diff --git a/umbraco/presentation/config/Dashboard.config b/umbraco/presentation/config/Dashboard.config index 761d443a0a..1453f88471 100644 --- a/umbraco/presentation/config/Dashboard.config +++ b/umbraco/presentation/config/Dashboard.config @@ -1,15 +1,38 @@ - +
- - default - content - + + translator + + + + default + content + - - /umbraco/dashboard/latestEdits.ascx - + + + /umbraco/dashboard/latestEdits.ascx + + writer + editor + administrator + + + + + + administrator + writer + + + + writer + + /umbraco/dashboard/latestEdits.ascx + +
diff --git a/umbraco/presentation/umbraco/dashboard.aspx.cs b/umbraco/presentation/umbraco/dashboard.aspx.cs index e77df31af6..73805f53ae 100644 --- a/umbraco/presentation/umbraco/dashboard.aspx.cs +++ b/umbraco/presentation/umbraco/dashboard.aspx.cs @@ -57,33 +57,40 @@ namespace umbraco.cms.presentation _section = getUser().Applications[0].alias; XmlDocument dashBoardXml = new XmlDocument(); - dashBoardXml.Load( IOHelper.MapPath(SystemFiles.DashboardConfig) ); + dashBoardXml.Load(IOHelper.MapPath(SystemFiles.DashboardConfig)); // test for new tab interface XmlNode section = dashBoardXml.DocumentElement.SelectSingleNode("./section [areas/area = '" + _section.ToLower() + "']"); - if (section != null) + if (section != null && validateAccess(section)) { Panel2.Visible = false; dashboardTabs.Visible = true; - + foreach (XmlNode entry in section.SelectNodes("./tab")) { - TabPage tab = dashboardTabs.NewTabPage(entry.Attributes.GetNamedItem("caption").Value); - tab.HasMenu = true; - tab.Style.Add("padding", "0 10px"); - - foreach (XmlNode uc in entry.SelectNodes("./control")) + if (validateAccess(entry)) { - string path = IOHelper.FindFile(uc.FirstChild.Value); - - try + TabPage tab = dashboardTabs.NewTabPage(entry.Attributes.GetNamedItem("caption").Value); + tab.HasMenu = true; + tab.Style.Add("padding", "0 10px"); + + foreach (XmlNode uc in entry.SelectNodes("./control")) { - //resolving files from dashboard config which probably does not map to a virtual fi - tab.Controls.Add( LoadControl(path) ); - } - catch (Exception ee) - { - tab.Controls.Add(new LiteralControl("

Could not load control: '" + path + "'.
Error message: " + ee.ToString() + "

")); + if (validateAccess(uc)) + { + string control = getFirstText(uc).Trim(' ', '\r', '\n'); + string path = IOHelper.FindFile(control); + + try + { + //resolving files from dashboard config which probably does not map to a virtual fi + tab.Controls.Add(LoadControl(path)); + } + catch (Exception ee) + { + tab.Controls.Add(new LiteralControl("

Could not load control: '" + path + "'.
Error message: " + ee.ToString() + "

")); + } + } } } } @@ -91,7 +98,7 @@ namespace umbraco.cms.presentation } else { - + foreach (XmlNode entry in dashBoardXml.SelectNodes("//entry [@section='" + _section.ToLower() + "']")) { @@ -123,6 +130,52 @@ namespace umbraco.cms.presentation } } + private string getFirstText(XmlNode node) + { + foreach (XmlNode n in node.ChildNodes) + { + if (n.NodeType == XmlNodeType.Text) + return n.Value; + } + + return ""; + } + + private bool validateAccess(XmlNode node) + { + // the root user can always see everything + if (CurrentUser.IsRoot()) + { + return true; + } + else if (node != null) + { + XmlNode accessRules = node.SelectSingleNode("access"); + + if (accessRules != null && accessRules.HasChildNodes) + { + string currentUserType = CurrentUser.UserType.Alias.ToLower(); + XmlNodeList grantedTypes = accessRules.SelectNodes("grant"); + XmlNodeList deniedTypes = accessRules.SelectNodes("deny"); + + // if there's a grant type, everyone who's not granted is automatically denied + if (grantedTypes.Count > 0 && accessRules.SelectSingleNode(String.Format("grant [. = '{0}']", currentUserType)) == null) + { + return false; + } + // if the current type of user is denied we'll say nay + else if (deniedTypes.Count > 0 && accessRules.SelectSingleNode(String.Format("deny [. = '{0}']", currentUserType)) != null) + { + return false; + } + + } + + return true; + } + return false; + } + /// /// Required method for Designer support - do not modify /// the contents of this method with the code editor.