Trying to duplicate the Admin for a separate secure area.

Topics: Customizing Orchard, Writing modules
Mar 11, 2013 at 9:41 PM
Edited Mar 11, 2013 at 9:50 PM
I am trying to create a separate secure area in Orchard for certain users. I have created a prototype of a simple and separate dashboard that is distinct from the Admin dashboard and will not touch upon any Admin type content. The content itself is just basic CRUD stuff for users to enter into the separate secure area once they have registered.

In my first attempt at this I simply created two modules and created the same files/structure as in Orchard.Framework.UI.Admin and Orchard.Core.Dashboard, respectively. I named the modules Secure.UI and Secure.Dashboard, (again) respectively.

I then modified the files by simply changing anything with Admin to SecureDashboard (AdminFilter = SecureDashboardFilter, etc.). In one instance I ported over Orchard.Core.Security.StandardPermissions as well, since there was a reference in one of the above classes (and made changes there from Admin to SecureDashboard as well).

I also created a real basic theme named SecureDashboard, and in the ThemeSelectorResult of the Secure.UI module changed it from "TheAdmin" to "SecureDashboard".

My route in Secure.Dashboard is set to "SecureDashboard". I copied ~/Views/Index.cshtml from Orchard.Core.Dashboard and placed it in that module.

Now, I can load up ~/SecureDashboard on my browser - if I am logged in it will display an UN-themed view of Index.cshtml just fine (and if I am not logged in it will send me to the login page).

This seems to be working (I believe I have a few adjustments to make for security, etc.), but it is un-themed.

I am wondering whether or not I missed something in just porting over the UI and Dashboard portions of Orchard that is not allowing the theme to be picked up. Perhaps there is another set of files I should have ported over into my modules?

Edit: I also put a [SecureDashboard] (changed from [Admin] attribute) attribute in the Secure.Dashboard's Controller.

Any thoughts? Thanks.
Mar 12, 2013 at 1:35 AM
Did you apply the [Themed] attribute to your controller?
Mar 12, 2013 at 1:54 AM
Edited Mar 12, 2013 at 3:59 AM
I was actually using [SecureDashboard] since I changed the AdminAttribute : Attribute in Orchard.UI.Admin AdminAttribute.cs to SecureDashboardAttribute : Attribute. [Themed] worked, but I am at a loss as to why [SecureDashboard] wouldn't work.
Mar 12, 2013 at 2:44 PM
Edited Mar 12, 2013 at 2:46 PM
Update: I learned that using [Admin] as well as [Themed] worked in this context. I wanted to create a distinct attribute specifically for [SecureDashboard], although I'm not sure it's absolutely necessary. I did want to keep it distinct from [Admin]/[Themed], primarily because I wanted to keep the ThemedSelector in one main (top-level) module. Otherwise, I'll have to figure out which classes I won't need for this to work.

I have been unable to figure out how to override Orchard's looking to see if AdminFilter is first applied then if ThemeFilter is applied. The only other potential option is to modify Core/Framework which I would rather avoid.
Mar 13, 2013 at 12:19 AM
I don't think that's extensible nor overridable, so you would have to modify Core. I'm interested in why you want to create your own attribute instead of using Themed or Admin.
Mar 13, 2013 at 12:42 AM
Thanks for confirming it's not extensible (saves me the night trying to figure it out). I came to the conclusion it's not overridable either (believe me, I tried). :(

I wanted to create a separate section apart from Admin for site users to register/login and do some basic CRUD and periodic updates. I was skeptical about letting them into Admin (and creating a separate permission that would "hide" all other links in Admin). I was also using a modified Bootstrap template and was finding it difficult to merge the menu scheme therein with the Admin's menu (accordion menu, and the top/parent link needed an href="" to work and since Admin's menu creates a link it was impossible).

I got over that problem by doing this in my theme's Layout.cshtml:
The Layout has this:
And so I created a Navigation.cshtml with my accordion menu. I then created an empty MenuFilter.cs in my module with:
    public class MenuFilter : FilterProvider
I borrowed that from Advanced Menu. The suppression takes care of "hiding" the real admin menu (I'm stuck for now with my own, but it's nothing too complex).

My SecuredArea module has some other code, including a theme selector (again, borrowed from OneStop.CustomAdmin). That module has a Route.cs. Now I am able to have a "separate" (at least it looks that way to the user) themed "secure"/"dashboard" area that has it's own URL (~/SecuredArea, instead of ~/Admin).

My theme has multiple views (some overriding Orchard's, others just part of the new theme).

Not a programmer, so I'm sure this is not the best way to go..but it's a start. Now just spending time trying to get the shell of this separate "dashboard" set so I can start creating parts to populate it.

I put the [Admin] attribute on my controllers. The other benefit is I can use drivers better in the back-end (my understanding is that drivers are limited for the front-end, requiring .cshtml files to be in the root of ~/Views).

I hope this helps someone.
Mar 13, 2013 at 12:50 AM
Interesting. What you could also try, if you want to customize your own secured section without the TheAdmin theme, is implement your controllers, have them return views (using the ThemedAttribute), and of course apply the [AuthorizeAttribute] on the controller. That way you have a public facing controller that is secured, without having to hack your way into the Orchard core. It's what I did for this site: when you create an account, you have a secured section where you can manage your profile and modules.