This project is read-only.

View/publish/edit/delete own content vs all content permissions [ContentPermissions module]

Topics: Customizing Orchard, Troubleshooting
Mar 31, 2014 at 8:01 PM
For a client project we've run into an issue with "own" permissions not being set on content items but general "all" content permissions for view/publish/edit/delete being set correctly. This is a problem because AuthorizationEventHandler in the Orchard.ContentPermissions module checks for ownership, then applies either the "own" permission OR the "all" permission relevant to the authorization event -- meaning it never grants permission.

This isn't too hard to fix locally, but I wonder if this is actually what was intended for "own" permissions in Orchard. It makes more sense that the "all" permissions are always checked, with the "own" permissions added on if the authorization check is on behalf of the item owner.