From 6e17c7c6f5152650d36a555df189a575f0014d95 Mon Sep 17 00:00:00 2001 From: Sebastien Ros Date: Thu, 13 Mar 2014 14:25:54 -0700 Subject: [PATCH] Extracting some permissions from SiteOwner ManageUsers, ManageRoles, AssignRoles and SiteSettings are new permission which makes it possible to have Administrators roles without the need of SiteOwner. Typical scenario: "super" account is SiteOwner "admin" account is Administrator without SiteOwner, but with ManageUsers, ManageRoles and SiteSettings but NOT AssignRoles --- src/Orchard.Web/Core/Orchard.Core.csproj | 1 + src/Orchard.Web/Core/Settings/AdminMenu.cs | 4 +-- .../Settings/Controllers/AdminController.cs | 15 ++++----- .../Drivers/SiteSettingsPartDriver.cs | 31 ++++++++++++------- src/Orchard.Web/Core/Settings/Permissions.cs | 27 ++++++++++++++++ .../Parts.Settings.SiteSettingsPart.cshtml | 14 +++++---- .../Controllers/AdminController.cs | 14 ++++----- .../Drivers/UserRolesPartDriver.cs | 4 +-- .../Orchard.Roles/Orchard.Roles.csproj | 1 + .../Modules/Orchard.Roles/Permissions.cs | 28 +++++++++++++++++ .../Modules/Orchard.Users/AdminMenu.cs | 4 +-- .../Controllers/AdminController.cs | 20 ++++++------ .../Orchard.Users/Orchard.Users.csproj | 1 + .../Modules/Orchard.Users/Permissions.cs | 27 ++++++++++++++++ 14 files changed, 142 insertions(+), 49 deletions(-) create mode 100644 src/Orchard.Web/Core/Settings/Permissions.cs create mode 100644 src/Orchard.Web/Modules/Orchard.Roles/Permissions.cs create mode 100644 src/Orchard.Web/Modules/Orchard.Users/Permissions.cs diff --git a/src/Orchard.Web/Core/Orchard.Core.csproj b/src/Orchard.Web/Core/Orchard.Core.csproj index 7108824c2..ce7e251d7 100644 --- a/src/Orchard.Web/Core/Orchard.Core.csproj +++ b/src/Orchard.Web/Core/Orchard.Core.csproj @@ -225,6 +225,7 @@ + diff --git a/src/Orchard.Web/Core/Settings/AdminMenu.cs b/src/Orchard.Web/Core/Settings/AdminMenu.cs index ae86e4574..a54f5a5f3 100644 --- a/src/Orchard.Web/Core/Settings/AdminMenu.cs +++ b/src/Orchard.Web/Core/Settings/AdminMenu.cs @@ -21,7 +21,7 @@ namespace Orchard.Core.Settings { builder.AddImageSet("settings") .Add(T("Settings"), "99", menu => menu.Add(T("General"), "0", item => item.Action("Index", "Admin", new { area = "Settings", groupInfoId = "Index" }) - .Permission(StandardPermissions.SiteOwner)), new [] {"collapsed"}); + .Permission(Permissions.ManageSettings)), new [] {"collapsed"}); var site = _siteService.GetSiteSettings(); if (site == null) @@ -31,7 +31,7 @@ namespace Orchard.Core.Settings { GroupInfo info = groupInfo; builder.Add(T("Settings"), menu => menu.Add(info.Name, info.Position, item => item.Action("Index", "Admin", new { area = "Settings", groupInfoId = info.Id }) - .Permission(StandardPermissions.SiteOwner))); + .Permission(Permissions.ManageSettings))); } } } diff --git a/src/Orchard.Web/Core/Settings/Controllers/AdminController.cs b/src/Orchard.Web/Core/Settings/Controllers/AdminController.cs index ef687eb4a..e42ad63fb 100644 --- a/src/Orchard.Web/Core/Settings/Controllers/AdminController.cs +++ b/src/Orchard.Web/Core/Settings/Controllers/AdminController.cs @@ -1,13 +1,10 @@ -using System; -using System.Globalization; +using System.Globalization; using System.Linq; using System.Web.Mvc; -using Orchard.ContentManagement.Handlers; using Orchard.Core.Settings.ViewModels; using Orchard.Localization; using Orchard.ContentManagement; using Orchard.Localization.Services; -using Orchard.Security; using Orchard.Settings; using Orchard.UI.Notify; @@ -31,7 +28,7 @@ namespace Orchard.Core.Settings.Controllers { public Localizer T { get; set; } public ActionResult Index(string groupInfoId) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage