Extended Role Management

Topics: Administration, Core, Customizing Orchard
Sep 12, 2014 at 10:44 PM
Edited Sep 12, 2014 at 11:25 PM
Here's the scenario: We have a table of Accounts in the database (not an Orchard db). I want to be able to say which user has access to which accounts. So in this first case, just for the sake of simplicity, a user with access to an account will have full access to it. A second, more complete, case is to be able to set which accounts a user has access to, and what permissions they have on that account (read, modify, etc). What is the recommended way to do this in Orchard?

Sep 13, 2014 at 2:10 AM
One way you could do this is by implementing a PermissionProvider that yields permissions based on the accounts (similar to what Sebastien did recently when implementing the Securable content type setting - see the 1.x branch).

However, if you have a lot of Account records, that option might not be ideal.
An alternative could be to implement a custom content part that you could attach to your User type. The custom content part would enable you to check the Accounts to which the user has read, modify, etc access. When an operation on an Account is requested (such as read, modify, etc), your permissions handler would check against this custom part to see if the user requesting access has permission to do so.

I think that in both cases you would implement a permission checking handler (see the Blogs module to see how this is done).
Sep 15, 2014 at 8:43 PM
Using the PermissionProvider is it possible to dynamically create one permission for each account based on the available accounts in the DB? What happens if an account is renamed, etc? We may have a lot of accounts, and may have different permissions (read, modify, etc) for accounts.

I'm encouraging my managers to move our application to the Orchard platform, and I've got a short time to create a proof of concept for this. I see the potential in Orchard and how it can fit our needs but I will need your help to be able to have a successful prototype. Since I'm a starter I'd appreciate if you can point me to specific code or examples.

By "permissions handler" in the Blogs module do you mean the BlogAuthorizationEventHandler?

Also if using the custom content part approach, where will be the user-account associations stored, and how to manage associations (in admin panel or in user settings?)

Dec 15, 2014 at 4:37 AM
How to trace Blogs module's permissions handler? Is the BlogAuthorizationEventHandler ? Or others ?