Import/Export Permissions of a Role

Topics: Core, Customizing Orchard, General
Aug 11, 2013 at 11:12 PM
Currently it is not possible to export permissions of a Role. (

It would appear that it is only currently possible to export/import part data, as import export is done through drivers: https://orchard.codeplex.com/discussions/316708

It would seem that the solution would be to create a new "RolePart" and convert the existing RoleRecord to a RolePartRecord inheriting ContentPartRecord

I'm not sure of the migration of a Record to a ContentPartRecord and if this will cause any issues.

I see its possible to add a custom export/import step as done for workflows: https://orchard.codeplex.com/discussions/449206

What would be the best solution?

If the orchard community sees the lack of import/export of permissions as a issue? I'll create the issue and submit the code.
Developer
Aug 12, 2013 at 12:12 AM
I don't think Roles should be content, so creating a custom export/import step seems the way to go here.
Looks like there's already an issue raised for this here: https://orchard.codeplex.com/workitem/19350.
Please feel free to submit a patch or pull request. Thanks.
Aug 12, 2013 at 4:10 AM
I'll submit a pull, just wanted to check you would be happy with the layout and naming conventions used in the XML?

I thought about exporting a list of permissions separately with name and description etc although as they are mapped to code, if they were imported and the code/Modules with these permissions didn't exist then they wouldn't work anyway, so that why i'm only exporting the permission Name.

e.g.
<!--Exported from Orchard-->
<Orchard>
  <Recipe>
    <Name>Generated by Orchard.ImportExport</Name>
    <Author>fsiadmin</Author>
    <ExportUtc>2013-08-12T04:06:15.9009305Z</ExportUtc>
  </Recipe>
  <Roles>
    <Role Name="Administrator">
      <Permissions>
        <Permission Name="ApplyTheme" />
        <Permission Name="ManageMainMenu" />
        <Permission Name="PublishContent" />
        <Permission Name="EditContent" />
        <Permission Name="DeleteContent" />
        <Permission Name="ManageFeatures" />
        <Permission Name="SiteOwner" />
        <Permission Name="AccessAdminPanel" />
        <Permission Name="Import" />
        <Permission Name="Export" />
        <Permission Name="ViewContentTypes" />
        <Permission Name="EditContentTypes" />
        <Permission Name="EditLogo" />
        <Permission Name="ManageDesign" />
        <Permission Name="ManageImages" />
        <Permission Name="ManagePolls" />
        <Permission Name="ManageWidgets" />
        <Permission Name="ManageMediaContent" />
        <Permission Name="ManageQueries" />
        <Permission Name="ManageTaxonomies" />
      </Permissions>
    </Role>
    <Role Name="Author">
      <Permissions>
        <Permission Name="PublishOwnContent" />
        <Permission Name="EditOwnContent" />
        <Permission Name="DeleteOwnContent" />
        <Permission Name="AccessAdminPanel" />
        <Permission Name="ManageMediaContent" />
        <Permission Name="CreateTaxonomy" />
      </Permissions>
    </Role>
    <Role Name="Contributor">
      <Permissions>
        <Permission Name="EditOwnContent" />
        <Permission Name="AccessAdminPanel" />
      </Permissions>
    </Role>
    <Role Name="Authenticated">
      <Permissions>
        <Permission Name="ViewContent" />
        <Permission Name="AccessFrontEnd" />
      </Permissions>
    </Role>
    <Role Name="Anonymous">
      <Permissions>
        <Permission Name="ViewContent" />
        <Permission Name="AccessFrontEnd" />
      </Permissions>
    </Role>
  </Roles>
</Orchard>
Coordinator
Aug 12, 2013 at 5:49 AM
Format looks fine to me, but make sure permissions can only be imported by the site owner. Anything other would allow for elevation of privilege.
Developer
Aug 12, 2013 at 6:01 AM
I like the format, it's nice, explicit and extensible.
On the other hand, it's also a bit long: lot's of XML for a little bit of information. What would people think about the following ?
<!--Exported from Orchard-->
<Orchard>
    <Recipe>
        <Name>Generated by Orchard.ImportExport</Name>
        <Author>fsiadmin</Author>
        <ExportUtc>2013-08-12T04:06:15.9009305Z</ExportUtc>
    </Recipe>
    <Roles>
        <Administrator Permissions="ApplyTheme,ManageMainMenu,PublishContent,EditContent,DeleteContent,ManageFeatres,SiteOwner,AccessAdminPanel,Import,Export,ViewcontentTypes,EditContentTypes,EditLogo,ManageDesign,ManageImages,ManagePolls,ManageWidgets,ManageMediaContent,ManageQueries,ManageTaxonomies" />
        <Author Permissions="PublishOwnContent,EditOwnContent,DeleteOwnContent,AccessAdminPanel,ManageMediaContent,CreateTaxonomy" />
        <Contributor Permissions="EditOwnContent,AccessAdminPanel" />
        <Authenticated Permissions="ViewContent,AccessFrontEnd" />
        <Anonymous Permissions="ViewContent,AccessFrontEnd" />
    </Roles>
</Orchard>
Coordinator
Aug 12, 2013 at 6:06 AM
+1 better, yes.
Coordinator
Aug 12, 2013 at 6:50 PM
Good points.
Developer
Aug 12, 2013 at 8:55 PM
I do agree with the points made, although I think that the first one is not really a practical issue.
Regarding the second point, what about this:
<Roles>
   <Role Name="Administrator" Permissions="ApplyTheme,ManageMainMenu,PublishContent,EditContent,DeleteContent,ManageFeatres,SiteOwner,AccessAdminPanel,Import,Export" />
   <Role Name="Author" Permissions="PublishOwnContent,EditOwnContent,DeleteOwnContent,AccessAdminPanel,ManageMediaContent,CreateTaxonomy" />
</Roles>
Aug 13, 2013 at 8:09 AM
Yes I did notice there is no specific limitation on the permission names

I'm happy to go with either XML

Does orchard still have a dictator at the head of the development team? Maybe we can get him to make a decision...