orchardbot
commented
11 years ago @Piedone commented:
In WidgetFilter there is a check for permissions (ln 101) for widgets. Layers are really not authorized but you could use layer rules instead.
Open orchardbot opened 11 years ago
orchardbot
commented
11 years ago @Piedone commented:
In WidgetFilter there is a check for permissions (ln 101) for widgets. Layers are really not authorized but you could use layer rules instead.
orchardbot
commented
11 years ago hkui commented:
This does not work for the admin.
We want to be able to configure layer "management access" for certain roles. So role A can only edit layer "Default", while other roles can only edit layer "Authorized". Or something. Well, this is a bad example, but our usecase is very specific.
However, your example is very nice for the client side. Haven't thought about that yet. :) Thanks!
orchardbot
commented
11 years ago hkui commented:
Can I ask by the way, what is the purpose of CurrentContentHandler? It sets some stuff in the WorkContext, but what is it needed for? I don't see you use it in the RoleRuleProvider.
orchardbot
commented
11 years ago @Piedone commented:
FYI that module was not created by me and what I've linked is my fork. I linked the fork only because it's updated to work with VS 2012 but I haven't taken time to review the module.
You're right that this only solves layer authorization for the frontend, so layer editor authorization should still happen.
hkui created: https://orchard.codeplex.com/workitem/19886
... Which means we can't check the contentitems themselves when implementing an AuthorizationEventHandler.