-
Notifications
You must be signed in to change notification settings - Fork 2.4k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Add Roles Abstraction and clean up Users module (#17088)
- Loading branch information
1 parent
f4a09f9
commit d93ff43
Showing
22 changed files
with
74 additions
and
60 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.
File renamed without changes.
39 changes: 39 additions & 0 deletions
39
src/OrchardCore.Modules/OrchardCore.Users/Roles/Services/RolesAdminListFilterProvider.cs
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,39 @@ | ||
using Microsoft.AspNetCore.Authorization; | ||
using Microsoft.AspNetCore.Http; | ||
using Microsoft.Extensions.DependencyInjection; | ||
using OrchardCore.Security.Services; | ||
using OrchardCore.Users.Indexes; | ||
using OrchardCore.Users.Models; | ||
using YesSql.Filters.Query; | ||
using YesSql.Services; | ||
|
||
namespace OrchardCore.Users.Services; | ||
|
||
public sealed class RolesAdminListFilterProvider : IUsersAdminListFilterProvider | ||
{ | ||
public void Build(QueryEngineBuilder<User> builder) | ||
{ | ||
builder.WithNamedTerm("role-restriction", builder => builder | ||
.OneCondition(async (contentType, query, ctx) => | ||
{ | ||
var context = (UserQueryContext)ctx; | ||
|
||
var httpContextAccessor = context.ServiceProvider.GetRequiredService<IHttpContextAccessor>(); | ||
var authorizationService = context.ServiceProvider.GetRequiredService<IAuthorizationService>(); | ||
var roleService = context.ServiceProvider.GetRequiredService<IRoleService>(); | ||
|
||
var user = httpContextAccessor.HttpContext?.User; | ||
|
||
if (user != null && !await authorizationService.AuthorizeAsync(user, CommonPermissions.ListUsers)) | ||
{ | ||
// At this point the user cannot see all users, so lets see what role does he have access too and filter by them. | ||
var accessibleRoles = (await roleService.GetAssignableRolesAsync()).Select(x => x.RoleName); | ||
|
||
query.With<UserByRoleNameIndex>(index => index.RoleName.IsIn(accessibleRoles)); | ||
} | ||
|
||
return query; | ||
}).AlwaysRun() | ||
); | ||
} | ||
} |
File renamed without changes.
40 changes: 0 additions & 40 deletions
40
src/OrchardCore.Modules/OrchardCore.Users/Services/RolesAdminListFilterProvider.cs
This file was deleted.
Oops, something went wrong.
11 changes: 0 additions & 11 deletions
11
src/OrchardCore/OrchardCore.Infrastructure.Abstractions/Security/Services/RoleHelper.cs
This file was deleted.
Oops, something went wrong.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
File renamed without changes.
23 changes: 23 additions & 0 deletions
23
src/OrchardCore/OrchardCore.Roles.Abstractions/OrchardCore.Roles.Abstractions.csproj
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,23 @@ | ||
<Project Sdk="Microsoft.NET.Sdk"> | ||
|
||
<PropertyGroup> | ||
<RootNamespace>OrchardCore.Roles</RootNamespace> | ||
<!-- NuGet properties--> | ||
<Title>OrchardCore Roles Abstractions</Title> | ||
<Description> | ||
$(OCCMSDescription) | ||
|
||
Abstractions for OrchardCoreCMS Roles | ||
</Description> | ||
<PackageTags>$(PackageTags) OrchardCoreCMS Roles Abstractions</PackageTags> | ||
</PropertyGroup> | ||
|
||
<ItemGroup> | ||
<PackageReference Include="Microsoft.AspNetCore.Authorization" /> | ||
</ItemGroup> | ||
|
||
<ItemGroup> | ||
<ProjectReference Include="..\OrchardCore.Infrastructure.Abstractions\OrchardCore.Infrastructure.Abstractions.csproj" /> | ||
</ItemGroup> | ||
|
||
</Project> |
File renamed without changes.
File renamed without changes.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
File renamed without changes.
File renamed without changes.