Assigning custom permissions for user roles

Topics: Customizing Orchard, General, Troubleshooting
Oct 2, 2015 at 1:04 PM
Hi! I made a custom module for my project in Orchard.
And then added some custom permissions based on its functionality using examples in the Orchard code as a reference.
Basically the module must distinguish two roles:
  • "My Module User" that submits data
  • "My Module Admin" that doesn't have access to the dashboard, can't submit any data, but can verify (basically switching statuses) data submitted by others.
I have created the two roles in the dashboard, the list of permissions that I've created was there. Let's say:
  • submit a request
  • view history
  • verify requests
I check only "verify requests" for the "My Module Admin" and save it. However, when I look at the result all of the permissions are checked as "effective", i.e. the set of permissions for the "My Module Admin" is ("submit a request", "view history", "verify requests"), while it is supposed to be only ("verify requests"). I didn't use ImpliedBy property in any of the created permissions, so why are they getting checked?

Here is a sum up of my code in Permissions.cs for my module
public class Permissions : IPermissionProvider
    {
        public static readonly Permission SubmitRequest = new Permission()
        {
            Description = "my description here",
            Name = "SubmitRequest"
        };

        public static readonly Permission ViewHistory = new Permission()
        {
            Description = "and here",
            Name = "ViewHistory"
        };

        public static readonly Permission VerifyRequests = new Permission() 
        { 
            Description = "and here too",
            Name = "VerifyRequests"
        };
        public virtual Feature Feature { get; set; }

        public IEnumerable<PermissionStereotype> GetDefaultStereotypes()
        {
            return new[] 
            {
                new PermissionStereotype { 
                    Name = "Administrator",  
                    Permissions = new [] { 
                        ViewHistory
                    } 
                },

                new PermissionStereotype 
                { 
                    Name = "Authenticated",  
                    Permissions = new [] { 
                        ViewHistory,
                    } 
                },

                new PermissionStereotype 
                { 
                    Name = "Anonymous",      
                    Permissions = new [] { 
                        ViewHistory
                    } 
                },

                new PermissionStereotype
                {
                    Name = "MyModuleAdmin",
                    Permissions = new []{
                        VerifyRequests,
                    }
                },

                new PermissionStereotype
                {
                    Name = "MyModuleUser",
                    Permissions = new [] {
                        SubmitRequest,
                        ViewHistory,
                    }
                },

            };
        }

        public IEnumerable<Permission> GetPermissions()
        {
            return new[] 
            {
                SubmitRequest,
                ViewHistory,
                VerifyRequests,
            };
        }

    }