diff --git a/src/OrchardCore.Modules/OrchardCore.AdminDashboard/Controllers/DashboardController.cs b/src/OrchardCore.Modules/OrchardCore.AdminDashboard/Controllers/DashboardController.cs index b21c053cbdd..a4dc3b12577 100644 --- a/src/OrchardCore.Modules/OrchardCore.AdminDashboard/Controllers/DashboardController.cs +++ b/src/OrchardCore.Modules/OrchardCore.AdminDashboard/Controllers/DashboardController.cs @@ -57,9 +57,16 @@ public async Task Index() if (model.CanManageDashboard || await _authorizationService.AuthorizeAsync(User, Permissions.AccessAdminDashboard)) { var wrappers = new List(); + var widgetContentTypes = GetDashboardWidgets(); + var widgets = await _adminDashboardService.GetWidgetsAsync(x => x.Published); foreach (var widget in widgets) { + if (!widgetContentTypes.ContainsKey(widget.ContentType)) + { + continue; + } + if (!model.CanManageDashboard && !await _authorizationService.AuthorizeAsync(User, CommonPermissions.ViewContent, widget)) { continue; @@ -92,14 +99,11 @@ public async Task Manage() }); var dashboardCreatable = new List(); - - var widgetContentTypes = _contentDefinitionManager.ListTypeDefinitions() - .Where(t => t.StereotypeEquals("DashboardWidget")) - .OrderBy(x => x.DisplayName); + var widgetContentTypes = GetDashboardWidgets(); var userId = User.FindFirstValue(ClaimTypes.NameIdentifier); - foreach (var ctd in widgetContentTypes) + foreach (var ctd in widgetContentTypes.Values.OrderBy(x => x.DisplayName)) { if (!await _authorizationService.AuthorizeContentTypeAsync(User, CommonPermissions.EditContent, ctd.Name, userId)) { @@ -111,12 +115,18 @@ public async Task Manage() var widgets = await _adminDashboardService.GetWidgetsAsync(x => x.Latest); var wrappers = new List(); - foreach (var item in widgets) + foreach (var widget in widgets) { + if (!widgetContentTypes.ContainsKey(widget.ContentType) + || !await _authorizationService.AuthorizeContentTypeAsync(User, CommonPermissions.EditContent, widget.ContentType, userId)) + { + continue; + } + var wrapper = new DashboardWrapper { - Dashboard = item, - Content = await _contentItemDisplayManager.BuildDisplayAsync(item, _updateModelAccessor.ModelUpdater, "DetailAdmin") + Dashboard = widget, + Content = await _contentItemDisplayManager.BuildDisplayAsync(widget, _updateModelAccessor.ModelUpdater, "DetailAdmin") }; wrappers.Add(wrapper); @@ -139,17 +149,17 @@ public async Task Update([FromForm] DashboardPartViewModel[] part return Unauthorized(); } - var contentItemIds = parts.Select(i => i.ContentItemId).ToArray(); + var contentItemIds = parts.Select(i => i.ContentItemId).ToList(); // Load the latest version first if any. - var latestItems = await _contentManager.GetAsync(contentItemIds, true); + var latestItems = await _contentManager.GetAsync(contentItemIds, VersionOptions.Latest); if (latestItems == null) { return NotFound(); } - var publishedItems = await _contentManager.GetAsync(contentItemIds, false); + var publishedItems = await _contentManager.GetAsync(contentItemIds, VersionOptions.Published); foreach (var contentItem in latestItems) { @@ -173,7 +183,7 @@ public async Task Update([FromForm] DashboardPartViewModel[] part { var publishedVersion = publishedItems.FirstOrDefault(p => p.ContentItemId == contentItem.ContentItemId); var publishedMetaData = publishedVersion?.As(); - if (publishedVersion != null && publishedMetaData != null) + if (publishedMetaData != null) { publishedMetaData.Position = partViewModel.Position; publishedMetaData.Width = partViewModel.Width; @@ -184,12 +194,17 @@ public async Task Update([FromForm] DashboardPartViewModel[] part } } - if (Request.Headers != null && Request.Headers["X-Requested-With"] == "XMLHttpRequest") + if (Request.Headers != null && Request.Headers.XRequestedWith == "XMLHttpRequest") { return Ok(); } return RedirectToAction(nameof(Manage)); } + + private Dictionary GetDashboardWidgets() + => _contentDefinitionManager.ListTypeDefinitions() + .Where(t => t.StereotypeEquals("DashboardWidget")) + .ToDictionary(ctd => ctd.Name, ctd => ctd); } }