From 0eec6fa3e231cd15f597d652bee078ca542a2239 Mon Sep 17 00:00:00 2001 From: Mike Alhayek Date: Thu, 19 Sep 2024 10:37:51 -0700 Subject: [PATCH] Retire AssignRoles and AssignRole_{RoleName} permission (#16755) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Zoltán Lehóczky --- .../OrchardCore.Roles/Permissions.cs | 40 ++++--------------- .../CommonPermissions.cs | 3 ++ src/docs/releases/2.1.0.md | 7 ++++ 3 files changed, 18 insertions(+), 32 deletions(-) diff --git a/src/OrchardCore.Modules/OrchardCore.Roles/Permissions.cs b/src/OrchardCore.Modules/OrchardCore.Roles/Permissions.cs index 85c08365f97..1de94cd3411 100644 --- a/src/OrchardCore.Modules/OrchardCore.Roles/Permissions.cs +++ b/src/OrchardCore.Modules/OrchardCore.Roles/Permissions.cs @@ -1,6 +1,5 @@ using OrchardCore.Security; using OrchardCore.Security.Permissions; -using OrchardCore.Security.Services; namespace OrchardCore.Roles; @@ -15,44 +14,21 @@ public sealed class Permissions : IPermissionProvider [Obsolete("This will be removed in a future release. Instead use 'OrchardCore.Security.StandardPermissions.SiteOwner'.")] public static readonly Permission SiteOwner = StandardPermissions.SiteOwner; - private readonly IRoleService _roleService; - - public Permissions(IRoleService roleService) - { - _roleService = roleService; - } - - public async Task> GetPermissionsAsync() - { - var roleNames = (await _roleService.GetRoleNamesAsync()) - .Where(roleName => !RoleHelper.SystemRoleNames.Contains(roleName)) - .ToList(); - - var list = new List(roleNames.Count + 3) - { - CommonPermissions.ManageRoles, - CommonPermissions.AssignRoles, - StandardPermissions.SiteOwner, - }; - - foreach (var roleName in roleNames) - { - list.Add(CommonPermissions.CreatePermissionForAssignRole(roleName)); - } + private readonly IEnumerable _allPermissions = + [ + CommonPermissions.ManageRoles, + StandardPermissions.SiteOwner, + ]; - return list; - } + public Task> GetPermissionsAsync() + => Task.FromResult(_allPermissions); public IEnumerable GetDefaultStereotypes() => [ new PermissionStereotype { Name = OrchardCoreConstants.Roles.Administrator, - Permissions = - [ - CommonPermissions.ManageRoles, - StandardPermissions.SiteOwner, - ], + Permissions = _allPermissions, }, ]; } diff --git a/src/OrchardCore/OrchardCore.Roles.Core/CommonPermissions.cs b/src/OrchardCore/OrchardCore.Roles.Core/CommonPermissions.cs index b8e905cb567..54c65fb2c74 100644 --- a/src/OrchardCore/OrchardCore.Roles.Core/CommonPermissions.cs +++ b/src/OrchardCore/OrchardCore.Roles.Core/CommonPermissions.cs @@ -6,13 +6,16 @@ public static class CommonPermissions { public static readonly Permission ManageRoles = new("ManageRoles", "Managing Roles", isSecurityCritical: true); + [Obsolete("This Permission is no longer used and will be removed. Instead use OrchardCore.Users.CommonPermissions.AssignRoleToUsers.")] public static readonly Permission AssignRoles = new("AssignRoles", "Assign Roles", [ManageRoles], isSecurityCritical: true); /// /// Dynamic permission template for assign role. /// + [Obsolete("This Permission is no longer used and will be removed. Instead use OrchardCore.Users.CommonPermissions.CreateAssignRoleToUsersPermission(roleName).")] private static readonly Permission _assignRole = new("AssignRole_{0}", "Assign Role - {0}", [AssignRoles, ManageRoles]); + [Obsolete("This Permission is no longer used and will be removed. Instead use OrchardCore.Users.CommonPermissions.CreateAssignRoleToUsersPermission(roleName).")] public static Permission CreatePermissionForAssignRole(string name) => new( string.Format(_assignRole.Name, name), diff --git a/src/docs/releases/2.1.0.md b/src/docs/releases/2.1.0.md index a8b4ef56013..8322b1668e0 100644 --- a/src/docs/releases/2.1.0.md +++ b/src/docs/releases/2.1.0.md @@ -50,6 +50,13 @@ The following properties of `RegistrationSettings` are now deprecated and will b Previously, the `UsersCanRegister` property controlled which types of registration were allowed. With this update, this property is obsolete and will be removed in a future release. To enable site registration now, simply activate the **User Registration** feature. +### Roles Feature + +In the Roles feature, there were previously `AssignRoles` and `AssignRole_{RoleName}` permissions, alongside the Users feature's `AssignRoleToUsers` and `AssignRoleToUsers_{RoleName}` permissions. As these permissions were redundant and the `AssignRoles` permissions were never actually authorized against, `AssignRoles` and `AssignRole_{RoleName}` have been removed in favor of the latter. + +!!! warning + Please review all your recipes and replace occurrences of `AssignRoles` with `AssignRoleToUsers`, and `AssignRole_{RoleName}` with `AssignRoleToUsers_{RoleName}`. + ### New **Azure Communication Services SMS** Feature A new feature was added to allow you to send SMS messages using Azure Communication Services (ACS). Simply enable it then navigate to the admin dashboard > `Configurations` >> `Settings` >> `SMS` to configure the provider. For more information you can refer to the [docs](../reference/modules/Sms.Azure/README.md).