Join UserRoles with Users to better define permissions

Topics: Administration, Core, Customizing Orchard
Jan 29, 2014 at 10:41 PM
I want to create a new user group that can create and modify all users but Administrators (SiteOwners). I am attempting to modify the AdminController of the Orchard.Users module to accomplish this. I want to write a query to join the Orchard_Roles_RolesPermissionsRecord with the Orchard_Users_UserPartRecord so that I can select users who are not administrators. I've referenced the Orchard.Roles assembly and the Repository service and I am attempted to inject the IRepository<UserRolesPartRecord> but it is not instantiated. Furthermore, I would greatly any assistance writing the applicable ContentManager query.

Thanks in advance...
KS
Developer
Jan 30, 2014 at 11:41 AM
This would need some heavy modding as by default everybody with the SiteOwner permission can edit any user. I'd instead suggest you to
  • open an issue about this, explaining the use case
  • and in the mean time implement it by having your own Users AdminController.
For the latter you'll need to do the following:
  • from a RouteProvider override the route pointing to that controller (or rather to its relevant actions) so that it points to your custom controller in your module,
  • make those action authorize against the currently edited user content item and a new custom permission of yours (e.g. CanEditNonAdminUsers).
  • implement the corresponding authorization logic (that decides whether the user can edit that that user content item, given their user role) in an IAuthorizationServiceEventHandler implementation.
Jan 31, 2014 at 6:25 PM
Piedone wrote:
This would need some heavy modding as by default everybody with the SiteOwner permission can edit any user. I'd instead suggest you to
  • open an issue about this, explaining the use case
  • and in the mean time implement it by having your own Users AdminController.
For the latter you'll need to do the following:
  • from a RouteProvider override the route pointing to that controller (or rather to its relevant actions) so that it points to your custom controller in your module,
  • make those action authorize against the currently edited user content item and a new custom permission of yours (e.g. CanEditNonAdminUsers).
  • implement the corresponding authorization logic (that decides whether the user can edit that that user content item, given their user role) in an IAuthorizationServiceEventHandler implementation.
Piedone, thank you for your assistance.
However, Maybe I should have better explained my status on this issue. I have completed most of the steps outlined above. As stated prior I am attempting to modify the AdminController of the Orchard.Users module to accomplish this (later I may make this a new module). However what I am stuck on is being able to list only non-SuperUsers, in the User selection view, if the user doesn't have SuperUser access. I cannot figure how to apply the SQL query below to Orchard's ContentManager. I think I can write the query using NHibernate, however I need to set the results to a variable that is queried with the ContentManager:

var users = Services.ContentManager.Query<UserPart, UserPartRecord>();

There forth, when I attempt to set my Nhiberate query result to the var users variable I receive a casting error.

Furthermore, I don't think I can modify the var users query without substantial coding modifications because the user result is Split with the ContentManager Split property in order to apply the paging function.

In short, is there a way to convert the query below to a query managed by Orchard's ContentManager?

select * from Orchard_Users_UserPartRecord u
join Orchard_Roles_UserRolesPartRecord ur on u.Id = ur.UserId
join Orchard_Roles_RoleRecord rr on rr.Id = ur.Role_id
where rr.Id != 1

If that is not reasonably possible I would settle for returning the top result of the Users_UserPartRecord table. Something sort of like the following, which returns my desired results, but does so in a Generic List which also causes a casting error when set to the var users variable.

var users = Services.ContentManager.Query<UserPart, UserPartRecord>();
var count = users.Count();
var q = users.Slice(1, count);

I apologize for the long and possibly confusing explanation. I am fairly new to the Orchard CMS and I do not have a complex grasp on it's ContentManager Interfacing.

Thanks in advance for any assistance.
KS
Developer
Jan 31, 2014 at 9:09 PM
I think you can only write this query with HQL (meaning ContentManager.HqlQuery()). HQL is almost SQL and IHqlQuery is HQL with a bit of strong-typing.