settings"))) + if (!Services.Authorizer.Authorize(Permissions.ManageSettings, T("Not authorized to manage settings"))) return new HttpUnauthorizedResult(); dynamic model; @@ -57,7 +54,7 @@ namespace Orchard.Core.Settings.Controllers { [HttpPost, ActionName("Index")] public ActionResult IndexPOST(string groupInfoId) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage settings"))) + if (!Services.Authorizer.Authorize(Permissions.ManageSettings, T("Not authorized to manage settings"))) return new HttpUnauthorizedResult(); var site = _siteService.GetSiteSettings(); @@ -91,7 +88,7 @@ namespace Orchard.Core.Settings.Controllers { public ActionResult Culture() { //todo: class and/or method attributes for our auth? - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage settings"))) + if (!Services.Authorizer.Authorize(Permissions.ManageSettings, T("Not authorized to manage settings"))) return new HttpUnauthorizedResult(); var model = new SiteCulturesViewModel { @@ -107,7 +104,7 @@ namespace Orchard.Core.Settings.Controllers { [HttpPost] public ActionResult AddCulture(string systemCultureName, string cultureName) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage settings"))) + if (!Services.Authorizer.Authorize(Permissions.ManageSettings, T("Not authorized to manage settings"))) return new HttpUnauthorizedResult(); cultureName = string.IsNullOrWhiteSpace(cultureName) ? systemCultureName : cultureName; @@ -120,7 +117,7 @@ namespace Orchard.Core.Settings.Controllers { [HttpPost] public ActionResult DeleteCulture(string cultureName) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage settings"))) + if (!Services.Authorizer.Authorize(Permissions.ManageSettings, T("Not authorized to manage settings"))) return new HttpUnauthorizedResult(); _cultureManager.DeleteCulture(cultureName); diff --git a/src/Orchard.Web/Core/Settings/Drivers/SiteSettingsPartDriver.cs b/src/Orchard.Web/Core/Settings/Drivers/SiteSettingsPartDriver.cs index fa93b9ce0..a2b3e7585 100644 --- a/src/Orchard.Web/Core/Settings/Drivers/SiteSettingsPartDriver.cs +++ b/src/Orchard.Web/Core/Settings/Drivers/SiteSettingsPartDriver.cs @@ -21,18 +21,21 @@ namespace Orchard.Core.Settings.Drivers { private readonly ICalendarManager _calendarProvider; private readonly IMembershipService _membershipService; private readonly INotifier _notifier; + private readonly IAuthorizer _authorizer; public SiteSettingsPartDriver( ISiteService siteService, ICultureManager cultureManager, ICalendarManager calendarProvider, IMembershipService membershipService, - INotifier notifier) { + INotifier notifier, + IAuthorizer authorizer) { _siteService = siteService; _cultureManager = cultureManager; _calendarProvider = calendarProvider; _membershipService = membershipService; _notifier = notifier; + _authorizer = authorizer; T = NullLocalizer.Instance; Logger = NullLogger.Instance; @@ -67,21 +70,27 @@ namespace Orchard.Core.Settings.Drivers { }; var previousBaseUrl = model.Site.BaseUrl; + var previousSuperUser = model.Site.SuperUser; updater.TryUpdateModel(model, Prefix, null, null); - // ensures the super user is fully empty - if (String.IsNullOrEmpty(model.SuperUser)) { - model.SuperUser = String.Empty; - } - // otherwise the super user must be a valid user, to prevent an external account to impersonate as this name - //the user management module ensures the super user can't be deleted, but it can be disabled - else { - if (_membershipService.GetUser(model.SuperUser) == null) { - updater.AddModelError("SuperUser", T("The user {0} was not found", model.SuperUser)); + // only a user with SiteOwner permission can change the site owner + if (_authorizer.Authorize(StandardPermissions.SiteOwner)) { + // ensures the super user is fully empty + if (String.IsNullOrEmpty(model.SuperUser)) { + model.SuperUser = String.Empty; + } + // otherwise the super user must be a valid user, to prevent an external account to impersonate as this name + //the user management module ensures the super user can't be deleted, but it can be disabled + else { + if (_membershipService.GetUser(model.SuperUser) == null) { + updater.AddModelError("SuperUser", T("The user {0} was not found", model.SuperUser)); + } } } - + else { + model.Site.SuperUser = previousSuperUser; + } // ensure the base url is absolute if provided if (!String.IsNullOrWhiteSpace(model.Site.BaseUrl)) { diff --git a/src/Orchard.Web/Core/Settings/Permissions.cs b/src/Orchard.Web/Core/Settings/Permissions.cs new file mode 100644 index 000000000..01b24db46 --- /dev/null +++ b/src/Orchard.Web/Core/Settings/Permissions.cs @@ -0,0 +1,27 @@ +using System.Collections.Generic; +using Orchard.Environment.Extensions.Models; +using Orchard.Security.Permissions; + +namespace Orchard.Core.Settings { + public class Permissions : IPermissionProvider { + public static readonly Permission ManageSettings = new Permission { Description = "Manage Settings", Name = "ManageSettings" }; + + public virtual Feature Feature { get; set; } + + public IEnumerable GetPermissions() { + return new[] { + ManageSettings + }; + } + + public IEnumerable GetDefaultStereotypes() { + return new[] { + new PermissionStereotype { + Name = "Administrator", + Permissions = new[] {ManageSettings} + }, + }; + } + + } +} \ No newline at end of file diff --git a/src/Orchard.Web/Core/Settings/Views/EditorTemplates/Parts.Settings.SiteSettingsPart.cshtml b/src/Orchard.Web/Core/Settings/Views/EditorTemplates/Parts.Settings.SiteSettingsPart.cshtml index ee152bfef..ddcacb6ec 100644 --- a/src/Orchard.Web/Core/Settings/Views/EditorTemplates/Parts.Settings.SiteSettingsPart.cshtml +++ b/src/Orchard.Web/Core/Settings/Views/EditorTemplates/Parts.Settings.SiteSettingsPart.cshtml @@ -45,12 +45,14 @@ @Html.EditorFor(x => x.PageTitleSeparator) @Html.ValidationMessage("PageTitleSeparator", "*") -
- - @Html.EditorFor(x=>x.SuperUser) - @Html.ValidationMessage("SuperUser", "*") - @T("Enter an existing account name, or nothing if you don't want a Super user account") -
+ @if (AuthorizedFor(Orchard.Security.StandardPermissions.SiteOwner)) { +
+ + @Html.EditorFor(x => x.SuperUser) + @Html.ValidationMessage("SuperUser", "*") + @T("Enter an existing account name, or nothing if you don't want a Super user account") +
+ }
@Html.DropDownList("ResourceDebugMode", resourceDebugMode) diff --git a/src/Orchard.Web/Modules/Orchard.Roles/Controllers/AdminController.cs b/src/Orchard.Web/Modules/Orchard.Roles/Controllers/AdminController.cs index f78ae0f56..2dedada47 100644 --- a/src/Orchard.Web/Modules/Orchard.Roles/Controllers/AdminController.cs +++ b/src/Orchard.Web/Modules/Orchard.Roles/Controllers/AdminController.cs @@ -36,7 +36,7 @@ namespace Orchard.Roles.Controllers { public ILogger Logger { get; set; } public ActionResult Index() { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage roles"))) + if (!Services.Authorizer.Authorize(Permissions.ManageRoles, T("Not authorized to manage roles"))) return new HttpUnauthorizedResult(); var model = new RolesIndexViewModel { Rows = _roleService.GetRoles().OrderBy(r => r.Name).ToList() }; @@ -46,7 +46,7 @@ namespace Orchard.Roles.Controllers { [HttpPost, ActionName("Index")] public ActionResult IndexPOST() { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage roles"))) + if (!Services.Authorizer.Authorize(Permissions.ManageRoles, T("Not authorized to