New module for very simple content view permissions

Topics: Announcements, General
May 31, 2011 at 4:23 PM

Hi All,

I had a really basic itch to scratch around content view permissions.  There's a lot of great activity going on in this space right now with much more advanced functionality (props to randompete and company), but I needed something very simple to get a project started and out the door. 

Hence, the Very Simple Permissions module was born.  This module can be attached to any content type.  When it is attached, the edit page of that content type has a simple checkbox that reads "Require login to view this content?".  If checked, a user will receive an access denied error when trying to view the content if they're not authenticated.  Uncheck the checkbox, and the content is publically accessible again.

That's it.  As the name implies, very simple - no bells and whistles.

Anyone interested in giving this a try before I add it to the gallery to make sure it's of value to others out there?

Grab a copy from http://slamm.com/downloads/orchard/verysimplepermissions.1.0.zip.  Quick setup steps:

  1. Download the code and unzip the zip file.
  2. Follow the directions at http://www.orchardproject.net/docs/Installing-and-upgrading-modules.ashx#Installing_a_Module_from_your_Local_Computer_3 to install the package.
  3. Enable the module from the Modules menu of the Admin.
  4. Attach the new Very Simple Permissions part to a content type you'd like to secure (to secure pages, go to Content -> Content Types -> Edit Page Type -> Add Parts -> Check "Very Simple Permissions" -> Save).
  5. Edit a content item of that type, check the security box, log out, and see the access denied error.

That's the IDEA anyways.  Whether it works as expected outside my environment is for you to tell me! 

Thanks all,
- Steve

Jun 1, 2011 at 12:50 AM

I downloaded and tried your module on a local test site. In my simple test everything works fine.

Jun 1, 2011 at 11:03 AM

Nice - I notice you did it with an OrchardSecurityException in the Handler - didn't realise that could be done. One potential gotcha with this, is someone could screw up their site by adding the part to a widget in the default layer, making the login page inaccessible! But it's definitely nice to have a simple security option. It's also making me rethink my module slightly, I have all these per-user and per-group permissions, but there's actually no obvious way to define global permissions for an item...

Jun 1, 2011 at 1:13 PM

Thanks for trying it out guys.  Yeah Pete, as with anything very simple, there are gotchas!  For instance, I've been trying to work through a use case with securing blog posts.  Securing the post itself will work out of the box.  However, I think if you look at a page that renders a list of blog posts (whether at the parent blog page or through a widget) and one of the posts has been secured with VSP, you'll get the security exception if you're not logged in.  Ideal behavior would be that the post wouldn't appear in listings if not logged in.  I'm thinking it through now to see if I can add a simple fix for that use case.

Jun 1, 2011 at 3:33 PM

You could maybe set the shape to something blank in the handler for that case (checking DisplayType to see whether it's Detail or otherwise). I think Pzmyd mentioned that a null shape will throw an error, so instead you could define a new shape called Blank and replace the entire display that's been built.

Jun 1, 2011 at 7:53 PM

Is it possible to check the DisplayType in the Handler? If so, how?

I would like to have a use case where that summary would be visible in a list that contains a set of items but the items themselves would only be visible to authenticated users.

Coordinator
Jun 1, 2011 at 7:56 PM

Sure, it's on every shape's Metadata. Typically, myshape.Metadata.DisplayType.

Jun 2, 2011 at 1:36 AM

OK, I have a real noob question: Steve, would you be willing to walk through your code for the handler for us? In particular I do not understand the reason for your Localizer T

Thanks.

Jun 2, 2011 at 3:32 PM

Ha, yeah, that Localizer was a copy and paste (from another handler) straggler.  It's not needed.  Aside from that, the line OnGetDisplayShape<VerySimplePermissionsPart>(Authorize); hooks my custom function on to the OnGetDisplayShape event of the VerySimplePermissionsPart.  When a request to display that shape comes in, the Authorize function fires.  From there, the logic states is someone has checked the IsPrivate checkbox in the GUI on this content item and the current user is not logged in, throw a security exception.

Does that make sense?

It's very rudimentary and I'm sure there are a lot of edge cases (like the ones we've discussed above) still to surface, but I figured I could at least get the discussion started.

Thanks for asking the question as I'm sure it helps all of us to talk these things out (me included).  I'm definitely not a prolific coder like some of the other active members of the community, but I've learned a lot from reading discussions here on these forums.

Mar 29, 2012 at 9:18 AM

Hi, does anyone have this code?  http://slamm.com/downloads/orchard/verysimplepermissions.1.0.zip

The download is no longer available.

I would need exactly this behavior.

Thanks!

Apr 10, 2012 at 11:30 AM

Hi,

Me to asking for download link for "verysimplepermissions.1.0.zip"!

Kind Regards,

Apr 10, 2012 at 1:22 PM
Edited Apr 10, 2012 at 1:40 PM

Hi peal,

I ended developing my own content part for this, see https://orchardmembersonly.codeplex.com/

It is really basic, once you add this part to your content type, it will require users to be signed in to view the content.

It looks like they are planning this functionality in the next release of orchard: http://orchard.codeplex.com/discussions/348642

Apr 10, 2012 at 2:33 PM

dmeierotto,

Thank's for your prompt reply - it's what I'm looking for!

Please advice link to module for downloading and installing. I am not so advanced in developer skills.

Regards,