Import/Export Permissions of a Role

Topics: Core, Customizing Orchard, General
Aug 11, 2013 at 11:12 PM
Currently it is not possible to export permissions of a Role. (

It would appear that it is only currently possible to export/import part data, as import export is done through drivers: https://orchard.codeplex.com/discussions/316708

It would seem that the solution would be to create a new "RolePart" and convert the existing RoleRecord to a RolePartRecord inheriting ContentPartRecord

I'm not sure of the migration of a Record to a ContentPartRecord and if this will cause any issues.

I see its possible to add a custom export/import step as done for workflows: https://orchard.codeplex.com/discussions/449206

What would be the best solution?

If the orchard community sees the lack of import/export of permissions as a issue? I'll create the issue and submit the code.
Developer
Aug 12, 2013 at 12:12 AM
I don't think Roles should be content, so creating a custom export/import step seems the way to go here.
Looks like there's already an issue raised for this here: https://orchard.codeplex.com/workitem/19350.
Please feel free to submit a patch or pull request. Thanks.
Aug 12, 2013 at 4:10 AM
I'll submit a pull, just wanted to check you would be happy with the layout and naming conventions used in the XML?

I thought about exporting a list of permissions separately with name and description etc although as they are mapped to code, if they were imported and the code/Modules with these permissions didn't exist then they wouldn't work anyway, so that why i'm only exporting the permission Name.

e.g.
<!--Exported from Orchard-->
<Orchard>
  <Recipe>
    <Name>Generated by Orchard.ImportExport</Name>
    <Author>fsiadmin</Author>
    <ExportUtc>2013-08-12T04:06:15.9009305Z</ExportUtc>
  </Recipe>
  <Roles>
    <Role Name="Administrator">
      <Permissions>
        <Permission Name="ApplyTheme" />
        <Permission Name="ManageMainMenu" />
        <Permission Name="PublishContent" />
        <Permission Name="EditContent" />
        <Permission Name="DeleteContent" />
        <Permission Name="ManageFeatures" />
        <Permission Name="SiteOwner" />
        <Permission Name="AccessAdminPanel" />
        <Permission Name="Import" />
        <Permission Name="Export" />
        <Permission Name="ViewContentTypes" />
        <Permission Name="EditContentTypes" />
        <Permission Name="EditLogo" />
        <Permission Name="ManageDesign" />
        <Permission Name="ManageImages" />
        <Permission Name="ManagePolls" />
        <Permission Name="ManageWidgets" />
        <Permission Name="ManageMediaContent" />
        <Permission Name="ManageQueries" />
        <Permission Name="ManageTaxonomies" />
      </Permissions>
    </Role>
    <Role Name="Author">
      <Permissions>
        <Permission Name="PublishOwnContent" />
        <Permission Name="EditOwnContent" />
        <Permission Name="DeleteOwnContent" />
        <Permission Name="AccessAdminPanel" />
        <Permission Name="ManageMediaContent" />
        <Permission Name="CreateTaxonomy" />
      </Permissions>
    </Role>
    <Role Name="Contributor">
      <Permissions>
        <Permission Name="EditOwnContent" />
        <Permission Name="AccessAdminPanel" />
      </Permissions>
    </Role>
    <Role Name="Authenticated">
      <Permissions>
        <Permission Name="ViewContent" />
        <Permission Name="AccessFrontEnd" />
      </Permissions>
    </Role>
    <Role Name="Anonymous">
      <Permissions>
        <Permission Name="ViewContent" />
        <Permission Name="AccessFrontEnd" />
      </Permissions>
    </Role>
  </Roles>
</Orchard>
Coordinator
Aug 12, 2013 at 5:49 AM
Format looks fine to me, but make sure permissions can only be imported by the site owner. Anything other would allow for elevation of privilege.
Developer
Aug 12, 2013 at 6:01 AM
I like the format, it's nice, explicit and extensible.
On the other hand, it's also a bit long: lot's of XML for a little bit of information. What would people think about the following ?
<!--Exported from Orchard-->
<Orchard>
    <Recipe>
        <Name>Generated by Orchard.ImportExport</Name>
        <Author>fsiadmin</Author>
        <ExportUtc>2013-08-12T04:06:15.9009305Z</ExportUtc>
    </Recipe>
    <Roles>
        <Administrator Permissions="ApplyTheme,ManageMainMenu,PublishContent,EditContent,DeleteContent,ManageFeatres,SiteOwner,AccessAdminPanel,Import,Export,ViewcontentTypes,EditContentTypes,EditLogo,ManageDesign,ManageImages,ManagePolls,ManageWidgets,ManageMediaContent,ManageQueries,ManageTaxonomies" />
        <Author Permissions="PublishOwnContent,EditOwnContent,DeleteOwnContent,AccessAdminPanel,ManageMediaContent,CreateTaxonomy" />
        <Contributor Permissions="EditOwnContent,AccessAdminPanel" />
        <Authenticated Permissions="ViewContent,AccessFrontEnd" />
        <Anonymous Permissions="ViewContent,AccessFrontEnd" />
    </Roles>
</Orchard>
Coordinator
Aug 12, 2013 at 6:06 AM
+1 better, yes.
Aug 12, 2013 at 1:14 PM
Edited Aug 12, 2013 at 1:25 PM
I would prefer the format that jrmurdoch suggested. Despite the fact that it is long (that is a problem of XML in general) it is more readable and easier to parse and validate. It also adheres to the principles of good XML design.

What I don't like about Sipke's approach is, that it put's more than one atomic token in a single attribute (makes it hard to read and parse) and that the child elements of Permissions use the name of a role as an element (makes validation practically impossible).
Coordinator
Aug 12, 2013 at 6:50 PM
Good points.
Developer
Aug 12, 2013 at 8:55 PM
I do agree with the points made, although I think that the first one is not really a practical issue.
Regarding the second point, what about this:
<Roles>
   <Role Name="Administrator" Permissions="ApplyTheme,ManageMainMenu,PublishContent,EditContent,DeleteContent,ManageFeatres,SiteOwner,AccessAdminPanel,Import,Export" />
   <Role Name="Author" Permissions="PublishOwnContent,EditOwnContent,DeleteOwnContent,AccessAdminPanel,ManageMediaContent,CreateTaxonomy" />
</Roles>
Aug 13, 2013 at 8:01 AM
Well, I see a practical issue here. It is possible to create permissions with a name like break,this. That's definitely uncommon, but if something can break, it will break at some time. To avoid that, all permission names would need to be encoded when exported and decoded when imported.
This is unnecessary and I actually don't understand why it should be a problem if the generated XML is long. We are dealing with file sizes of ~2KB vs. ~1KB for all standard permissions. Even with several custom roles and permissions we would hardly exceed 20KB. These files won't be transferred to mobile devices, so who cares about a few KB?
I understand that you like it compact, but I don't see any real benefit here and it makes thinks more complicated than necessary and feels terribly wrong.
Aug 13, 2013 at 8:09 AM
Yes I did notice there is no specific limitation on the permission names

I'm happy to go with either XML

Does orchard still have a dictator at the head of the development team? Maybe we can get him to make a decision...