manage roles"))) return new HttpUnauthorizedResult(); foreach (string key in Request.Form.Keys) { @@ -59,7 +59,7 @@ namespace Orchard.Roles.Controllers { } public ActionResult Create() { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage roles"))) + if (!Services.Authorizer.Authorize(Permissions.ManageRoles, T("Not authorized to manage roles"))) return new HttpUnauthorizedResult(); var model = new RoleCreateViewModel { FeaturePermissions = _roleService.GetInstalledPermissions() }; @@ -68,7 +68,7 @@ namespace Orchard.Roles.Controllers { [HttpPost, ActionName("Create")] public ActionResult CreatePOST() { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage roles"))) + if (!Services.Authorizer.Authorize(Permissions.ManageRoles, T("Not authorized to manage roles"))) return new HttpUnauthorizedResult(); var viewModel = new RoleCreateViewModel(); @@ -100,7 +100,7 @@ namespace Orchard.Roles.Controllers { } public ActionResult Edit(int id) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage roles"))) + if (!Services.Authorizer.Authorize(Permissions.ManageRoles, T("Not authorized to manage roles"))) return new HttpUnauthorizedResult(); var role = _roleService.GetRole(id); @@ -126,7 +126,7 @@ namespace Orchard.Roles.Controllers { [HttpPost, ActionName("Edit")] [FormValueRequired("submit.Save")] public ActionResult EditSavePOST(int id) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage roles"))) + if (!Services.Authorizer.Authorize(Permissions.ManageRoles, T("Not authorized to manage roles"))) return new HttpUnauthorizedResult(); var viewModel = new RoleEditViewModel(); @@ -167,7 +167,7 @@ namespace Orchard.Roles.Controllers { [HttpPost] public ActionResult Delete(int id, string returnUrl) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage roles"))) + if (!Services.Authorizer.Authorize(Permissions.ManageRoles, T("Not authorized to manage roles"))) return new HttpUnauthorizedResult(); _roleService.DeleteRole(id); diff --git a/src/Orchard.Web/Modules/Orchard.Roles/Drivers/UserRolesPartDriver.cs b/src/Orchard.Web/Modules/Orchard.Roles/Drivers/UserRolesPartDriver.cs index 5f1e4489e..43d69d6d8 100644 --- a/src/Orchard.Web/Modules/Orchard.Roles/Drivers/UserRolesPartDriver.cs +++ b/src/Orchard.Web/Modules/Orchard.Roles/Drivers/UserRolesPartDriver.cs @@ -45,7 +45,7 @@ namespace Orchard.Roles.Drivers { protected override DriverResult Editor(UserRolesPart userRolesPart, dynamic shapeHelper) { // don't show editor without apply roles permission - if (!_authorizationService.TryCheckAccess(StandardPermissions.SiteOwner, _authenticationService.GetAuthenticatedUser(), userRolesPart)) + if (!_authorizationService.TryCheckAccess(Permissions.AssignRoles, _authenticationService.GetAuthenticatedUser(), userRolesPart)) return null; return ContentShape("Parts_Roles_UserRoles_Edit", @@ -65,7 +65,7 @@ namespace Orchard.Roles.Drivers { protected override DriverResult Editor(UserRolesPart userRolesPart, IUpdateModel updater, dynamic shapeHelper) { // don't apply editor without apply roles permission - if (!_authorizationService.TryCheckAccess(StandardPermissions.SiteOwner, _authenticationService.GetAuthenticatedUser(), userRolesPart)) + if (!