Retire AssignRoles and AssignRole_{RoleName} permission (#16755)

Co-authored-by: Zoltán Lehóczky <zoltan.lehoczky@lombiq.com>
OrchardCMS · Sep 19, 2024 · 0eec6fa · 0eec6fa
1 parent 8651425
commit 0eec6fa
Show file tree

Hide file tree

Showing 3 changed files with 18 additions and 32 deletions.
diff --git a/src/OrchardCore.Modules/OrchardCore.Roles/Permissions.cs b/src/OrchardCore.Modules/OrchardCore.Roles/Permissions.cs
@@ -1,6 +1,5 @@
 using OrchardCore.Security;
 using OrchardCore.Security.Permissions;
-using OrchardCore.Security.Services;
 
 namespace OrchardCore.Roles;
 
@@ -15,44 +14,21 @@ public sealed class Permissions : IPermissionProvider
     [Obsolete("This will be removed in a future release. Instead use 'OrchardCore.Security.StandardPermissions.SiteOwner'.")]
     public static readonly Permission SiteOwner = StandardPermissions.SiteOwner;
 
-    private readonly IRoleService _roleService;
-
-    public Permissions(IRoleService roleService)
-    {
-        _roleService = roleService;
-    }
-
-    public async Task<IEnumerable<Permission>> GetPermissionsAsync()
-    {
-        var roleNames = (await _roleService.GetRoleNamesAsync())
-            .Where(roleName => !RoleHelper.SystemRoleNames.Contains(roleName))
-            .ToList();
-
-        var list = new List<Permission>(roleNames.Count + 3)
-        {
-            CommonPermissions.ManageRoles,
-            CommonPermissions.AssignRoles,
-            StandardPermissions.SiteOwner,
-        };
-
-        foreach (var roleName in roleNames)
-        {
-            list.Add(CommonPermissions.CreatePermissionForAssignRole(roleName));
-        }
+    private readonly IEnumerable<Permission> _allPermissions =
+    [
+        CommonPermissions.ManageRoles,
+        StandardPermissions.SiteOwner,
+    ];
 
-        return list;
-    }
+    public Task<IEnumerable<Permission>> GetPermissionsAsync()
+        => Task.FromResult(_allPermissions);
 
     public IEnumerable<PermissionStereotype> GetDefaultStereotypes() =>
     [
         new PermissionStereotype
         {
             Name = OrchardCoreConstants.Roles.Administrator,
-            Permissions =
-            [
-                CommonPermissions.ManageRoles,
-                StandardPermissions.SiteOwner,
-            ],
+            Permissions = _allPermissions,
         },
     ];
 }
diff --git a/src/OrchardCore/OrchardCore.Roles.Core/CommonPermissions.cs b/src/OrchardCore/OrchardCore.Roles.Core/CommonPermissions.cs
@@ -6,13 +6,16 @@ public static class CommonPermissions
 {
     public static readonly Permission ManageRoles = new("ManageRoles", "Managing Roles", isSecurityCritical: true);
 
+    [Obsolete("This Permission is no longer used and will be removed. Instead use OrchardCore.Users.CommonPermissions.AssignRoleToUsers.")]
     public static readonly Permission AssignRoles = new("AssignRoles", "Assign Roles", [ManageRoles], isSecurityCritical: true);
 
     /// <summary>
     /// Dynamic permission template for assign role.
     /// </summary>
+    [Obsolete("This Permission is no longer used and will be removed. Instead use OrchardCore.Users.CommonPermissions.CreateAssignRoleToUsersPermission(roleName).")]
     private static readonly Permission _assignRole = new("AssignRole_{0}", "Assign Role - {0}", [AssignRoles, ManageRoles]);
 
+    [Obsolete("This Permission is no longer used and will be removed. Instead use OrchardCore.Users.CommonPermissions.CreateAssignRoleToUsersPermission(roleName).")]
     public static Permission CreatePermissionForAssignRole(string name) =>
         new(
             string.Format(_assignRole.Name, name),

diff --git a/src/docs/releases/2.1.0.md b/src/docs/releases/2.1.0.md
@@ -50,6 +50,13 @@ The following properties of `RegistrationSettings` are now deprecated and will b
 
 Previously, the `UsersCanRegister` property controlled which types of registration were allowed. With this update, this property is obsolete and will be removed in a future release. To enable site registration now, simply activate the **User Registration** feature.
 
+### Roles Feature
+
+In the Roles feature, there were previously `AssignRoles` and `AssignRole_{RoleName}` permissions, alongside the Users feature's `AssignRoleToUsers` and `AssignRoleToUsers_{RoleName}` permissions. As these permissions were redundant and the `AssignRoles` permissions were never actually authorized against, `AssignRoles` and `AssignRole_{RoleName}` have been removed in favor of the latter.
+
+!!! warning
+    Please review all your recipes and replace occurrences of `AssignRoles` with `AssignRoleToUsers`, and `AssignRole_{RoleName}` with `AssignRoleToUsers_{RoleName}`.
+
 ### New **Azure Communication Services SMS** Feature
 
 A new feature was added to allow you to send SMS messages using Azure Communication Services (ACS). Simply enable it then navigate to the admin dashboard > `Configurations` >> `Settings` >> `SMS` to configure the provider. For more information you can refer to the [docs](../reference/modules/Sms.Azure/README.md).