Security to BlogRoll admin (3.2.1.9)

Author: rxtur

BlogEngine/BlogEngine.Core/Data/ViewModels/BlogRollVM.cs

@@ -29,12 +29,19 @@ public List<BlogRollItem> BlogRolls
         /// <param name="form">submitted form</param>
         public void Add(NameValueCollection form)
         {
+            if (!Security.IsAdministrator)
+                throw new UnauthorizedAccessException();
+
             var br = new BlogRollItem();
             br.Title = form["txtTitle"];
             br.Description = form["txtDesc"];
             br.BlogUrl = new Uri(form["txtWebsite"]);
             br.FeedUrl = new Uri(form["txtUrl"]);
             br.Xfn = GetXfn(form);
+
+            if (string.IsNullOrEmpty(br.Xfn))
+                br.Xfn = "contact";
+
             Providers.BlogService.InsertBlogRoll(br);
         }
         /// <summary>
@@ -44,6 +51,9 @@ public void Add(NameValueCollection form)
         /// <param name="id">Blogroll id</param>
         public void Update(NameValueCollection form, string id)
         {
+            if (!Security.IsAdministrator)
+                throw new UnauthorizedAccessException();
+
             Guid gId;
             if (Guid.TryParse(id, out gId))
             {
@@ -53,6 +63,10 @@ public void Update(NameValueCollection form, string id)
                 br.BlogUrl = new Uri(form["txtWebsite"]);
                 br.FeedUrl = new Uri(form["txtUrl"]);
                 br.Xfn = GetXfn(form);
+
+                if (string.IsNullOrEmpty(br.Xfn))
+                    br.Xfn = "contact";
+
                 Providers.BlogService.UpdateBlogRoll(br);
             }
             else
@@ -66,6 +80,9 @@ public void Update(NameValueCollection form, string id)
         /// <param name="id">Blogroll ID</param>
         public void Delete(string id)
         {
+            if (!Security.IsAdministrator)
+                throw new UnauthorizedAccessException();
+
             Guid gId;
             if (Guid.TryParse(id, out gId))
             {

BlogEngine/BlogEngine.Core/Properties/AssemblyInfo.cs

@@ -19,5 +19,5 @@
 [assembly: CLSCompliant(false)]
 [assembly: ComVisible(false)]
 [assembly: AllowPartiallyTrustedCallers]
-[assembly: AssemblyVersion("3.2.1.8")]
+[assembly: AssemblyVersion("3.2.1.9")]
 [assembly: SecurityRules(SecurityRuleSet.Level1)]

BlogEngine/BlogEngine.NET/AppCode/Api/BlogRollController.cs

@@ -35,13 +35,19 @@ public HttpResponseMessage Get(string id)
 
     public HttpResponseMessage Post(BlogRollItem item)
     {
+        if (!Security.IsAdministrator)
+            return Request.CreateResponse(HttpStatusCode.Unauthorized, item);
+
         BlogEngine.Core.Providers.BlogService.InsertBlogRoll(item);
         return Request.CreateResponse(HttpStatusCode.Created, item);
     }
 
     [HttpPut]
     public HttpResponseMessage Update([FromBody]BlogRollItem item)
     {
+        if (!Security.IsAdministrator)
+            return Request.CreateResponse(HttpStatusCode.Unauthorized, item);
+
         BlogEngine.Core.Providers.BlogService.UpdateBlogRoll(item);
         return Request.CreateResponse(HttpStatusCode.OK);
     }