. However, the redirect attribute of the tag must be set to True, as shown in the following example.
Thanks
There may be other ways, but from the new T410 course for MSDL in 2018R2, you need to do a couple of steps. (Got this at Acumatica Summit 2018 Web Services course - Lesson 6 in the training guide which should be available soon if not already.)
First, define a new toolbar button on the form for your external link
(This example is for the SO303000 screen)
public PXAction<AR.ARInvoice> TestURL;
[PXButton(CommitChanges=true)]
[PXUIField(DisplayName = "TestURL")]
protected void testURL(){
throw new PXRedirectToUrlException(
"http://www.acumatica.com",
"Redirect:http://www.acumatica.com"
)
}
After publishing your project, go back to the Customization Project in the Mobile Application section to map the button. Add this to the commands section of the page as shown in the following example.
add container "InvoiceSummary" {
add field …
add recordAction "TestURL" {
behavior = Void
redirect = True
}
}
Not sure if this answered your question as you pretty much had the MSDL code listed, so maybe it is a matter of where you placed your code within the mobile definition? In the training class, we placed it inside the container where we wanted the link which then appears on the menu on the mobile app when viewing that container.

How can i check if user is logged in from the MVC5 Layout file

I have an MVC 5 Site, using a shared _Layout view.
In this _Layout view i render my scripts in the bottom part, after the body.
#Scripts.Render("~/bundles/jquery")
#Scripts.Render("~/bundles/jqueryui")
#*BootStrap must be loaded after JQuery UI in order to override the tooltip function*#
#Scripts.Render("~/bundles/bootstrap")
#Scripts.Render("~/bundles/jqueryval")
#Scripts.Render("~/bundles/Session")
My Problem now, is that i want to include the Session Bundle in every page, except my Login pages.
In other words, i want to use the Session Bundle only for pages where the user is logged in and they have an active session.
How can i check for this condition in my _Layout View and render the Script Render conditionally?
In other pages, i would add a bool field to my Model and then use an C# If construction to only render the Script part if true, but i do not have a Model in my _Layout View.
I am also using custom, very simple login methods, so i am not using the Identity Framework of MVC5.
EDIT
I was suggested to use the Request object
#if (Request.IsAuthenticated) { #Render...}
This does not work since im using custom login, that does not work with the built in framework.
I read up on how this field works, here How does Request.IsAuthenticated work?
The problem is still unresolved
#if (Request.IsAuthenticated)
{
// Render stuff for authenticated user
}
I found an Answer.
access session variable from layout page ASP.NET MVC3 RAZOR
I am able to access the Session object from my Layout. Using that, i can check if my custom authentication object is null. If its not null, the user is logged in
#if (Session["BrugerSession"] != null)
{
#Scripts.Render("~/bundles/Session")
}

Logged in user can only access 1 page?

