Widget Permissions - Feature

Topics: Administration, Customizing Orchard, General
Jul 6, 2012 at 12:39 AM

I have the requirement to extend the permissions of widgets this would include:

  • Add, Edit, Remove permissions (all widgets)
  • Add, Edit, Remove permissions (specific widget)
  • Add, Edit, Remove permissions (Layers)
  • Edit widget Layer permission
  • Edit widget zone permission

The general use case for this is I need to be able to give a user access to add a Ad widget to the site but I don't want the user to be able to remove any other widgets or try to add other widgets which could break the look of the site. Also these site are targeted at inexperienced users and a large list of widgets that can be add is likely to confuse.

If this is something that is likely to be required in future? or a desired feature? I can do the work on a fork so it can be merged in the standard release. I'm also happy to make sure its done in a way that the orchard community will be happy.

Any tips on how to do this? I'm fine with creating permissions but need a clean solution for controlling the permissions around specific widgets, and hiding specific links/buttons in the views.

Coordinator
Jul 6, 2012 at 1:03 AM

There is a new module in 1.5 for content item permissions. As Widgets and Layers are content items, you should be able to change those permissions, then using TryCheckAccess in the templates, you can hide them based on those permissions very simply. In theory your only work would be to add the Content Item Permission p[art to the widgets/layers you want to protect, and change the templates to check for access before being rendered. 

Jul 6, 2012 at 5:34 AM

I've just had a play with this and its not quite what I'm after.... what I'm after is content type permissions, which exist already in User -> Roles, if the content type is "Creatable" its added through the dynamic permissions.It just doesn't exist for widgets yet...

So all I need to do is create the dynamic widget permissions and add the check access to the controller and templates. Its good to know about the content items permission though as this may be required also and wouldn't require anymore work after the check access has been added.