_authorizationService.TryCheckAccess(Permissions.AssignRoles, _authenticationService.GetAuthenticatedUser(), userRolesPart)) return null; var model = BuildEditorViewModel(userRolesPart); diff --git a/src/Orchard.Web/Modules/Orchard.Roles/Orchard.Roles.csproj b/src/Orchard.Web/Modules/Orchard.Roles/Orchard.Roles.csproj index db9c95de3..7d9f72b12 100644 --- a/src/Orchard.Web/Modules/Orchard.Roles/Orchard.Roles.csproj +++ b/src/Orchard.Web/Modules/Orchard.Roles/Orchard.Roles.csproj @@ -88,6 +88,7 @@ + diff --git a/src/Orchard.Web/Modules/Orchard.Roles/Permissions.cs b/src/Orchard.Web/Modules/Orchard.Roles/Permissions.cs new file mode 100644 index 000000000..49f2ab05b --- /dev/null +++ b/src/Orchard.Web/Modules/Orchard.Roles/Permissions.cs @@ -0,0 +1,28 @@ +using System.Collections.Generic; +using Orchard.Environment.Extensions.Models; +using Orchard.Security.Permissions; + +namespace Orchard.Roles { + public class Permissions : IPermissionProvider { + public static readonly Permission ManageRoles = new Permission { Description = "Managing Roles", Name = "ManageRoles" }; + public static readonly Permission AssignRoles = new Permission { Description = "Assign Roles", Name = "AssignRoles", ImpliedBy = new [] { ManageRoles } }; + + public virtual Feature Feature { get; set; } + + public IEnumerable GetPermissions() { + return new[] { + ManageRoles, AssignRoles + }; + } + + public IEnumerable GetDefaultStereotypes() { + return new[] { + new PermissionStereotype { + Name = "Administrator", + Permissions = new[] {ManageRoles, AssignRoles} + }, + }; + } + + } +} \ No newline at end of file diff --git a/src/Orchard.Web/Modules/Orchard.Users/AdminMenu.cs b/src/Orchard.Web/Modules/Orchard.Users/AdminMenu.cs index 7c36edcd2..c25fbf8b4 100644 --- a/src/Orchard.Web/Modules/Orchard.Users/AdminMenu.cs +++ b/src/Orchard.Web/Modules/Orchard.Users/AdminMenu.cs @@ -10,9 +10,9 @@ namespace Orchard.Users { public void GetNavigation(NavigationBuilder builder) { builder.AddImageSet("users") .Add(T("Users"), "11", - menu => menu.Action("Index", "Admin", new { area = "Orchard.Users" }).Permission(StandardPermissions.SiteOwner) + menu => menu.Action("Index", "Admin", new { area = "Orchard.Users" }) .Add(T("Users"), "1.0", item => item.Action("Index", "Admin", new { area = "Orchard.Users" }) - .LocalNav().Permission(StandardPermissions.SiteOwner))); + .LocalNav().Permission(Permissions.ManageUsers))); } } } diff --git a/src/Orchard.Web/Modules/Orchard.Users/Controllers/AdminController.cs b/src/Orchard.Web/Modules/Orchard.Users/Controllers/AdminController.cs index 84dd0587c..97b8d9f2a 100644 --- a/src/Orchard.Web/Modules/Orchard.Users/Controllers/AdminController.cs +++ b/src/Orchard.Web/Modules/Orchard.Users/Controllers/AdminController.cs @@ -50,7 +50,7 @@ namespace Orchard.Users.Controllers { public Localizer T { get; set; } public ActionResult Index(UserIndexOptions options, PagerParameters pagerParameters) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to list users"))) + if (!Services.Authorizer.Authorize(Permissions.ManageUsers, T("Not authorized to list users"))) return new HttpUnauthorizedResult(); var pager = new Pager(_siteService.GetSiteSettings(), pagerParameters); @@ -115,7 +115,7 @@ namespace Orchard.Users.Controllers { [HttpPost] [FormValueRequired("submit.BulkEdit")] public ActionResult Index(FormCollection input) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage users"))) + if (!Services.Authorizer.Authorize(Permissions.ManageUsers, T("Not authorized to manage users"))) return new HttpUnauthorizedResult(); var viewModel = new UsersIndexViewModel {Users = new List(), Options = new UserIndexOptions()}; @@ -151,7 +151,7 @@ namespace Orchard.Users.Controllers { } public ActionResult Create() { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage users"))) + if (!Services.Authorizer.Authorize(Permissions.ManageUsers, T("Not authorized to manage users"))) return new HttpUnauthorizedResult(); var user = Services.ContentManager.New("User"); @@ -165,7 +165,7 @@ namespace Orchard.Users.Controllers { [HttpPost, ActionName("Create")] public ActionResult CreatePOST(UserCreateViewModel