Using Orchard 1.6 Iv created a new role 'FactoryWorker'. When this user logs in from the front end I want them to be navigated to one page only.
OrchardLocal/System/ManufacturedProducts
I have set this page to be a print screen of the order details so the factory worker will know what products to get ready for ship out & they wont be able to navigate as no menu appears, but also need the other pages blocked incase the user decides to enter the URL of a page they arnt allowed access to.
This is the only page I want this particular user to be able to access(after they login), and I have added a logout button, which logs out the user and returns them to the home page.
So iv been looking through editing a role, with permissions and content etc...but this all seems to be applying to forms and content in general. where the user can access any content type etc...
So can someone advise me on how to do this?
thanks for any replies
UPDATE
I forgot to mention that this is not a content type, item or part I am talking about.
I have created my own controller & View & VM which is accessible from the dash board (using the AdminMenu, which brings the admin user to OrchardLocal/System/ManufacturedProducts)
I have looked at Orchard.ContentPermissions Feature but it only seems to allow me to 1)Grant permissions for others or 2)Grant permission for own content
any ideas?
You can use a Request Filter, (I do not know if it is the best way) :
FilterProvider – defines the filter applied to each request. Resembles the way default ASP.NET MVC action filters work with the difference that it’s not an attribute. All FilterProvider objects are injected into the request pipeline and are applied to all requests (so you need to check if the current request is suitable for your filter at the beginning of an appropriate method).
From : http://www.szmyd.com.pl/blog/most-useful-orchard-extension-points
So you could implement something like this
public class Filter : FilterProvider, IAuthorizationFilter {
private readonly IAuthenticationService _authenticationService;
public Filter(IAuthenticationService authenticationService) {
_authenticationService = authenticationService;
}
public void OnAuthorization(AuthorizationContext filterContext) {
//If route is the restricted one
if (filterContext.HttpContext.Request.Url.AbsoluteUri.Contains("OrchardLocal/System/ManufacturedProducts")) {
//Get the logged user
IUser loggedUser = _authenticationService.GetAuthenticatedUser();
if (loggedUser == null)
return filterContext.Result = new HttpUnauthorizedResult();
//Get the Roles
var roles = loggedUser.As<IUserRoles>().Roles;
if (!roles.Contains("FactoryUser")) {
//User is not authorized
return filterContext.Result = new HttpUnauthorizedResult();
}
}
}
}
Note: Untested code!
EDIT: Also you could invert the logic and check if the logged user has the role 'FactoryUser' and restrict its access to every page except the one they should see.
Your module can create a new permission (look at one of the permissions.cs files for examples), then create a role that has only that permission. Have your controller action check that permission (again, many examples found by finding usage of the permissions defined in one of the permissions.cs).
You can use the Content Permissions module. Using this module you can attach a content item permission part to a content type. This part allows you to choose which roles can see the content when you create it.

Calling Controller from aspx page

I have been trying to find a solution to my problem for 2 days now and I am really stuck. Here's the problem:
I have an MVC application (with Dependency injection and the works) with just one webform. This page needs to be a webform because it has a ReportViewer in it and please correct me if I am wrong but an MVC View is incompatible with server controls like ReportViewer. This is the navigation flow of the pages:
Home page navigates to the ReportList page
ReportList page displays the reports that a user is able to view and navigates to the Report page and passes it the ID of the report that the user selected.
Report page should look up the ReportPath and the ServerUrl from the database based on the ID passed from the ReportList page at the same time authorizing the user, whose permissions are stored in the database.
I could potentially pass the ReportPath and the ServerUrl as part of the query string so that the report page (aspx, not driven by a controller) does not have to go to the database to get these values. The problem however is how to check that the user is authorized to view the report (someone could just use a link to look at the report).
I did try to hook it into the MVC model and inherited the page from the ViewPage class. The problem there is that the page kept reloading itself for some reason. I still want my page to do as little as possible and a controller to handle calls to the authorization attribute and to the business layer. So, as a last resort, I want to call the controller from the aspx page but I can't create an object of it becasue dependency injection.
Can someone please provide some guidance on this? I have all the code available but don't know what to post.
I found out the answer and posting here if it helps anyone.
I added another class called ReportManager, which the aspx code behind calls to execute the requests. The ReportManager simulates the Controller call through this code:
var routeData = new RouteData();
routeData.Values["controller"] = "Report";
routeData.Values["action"] = "SomeAction";
routeData.Values["SomeRouteValueKey"] = "someroutevalue";
var requestContext = new RequestContext(new HttpContextWrapper(HttpContext.Current), routeData);
IController controller = DependencyResolver.Current.GetService<ReportController>();
controller.Execute(requestContext);

How do I secure all the admin actions in all controllers in cakePHP

I am developing an application using cakePHP v 1.3 on windows (XAMPP).
Most of the controllers are baked with the admin routing enabled. I want to secure the admin actions of every controller with a login page. How can I do this without repeating much ?
One solution to the problem is that "I check for login information in the admin_index action of every controller" and then show the login screen accordingly.
Is there any better way of doing this ?
The detault URL to admin (http://localhost/app/admin) is pointing to the index_admin action of users controller (created a new route for this in routes.php file)
Use the Authentication component. You can set it up just for admin routes with something like this:
// AppController::beforeFilter
function beforeFilter() {
if (isset($this->params['prefix']) && $this->params['prefix'] == 'admin') {
$this->Auth->deny('*');
...
}
}
Checking only in the index actions is pointless, that's just obscurity, not security. The AuthComponent will check permissions for every single page load.

Resources