createModel) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage users"))) + if (!Services.Authorizer.Authorize(Permissions.ManageUsers, T("Not authorized to manage users"))) return new HttpUnauthorizedResult(); if (!string.IsNullOrEmpty(createModel.UserName)) { @@ -209,7 +209,7 @@ namespace Orchard.Users.Controllers { } public ActionResult Edit(int id) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage users"))) + if (!Services.Authorizer.Authorize(Permissions.ManageUsers, T("Not authorized to manage users"))) return new HttpUnauthorizedResult(); var user = Services.ContentManager.Get(id); @@ -223,7 +223,7 @@ namespace Orchard.Users.Controllers { [HttpPost, ActionName("Edit")] public ActionResult EditPOST(int id) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage users"))) + if (!Services.Authorizer.Authorize(Permissions.ManageUsers, T("Not authorized to manage users"))) return new HttpUnauthorizedResult(); var user = Services.ContentManager.Get(id, VersionOptions.DraftRequired); @@ -268,7 +268,7 @@ namespace Orchard.Users.Controllers { [HttpPost] public ActionResult Delete(int id) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage users"))) + if (!Services.Authorizer.Authorize(Permissions.ManageUsers, T("Not authorized to manage users"))) return new HttpUnauthorizedResult(); var user = Services.ContentManager.Get(id); @@ -290,7 +290,7 @@ namespace Orchard.Users.Controllers { } public ActionResult SendChallengeEmail(int id) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage users"))) + if (!Services.Authorizer.Authorize(Permissions.ManageUsers, T("Not authorized to manage users"))) return new HttpUnauthorizedResult(); var user = Services.ContentManager.Get(id); @@ -310,7 +310,7 @@ namespace Orchard.Users.Controllers { } public ActionResult Approve(int id) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage users"))) + if (!Services.Authorizer.Authorize(Permissions.ManageUsers, T("Not authorized to manage users"))) return new HttpUnauthorizedResult(); var user = Services.ContentManager.Get(id); @@ -327,7 +327,7 @@ namespace Orchard.Users.Controllers { } public ActionResult Moderate(int id) { - if (!Services.Authorizer.Authorize(StandardPermissions.SiteOwner, T("Not authorized to manage users"))) + if (!Services.Authorizer.Authorize(Permissions.ManageUsers, T("Not authorized to manage users"))) return new HttpUnauthorizedResult(); var user = Services.ContentManager.Get(id); diff --git a/src/Orchard.Web/Modules/Orchard.Users/Orchard.Users.csproj b/src/Orchard.Web/Modules/Orchard.Users/Orchard.Users.csproj index 4a46a4288..4c3a7b9f9 100644 --- a/src/Orchard.Web/Modules/Orchard.Users/Orchard.Users.csproj +++ b/src/Orchard.Web/Modules/Orchard.Users/Orchard.Users.csproj @@ -85,6 +85,7 @@ + diff --git a/src/Orchard.Web/Modules/Orchard.Users/Permissions.cs b/src/Orchard.Web/Modules/Orchard.Users/Permissions.cs new file mode 100644 index 000000000..060f2a3f1 --- /dev/null +++ b/src/Orchard.Web/Modules/Orchard.Users/Permissions.cs @@ -0,0 +1,27 @@ +using System.Collections.Generic; +using Orchard.Environment.Extensions.Models; +using Orchard.Security.Permissions; + +namespace Orchard.Users { + public class Permissions : IPermissionProvider { + public static readonly Permission ManageUsers = new Permission { Description = "Managing Users", Name = "ManageUsers" }; + + public virtual Feature Feature { get; set; } + + public IEnumerable GetPermissions() { + return new[] { + ManageUsers, + }; + } + + public IEnumerable GetDefaultStereotypes() { + return new[] { + new PermissionStereotype { + Name = "Administrator", + Permissions = new[] {ManageUsers} + }, + }; + } + + } +} \ No newline at end of file